-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Including JTI & node reference in issued service account tokens (kep 4193) #120780
Including JTI & node reference in issued service account tokens (kep 4193) #120780
Conversation
pkg/serviceaccount/claims.go
Outdated
} | ||
} | ||
|
||
type validator struct { | ||
getter ServiceAccountTokenGetter | ||
getter ServiceAccountTokenGetter | ||
validateNodeInfo bool |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
verifyNodeInfo
or validateNodeInfo
?
staging/src/k8s.io/apiserver/pkg/authentication/serviceaccount/util.go
Outdated
Show resolved
Hide resolved
/sig auth |
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just nits
LGTM label has been added. Git tree hash: ca43038b45fb44c04d066d48d55832aa1bf7f464
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: liggitt, munnerz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest |
looks like the linter found a couple things to clean up:
|
@munnerz: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
72478d8
to
76463e2
Compare
/test pull-kubernetes-linter-strict |
@munnerz: The specified target(s) for
The following commands are available to trigger optional jobs:
Use
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/test pull-kubernetes-linter-strict |
@munnerz: The specified target(s) for
The following commands are available to trigger optional jobs:
Use
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/lgtm |
LGTM label has been added. Git tree hash: 20659f557a2021d4c0b56d5b331b6731e7d8b2ab
|
/lgtm |
Wohoo! really happy to see this being merged. Thank you to the author and everyone who helped review and approve it. |
What type of PR is this?
/kind feature
What this PR does / why we need it:
Replaces #119739
Which issue(s) this PR fixes:
Implements kubernetes/enhancements#4193
Special notes for your reviewer:
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:
Create a test/example pod:
Fetch a bound service account token for the pod:
Inspect the issued JWT: