upstream/kubernetes
1
0
Fork 0
mirror of https://github.com/kubernetes/kubernetes.git synced 2026-06-09 08:55:55 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

authenticator config: use static CA reader for OIDC CA

Browse source
This commit is contained in:
Stanislav Laznicka 2023-02-14 13:37:21 +01:00
parent fa294f3e4e
commit 4ae4266c91
No known key found for this signature in database
GPG key ID: C98C414936B1A7F3
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
pkg/kubeapiserver/authenticator/config.go
View file

@ -19,6 +19,7 @@ package authenticator
import (
"errors"
"fmt"
"os"
"time"
utilnet "k8s.io/apimachinery/pkg/util/net"
@ -158,7 +159,7 @@ func (config Config) New() (authenticator.Request, *spec.SecurityDefinitions, er
var oidcCAContent oidc.CAContentProvider
if len(config.OIDCCAFile) != 0 {
var oidcCAErr error
oidcCAContent, oidcCAErr = dynamiccertificates.NewDynamicCAContentFromFile("oidc-authenticator", config.OIDCCAFile)
oidcCAContent, oidcCAErr = staticCAContentProviderFromFile("oidc-authenticator", config.OIDCCAFile)
if oidcCAErr != nil {
return nil, nil, oidcCAErr
}
@ -318,3 +319,12 @@ func newWebhookTokenAuthenticator(config Config) (authenticator.Token, error) {
return tokencache.New(webhookTokenAuthenticator, false, config.WebhookTokenAuthnCacheTTL, config.WebhookTokenAuthnCacheTTL), nil
}
func staticCAContentProviderFromFile(purpose, filename string) (dynamiccertificates.CAContentProvider, error) {
fileBytes, err := os.ReadFile(filename)
if err != nil {
return nil, err
}
return dynamiccertificates.NewStaticCAContent(purpose, fileBytes)
}