Skip to content

Commit

Permalink
Merge pull request openshift#28769 from sanchezl/OCPBUGS-33317
Browse files Browse the repository at this point in the history 
OCPBUGS-33317: use tokenrequest api
  • Loading branch information
@openshift-merge-bot
openshift-merge-bot[bot] committed May 6, 2024
2 parents ab28660 + 300ee84 commit 15c3521
Showing 1 changed file with 5 additions and 25 deletions.
30 changes: 5 additions & 25 deletions test/extended/networking/endpoint_admission.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,19 +3,16 @@ package networking
import (
"context"
"net"
"time"

"github.com/apparentlymart/go-cidr/cidr"
g "github.com/onsi/ginkgo/v2"
o "github.com/onsi/gomega"
exutil "github.com/openshift/origin/test/extended/util"
authenticationv1 "k8s.io/api/authentication/v1"
corev1 "k8s.io/api/core/v1"
discoveryv1 "k8s.io/api/discovery/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/fields"
"k8s.io/apimachinery/pkg/util/wait"
"k8s.io/apiserver/pkg/authentication/serviceaccount"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
utilnet "k8s.io/utils/net"
Expand Down Expand Up @@ -194,35 +191,18 @@ func getClientForServiceAccount(adminClient kubernetes.Interface, clientConfig *
return nil, nil, err
}

sa, err := adminClient.CoreV1().ServiceAccounts(namespace).Create(context.Background(), &corev1.ServiceAccount{ObjectMeta: metav1.ObjectMeta{Name: name}}, metav1.CreateOptions{})
if errors.IsAlreadyExists(err) {
sa, err = adminClient.CoreV1().ServiceAccounts(namespace).Get(context.Background(), name, metav1.GetOptions{})
}
if err != nil {
_, err = adminClient.CoreV1().ServiceAccounts(namespace).Create(context.Background(), &corev1.ServiceAccount{ObjectMeta: metav1.ObjectMeta{Name: name}}, metav1.CreateOptions{})
if err != nil && !errors.IsAlreadyExists(err) {
return nil, nil, err
}

token := ""
err = wait.Poll(time.Second, 30*time.Second, func() (bool, error) {
selector := fields.OneTermEqualSelector("type", string(corev1.SecretTypeServiceAccountToken))
secrets, err := adminClient.CoreV1().Secrets(namespace).List(context.Background(), metav1.ListOptions{FieldSelector: selector.String()})
if err != nil {
return false, err
}
for _, secret := range secrets.Items {
if serviceaccount.IsServiceAccountToken(&secret, sa) {
token = string(secret.Data[corev1.ServiceAccountTokenKey])
return true, nil
}
}
return false, nil
})
tokenRequest, err := adminClient.CoreV1().ServiceAccounts(namespace).CreateToken(context.Background(), name, &authenticationv1.TokenRequest{}, metav1.CreateOptions{})
if err != nil {
return nil, nil, err
}

saClientConfig := rest.AnonymousClientConfig(clientConfig)
saClientConfig.BearerToken = token
saClientConfig.BearerToken = tokenRequest.Status.Token

kubeClientset, err := kubernetes.NewForConfig(saClientConfig)
if err != nil {
Expand Down

0 comments on commit 15c3521

Please sign in to comment.