-
Notifications
You must be signed in to change notification settings - Fork 38.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
allow a verifyoptionsfunc to indicate that no certpool is available #84864
Conversation
/retest |
1 similar comment
/retest |
if uncastObj == nil { | ||
return x509.VerifyOptions{}, false | ||
} | ||
castObj, ok := uncastObj.(*caBundleAndVerifier) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the type of an atomic.Value can't be changed once set. if we have a non-nil value that isn't the correct type, that's a programming error we should hard-fail on
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the type of an atomic.Value can't be changed once set. if we have a non-nil value that isn't the correct type, that's a programming error we should hard-fail on
updated to panic
staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates/union_content.go
Show resolved
Hide resolved
@@ -656,6 +656,8 @@ func TestTaintBasedEvictions(t *testing.T) { | |||
for i, test := range tests { | |||
t.Run(test.name, func(t *testing.T) { | |||
context := initTestMaster(t, "taint-based-evictions", admission) | |||
defer context.closeFn() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
unrelated?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
unrelated?
found it working on this one, just a forgotten close
413a29d
to
ead54ba
Compare
ead54ba
to
cd675cc
Compare
comments addressed |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: deads2k The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/lgtm |
/retest |
xref #82141
Adds bool to VerifyFunc. If the bool is false, then the returned VerifyOptions are ignored and the authenticator will express "no opinion". This allows a clear signal for cases where a CertPool is eventually expected, but not currently present.
/kind bug
/priority important-soon
@kubernetes/sig-auth-pr-reviews