forked from TrueCloudLab/certificates
Remove global check for number of k8sSA provisioners.
This was causing a bug in the reload of the ca.
This commit is contained in:
parent
5788ac3f4f
commit
cf592fa0e1
2 changed files with 11 additions and 6 deletions
|
@ -81,6 +81,17 @@ func (c *AuthConfig) Validate(audiences provisioner.Audiences) error {
|
||||||
return errors.New("authority.provisioners cannot be empty")
|
return errors.New("authority.provisioners cannot be empty")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check that only one K8sSA is enabled
|
||||||
|
var k8sCount int
|
||||||
|
for _, p := range c.Provisioners {
|
||||||
|
if p.GetType() == provisioner.TypeK8sSA {
|
||||||
|
k8sCount++
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if k8sCount > 1 {
|
||||||
|
return errors.New("cannot have more than one kubernetes service account provisioner")
|
||||||
|
}
|
||||||
|
|
||||||
if c.Template == nil {
|
if c.Template == nil {
|
||||||
c.Template = &x509util.ASN1DN{}
|
c.Template = &x509util.ASN1DN{}
|
||||||
}
|
}
|
||||||
|
|
|
@ -25,9 +25,6 @@ const (
|
||||||
k8sSAIssuer = "kubernetes/serviceaccount"
|
k8sSAIssuer = "kubernetes/serviceaccount"
|
||||||
)
|
)
|
||||||
|
|
||||||
// This number must <= 1. We'll verify this in Init() below.
|
|
||||||
var numK8sSAProvisioners = 0
|
|
||||||
|
|
||||||
// jwtPayload extends jwt.Claims with step attributes.
|
// jwtPayload extends jwt.Claims with step attributes.
|
||||||
type k8sSAPayload struct {
|
type k8sSAPayload struct {
|
||||||
jose.Claims
|
jose.Claims
|
||||||
|
@ -85,8 +82,6 @@ func (p *K8sSA) Init(config Config) (err error) {
|
||||||
return errors.New("provisioner type cannot be empty")
|
return errors.New("provisioner type cannot be empty")
|
||||||
case p.Name == "":
|
case p.Name == "":
|
||||||
return errors.New("provisioner name cannot be empty")
|
return errors.New("provisioner name cannot be empty")
|
||||||
case numK8sSAProvisioners >= 1:
|
|
||||||
return errors.New("cannot have more than one kubernetes service account provisioner")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if p.PubKeys != nil {
|
if p.PubKeys != nil {
|
||||||
|
@ -134,7 +129,6 @@ func (p *K8sSA) Init(config Config) (err error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
p.audiences = config.Audiences
|
p.audiences = config.Audiences
|
||||||
numK8sSAProvisioners++
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue