mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Merge pull request #363 from smallstep/max/k8ssa

Browse source 
Standardize k8ssa check on issuer name
This commit is contained in:
Max 2020-09-01 13:20:27 -07:00 committed by GitHub
commit 54e43604ff
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
authority/provisioner/collection.go
View file

@ -37,9 +37,8 @@ func (p provisionerSlice) Swap(i, j int) { p[i], p[j] = p[j], p[i] }
// provisioner.
type loadByTokenPayload struct {
jose.Claims
AuthorizedParty string `json:"azp"` // OIDC client id
TenantID string `json:"tid"` // Microsoft Azure tenant id
ServiceAccountName string `json:"kubernetes.io/serviceaccount/service-account.name"` // Kubernetes Service Acct Name
AuthorizedParty string `json:"azp"` // OIDC client id
TenantID string `json:"tid"` // Microsoft Azure tenant id
}
// Collection is a memory map of provisioners.
@ -94,7 +93,7 @@ func (c *Collection) LoadByToken(token *jose.JSONWebToken, claims *jose.Claims)
}
// Kubernetes Service Account tokens.
if len(payload.ServiceAccountName) > 0 {
if payload.Issuer == k8sSAIssuer {
if p, ok := c.Load(K8sSAID); ok {
return p, ok
}