Blame 0001-Fix-for-new-jwt.patch
|
|
d341b46 |
diff -up kubernetes-1.22.0/pkg/serviceaccount/claims.go.orig kubernetes-1.22.0/pkg/serviceaccount/claims.go
|
|
|
d341b46 |
--- kubernetes-1.22.0/pkg/serviceaccount/claims.go.orig 2021-08-04 19:56:19.000000000 +0200
|
|
|
d341b46 |
+++ kubernetes-1.22.0/pkg/serviceaccount/claims.go 2021-09-15 00:25:49.560879244 +0200
|
|
|
d341b46 |
@@ -50,7 +50,7 @@ type kubernetes struct {
|
|
|
d341b46 |
Svcacct ref `json:"serviceaccount,omitempty"`
|
|
|
d341b46 |
Pod *ref `json:"pod,omitempty"`
|
|
|
d341b46 |
Secret *ref `json:"secret,omitempty"`
|
|
|
d341b46 |
- WarnAfter jwt.NumericDate `json:"warnafter,omitempty"`
|
|
|
d341b46 |
+ WarnAfter *jwt.NumericDate `json:"warnafter,omitempty"`
|
|
|
d341b46 |
}
|
|
|
d341b46 |
|
|
|
d341b46 |
type ref struct {
|
|
|
d341b46 |
@@ -187,7 +187,7 @@ func (v *validator) Validate(ctx context
|
|
|
d341b46 |
|
|
|
d341b46 |
// Check special 'warnafter' field for projected service account token transition.
|
|
|
d341b46 |
warnafter := private.Kubernetes.WarnAfter
|
|
|
d341b46 |
- if warnafter != 0 {
|
|
|
d341b46 |
+ if warnafter != nil {
|
|
|
d341b46 |
if nowTime.After(warnafter.Time()) {
|
|
|
d341b46 |
secondsAfterWarn := nowTime.Unix() - warnafter.Time().Unix()
|
|
|
d341b46 |
auditInfo := fmt.Sprintf("subject: %s, seconds after warning threshold: %d", public.Subject, secondsAfterWarn)
|