Source file src/k8s.io/kubernetes/pkg/controller/serviceaccount/tokengetter.go

Documentation: k8s.io/kubernetes/pkg/controller/serviceaccount

     1  /*
     2  Copyright 2014 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package serviceaccount
    18  
    19  import (
    20  	"context"
    21  	"k8s.io/api/core/v1"
    22  	apierrors "k8s.io/apimachinery/pkg/api/errors"
    23  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    24  	clientset "k8s.io/client-go/kubernetes"
    25  	v1listers "k8s.io/client-go/listers/core/v1"
    26  	"k8s.io/kubernetes/pkg/serviceaccount"
    27  )
    28  
    29  // clientGetter implements ServiceAccountTokenGetter using a clientset.Interface
    30  type clientGetter struct {
    31  	client               clientset.Interface
    32  	secretLister         v1listers.SecretLister
    33  	serviceAccountLister v1listers.ServiceAccountLister
    34  	podLister            v1listers.PodLister
    35  	nodeLister           v1listers.NodeLister
    36  }
    37  
    38  // NewGetterFromClient returns a ServiceAccountTokenGetter that
    39  // uses the specified client to retrieve service accounts, pods, secrets and nodes.
    40  // The client should NOT authenticate using a service account token
    41  // the returned getter will be used to retrieve, or recursion will result.
    42  func NewGetterFromClient(c clientset.Interface, secretLister v1listers.SecretLister, serviceAccountLister v1listers.ServiceAccountLister, podLister v1listers.PodLister, nodeLister v1listers.NodeLister) serviceaccount.ServiceAccountTokenGetter {
    43  	return clientGetter{c, secretLister, serviceAccountLister, podLister, nodeLister}
    44  }
    45  
    46  func (c clientGetter) GetServiceAccount(namespace, name string) (*v1.ServiceAccount, error) {
    47  	if serviceAccount, err := c.serviceAccountLister.ServiceAccounts(namespace).Get(name); err == nil {
    48  		return serviceAccount, nil
    49  	}
    50  	return c.client.CoreV1().ServiceAccounts(namespace).Get(context.TODO(), name, metav1.GetOptions{})
    51  }
    52  
    53  func (c clientGetter) GetPod(namespace, name string) (*v1.Pod, error) {
    54  	if pod, err := c.podLister.Pods(namespace).Get(name); err == nil {
    55  		return pod, nil
    56  	}
    57  	return c.client.CoreV1().Pods(namespace).Get(context.TODO(), name, metav1.GetOptions{})
    58  }
    59  
    60  func (c clientGetter) GetSecret(namespace, name string) (*v1.Secret, error) {
    61  	if secret, err := c.secretLister.Secrets(namespace).Get(name); err == nil {
    62  		return secret, nil
    63  	}
    64  	return c.client.CoreV1().Secrets(namespace).Get(context.TODO(), name, metav1.GetOptions{})
    65  }
    66  
    67  func (c clientGetter) GetNode(name string) (*v1.Node, error) {
    68  	// handle the case where the node lister isn't set due to feature being disabled
    69  	if c.nodeLister == nil {
    70  		return nil, apierrors.NewNotFound(v1.Resource("nodes"), name)
    71  	}
    72  	if node, err := c.nodeLister.Get(name); err == nil {
    73  		return node, nil
    74  	}
    75  	return c.client.CoreV1().Nodes().Get(context.TODO(), name, metav1.GetOptions{})
    76  }
    77  

View as plain text