kube-rbac-proxy icon indicating copy to clipboard operation
kube-rbac-proxy copied to clipboard

Published 20 hours ago verified publisher icon brancz

Add manual opt-in for legacy service account tokens

Open kramaranya opened this issue 10 months ago • 6 comments

Fixes #336

kramaranya avatar Feb 04 '25 12:02 kramaranya

@stlaz @ibihim could you please review this pr?

kramaranya avatar Feb 10 '25 13:02 kramaranya

/lgtm

ibihim avatar Feb 13 '25 16:02 ibihim

@kramaranya, I think we have an audience token test, right? we might be able to drop it, if we do not have any tests without audience set, right? Maybe we could have a negative test case then, that the server fails if it isn't set?

ibihim avatar Feb 14 '25 13:02 ibihim

@kramaranya, I think we have an audience token test, right? we might be able to drop it, if we do not have any tests without audience set, right? Maybe we could have a negative test case then, that the server fails if it isn't set?

@ibihim If I understood you correctly, I've already added a negative test for this scenario (empty audiences when legacy tokens are not allowed) -- https://github.com/brancz/kube-rbac-proxy/pull/357/files#diff-770d985644314c26e2d1c0e8fb70e4714408a9888a4e2749a633144697201bacR191-R203

kramaranya avatar Feb 26 '25 13:02 kramaranya

As this work looks stale, I would take it over, if @kramaranya doesn't mind.

ibihim avatar Sep 19 '25 12:09 ibihim

As this work looks stale, I would take it over, if @kramaranya doesn't mind.

Sure, that would be great, thank you @ibihim!

kramaranya avatar Sep 19 '25 14:09 kramaranya