Skip to content

Commit

Permalink
add credentials.NewKubernetesIdentity
Browse files Browse the repository at this point in the history
  • Loading branch information
ramondeklein committed Oct 10, 2024
1 parent 305b6c4 commit fd9d19c
Showing 1 changed file with 16 additions and 0 deletions.
16 changes: 16 additions & 0 deletions pkg/credentials/sts_web_identity.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import (
"io"
"net/http"
"net/url"
"os"
"strconv"
"strings"
"time"
Expand Down Expand Up @@ -114,6 +115,21 @@ func NewSTSWebIdentity(stsEndpoint string, getWebIDTokenExpiry func() (*WebIdent
return New(i), nil
}

// NewKubernetesIdentity returns a pointer to a new
// Credentials object using the Kubernetes service account
func NewKubernetesIdentity(stsEndpoint string, opts ...func(*STSWebIdentity)) (*Credentials, error) {
return NewSTSWebIdentity(stsEndpoint, func() (*WebIdentityToken, error) {
token, err := os.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/token")
if err != nil {
return nil, err
}

return &WebIdentityToken{
Token: string(token),
}, nil
}, opts...)
}

// WithPolicy option will enforce that the returned credentials
// will be scoped down to the specified policy
func WithPolicy(policy string) func(*STSWebIdentity) {
Expand Down

0 comments on commit fd9d19c

Please sign in to comment.