From fd9d19cb917e5c1de5221dc229d1e9c8f469fd5f Mon Sep 17 00:00:00 2001 From: Ramon de Klein Date: Thu, 10 Oct 2024 20:37:55 +0200 Subject: [PATCH] add `credentials.NewKubernetesIdentity` --- pkg/credentials/sts_web_identity.go | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/pkg/credentials/sts_web_identity.go b/pkg/credentials/sts_web_identity.go index da801863c..f1c76c78e 100644 --- a/pkg/credentials/sts_web_identity.go +++ b/pkg/credentials/sts_web_identity.go @@ -25,6 +25,7 @@ import ( "io" "net/http" "net/url" + "os" "strconv" "strings" "time" @@ -114,6 +115,21 @@ func NewSTSWebIdentity(stsEndpoint string, getWebIDTokenExpiry func() (*WebIdent return New(i), nil } +// NewKubernetesIdentity returns a pointer to a new +// Credentials object using the Kubernetes service account +func NewKubernetesIdentity(stsEndpoint string, opts ...func(*STSWebIdentity)) (*Credentials, error) { + return NewSTSWebIdentity(stsEndpoint, func() (*WebIdentityToken, error) { + token, err := os.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/token") + if err != nil { + return nil, err + } + + return &WebIdentityToken{ + Token: string(token), + }, nil + }, opts...) +} + // WithPolicy option will enforce that the returned credentials // will be scoped down to the specified policy func WithPolicy(policy string) func(*STSWebIdentity) {