From c836db31c3e7a6d820a6f5e2bdd923f008c5e0d8 Mon Sep 17 00:00:00 2001
From: Nathan Freeman <nathan.dean.freeman@gmail.com>
Date: Thu, 5 Sep 2024 13:39:59 -0500
Subject: [PATCH] Remove token from job pods

---
 src/engine/src/core/tasks/executors/Application.py           | 1 +
 src/engine/src/core/tasks/executors/Function.py              | 1 +
 .../src/core/tasks/executors/builders/kaniko/Kaniko.py       | 5 ++++-
 .../core/tasks/executors/builders/singularity/Singularity.py | 1 +
 4 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/engine/src/core/tasks/executors/Application.py b/src/engine/src/core/tasks/executors/Application.py
index a0f55849..7cd2cda6 100644
--- a/src/engine/src/core/tasks/executors/Application.py
+++ b/src/engine/src/core/tasks/executors/Application.py
@@ -43,6 +43,7 @@ def execute(self):
         # Pod template and pod template spec
         template = client.V1PodTemplateSpec(
             spec=client.V1PodSpec(
+                automount_service_account_token=False,
                 containers=[container],
                 restart_policy="Never",
                 volumes=volumes
diff --git a/src/engine/src/core/tasks/executors/Function.py b/src/engine/src/core/tasks/executors/Function.py
index 9ebece67..318883ab 100644
--- a/src/engine/src/core/tasks/executors/Function.py
+++ b/src/engine/src/core/tasks/executors/Function.py
@@ -76,6 +76,7 @@ def execute(self):
                 backoff_limit=0 if self.task.execution_profile.max_retries < 0 else self.task.execution_profile.max_retries,
                 template=client.V1PodTemplateSpec(
                     spec=client.V1PodSpec(
+                        automount_service_account_token=False,
                         containers=[
                             client.V1Container(
                                 name=job_name,
diff --git a/src/engine/src/core/tasks/executors/builders/kaniko/Kaniko.py b/src/engine/src/core/tasks/executors/builders/kaniko/Kaniko.py
index 4281d988..b17f51f1 100644
--- a/src/engine/src/core/tasks/executors/builders/kaniko/Kaniko.py
+++ b/src/engine/src/core/tasks/executors/builders/kaniko/Kaniko.py
@@ -164,7 +164,10 @@ def _create_job(self):
         # Pod template and pod template spec
         template = client.V1PodTemplateSpec(
             spec=client.V1PodSpec(
-                containers=[container], restart_policy="Never", volumes=volumes
+                automount_service_account_token=False,
+                containers=[container],
+                restart_policy="Never",
+                volumes=volumes
             )
         )
 
diff --git a/src/engine/src/core/tasks/executors/builders/singularity/Singularity.py b/src/engine/src/core/tasks/executors/builders/singularity/Singularity.py
index a3509c3c..b7d72e16 100644
--- a/src/engine/src/core/tasks/executors/builders/singularity/Singularity.py
+++ b/src/engine/src/core/tasks/executors/builders/singularity/Singularity.py
@@ -123,6 +123,7 @@ def _create_job(self):
         # Pod template and pod template spec
         template = V1PodTemplateSpec(
             spec=V1PodSpec(
+                automount_service_account_token=False,
                 containers=[container],
                 restart_policy="Never",
                 volumes=volumes