func getServiceAccounts(psprSpec securityapi.PodSecurityPolicyReviewSpec, saCache oscache.StoreToServiceAccountLister, namespace string) ([]*kapi.ServiceAccount, error) {
serviceAccounts := []*kapi.ServiceAccount{}
// TODO: express 'all service accounts'
//if serviceAccountList, err := client.Core().ServiceAccounts(namespace).List(kapi.ListOptions{}); err == nil {
// serviceAccounts = serviceAccountList.Items
// return serviceAccounts, fmt.Errorf("unable to retrieve service accounts: %v", err)
//}
if len(psprSpec.ServiceAccountNames) > 0 {
errs := []error{}
for _, saName := range psprSpec.ServiceAccountNames {
sa, err := saCache.ServiceAccounts(namespace).Get(saName)
if err != nil {
errs = append(errs, fmt.Errorf("unable to retrieve ServiceAccount %s: %v", saName, err))
}
serviceAccounts = append(serviceAccounts, sa)
}
return serviceAccounts, kerrors.NewAggregate(errs)
}
saName := "default"
if len(psprSpec.Template.Spec.ServiceAccountName) > 0 {
saName = psprSpec.Template.Spec.ServiceAccountName
}
sa, err := saCache.ServiceAccounts(namespace).Get(saName)
if err != nil {
return serviceAccounts, fmt.Errorf("unable to retrieve ServiceAccount %s: %v", saName, err)
}
serviceAccounts = append(serviceAccounts, sa)
return serviceAccounts, nil
}
