// generateTokenIfNeeded populates the token data for the given Secret if not already set
func (e *TokensController) generateTokenIfNeeded(serviceAccount *api.ServiceAccount, secret *api.Secret) error {
if secret.Annotations == nil {
secret.Annotations = map[string]string{}
}
if secret.Data == nil {
secret.Data = map[string][]byte{}
}
tokenData, ok := secret.Data[api.ServiceAccountTokenKey]
if ok && len(tokenData) > 0 {
return nil
}
// Generate the token
token, err := e.token.GenerateToken(*serviceAccount, *secret)
if err != nil {
return err
}
// Set the token and annotations
secret.Data[api.ServiceAccountTokenKey] = []byte(token)
secret.Annotations[api.ServiceAccountNameKey] = serviceAccount.Name
secret.Annotations[api.ServiceAccountUIDKey] = string(serviceAccount.UID)
// Save the secret
if _, err := e.client.Secrets(secret.Namespace).Update(secret); err != nil {
return err
}
return nil
}
// generateTokenIfNeeded populates the token data for the given Secret if not already set
func (e *TokensController) generateTokenIfNeeded(serviceAccount *api.ServiceAccount, secret *api.Secret) error {
if secret.Annotations == nil {
secret.Annotations = map[string]string{}
}
if secret.Data == nil {
secret.Data = map[string][]byte{}
}
caData := secret.Data[api.ServiceAccountRootCAKey]
needsCA := len(e.rootCA) > 0 && bytes.Compare(caData, e.rootCA) != 0
tokenData := secret.Data[api.ServiceAccountTokenKey]
needsToken := len(tokenData) == 0
if !needsCA && !needsToken {
return nil
}
// Set the CA
if needsCA {
secret.Data[api.ServiceAccountRootCAKey] = e.rootCA
}
// Generate the token
if needsToken {
token, err := e.token.GenerateToken(*serviceAccount, *secret)
if err != nil {
return err
}
secret.Data[api.ServiceAccountTokenKey] = []byte(token)
}
// Set annotations
secret.Annotations[api.ServiceAccountNameKey] = serviceAccount.Name
secret.Annotations[api.ServiceAccountUIDKey] = string(serviceAccount.UID)
// Save the secret
if _, err := e.client.Secrets(secret.Namespace).Update(secret); err != nil {
return err
}
return nil
}