Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: prevent using IRSA token for Kubernetes auth #545

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

ghost
Copy link

@ghost ghost commented Nov 1, 2023

Summary
Skip IRSA token when detecting the service account token to use for the Kubernetes auth method.

I tried to follow the same logic used elsewhere for detecting the IRSA token.

Fixes
#544

@hashicorp-cla
Copy link

hashicorp-cla commented Nov 1, 2023

CLA assistant check
All committers have signed the CLA.

uchanchlani pushed a commit to uchanchlani/vault-k8s that referenced this pull request Jan 17, 2024
… variables and flags

Also fixes using AWS IRSA token by mistake if both included in the pod's volume hashicorp#544
This maybe a better fix then the proposed hashicorp#545 pull request as this is likely more future-proof
 to other third party k8s provider launching their own Service Account Token injection, assuming
 the third party k8s provider will follow the unsaid convention of injecting the token in the
 <third.party.url>/serviceaccount/token path
uchanchlani pushed a commit to uchanchlani/vault-k8s that referenced this pull request Jan 17, 2024
…orp#577

Also fixes using AWS IRSA token by mistake if both included in the pod's volume hashicorp#544
This maybe a better fix then the proposed hashicorp#545 pull request as this is likely more future-proof
 to other third party k8s provider launching their own Service Account Token injection, assuming
 the third party k8s provider will follow the unsaid convention of injecting the token in the
 <third.party.url>/serviceaccount/token path
uchanchlani added a commit to uchanchlani/vault-k8s that referenced this pull request Jan 17, 2024
…orp#577

Also fixes using AWS IRSA token by mistake if both included in the pod's volume hashicorp#544
This maybe a better fix then the proposed hashicorp#545 pull request as this is likely more future-proof
 to other third party k8s provider launching their own Service Account Token injection, assuming
 the third party k8s provider will follow the unsaid convention of injecting the token in the
 <third.party.url>/serviceaccount/token path
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants