Merge pull request #5133 from Shelley-BaoYue/sync-serviceaccount

delete serviceaccount token in edgedb
author: KubeEdge Bot <48982446+kubeedge-bot@users.noreply.github.com> 2023-11-27 13:01:40 +0800
committer: GitHub <noreply@github.com> 2023-11-27 13:01:40 +0800
commit: cb83326a1eb6a220cafa774436c27829e909935a (patch)
tree: a9a0e4cf773aac96a35bc9f2e80ee1fe749cca5d /edge
parent: Merge pull request #5070 from cl2017/mapper-framework-fix (diff)
parent: fix panic when serviceaccount/uid saved in db is nil (diff)
download: kubeedge-cb83326a1eb6a220cafa774436c27829e909935a.tar.gz
2 files changed, 7 insertions, 1 deletions
diff --git a/edge/pkg/edged/kubeclientbridge/typed/core/v1/serviceaccount_bridge.go b/edge/pkg/edged/kubeclientbridge/typed/core/v1/serviceaccount_bridge.go
index b16c93721..1e3fdf67e 100644
--- a/edge/pkg/edged/kubeclientbridge/typed/core/v1/serviceaccount_bridge.go
+++ b/edge/pkg/edged/kubeclientbridge/typed/core/v1/serviceaccount_bridge.go
@@ -29,6 +29,7 @@ import (
 	authenticationv1 "k8s.io/api/authentication/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
 	fakecorev1 "k8s.io/client-go/kubernetes/typed/core/v1/fake"
 
 	"github.com/kubeedge/kubeedge/edge/pkg/metamanager/client"
@@ -46,6 +47,11 @@ func (c *ServiceAccountsBridge) CreateToken(ctx context.Context, serviceAccountN
 	return c.MetaClient.ServiceAccountToken().GetServiceAccountToken(c.ns, serviceAccountName, tokenRequest)
 }
 
+func (c *ServiceAccountsBridge) Delete(ctx context.Context, podUID string, opts metav1.DeleteOptions) error {
+	c.MetaClient.ServiceAccountToken().DeleteServiceAccountToken(types.UID(podUID))
+	return nil
+}
+
 func (c *ServiceAccountsBridge) Get(ctx context.Context, name string, options metav1.GetOptions) (result *corev1.ServiceAccount, err error) {
 	return c.MetaClient.ServiceAccounts(c.ns).Get(name)
 }
diff --git a/edge/pkg/metamanager/client/serviceaccount.go b/edge/pkg/metamanager/client/serviceaccount.go
index eeb5e2efa..df861cb63 100644
--- a/edge/pkg/metamanager/client/serviceaccount.go
+++ b/edge/pkg/metamanager/client/serviceaccount.go
@@ -49,7 +49,7 @@ func (c *serviceAccountToken) DeleteServiceAccountToken(podUID types.UID) {
 	for _, sa := range *svcAccounts {
 		var tr authenticationv1.TokenRequest
 		err = json.Unmarshal([]byte(sa.Value), &tr)
-		if err != nil {
+		if err != nil || tr.Spec.BoundObjectRef == nil {
 			klog.Errorf("unmarshal resource %s token request failed: %v", sa.Key, err)
 			continue
 		}
author	KubeEdge Bot <48982446+kubeedge-bot@users.noreply.github.com>	2023-11-27 13:01:40 +0800
committer	GitHub <noreply@github.com>	2023-11-27 13:01:40 +0800
commit	cb83326a1eb6a220cafa774436c27829e909935a (patch)
tree	a9a0e4cf773aac96a35bc9f2e80ee1fe749cca5d /edge
parent	Merge pull request #5070 from cl2017/mapper-framework-fix (diff)
parent	fix panic when serviceaccount/uid saved in db is nil (diff)
download	kubeedge-cb83326a1eb6a220cafa774436c27829e909935a.tar.gz