Skip to content

Commit 5aa1414

Browse files
cappyzawacappyzawa
committed
Add object-level configuration validation
Validates that ObjectLevelWorkloadIdentity feature gate is enabled when default kubeconfig service account flags are set. This prevents misconfiguration where lockdown flags are used without enabling the required feature gate. Signed-off-by: cappyzawa <cappyzawa@gmail.com>
1 parent b549f4f commit 5aa1414

File tree

3 files changed

+8
-3
lines changed

3 files changed

+8
-3
lines changed

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ require (
2222
github.com/fluxcd/pkg/apis/event v0.18.0
2323
github.com/fluxcd/pkg/apis/kustomize v1.11.0
2424
github.com/fluxcd/pkg/apis/meta v1.18.0
25-
github.com/fluxcd/pkg/auth v0.26.0
25+
github.com/fluxcd/pkg/auth v0.27.0
2626
github.com/fluxcd/pkg/cache v0.10.0
2727
github.com/fluxcd/pkg/chartutil v1.9.0
2828
github.com/fluxcd/pkg/runtime v0.80.0

go.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -154,8 +154,8 @@ github.com/fluxcd/pkg/apis/kustomize v1.11.0 h1:0IzDgxZkc4v+5SDNCvgZhfwfkdkQLPXC
154154
github.com/fluxcd/pkg/apis/kustomize v1.11.0/go.mod h1:j302mJGDww8cn9qvMsRQ0LJ1HPAPs/IlX7CSsoJV7BI=
155155
github.com/fluxcd/pkg/apis/meta v1.18.0 h1:ACHrMIjlcioE9GKS7NGk62KX4NshqNewr8sBwMcXABs=
156156
github.com/fluxcd/pkg/apis/meta v1.18.0/go.mod h1:97l3hTwBpJbXBY+wetNbqrUsvES8B1jGioKcBUxmqd8=
157-
github.com/fluxcd/pkg/auth v0.26.0 h1:jw128zPI4aRSvkGbFfAQcFNF3oK58P4rDdKIpj2/7yM=
158-
github.com/fluxcd/pkg/auth v0.26.0/go.mod h1:YEAHpBFuW5oLlH9ekuJaQdnJ2Q3A7Ny8kha3WY7QMnY=
157+
github.com/fluxcd/pkg/auth v0.27.0 h1:DFsizUxt9ZDAc+z7+o7jcbtfaxRH55MRD/wdU4CXNCQ=
158+
github.com/fluxcd/pkg/auth v0.27.0/go.mod h1:YEAHpBFuW5oLlH9ekuJaQdnJ2Q3A7Ny8kha3WY7QMnY=
159159
github.com/fluxcd/pkg/cache v0.10.0 h1:M+OGDM4da1cnz7q+sZSBtkBJHpiJsLnKVmR9OdMWxEY=
160160
github.com/fluxcd/pkg/cache v0.10.0/go.mod h1:pPXRzQUDQagsCniuOolqVhnAkbNgYOg8d2cTliPs7ME=
161161
github.com/fluxcd/pkg/chartutil v1.9.0 h1:MnDKBNX7JXKe7E+J0F+eKnKsVYRC8bNQatv2HpmgSRQ=

main.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -172,6 +172,11 @@ func main() {
172172
auth.SetDefaultKubeConfigServiceAccount(defaultKubeConfigServiceAccount)
173173
}
174174

175+
if auth.InconsistentObjectLevelConfiguration() {
176+
setupLog.Error(auth.ErrInconsistentObjectLevelConfiguration, "invalid configuration")
177+
os.Exit(1)
178+
}
179+
175180
if err := intervalJitterOptions.SetGlobalJitter(nil); err != nil {
176181
setupLog.Error(err, "unable to set global jitter")
177182
os.Exit(1)

0 commit comments

Comments
 (0)