Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / d13c1c64387ca9a83bb832a3faa5c4b07268d265 / . / third_party / go / patches / k8s-jose-semver-fix.patch
blob: 423485a0abe6d359c722a2be8b090655728c1d25 [file] [log] [blame]
Lorenz Brund13c1c62022-03-30 19:58:58 +0200[diff] [blame^]1From b0b42e86e834a1d02fe83f7be3663d19f6a1ee80 Mon Sep 17 00:00:00 2001
2From: Lorenz Brun <lorenz@monogon.tech>
3Date: Thu, 17 Mar 2022 16:56:29 +0100
4Subject: [PATCH] Fix for semver breakage in go-jose
5
6---
7 pkg/serviceaccount/claims.go | 4 ++--
8 1 file changed, 2 insertions(+), 2 deletions(-)
9
10diff --git a/pkg/serviceaccount/claims.go b/pkg/serviceaccount/claims.go
11index 1e1475c779f..06620f7a420 100644
12--- a/pkg/serviceaccount/claims.go
13+++ b/pkg/serviceaccount/claims.go
14@@ -50,7 +50,7 @@ type kubernetes struct {
15 Svcacct ref `json:"serviceaccount,omitempty"`
16 Pod *ref `json:"pod,omitempty"`
17 Secret *ref `json:"secret,omitempty"`
18- WarnAfter jwt.NumericDate `json:"warnafter,omitempty"`
19+ WarnAfter *jwt.NumericDate `json:"warnafter,omitempty"`
20 }
21
22 type ref struct {
23@@ -198,7 +198,7 @@ func (v *validator) Validate(ctx context.Context, _ string, public *jwt.Claims,
24
25 // Check special 'warnafter' field for projected service account token transition.
26 warnafter := private.Kubernetes.WarnAfter
27- if warnafter != 0 {
28+ if warnafter != nil {
29 if nowTime.After(warnafter.Time()) {
30 secondsAfterWarn := nowTime.Unix() - warnafter.Time().Unix()
31 auditInfo := fmt.Sprintf("subject: %s, seconds after warning threshold: %d", public.Subject, secondsAfterWarn)
32--
332.25.1
34