func()

in pkg/cloud_provider/auth/token_sources.go [72:107]

• 33 lines of code
• 5 McCabe index (conditional complexity)

func (ts *GCPTokenSource) fetchK8sSAToken(ctx context.Context) (*oauth2.Token, error) {
	if ts.k8sSAToken != "" {
		tokenMap := make(map[string]*authenticationv1.TokenRequestStatus)
		if err := json.Unmarshal([]byte(ts.k8sSAToken), &tokenMap); err != nil {
			return nil, fmt.Errorf("failed to unmarshal TokenRequestStatus: %w", err)
		}
		if trs, ok := tokenMap[ts.meta.GetIdentityPool()]; ok {
			return &oauth2.Token{
				AccessToken: trs.Token,
				Expiry:      trs.ExpirationTimestamp.Time,
			}, nil
		}

		return nil, fmt.Errorf("could not find token for the identity pool %q", ts.meta.GetIdentityPool())
	}

	ttl := int64(10 * time.Minute.Seconds())
	resp, err := ts.k8sClients.CreateServiceAccountToken(
		ctx,
		ts.k8sSANamespace,
		ts.k8sSAName,
		&authenticationv1.TokenRequest{
			Spec: authenticationv1.TokenRequestSpec{
				ExpirationSeconds: &ttl,
				Audiences:         []string{ts.meta.GetIdentityPool()},
			},
		})
	if err != nil {
		return nil, fmt.Errorf("failed to call Kubernetes ServiceAccount.CreateToken API: %w", err)
	}

	return &oauth2.Token{
		AccessToken: resp.Status.Token,
		Expiry:      resp.Status.ExpirationTimestamp.Time,
	}, nil
}