func()

in auth/auth.go [220:247]

• 28 lines of code
• 3 McCabe index (conditional complexity)

func (c *Client) generatePodSAToken(ctx context.Context, cfg *config.MountConfig, idPool, audience string) (*authenticationv1.TokenRequestStatus, error) {
	ttl := int64((15 * time.Minute).Seconds())
	_audience := idPool
	if _audience == "" {
		_audience = audience
	}
	resp, err := c.KubeClient.CoreV1().
		ServiceAccounts(cfg.PodInfo.Namespace).
		CreateToken(ctx, cfg.PodInfo.ServiceAccount,
			&authenticationv1.TokenRequest{
				Spec: authenticationv1.TokenRequestSpec{
					ExpirationSeconds: &ttl,
					Audiences:         []string{_audience},
					BoundObjectRef: &authenticationv1.BoundObjectReference{
						Kind:       "Pod", // Pod and secret are the only valid types
						APIVersion: "v1",
						Name:       cfg.PodInfo.Name,
						UID:        cfg.PodInfo.UID,
					},
				},
			},
			v1.CreateOptions{},
		)
	if err != nil {
		return nil, fmt.Errorf("unable to fetch pod token: %w", err)
	}
	return &resp.Status, nil
}