in credential_provider/irsa_credential_provider.go [87:101]
func (p *irsaTokenFetcher) FetchToken(ctx credentials.Context) ([]byte, error) {
tokenSpec := authv1.TokenRequestSpec{
Audiences: []string{irsaAudience},
}
// Use the K8s API to fetch the token from the OIDC provider.
tokRsp, err := p.k8sClient.ServiceAccounts(p.nameSpace).CreateToken(ctx, p.svcAcc, &authv1.TokenRequest{
Spec: tokenSpec,
}, metav1.CreateOptions{})
if err != nil {
return nil, err
}
return []byte(tokRsp.Status.Token), nil
}