in internal/loader/configuration_client_manager.go [522:547]
func newGetAssertionFunc(serviceAccountNamespace string, serviceAccountName string) func(ctx context.Context) (string, error) {
audiences := []string{ApiTokenExchangeAudience}
return func(ctx context.Context) (string, error) {
cfg, err := ctrlcfg.GetConfig()
if err != nil {
return "", err
}
kubeClient, err := kubernetes.NewForConfig(cfg)
if err != nil {
return "", err
}
token, err := kubeClient.CoreV1().ServiceAccounts(serviceAccountNamespace).CreateToken(ctx, serviceAccountName, &authv1.TokenRequest{
Spec: authv1.TokenRequestSpec{
Audiences: audiences,
},
}, metav1.CreateOptions{})
if err != nil {
return "", err
}
return token.Status.Token, nil
}
}