func CreateOrUpdateServiceAccount()

in pkg/kuberneteshelper/serviceaccount.go [18:40]

• 20 lines of code
• 3 McCabe index (conditional complexity)

func CreateOrUpdateServiceAccount(ctx context.Context, kubeClient client.Client, namespace, name, clientID, tenantID string, tokenExpiration time.Duration) error {
	sa := &corev1.ServiceAccount{
		ObjectMeta: metav1.ObjectMeta{
			Name:      name,
			Namespace: namespace,
			Annotations: map[string]string{
				webhook.ClientIDAnnotation: clientID,
				webhook.TenantIDAnnotation: tenantID,
			},
		},
	}

	if tokenExpiration != time.Duration(webhook.DefaultServiceAccountTokenExpiration)*time.Second {
		// Round to the nearest second before converting to a string
		sa.ObjectMeta.Annotations[webhook.ServiceAccountTokenExpiryAnnotation] = fmt.Sprintf("%.0f", tokenExpiration.Round(time.Second).Seconds())
	}

	err := kubeClient.Create(ctx, sa)
	if apierrors.IsAlreadyExists(err) {
		err = kubeClient.Update(ctx, sa)
	}
	return err
}