func ParseServiceAccountToken()

in pkg/auth/auth.go [304:327]

• 15 lines of code
• 4 McCabe index (conditional complexity)

func ParseServiceAccountToken(saTokens string) (string, error) {
	klog.V(5).InfoS("parsing service account token for workload identity")
	if len(saTokens) == 0 {
		return "", ErrServiceAccountTokensNotFound
	}

	// Bound token is of the format:
	// "csi.storage.k8s.io/serviceAccount.tokens": {
	//  <audience>: {
	//    'token': <token>,
	//    'expirationTimestamp': <expiration timestamp in RFC3339 format>,
	//  },
	//  ...
	// }
	tokens := SATokens{}
	if err := json.Unmarshal([]byte(saTokens), &tokens); err != nil {
		return "", fmt.Errorf("failed to unmarshal service account tokens, error: %w", err)
	}
	klog.V(5).InfoS("successfully unmarshaled service account tokens")
	if tokens.APIAzureADTokenExchange.Token == "" {
		return "", fmt.Errorf("token for audience %s not found", DefaultTokenAudience)
	}
	return tokens.APIAzureADTokenExchange.Token, nil
}