Skip to content

Commit eacc2a0

Browse files
cappyzawacappyzawa
committed
Add object-level configuration validation
Validates that ObjectLevelWorkloadIdentity feature gate is enabled when default service account flags are set. This prevents misconfiguration where lockdown flags are used without enabling the required feature gate. Signed-off-by: cappyzawa <[email protected]>
1 parent e7aaaf2 commit eacc2a0

File tree

3 files changed

+8
-3
lines changed

3 files changed

+8
-3
lines changed

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ require (
2424
github.com/fluxcd/pkg/apis/event v0.18.0
2525
github.com/fluxcd/pkg/apis/kustomize v1.11.0
2626
github.com/fluxcd/pkg/apis/meta v1.18.0
27-
github.com/fluxcd/pkg/auth v0.26.0
27+
github.com/fluxcd/pkg/auth v0.27.0
2828
github.com/fluxcd/pkg/cache v0.10.0
2929
github.com/fluxcd/pkg/http/fetch v0.17.0
3030
github.com/fluxcd/pkg/kustomize v1.19.0

go.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -199,8 +199,8 @@ github.com/fluxcd/pkg/apis/kustomize v1.11.0 h1:0IzDgxZkc4v+5SDNCvgZhfwfkdkQLPXC
199199
github.com/fluxcd/pkg/apis/kustomize v1.11.0/go.mod h1:j302mJGDww8cn9qvMsRQ0LJ1HPAPs/IlX7CSsoJV7BI=
200200
github.com/fluxcd/pkg/apis/meta v1.18.0 h1:ACHrMIjlcioE9GKS7NGk62KX4NshqNewr8sBwMcXABs=
201201
github.com/fluxcd/pkg/apis/meta v1.18.0/go.mod h1:97l3hTwBpJbXBY+wetNbqrUsvES8B1jGioKcBUxmqd8=
202-
github.com/fluxcd/pkg/auth v0.26.0 h1:jw128zPI4aRSvkGbFfAQcFNF3oK58P4rDdKIpj2/7yM=
203-
github.com/fluxcd/pkg/auth v0.26.0/go.mod h1:YEAHpBFuW5oLlH9ekuJaQdnJ2Q3A7Ny8kha3WY7QMnY=
202+
github.com/fluxcd/pkg/auth v0.27.0 h1:DFsizUxt9ZDAc+z7+o7jcbtfaxRH55MRD/wdU4CXNCQ=
203+
github.com/fluxcd/pkg/auth v0.27.0/go.mod h1:YEAHpBFuW5oLlH9ekuJaQdnJ2Q3A7Ny8kha3WY7QMnY=
204204
github.com/fluxcd/pkg/cache v0.10.0 h1:M+OGDM4da1cnz7q+sZSBtkBJHpiJsLnKVmR9OdMWxEY=
205205
github.com/fluxcd/pkg/cache v0.10.0/go.mod h1:pPXRzQUDQagsCniuOolqVhnAkbNgYOg8d2cTliPs7ME=
206206
github.com/fluxcd/pkg/envsubst v1.4.0 h1:pYsb6wrmXOSfHXuXQHaaBBMt3LumhgCb8SMdBNAwV/U=

main.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -159,6 +159,11 @@ func main() {
159159
auth.SetDefaultKubeConfigServiceAccount(defaultKubeConfigServiceAccount)
160160
}
161161

162+
if auth.InconsistentObjectLevelConfiguration() {
163+
setupLog.Error(auth.ErrInconsistentObjectLevelConfiguration, "invalid configuration")
164+
os.Exit(1)
165+
}
166+
162167
if err := intervalJitterOptions.SetGlobalJitter(nil); err != nil {
163168
setupLog.Error(err, "unable to set global jitter")
164169
os.Exit(1)

0 commit comments

Comments
 (0)