add namespace to jwt authenticator controller

Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
2026-02-14 18:10:17 +00:00 · 2024-07-09 14:20:52 -07:00
parent 821a893f70
commit 6a610a9d51
3 changed files with 6 additions and 1 deletions
--- a/internal/controller/authenticator/jwtcachefiller/jwtcachefiller.go
+++ b/internal/controller/authenticator/jwtcachefiller/jwtcachefiller.go
@@ -131,6 +131,7 @@ var _ tokenAuthenticatorCloser = (*cachedJWTAuthenticator)(nil)

 // New instantiates a new controllerlib.Controller which will populate the provided authncache.Cache.
 func New(
+	namespace string,
 	cache *authncache.Cache,
 	client conciergeclientset.Interface,
 	jwtAuthenticators authinformers.JWTAuthenticatorInformer,
@@ -148,6 +149,7 @@ func New(
 				jwtAuthenticators: jwtAuthenticators,
 				secretInformer:    secretInformer,
 				configMapInformer: configMapInformer,
+				namespace:         namespace,
 				clock:             clock,
 				log:               log.WithName(controllerName),
 			},
@@ -166,6 +168,7 @@ type jwtCacheFillerController struct {
 	secretInformer    corev1informers.SecretInformer
 	configMapInformer corev1informers.ConfigMapInformer
 	client            conciergeclientset.Interface
+	namespace         string
 	clock             clock.Clock
 	log               plog.Logger
 }
@@ -210,7 +213,7 @@ func (c *jwtCacheFillerController) Sync(ctx controllerlib.Context) error {
 	conditions := make([]*metav1.Condition, 0)
 	var errs []error

-	rootCAs, conditions, tlsOk := c.validateTLSBundle(obj.Spec.TLS, obj.Namespace, conditions)
+	rootCAs, conditions, tlsOk := c.validateTLSBundle(obj.Spec.TLS, c.namespace, conditions)
 	_, conditions, issuerOk := c.validateIssuer(obj.Spec.Issuer, conditions)
 	okSoFar := tlsOk && issuerOk

--- a/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go
+++ b/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go
@@ -1855,6 +1855,7 @@ func TestController(t *testing.T) {
 			}

 			controller := New(
+				"concierge", // namespace for the controller
 				cache,
 				pinnipedAPIClient,
 				pinnipedInformers.Authentication().V1alpha1().JWTAuthenticators(),
--- a/internal/controllermanager/prepare_controllers.go
+++ b/internal/controllermanager/prepare_controllers.go
@@ -247,6 +247,7 @@ func PrepareControllers(c *Config) (controllerinit.RunnerBuilder, error) { //nol
 		).
 		WithController(
 			jwtcachefiller.New(
+				c.ServerInstallationInfo.Namespace,
 				c.AuthenticatorCache,
 				client.PinnipedConcierge,
 				informers.pinniped.Authentication().V1alpha1().JWTAuthenticators(),