config: detect changes to the kubernetes service account token file (#2767)

2025-06-27 23:18:13 +02:00 · 2021-11-17 08:19:09 -07:00 · 2021-11-17 08:19:09 -07:00 · d90d4caf1a
commit d90d4caf1a
parent 370d8c53bb
2 changed files with 29 additions and 0 deletions
--- a/config/config_source.go
+++ b/config/config_source.go
@ -238,6 +238,16 @@ func (src *FileWatcherSource) check(ctx context.Context, cfg *Config) {
 		fs = append(fs, pair.CertFile, pair.KeyFile)
 	}

+	for _, policy := range cfg.Options.Policies {
+		fs = append(fs,
+			policy.KubernetesServiceAccountTokenFile,
+			policy.TLSClientCertFile,
+			policy.TLSClientKeyFile,
+			policy.TLSCustomCAFile,
+			policy.TLSDownstreamClientCAFile,
+		)
+	}
+
 	for _, f := range fs {
 		_, _ = h.Write([]byte{0})
 		bs, err := ioutil.ReadFile(f)
--- a/config/config_source_test.go
+++ b/config/config_source_test.go
@ -27,9 +27,17 @@ func TestFileWatcherSource(t *testing.T) {
 		return
 	}

+	err = ioutil.WriteFile(filepath.Join(tmpdir, "kubernetes-example.txt"), []byte{1, 2, 3, 4}, 0o600)
+	if !assert.NoError(t, err) {
+		return
+	}
+
 	ssrc := NewStaticSource(&Config{
 		Options: &Options{
 			CAFile: filepath.Join(tmpdir, "example.txt"),
+			Policies: []Policy{{
+				KubernetesServiceAccountTokenFile: filepath.Join(tmpdir, "kubernetes-example.txt"),
+			}},
 		},
 	})

@ -53,6 +61,17 @@ func TestFileWatcherSource(t *testing.T) {
 		t.Error("expected OnConfigChange to be fired after modifying a file")
 	}

+	err = ioutil.WriteFile(filepath.Join(tmpdir, "kubernetes-example.txt"), []byte{5, 6, 7, 8}, 0o600)
+	if !assert.NoError(t, err) {
+		return
+	}
+
+	select {
+	case <-ch:
+	case <-time.After(time.Second):
+		t.Error("expected OnConfigChange to be fired after modifying a policy file")
+	}
+
 	ssrc.SetConfig(ctx, &Config{
 		Options: &Options{
 			CAFile: filepath.Join(tmpdir, "example.txt"),