impersonation: Clear config.BearerTokenFile when setting BearerToken.

When running in a cluster, the BearerTokenFile is set to point to `/var/run/secrets/kubernetes.io/serviceaccount/token` where the service account's token is auto-mounted. If this value is not cleared, the setting of the BearerToken field will have no effect. Relevant documentation: https://pkg.go.dev/k8s.io/client-go@v0.20.2/rest#Config.BearerTokenFile
fluxcd · Jan 25, 2021 · 6b215a1 · 6b215a1
1 parent 2d38de8
commit 6b215a1
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/controllers/kustomization_impersonation.go b/controllers/kustomization_impersonation.go
@@ -119,6 +119,7 @@ func (ki *KustomizeImpersonation) clientForServiceAccount(ctx context.Context) (
 		return nil, nil, err
 	}
 	restConfig.BearerToken = token
+	restConfig.BearerTokenFile = "" // Clear, as it overrides BearerToken
 
 	restMapper, err := apiutil.NewDynamicRESTMapper(restConfig)
 	if err != nil {