Merge pull request #48343 from deads2k/auth-06-sa-token
Automatic merge from submit-queue
don't accept delete tokens that are waiting to be reaped
With garbage collection, it becomes possible (even likely) that we will have finalizers specified on resources before they are reaped. A secret or an SA which has been deleted and is awaiting reaping should not be considered valid. This adds checking for whether those have been deleted.
@kubernetes/sig-auth-misc
```release-note
Previously a deleted service account token secret would be considered valid until it was reaped. Now it is invalid as soon as the deletionTimestamp is set.
```
Showing
Please
register
or
sign in
to comment