returnadmission.NewForbidden(a,fmt.Errorf("Error looking up service account %s/%s: %v",a.GetNamespace(),pod.Spec.ServiceAccountName,err))
}
ifserviceAccount==nil{
returnadmission.NewForbidden(a,fmt.Errorf("Missing service account %s/%s: %v",a.GetNamespace(),pod.Spec.ServiceAccountName,err))
// TODO: convert to a ServerTimeout error (or other error that sends a Retry-After header)
returnadmission.NewForbidden(a,fmt.Errorf("service account %s/%s was not found, retry after the service account is created",a.GetNamespace(),pod.Spec.ServiceAccountName))
}
ifs.LimitSecretReferences{
...
...
@@ -320,10 +325,15 @@ func (s *serviceAccount) mountServiceAccountToken(serviceAccount *api.ServiceAcc
// Find the name of a referenced ServiceAccountToken secret we can mount
fmt.Errorf("Error looking up service account token for %s/%s: %v",serviceAccount.Namespace,serviceAccount.Name,err)
returnfmt.Errorf("Error looking up service account token for %s/%s: %v",serviceAccount.Namespace,serviceAccount.Name,err)
}
iflen(serviceAccountToken)==0{
// We don't have an API token to mount, so return
ifs.RequireAPIToken{
// If a token is required, this is considered an error
// TODO: convert to a ServerTimeout error (or other error that sends a Retry-After header)
returnfmt.Errorf("no API token found for service account %s/%s, retry after the token is automatically created and added to the service account",serviceAccount.Namespace,serviceAccount.Name)