smolnar82 opened a new pull request, #1269: URL: https://github.com/apache/knox/pull/1269
[KNOX-3353](https://issues.apache.org/jira/browse/KNOX-3353) - Eliminate K8sPreAuthFederationFilter and consolidate logic in ServiceAccountValidator ## What changes were proposed in this pull request? Consolidated the Kubernetes pre-authentication logic by eliminating the redundant `K8sPreAuthFederationFilter` and moving its resolver management and initialization directly into `ServiceAccountValidator`. Key changes include: - Updated the `PreAuthValidator` interface to include `init(FilterConfig)` and `destroy()` methods for better lifecycle management. - Updated `AbstractPreAuthFederationFilter` to properly initialize and destroy all configured validators. - Refactored `ServiceAccountValidator` to manage the `K8sServiceAccountResolver` and its cache internally. - Renamed validator parameters to use a consistent `preauth.k8s.sa.` prefix. - Removed the now-obsolete `K8sPreAuthFederationFilter`, `K8sPreAuthContributor`, and related service registrations. ## How was this patch tested? The changes were verified by running existing and updated unit tests: - `mvn test -pl gateway-provider-security-k8s`: Verified `ServiceAccountValidator`, `K8sServiceAccountResolver`, and `SpiffeId` logic. - `mvn test -pl gateway-provider-security-preauth`: Verified `AbstractPreAuthFederationFilter`, `IPValidator`, and `DefaultValidator` with the new lifecycle methods. - Specifically verified that `ServiceAccountValidatorTest` correctly mocks the resolver and validates parameter handling. TODO: show real testing in a local kind cluster. ## Integration Tests N/A ## UI changes N/A -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
