kdigger icon indicating copy to clipboard operation
kdigger copied to clipboard
verified publisher icon quarkslab

Token path

Open piergiorgioladisa opened this issue 1 year ago • 1 comments

Salut,

first of all great tool, I'm loving it.

I was just testing it and noticed that it failed to retrieve the ServiceAccount token from a privileged pod. I guess that the source of the issue is that in the token.go file, the tokenPath is set as /run/secrets/kubernetes.io/serviceaccount instead of /var/run/secrets/kubernetes.io/serviceaccount:

https://github.com/quarkslab/kdigger/blob/6b6f01c4d7e537cfa5188f6361c3f869be21f794/pkg/plugins/token/token.go#L13

piergiorgioladisa avatar May 23 '24 12:05 piergiorgioladisa

Hey, I'm very glad that you love it and use it!

Honestly, it's been 2 years since kdigger received any support since I left Quarkslab almost a couple of years ago now. But they have been nice enough to keep me as a maintainer on this repo. Aside from telling my life story, what it means is that if you are motivated enough to create a PR, I can still take a look and merge it :)!

You can correct the path or add two of them to retry in case it doesn't exist, I took a look into this and it seems /run is the new /var/run. So, /var/run is generally symlinked to /run (see). So I think it makes sense to search for /run first but searching for /var/run just after if it fails would make sense!

mtardy avatar May 23 '24 13:05 mtardy