Merge pull request #1264 from tchap/reconcile-automountServiceAccountToken

openshift-merge-bot[bot] · web-flow · commit f340c409242a · 2025-12-01T23:56:56.000Z
OCPBUGS-60568: lib/resourcemerge: Add support for automountServiceAccountToken
diff --git a/lib/resourcemerge/core.go b/lib/resourcemerge/core.go
@@ -45,6 +45,7 @@ func ensurePodSpec(modified *bool, existing *corev1.PodSpec, required corev1.Pod
 		}
 	}
 
+	setBoolPtr(modified, &existing.AutomountServiceAccountToken, required.AutomountServiceAccountToken)
 	setStringIfSet(modified, &existing.ServiceAccountName, required.ServiceAccountName)
 	setBool(modified, &existing.HostNetwork, required.HostNetwork)
 	setBoolPtr(modified, &existing.HostUsers, required.HostUsers)
diff --git a/lib/resourcemerge/core_test.go b/lib/resourcemerge/core_test.go
@@ -56,6 +56,56 @@ func TestEnsurePodSpec(t *testing.T) {
 				HostUsers: boolPtr(false),
 			},
 		},
+		{
+			name:     "automountServiceAccountToken is set",
+			existing: corev1.PodSpec{},
+			input: corev1.PodSpec{
+				AutomountServiceAccountToken: boolPtr(false),
+			},
+
+			expectedModified: true,
+			expected: corev1.PodSpec{
+				AutomountServiceAccountToken: boolPtr(false),
+			},
+		},
+		{
+			name: "automountServiceAccountToken is unset",
+			existing: corev1.PodSpec{
+				AutomountServiceAccountToken: boolPtr(false),
+			},
+			input: corev1.PodSpec{},
+
+			expectedModified: true,
+			expected:         corev1.PodSpec{},
+		},
+		{
+			name: "automountServiceAccountToken is changed",
+			existing: corev1.PodSpec{
+				AutomountServiceAccountToken: boolPtr(true),
+			},
+			input: corev1.PodSpec{
+				AutomountServiceAccountToken: boolPtr(false),
+			},
+
+			expectedModified: true,
+			expected: corev1.PodSpec{
+				AutomountServiceAccountToken: boolPtr(false),
+			},
+		},
+		{
+			name: "automountServiceAccountToken is unchanged",
+			existing: corev1.PodSpec{
+				AutomountServiceAccountToken: boolPtr(false),
+			},
+			input: corev1.PodSpec{
+				AutomountServiceAccountToken: boolPtr(false),
+			},
+
+			expectedModified: false,
+			expected: corev1.PodSpec{
+				AutomountServiceAccountToken: boolPtr(false),
+			},
+		},
 		{
 			name: "PodSecurityContext empty",
 			existing: corev1.PodSpec{

Original file line number	Diff line number	Diff line change
`@@ -45,6 +45,7 @@ func ensurePodSpec(modified bool, existing corev1.PodSpec, required corev1.Pod`
`45`	`45`	`}`
`46`	`46`	`}`
`47`	`47`
	`48`	`+ setBoolPtr(modified, &existing.AutomountServiceAccountToken, required.AutomountServiceAccountToken)`
`48`	`49`	`setStringIfSet(modified, &existing.ServiceAccountName, required.ServiceAccountName)`
`49`	`50`	`setBool(modified, &existing.HostNetwork, required.HostNetwork)`
`50`	`51`	`setBoolPtr(modified, &existing.HostUsers, required.HostUsers)`