From 1517f2d910f28a5bf8c4a8eb5d9cacd1ddb138f1 Mon Sep 17 00:00:00 2001
From: Marcelo Moreira de Mello <tchello.mello@gmail.com>
Date: Wed, 12 Jan 2022 23:25:50 -0500
Subject: [PATCH] Don't expose serviceAccount token on default pod spec

---
 awx/main/utils/execution_environments.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/awx/main/utils/execution_environments.py b/awx/main/utils/execution_environments.py
index 11aa41edc8..1cb9d8e917 100644
--- a/awx/main/utils/execution_environments.py
+++ b/awx/main/utils/execution_environments.py
@@ -31,6 +31,8 @@ def get_default_pod_spec():
         "kind": "Pod",
         "metadata": {"namespace": settings.AWX_CONTAINER_GROUP_DEFAULT_NAMESPACE},
         "spec": {
+            "serviceAccountName": "default",
+            "automountServiceAccountToken": False,
             "containers": [
                 {
                     "image": ee.image,