This reverts commit d1480ab49d603d0a95e509b627252ee7af8559ae.
Revert this commit due to incomplete migration path
Kubernetes-commit: 71b2a4cdcc18694387961d119c6ab71772579918
This change includes the cluster address in the cache key so that
using the same issuer and client ID with different tokens across
multiple clusters does not result in the wrong token being used for
authentication.
Signed-off-by: Monis Khan <mok@vmware.com>
Kubernetes-commit: 96fe76a9ed4fde16f449995cc698dca3719ed546
It's very easy to add glog.Info(config) calls for debugging (or actual
logging). In some scenarios those configs will carry sensitive tokens
and those tokens will end up in logs or response bodies.
Leaking of those stringified configs compromises the cluster.
Also implement fmt.GoStringer.
Kubernetes-commit: c9ad1d7339b164dfba0846ec49fa4a52474d3e23
Properly wrapping a transport can be tricky. Make the normal case
(adding a non-nil transport wrapper to a config) easier with a helper.
Also enforce a rough ordering, which in the future we can use to
simplify the WrapTransport mechanism down into an array of functions
we execute in order and avoid wrapping altogether.
Kubernetes-commit: 1f590e697ef64812620c787720b4b5942027e4a1
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
* github.com/kubernetes/repo-infra
* k8s.io/gengo/
* k8s.io/kube-openapi/
* github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods
Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135
Kubernetes-commit: 954996e231074dc7429f7be1256a579bedd8344c
The default cache for a cachedTokenSource is not always empty. In the
case of commandTokenSource, it contains calling details for the
external command that is used to generate refresh tokens. Persisting
a completely empty cache will thus break ability for the plugin to
obtain refresh tokens. This changes the roundtripper to persist
the default cache instead of assuming an empty map.
Kubernetes-commit: 73e5e43711043c6a80d41b1be080b3b2d3dfbacb
Instead of Transport. This fixes ExecPlugin, which fails if
restclient.Config.Transport is set.
Kubernetes-commit: 3357b5ecf42db9bcf6e54c9d2b6712cfbae077bf
Includes:
* Added details and clarifications based on my experience
* Some minor copy editing
added note about resulting username
fixing last list item
clarficiation of resulting username
mainly just refering to OIDC docs
fixed comment about callback URL
Kubernetes-commit: 2709a7ee0d7d25463c9da00890a7b7db3e4419d1
- add config.scopes field comma-separated scope URLs, to be used with Google
Application Default Credentials (i.e. GOOGLE_APPLICATION_CREDENTIALS env)
- default scopes now include userinfo.email scope so the headless app with
gserviceaccount keys can have RoleBindings with email instead of account ID.
Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com>
Kubernetes-commit: e19dc6a86830107bcb7a4a50c997bc8a396277b1
Fixes https://github.com/kubernetes/client-go/issues/327
Currently we're not capturing stderr when shelling out to "gcloud config
config-helper --format=json" fails. This patch is capturing the stderr in the
error message returned.
This gcloud command sometimes returns an upgrade reminder (in stderr) so using
`cmd.CombinedOutput()` is not an option here. Maybe we should also add an unit
test in gcp_test.go capturing this situation, too, in case someone decides to
replace this with CombinedOutput someday.
Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com>
Kubernetes-commit: 1334523c73fea3b3d9d0e90f287b3e385c79e6cd
Specific use case is when utilizing multiple
gcp accounts, the user may provide credentials
for the wrong account.
This change ensures the incorrect credentials
are not cached in auth config, and logs an
appropriate message.
Kubernetes-commit: b92016769e30c541479e81d40dd3584e2f5aa822
