This plugin acquires a fresh access token for apiserver from Azure Active
Directory using the device code flow. The access token is saved in the
configuration in order to be reused for upcomming accesses to appiserver.
In additon the access token is automatically refreshed when expired.
Kubernetes-commit: 682d5ec01f37c65117b2496865cc9bf0cd9e0902
This PR attempts to simplify the OpenID Connect client plugin to
reduce round trips. The steps taken by the client are now:
* If ID Token isn't expired:
* Do nothing.
* If ID Token is expired:
* Query /.well-known discovery URL to find token_endpoint.
* Use an OAuth2 client and refresh token to request new ID token.
This avoids the previous pattern of always initializing a client,
which would hit the /.well-known endpoint several times.
The client no longer does token validation since the server already
does this. As a result, this code no longer imports
github.com/coreos/go-oidc, instead just using golang.org/x/oauth2
for refreshing.
Kubernetes-commit: 6915f857574505a2cd2072c32d9d6da66ce6f55a
Specific use case is GKE users running gcloud/kubectl on Windows
with a cloud sdk installation path containing spaces. Also improving
test coverage using trick borrowed from exec_test.go
Kubernetes-commit: 995ecfe84ea92d77cac2921babbbe03f7c2e4967
