This is what happens when writing back a OIDC refresh token:
- plugin/pkg/client/auth/oidc/oidc.go:282
Calls `Persist` to save the new refresh token.
- tools/clientcmd/config.go:372
Calls `ModifyConfig` to save the config.
- tools/clientcmd/config.go:167
Calls `configAccess.GetLoadingPrecedence()` to get the files
listed from the `KUBECONFIG` environment variable.
- tools/clientcmd/loader.go:334
If the `ConfigAccess` was a `ClientConfigLoadingRules`, it
directly returns the `Precedence` slice from its `rules`
field.
THE PROBLEM:
The slice can be modified by the caller, unintentionally
changing the value of the `ClientConfigLoadingRules`'
`Precedence` field.
- tools/clientcmd/config.go:170
Then proceeds to in-place sort the slice returned by the
`ConfigAccess`. This is the same slice (by identity)
as the `ClientConfigLoadingRules`' `Precedence` field,
destroying its intended order.
- tools/clientcmd/config.go:179
Calls `configAccess.GetStartingConfig` to read the original
config so it can be compared with the new config.
- tools/clientcmd/loader.go:339
Calls `NewNonInteractiveDeferredLoadingClientConfig` with
itself as a parameter.
CONSEQUENCE:
At this point, its the `Precedence` has been
unintentionally sorted. When it loads the
config again, it gives precedence to whichever
file comes first in ascending alphabetical order.
- tools/clientcmd/config.go:192
If the file returned by `GetStartingConfig` has a
different `current-context` than the new config,
it calls `writeCurrentContext` to update the first
kubeconfig file in the `KUBECONFIG` environment
variable.
- tools/clientcmd/config.go:403
Calls `configAccess.GetDefaultFilename` to find the
destination kubeconfig file.
- tools/clientcmd/loader.go:358
Iterates through the kubeconfig files returned by
`GetLoadingPreferences` to find the first file
that exists.
CONSEQUENCE:
With the slice being sorted earlier, the files
returned by this call of `GetLoadingPreferences`
will be sorted alphabetically, rather than by
their intended order.
Kubernetes-commit: ffa084f81129ea685b176a282921c4d54906c539
* Add warning log callback in client-go loading rules
This provides a way to consumers use their own custom warning
mechanisms instead default klog warning.
* Use typed error instead plain string
* Fix interface change in unit test
Kubernetes-commit: 2ea6896f90c8b757d8a247d393b9a13fff2dab58
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Kubernetes-commit: a9593d634c6a053848413e600dadbf974627515f
* Added custom error message when wrong file is provided with KUBECONFIG
* Modified test case
* Updated the code to warn the missing files
* Renamed the variable
Kubernetes-commit: a5eedcde611658c220c56d2819bf0420aded4ed6
An example of incorrect log message:
{
"component":"virtctl",
"level":"info",
"msg":"Config loaded from fileocp/auth/kubeconfig",
"pos":"loader.go:359",
"timestamp":"2019-03-07T18:50:20.923470Z"
}
Note how the resulting message has no characters between the text and
file name.
Kubernetes-commit: 65fb63a15473589f615bdfeb2f35e56414050f94
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
* github.com/kubernetes/repo-infra
* k8s.io/gengo/
* k8s.io/kube-openapi/
* github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods
Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135
Kubernetes-commit: 954996e231074dc7429f7be1256a579bedd8344c
