From 5a9af2e0efeaff77e0337d76f78dd38a864a1ea4 Mon Sep 17 00:00:00 2001
From: Jake Sanders <jsand@google.com>
Date: Fri, 24 May 2019 12:10:57 -0700
Subject: [PATCH] specify additional static auth for components by env var

---
 cluster/gce/gci/configure-helper.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/cluster/gce/gci/configure-helper.sh b/cluster/gce/gci/configure-helper.sh
index fa66c8e895c..37190119ef4 100644
--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@@ -611,6 +611,15 @@ function create-master-auth {
   if [[ -n "${ADDON_MANAGER_TOKEN:-}" ]]; then
     append_or_replace_prefixed_line "${known_tokens_csv}" "${ADDON_MANAGER_TOKEN},"   "system:addon-manager,uid:system:addon-manager,system:masters"
   fi
+  if [[ -n "${EXTRA_STATIC_AUTH_COMPONENTS:-}" ]]; then
+    # Create a static Bearer token and kubeconfig for extra, comma-separated components.
+    IFS="," read -r -a extra_components <<< "${EXTRA_STATIC_AUTH_COMPONENTS:-}"
+    for extra_component in "${extra_components[@]}"; do
+      local token="$(secure_random 32)"
+      append_or_replace_prefixed_line "${known_tokens_csv}" "${token}," "system:${extra_component},uid:system:${extra_component}"
+      create-kubeconfig "${extra_component}" "${token}"
+    done
+  fi
   local use_cloud_config="false"
   cat <<EOF >/etc/gce.conf
 [global]