Merge pull request #96204 from knight42/fix/curl-bearer-token

fix: pass bearer token to curl using --header instead of --oauth2-bearer

hack/lib/util.sh

@@ -45,7 +45,6 @@ kube::util::wait_for_url() {
   local wait=${3:-1}
   local times=${4:-30}
   local maxtime=${5:-1}
-  local extra_args=${6:-}
 
   command -v curl >/dev/null || {
     kube::log::usage "curl must be installed"
@@ -55,9 +54,7 @@ kube::util::wait_for_url() {
   local i
   for i in $(seq 1 "${times}"); do
     local out
-    # shellcheck disable=SC2086
+    if out=$(curl --max-time "${maxtime}" -gkfs "${@:6}" "${url}" 2>/dev/null); then
-    # Disabling because "${extra_args}" needs to allow for expansion here
-    if out=$(curl --max-time "${maxtime}" -gkfs $extra_args "${url}" 2>/dev/null); then
       kube::log::status "On try ${i}, ${prefix}: ${out}"
       return 0
     fi
@@ -75,7 +72,7 @@ kube::util::wait_for_url_with_bearer_token() {
   local times=${5:-30}
   local maxtime=${6:-1}
 
-  kube::util::wait_for_url "${url}" "${prefix}" "${wait}" "${times}" "${maxtime}" "--oauth2-bearer ${token}"
+  kube::util::wait_for_url "${url}" "${prefix}" "${wait}" "${times}" "${maxtime}" -H "Authorization: Bearer ${token}"
 }
 
 # Example:  kube::util::wait_for_success 120 5 "kubectl get nodes|grep localhost"

hack/update-openapi-spec.sh

@@ -97,7 +97,7 @@ fi
 
 kube::log::status "Updating " "${OPENAPI_ROOT_DIR}"
 
-curl -w "\n" -kfs --oauth2-bearer dummy_token "https://${API_HOST}:${API_PORT}/openapi/v2" | jq -S '.info.version="unversioned"' > "${OPENAPI_ROOT_DIR}/swagger.json"
+curl -w "\n" -kfsS -H 'Authorization: Bearer dummy_token' "https://${API_HOST}:${API_PORT}/openapi/v2" | jq -S '.info.version="unversioned"' > "${OPENAPI_ROOT_DIR}/swagger.json"
 
 kube::log::status "SUCCESS"
 

test/cmd/authorization.sh

@@ -30,7 +30,7 @@ run_authorization_tests() {
   kubectl create -f test/fixtures/pkg/kubectl/cmd/create/sar-v1beta1.json --validate=false
 
   SAR_RESULT_FILE="${KUBE_TEMP}/sar-result.json"
-  curl -kfsS -H "Content-Type:" --oauth2-bearer admin-token "https://localhost:${SECURE_API_PORT}/apis/authorization.k8s.io/v1beta1/subjectaccessreviews" -XPOST -d @test/fixtures/pkg/kubectl/cmd/create/sar-v1beta1.json > "${SAR_RESULT_FILE}"
+  curl -kfsS -H "Content-Type:" -H 'Authorization: Bearer admin-token' "https://localhost:${SECURE_API_PORT}/apis/authorization.k8s.io/v1beta1/subjectaccessreviews" -XPOST -d @test/fixtures/pkg/kubectl/cmd/create/sar-v1beta1.json > "${SAR_RESULT_FILE}"
   if grep -q '"allowed": true' "${SAR_RESULT_FILE}"; then
     kube::log::status "\"authorization.k8s.io/subjectaccessreviews\" returns as expected: $(cat "${SAR_RESULT_FILE}")"
   else
@@ -40,7 +40,7 @@ run_authorization_tests() {
   rm "${SAR_RESULT_FILE}"
 
   SAR_RESULT_FILE="${KUBE_TEMP}/sar-result.json"
-  curl -kfsS -H "Content-Type:" --oauth2-bearer admin-token "https://localhost:${SECURE_API_PORT}/apis/authorization.k8s.io/v1/subjectaccessreviews" -XPOST -d @test/fixtures/pkg/kubectl/cmd/create/sar-v1.json > "${SAR_RESULT_FILE}"
+  curl -kfsS -H "Content-Type:" -H 'Authorization: Bearer admin-token' "https://localhost:${SECURE_API_PORT}/apis/authorization.k8s.io/v1/subjectaccessreviews" -XPOST -d @test/fixtures/pkg/kubectl/cmd/create/sar-v1.json > "${SAR_RESULT_FILE}"
   if grep -q '"allowed": true' "${SAR_RESULT_FILE}"; then
     kube::log::status "\"authorization.k8s.io/subjectaccessreviews\" returns as expected: $(cat "${SAR_RESULT_FILE}")"
   else

test/cmd/discovery.sh

@@ -120,7 +120,7 @@ run_swagger_tests() {
 
   # Verify schema
   file="${KUBE_TEMP}/schema.json"
-  curl -kfs --oauth2-bearer admin-token "https://127.0.0.1:${SECURE_API_PORT}/openapi/v2" > "${file}"
+  curl -kfsS -H 'Authorization: Bearer admin-token' "https://127.0.0.1:${SECURE_API_PORT}/openapi/v2" > "${file}"
   grep -q "list of returned" "${file}"
   grep -q "List of services" "${file}"
   grep -q "Watch for changes to the described resources" "${file}"