github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 21:47:07 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #70606 from mikedanese/tfreload

Browse Source 
periodically reload tokens read from TokenFile in kubeconfig
This commit is contained in:
k8s-ci-robot 2018-11-05 20:59:38 -08:00 committed by GitHub
commit 710bfb440e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
staging/src/k8s.io/client-go/rest/config.go
View File

@ -322,7 +322,7 @@ func InClusterConfig() (*Config, error) {
return nil, ErrNotInCluster return nil, ErrNotInCluster
} }
ts := newCachedPathTokenSource(tokenFile) ts := NewCachedFileTokenSource(tokenFile)
if _, err := ts.Token(); err != nil { if _, err := ts.Token(); err != nil {
return nil, err return nil, err

4
staging/src/k8s.io/client-go/rest/token_source.go
View File

@ -42,7 +42,9 @@ func TokenSourceWrapTransport(ts oauth2.TokenSource) func(http.RoundTripper) htt
} }
} }
func newCachedPathTokenSource(path string) oauth2.TokenSource { // NewCachedFileTokenSource returns a oauth2.TokenSource reads a token from a
// file at a specified path and periodically reloads it.
func NewCachedFileTokenSource(path string) oauth2.TokenSource {
return &cachingTokenSource{ return &cachingTokenSource{
now: time.Now, now: time.Now,
leeway: 1 * time.Minute, leeway: 1 * time.Minute,

6
staging/src/k8s.io/client-go/tools/clientcmd/client_config.go
View File

@ -229,11 +229,11 @@ func (config *DirectClientConfig) getUserIdentificationPartialConfig(configAuthI
if len(configAuthInfo.Token) > 0 { if len(configAuthInfo.Token) > 0 {
mergedConfig.BearerToken = configAuthInfo.Token mergedConfig.BearerToken = configAuthInfo.Token
} else if len(configAuthInfo.TokenFile) > 0 { } else if len(configAuthInfo.TokenFile) > 0 {
tokenBytes, err := ioutil.ReadFile(configAuthInfo.TokenFile) ts := restclient.NewCachedFileTokenSource(configAuthInfo.TokenFile)
if err != nil { if _, err := ts.Token(); err != nil {
return nil, err return nil, err
} }
mergedConfig.BearerToken = string(tokenBytes) mergedConfig.WrapTransport = restclient.TokenSourceWrapTransport(ts)
} }
if len(configAuthInfo.Impersonate) > 0 { if len(configAuthInfo.Impersonate) > 0 {
mergedConfig.Impersonate = restclient.ImpersonationConfig{ mergedConfig.Impersonate = restclient.ImpersonationConfig{

16
staging/src/k8s.io/client-go/tools/clientcmd/client_config_test.go
View File

@ -18,12 +18,14 @@ package clientcmd
import ( import (
"io/ioutil" "io/ioutil"
"net/http"
"os" "os"
"reflect" "reflect"
"strings" "strings"
"testing" "testing"
"github.com/imdario/mergo" "github.com/imdario/mergo"
restclient "k8s.io/client-go/rest" restclient "k8s.io/client-go/rest"
clientcmdapi "k8s.io/client-go/tools/clientcmd/api" clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
) )
@ -332,7 +334,19 @@ func TestBasicTokenFile(t *testing.T) {
t.Fatalf("Unexpected error: %v", err) t.Fatalf("Unexpected error: %v", err)
} }
matchStringArg(token, clientConfig.BearerToken, t) var out *http.Request
clientConfig.WrapTransport(fakeTransport(func(req *http.Request) (*http.Response, error) {
out = req
return &http.Response{}, nil
})).RoundTrip(&http.Request{})
matchStringArg(token, strings.TrimPrefix(out.Header.Get("Authorization"), "Bearer "), t)
}
type fakeTransport func(*http.Request) (*http.Response, error)
func (ft fakeTransport) RoundTrip(req *http.Request) (*http.Response, error) {
return ft(req)
} }
func TestPrecedenceTokenFile(t *testing.T) { func TestPrecedenceTokenFile(t *testing.T) {