mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 19:56:01 +00:00
Merge pull request #70606 from mikedanese/tfreload
periodically reload tokens read from TokenFile in kubeconfig
This commit is contained in:
commit
710bfb440e
@ -322,7 +322,7 @@ func InClusterConfig() (*Config, error) {
|
|||||||
return nil, ErrNotInCluster
|
return nil, ErrNotInCluster
|
||||||
}
|
}
|
||||||
|
|
||||||
ts := newCachedPathTokenSource(tokenFile)
|
ts := NewCachedFileTokenSource(tokenFile)
|
||||||
|
|
||||||
if _, err := ts.Token(); err != nil {
|
if _, err := ts.Token(); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -42,7 +42,9 @@ func TokenSourceWrapTransport(ts oauth2.TokenSource) func(http.RoundTripper) htt
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func newCachedPathTokenSource(path string) oauth2.TokenSource {
|
// NewCachedFileTokenSource returns a oauth2.TokenSource reads a token from a
|
||||||
|
// file at a specified path and periodically reloads it.
|
||||||
|
func NewCachedFileTokenSource(path string) oauth2.TokenSource {
|
||||||
return &cachingTokenSource{
|
return &cachingTokenSource{
|
||||||
now: time.Now,
|
now: time.Now,
|
||||||
leeway: 1 * time.Minute,
|
leeway: 1 * time.Minute,
|
||||||
|
@ -229,11 +229,11 @@ func (config *DirectClientConfig) getUserIdentificationPartialConfig(configAuthI
|
|||||||
if len(configAuthInfo.Token) > 0 {
|
if len(configAuthInfo.Token) > 0 {
|
||||||
mergedConfig.BearerToken = configAuthInfo.Token
|
mergedConfig.BearerToken = configAuthInfo.Token
|
||||||
} else if len(configAuthInfo.TokenFile) > 0 {
|
} else if len(configAuthInfo.TokenFile) > 0 {
|
||||||
tokenBytes, err := ioutil.ReadFile(configAuthInfo.TokenFile)
|
ts := restclient.NewCachedFileTokenSource(configAuthInfo.TokenFile)
|
||||||
if err != nil {
|
if _, err := ts.Token(); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
mergedConfig.BearerToken = string(tokenBytes)
|
mergedConfig.WrapTransport = restclient.TokenSourceWrapTransport(ts)
|
||||||
}
|
}
|
||||||
if len(configAuthInfo.Impersonate) > 0 {
|
if len(configAuthInfo.Impersonate) > 0 {
|
||||||
mergedConfig.Impersonate = restclient.ImpersonationConfig{
|
mergedConfig.Impersonate = restclient.ImpersonationConfig{
|
||||||
|
@ -18,12 +18,14 @@ package clientcmd
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
"reflect"
|
"reflect"
|
||||||
"strings"
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/imdario/mergo"
|
"github.com/imdario/mergo"
|
||||||
|
|
||||||
restclient "k8s.io/client-go/rest"
|
restclient "k8s.io/client-go/rest"
|
||||||
clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
|
clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
|
||||||
)
|
)
|
||||||
@ -332,7 +334,19 @@ func TestBasicTokenFile(t *testing.T) {
|
|||||||
t.Fatalf("Unexpected error: %v", err)
|
t.Fatalf("Unexpected error: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
matchStringArg(token, clientConfig.BearerToken, t)
|
var out *http.Request
|
||||||
|
clientConfig.WrapTransport(fakeTransport(func(req *http.Request) (*http.Response, error) {
|
||||||
|
out = req
|
||||||
|
return &http.Response{}, nil
|
||||||
|
})).RoundTrip(&http.Request{})
|
||||||
|
|
||||||
|
matchStringArg(token, strings.TrimPrefix(out.Header.Get("Authorization"), "Bearer "), t)
|
||||||
|
}
|
||||||
|
|
||||||
|
type fakeTransport func(*http.Request) (*http.Response, error)
|
||||||
|
|
||||||
|
func (ft fakeTransport) RoundTrip(req *http.Request) (*http.Response, error) {
|
||||||
|
return ft(req)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestPrecedenceTokenFile(t *testing.T) {
|
func TestPrecedenceTokenFile(t *testing.T) {
|
||||||
|
Loading…
Reference in New Issue
Block a user