diff --git a/cluster/gce/gci/credential-provider/main.go b/cluster/gce/gci/credential-provider/main.go index 29b1c89db39..79215a4e2ae 100644 --- a/cluster/gce/gci/credential-provider/main.go +++ b/cluster/gce/gci/credential-provider/main.go @@ -30,20 +30,23 @@ import ( credentialproviderv1alpha1 "k8s.io/kubelet/pkg/apis/credentialprovider/v1alpha1" ) +const metadataTokenEndpoint = "http://metadata.google.internal./computeMetadata/v1/instance/service-accounts/default/token" + func main() { - if err := getCredentials(os.Stdout); err != nil { + if err := getCredentials(metadataTokenEndpoint, os.Stdin, os.Stdout); err != nil { klog.Fatalf("failed to get credentials: %v", err) } } -func getCredentials(w io.Writer) error { +func getCredentials(tokenEndpoint string, r io.Reader, w io.Writer) error { provider := &provider{ client: &http.Client{ Timeout: 10 * time.Second, }, + tokenEndpoint: tokenEndpoint, } - data, err := ioutil.ReadAll(os.Stdin) + data, err := ioutil.ReadAll(r) if err != nil { return err } diff --git a/cluster/gce/gci/credential-provider/provider.go b/cluster/gce/gci/credential-provider/provider.go index 3ba61e0557a..caf0fde489f 100644 --- a/cluster/gce/gci/credential-provider/provider.go +++ b/cluster/gce/gci/credential-provider/provider.go @@ -29,8 +29,6 @@ import ( ) const ( - metadataToken = "http://metadata.google.internal./computeMetadata/v1/instance/service-accounts/default/token" - metadataEmail = "http://metadata.google.internal./computeMetadata/v1/instance/service-accounts/default/email" maxReadLength = 10 * 1 << 20 // 10MB ) @@ -57,7 +55,8 @@ type TokenBlob struct { } type provider struct { - client *http.Client + client *http.Client + tokenEndpoint string } func (p *provider) Provide(image string) (map[string]credentialproviderv1alpha1.AuthConfig, error) { @@ -91,7 +90,7 @@ func readURL(url string, client *http.Client) (body []byte, err error) { return nil, err } - rea.Header = &http.Header{ + req.Header = http.Header{ "Metadata-Flavor": []string{"Google"}, }