From 856607f8bbc9a9eb53fd7626861e784ed47e14aa Mon Sep 17 00:00:00 2001 From: Andre Dietisheim Date: Wed, 21 Aug 2024 19:54:20 +0200 Subject: [PATCH] update token in file listed in KUBECONFIG env var (#6240) Signed-off-by: Andre Dietisheim --- .../io/fabric8/kubernetes/client/Config.java | 81 ++++++++++++++++--- .../client/utils/OpenIDConnectionUtils.java | 3 +- 2 files changed, 72 insertions(+), 12 deletions(-) diff --git a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/Config.java b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/Config.java index 10b1c09f633..a12c46b0f2b 100644 --- a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/Config.java +++ b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/Config.java @@ -119,7 +119,9 @@ public class Config { public static final String KUBERNETES_NAMESPACE_PATH = "/var/run/secrets/kubernetes.io/serviceaccount/namespace"; public static final String KUBERNETES_NAMESPACE_FILE = "kubenamespace"; public static final String KUBERNETES_NAMESPACE_SYSTEM_PROPERTY = "kubernetes.namespace"; + @Deprecated public static final String KUBERNETES_KUBECONFIG_FILE = "kubeconfig"; + public static final String KUBERNETES_KUBECONFIG_FILES = "kubeconfig"; public static final String KUBERNETES_SERVICE_HOST_PROPERTY = "KUBERNETES_SERVICE_HOST"; public static final String KUBERNETES_SERVICE_PORT_PROPERTY = "KUBERNETES_SERVICE_PORT"; public static final String KUBERNETES_SERVICE_ACCOUNT_TOKEN_PATH = "/var/run/secrets/kubernetes.io/serviceaccount/token"; @@ -854,11 +856,12 @@ private static boolean tryKubeConfig(Config config, String context) { if (!Utils.getSystemPropertyOrEnvVar(KUBERNETES_AUTH_TRYKUBECONFIG_SYSTEM_PROPERTY, true)) { return false; } - List kubeConfigFilenames = Arrays.asList(getKubeconfigFilenames()); - if (kubeConfigFilenames.isEmpty()) { + String[] kubeConfigFilenames = getKubeconfigFilenames(); + if (kubeConfigFilenames == null + || kubeConfigFilenames.length == 0) { return false; } - List allKubeConfigFiles = kubeConfigFilenames.stream() + List allKubeConfigFiles = Arrays.stream(kubeConfigFilenames) .map(File::new) .collect(Collectors.toList()); File mainKubeConfig = allKubeConfigFiles.get(0); @@ -934,11 +937,13 @@ public static String getKubeconfigFilename() { public static String[] getKubeconfigFilenames() { String[] fileNames = null; - String fileName = Utils.getSystemPropertyOrEnvVar(KUBERNETES_KUBECONFIG_FILE); - - fileNames = fileName.split(File.pathSeparator); - if (fileNames.length == 0) { - fileNames = new String[] { new File(getHomeDir(), ".kube" + File.separator + "config").toString() }; + String fileName = Utils.getSystemPropertyOrEnvVar(KUBERNETES_KUBECONFIG_FILES); + if (fileName != null + && !fileName.isEmpty()) { + fileNames = fileName.split(File.pathSeparator); + if (fileNames.length == 0) { + fileNames = new String[]{new File(getHomeDir(), ".kube" + File.separator + "config").toString()}; + } } return fileNames; } @@ -1734,17 +1739,73 @@ public NamedContext getCurrentContext() { public void setCurrentContext(NamedContext context) { this.currentContext = context; } - /** * * Returns the path to the file that this configuration was loaded from. Returns {@code null} if no file was used. + * @deprecated use {@link #getFiles} instead. * - * @return the path to the kubeConfig file + * @return the kubeConfig file */ + @Deprecated public File getFile() { return file; } + /** + * Returns the kube config files that are used to configure this client. + * Returns the files that are listed in the KUBERNETES_KUBECONFIG_FILES env or system variables. + * Returns the default kube config file if it's not set'. + * + * @return + */ + public List getFiles() { + return files; + } + + public KubeConfigFile getFile(String username) { + if (username == null + || username.isEmpty()) { + return null; + } + return Arrays.stream(getKubeconfigFilenames()) + .map(filename -> { + try { + return new KubeConfigFile(file, KubeConfigUtils.parseConfig(file)); + } catch (IOException e) { + return null; + } + }) + .filter(entry -> entry != null + && entry.getConfig() != null + && hasAuthInfo(username, entry.getConfig()) + ) + .findFirst() + .orElse(null); + } + + private boolean hasAuthInfo(String username, io.fabric8.kubernetes.api.model.Config kubeConfig) { + return kubeConfig.getUsers().stream() + .anyMatch(namedAuthInfo -> username.equals(namedAuthInfo.getUser().getUsername())); + } + + public static class KubeConfigFile { + private final File file; + private final io.fabric8.kubernetes.api.model.Config config; + + private KubeConfigFile(File file, io.fabric8.kubernetes.api.model.Config config) { + this.file = file; + this.config = config; + } + + public File getFile() { + return file; + } + + public io.fabric8.kubernetes.api.model.Config getConfig() { + return config; + } + } + @JsonIgnore public Readiness getReadiness() { return Readiness.getInstance(); diff --git a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/utils/OpenIDConnectionUtils.java b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/utils/OpenIDConnectionUtils.java index c2ae79374a8..d08fff123fe 100644 --- a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/utils/OpenIDConnectionUtils.java +++ b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/utils/OpenIDConnectionUtils.java @@ -21,7 +21,6 @@ import io.fabric8.kubernetes.api.model.AuthProviderConfig; import io.fabric8.kubernetes.api.model.NamedAuthInfo; import io.fabric8.kubernetes.client.Config; -import io.fabric8.kubernetes.client.Config.KubeConfigFile; import io.fabric8.kubernetes.client.KubernetesClientException; import io.fabric8.kubernetes.client.http.HttpClient; import io.fabric8.kubernetes.client.http.HttpRequest; @@ -202,7 +201,7 @@ private static void persistOAuthTokenToFile(Config currentConfig, String token, if (currentConfig.getFile() != null && currentConfig.getCurrentContext() != null) { try { final String userName = currentConfig.getCurrentContext().getContext().getUser(); - KubeConfigFile kubeConfigFile = currentConfig.getFile(userName); + Config.KubeConfigFile kubeConfigFile = currentConfig.getFile(userName); if (kubeConfigFile == null) { LOGGER.warn("oidc: failure while persisting new tokens into KUBECONFIG: file for user {} not found", userName); return;