Test OIDC without refresh token

dmyerscough · dmyerscough · commit 93e75c9c9e92 · 2017-09-19T13:04:35.000-07:00
diff --git a/config/kube_config.py b/config/kube_config.py
@@ -19,15 +19,15 @@
 import os
 import tempfile
 
+from six import PY3
+
 import google.auth
 import google.auth.transport.requests
 import oauthlib.oauth2
 import urllib3
 import yaml
-from requests_oauthlib import OAuth2Session
-from six import PY3
-
 from kubernetes.client import ApiClient, ConfigurationObject, configuration
+from requests_oauthlib import OAuth2Session
 
 from .config_exception import ConfigException
 from .dateutil import UTC, format_rfc3339, parse_rfc3339
diff --git a/config/kube_config_test.py b/config/kube_config_test.py
@@ -19,9 +19,10 @@
 import tempfile
 import unittest
 
-import yaml
 from six import PY3
 
+import yaml
+
 from .config_exception import ConfigException
 from .dateutil import parse_rfc3339
 from .kube_config import (ConfigNode, FileOrData, KubeConfigLoader,
@@ -58,6 +59,22 @@ def _raise_exception(st):
 # token for me:pass
 TEST_BASIC_TOKEN = "Basic bWU6cGFzcw=="
 
+TEST_OIDC_LOGIN = (
+    "eyJhbGciOiJSUzI1NiIsImtpZCI6ImVmM2Y0NjIxODhiNjhhMzY2YjQ1MWE0YjkwY2UxYjYyY"
+    "mEyYzliNDkifQ.eyJpc3MiOiJodHRwczovL2V4YW1wbGUudXMtd2VzdC0xLmF3cy5uZXQvaWR"
+    "lbnRpdHkiLCJzdWIiOiJBQUFBQUFBQUFBQUEiLCJhdWQiOiJ0ZWN0b25pYy1rdWJlY3RsIiwi"
+    "ZXhwIjoxMDM4MjI1NjAwMCwiaWF0IjoxMDM4MjI1NjAwMCwiYXRfaGFzaCI6IlhYWFhYWF9YW"
+    "FhYWFhYIiwiZW1haWwiOiJkYW1pYW4ubXllcnNjb3VnaEBnbWFpbC5jb20iLCJlbWFpbF92ZX"
+    "JpZmllZCI6dHJ1ZSwiZ3JvdXBzIjpbInRlYW0taW5mcmEiXSwibmFtZSI6IkRhbWlhbiBNeWV"
+    "yc2NvdWdoIn0=.BZwpd0_hKYMIaYRj88QjPTrg8JFtaiyVXOqLgKkJHBVzivdzs9JjM9jvV3q"
+    "zj2DUwaeGeAZqxlbmwEXXePU-jFg70HGo7FDq4G29x516XNZWW2BaelcevFPspcIJTQ92VhYZ"
+    "vCiWp8r7SmhZ1TSss3nmuDHn3FTdasqUm22LJOqCfCDaOOf_Uq3uP0zHj4UHJAqvgMfw1j5tZ"
+    "XTYJ613vGGPkCz_K1Jnv6YIxVVnuZM3PyNNdSXQl5_GM01Zf5wJCgqMdRZ01ZrWhOda6wzlKr"
+    "h7TClbW12_vMo56aOj9HOAjhKyjcbLHjIWAWqmt3nmhwkzf8sYc9-WpscPTNalsQ"
+)
+
+TEST_OIDC_TOKEN = "Bearer %s" % TEST_OIDC_LOGIN
+
 TEST_SSL_HOST = "https://test-host"
 TEST_CERTIFICATE_AUTH = "cert-auth"
 TEST_CERTIFICATE_AUTH_BASE64 = _base64(TEST_CERTIFICATE_AUTH)
@@ -317,6 +334,13 @@ class TestKubeConfigLoader(BaseTestCase):
                     "user": "expired_gcp"
                 }
             },
+            {
+                "name": "oidc",
+                "context": {
+                    "cluster": "default",
+                    "user": "oidc"
+                }
+            },
             {
                 "name": "user_pass",
                 "context": {
@@ -434,6 +458,17 @@ class TestKubeConfigLoader(BaseTestCase):
                     "password": TEST_PASSWORD,  # should be ignored
                 }
             },
+            {
+                "name": "oidc",
+                "user": {
+                    "auth-provider": {
+                        "name": "oidc",
+                        "config": {
+                            "id-token": TEST_OIDC_LOGIN
+                        }
+                    }
+                }
+            },
             {
                 "name": "user_pass",
                 "user": {
@@ -531,6 +566,14 @@ def cred(): return None
         self.assertEqual(BEARER_TOKEN_FORMAT % TEST_ANOTHER_DATA_BASE64,
                          loader.token)
 
+    def test_oidc_no_refresh(self):
+        loader = KubeConfigLoader(
+            config_dict=self.TEST_KUBE_CONFIG,
+            active_context="oidc",
+        )
+        self.assertTrue(loader._load_oid_token())
+        self.assertEqual(TEST_OIDC_TOKEN, loader.token)
+
     def test_user_pass(self):
         expected = FakeConfig(host=TEST_HOST, token=TEST_BASIC_TOKEN)
         actual = FakeConfig()
