Skip to content
This repository was archived by the owner on Mar 13, 2022. It is now read-only.

Commit ee6d367

Browse files
committed
Add support for refreshing Azure tokens.
1 parent 7359cda commit ee6d367

File tree

1 file changed

+22
-1
lines changed

1 file changed

+22
-1
lines changed

config/kube_config.py

+22-1
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,9 @@
1818
import json
1919
import os
2020
import tempfile
21+
import time
2122

23+
import adal
2224
import google.auth
2325
import google.auth.transport.requests
2426
import oauthlib.oauth2
@@ -202,10 +204,29 @@ def _load_azure_token(self, provider):
202204
return
203205
if 'access-token' not in provider['config']:
204206
return
205-
# TODO: Refresh token here...
207+
if 'expires-on' in provider['config']:
208+
if int(provider['config']['expires-on']) < time.gmtime():
209+
self._refresh_azure_token(provider['config'])
206210
self.token = 'Bearer %s' % provider['config']['access-token']
207211
return self.token
208212

213+
def _refresh_azure_token(self, config):
214+
tenant = config['tenant-id']
215+
authority = 'https://login.microsoftonline.com/{}'.format(tenant)
216+
context = adal.AuthenticationContext(
217+
authority, validate_authority=True,
218+
)
219+
refresh_token = config['refresh-token']
220+
client_id = config['client-id']
221+
token_response = context.acquire_token_with_refresh_token(
222+
refresh_token, client_id, '00000002-0000-0000-c000-000000000000')
223+
224+
provider = self._user['auth-provider']['config']
225+
provider.value['access-token'] = token_response['accessToken']
226+
provider.value['expires-on'] = token_response['expiresOn']
227+
if self._config_persister:
228+
self._config_persister(self._config.value)
229+
209230
def _load_gcp_token(self, provider):
210231
if (('config' not in provider) or
211232
('access-token' not in provider['config']) or

0 commit comments

Comments
 (0)