Skip to content
This repository has been archived by the owner on Mar 13, 2022. It is now read-only.

Refactor auth-provider code paths a little. Add Azure support. #74

Merged
merged 1 commit into from
Jul 18, 2018
Merged

Refactor auth-provider code paths a little. Add Azure support. #74

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 19 additions & 14 deletions config/kube_config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,23 +178,35 @@ def _load_authentication(self):
"""
if not self._user:
return
if self._load_gcp_token():
if self._load_auth_provider_token():
return
if self._load_user_token():
return
if self._load_oid_token():
return
self._load_user_pass_token()

def _load_gcp_token(self):
def _load_auth_provider_token(self):
if 'auth-provider' not in self._user:
return
provider = self._user['auth-provider']
if 'name' not in provider:
return
if provider['name'] != 'gcp':
if provider['name'] == 'gcp':
return self._load_gcp_token(provider)
if provider['name'] == 'azure':
return self._load_azure_token(provider)
if provider['name'] == 'oidc':
return self._load_oid_token(provider)

def _load_azure_token(self, provider):
if 'config' not in provider:
return
if 'access-token' not in provider['config']:
return
# TODO: Refresh token here...
self.token = 'Bearer %s' % provider['config']['access-token']
return self.token

def _load_gcp_token(self, provider):
if (('config' not in provider) or
('access-token' not in provider['config']) or
('expiry' in provider['config'] and
Expand All @@ -215,15 +227,8 @@ def _refresh_gcp_token(self):
if self._config_persister:
self._config_persister(self._config.value)

def _load_oid_token(self):
if 'auth-provider' not in self._user:
return
provider = self._user['auth-provider']

if 'name' not in provider or 'config' not in provider:
return

if provider['name'] != 'oidc':
def _load_oid_token(self, provider):
if 'config' not in provider:
return

parts = provider['config']['id-token'].split('.')
Expand Down
10 changes: 5 additions & 5 deletions config/kube_config_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -618,7 +618,7 @@ def test_load_gcp_token_no_refresh(self):
active_context="gcp",
get_google_credentials=lambda: _raise_exception(
"SHOULD NOT BE CALLED"))
self.assertTrue(loader._load_gcp_token())
self.assertTrue(loader._load_auth_provider_token())
self.assertEqual(BEARER_TOKEN_FORMAT % TEST_DATA_BASE64,
loader.token)

Expand All @@ -632,7 +632,7 @@ def cred(): return None
active_context="expired_gcp",
get_google_credentials=lambda: cred)
original_expiry = _get_expiry(loader)
self.assertTrue(loader._load_gcp_token())
self.assertTrue(loader._load_auth_provider_token())
new_expiry = _get_expiry(loader)
# assert that the configs expiry actually updates
self.assertTrue(new_expiry > original_expiry)
Expand All @@ -644,7 +644,7 @@ def test_oidc_no_refresh(self):
config_dict=self.TEST_KUBE_CONFIG,
active_context="oidc",
)
self.assertTrue(loader._load_oid_token())
self.assertTrue(loader._load_auth_provider_token())
self.assertEqual(TEST_OIDC_TOKEN, loader.token)

@mock.patch('kubernetes.config.kube_config.OAuth2Session.refresh_token')
Expand All @@ -669,7 +669,7 @@ def test_oidc_with_refresh(self, mock_ApiClient, mock_OAuth2Session):
config_dict=self.TEST_KUBE_CONFIG,
active_context="expired_oidc",
)
self.assertTrue(loader._load_oid_token())
self.assertTrue(loader._load_auth_provider_token())
self.assertEqual("Bearer abc123", loader.token)

@mock.patch('kubernetes.config.kube_config.OAuth2Session.refresh_token')
Expand All @@ -695,7 +695,7 @@ def test_oidc_with_refresh_nocert(
config_dict=self.TEST_KUBE_CONFIG,
active_context="expired_oidc_nocert",
)
self.assertTrue(loader._load_oid_token())
self.assertTrue(loader._load_auth_provider_token())
self.assertEqual("Bearer abc123", loader.token)

def test_user_pass(self):
Expand Down