kubernetes-client/python
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor auth-provider code paths a little. Add Azure support.

Browse Source
This commit is contained in:
Brendan Burns 2018-07-14 06:53:53 -07:00
parent 595ee0d23b
commit 1be91e32bc
2 changed files with 25 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
config/kube_config.py
View File

@ -178,23 +178,35 @@ class KubeConfigLoader(object):
"""
if not self._user:
return
if self._load_gcp_token():
if self._load_auth_provider_token():
return
if self._load_user_token():
return
if self._load_oid_token():
return
self._load_user_pass_token()
def _load_gcp_token(self):
def _load_auth_provider_token(self):
if 'auth-provider' not in self._user:
return
provider = self._user['auth-provider']
if 'name' not in provider:
return
if provider['name'] != 'gcp':
return
if provider['name'] == 'gcp':
return self._load_gcp_token(provider)
if provider['name'] == 'azure':
return self._load_azure_token(provider)
if provider['name'] == 'oidc':
return self._load_oid_token(provider)
def _load_azure_token(self, provider):
if 'config' not in provider:
return
if 'access-token' not in provider['config']:
return
# TODO: Refresh token here...
self.token = 'Bearer %s' % provider['config']['access-token']
return self.token
def _load_gcp_token(self, provider):
if (('config' not in provider) or
('access-token' not in provider['config']) or
('expiry' in provider['config'] and
@ -215,15 +227,8 @@ class KubeConfigLoader(object):
if self._config_persister:
self._config_persister(self._config.value)
def _load_oid_token(self):
if 'auth-provider' not in self._user:
return
provider = self._user['auth-provider']
if 'name' not in provider or 'config' not in provider:
return
if provider['name'] != 'oidc':
def _load_oid_token(self, provider):
if 'config' not in provider:
return
parts = provider['config']['id-token'].split('.')

10
config/kube_config_test.py
View File

@ -618,7 +618,7 @@ class TestKubeConfigLoader(BaseTestCase):
active_context="gcp",
get_google_credentials=lambda: _raise_exception(
"SHOULD NOT BE CALLED"))
self.assertTrue(loader._load_gcp_token())
self.assertTrue(loader._load_auth_provider_token())
self.assertEqual(BEARER_TOKEN_FORMAT % TEST_DATA_BASE64,
loader.token)
@ -632,7 +632,7 @@ class TestKubeConfigLoader(BaseTestCase):
active_context="expired_gcp",
get_google_credentials=lambda: cred)
original_expiry = _get_expiry(loader)
self.assertTrue(loader._load_gcp_token())
self.assertTrue(loader._load_auth_provider_token())
new_expiry = _get_expiry(loader)
# assert that the configs expiry actually updates
self.assertTrue(new_expiry > original_expiry)
@ -644,7 +644,7 @@ class TestKubeConfigLoader(BaseTestCase):
config_dict=self.TEST_KUBE_CONFIG,
active_context="oidc",
)
self.assertTrue(loader._load_oid_token())
self.assertTrue(loader._load_auth_provider_token())
self.assertEqual(TEST_OIDC_TOKEN, loader.token)
@mock.patch('kubernetes.config.kube_config.OAuth2Session.refresh_token')
@ -669,7 +669,7 @@ class TestKubeConfigLoader(BaseTestCase):
config_dict=self.TEST_KUBE_CONFIG,
active_context="expired_oidc",
)
self.assertTrue(loader._load_oid_token())
self.assertTrue(loader._load_auth_provider_token())
self.assertEqual("Bearer abc123", loader.token)
@mock.patch('kubernetes.config.kube_config.OAuth2Session.refresh_token')
@ -695,7 +695,7 @@ class TestKubeConfigLoader(BaseTestCase):
config_dict=self.TEST_KUBE_CONFIG,
active_context="expired_oidc_nocert",
)
self.assertTrue(loader._load_oid_token())
self.assertTrue(loader._load_auth_provider_token())
self.assertEqual("Bearer abc123", loader.token)
def test_user_pass(self):