Merge pull request #33 from iastewar/mock-token

Added an env var to use a mock token instead of fetching the real one

Author: spowelljr

README.md

@@ -5,6 +5,8 @@ A server that includes:
 * A mutating webhook that will patch any newly created service accounts in your Kubernetes cluster with an image pull secret.
 * A thread that monitors namespaces to make sure all namespaces include a image pull secret to be able to pull from GCR and AR.
 
+Setting the environment variable `MOCK_GOOGLE_TOKEN` to `true` will prevent using the google application credentials to fetch the token used for the image pull secret. Instead the token will be mocked.
+
 ## Deployment
 Use the image `gcr.io/k8s-minikube/gcp-auth-webhook` as the image for a Deployment in your Kubernetes manifest and add that to a MutatingWebhookConfiguration. See [minikube](https://github.com/kubernetes/minikube/blob/master/deploy/addons/gcp-auth/gcp-auth-webhook.yaml.tmpl) for details.
 

server.go

@@ -22,6 +22,7 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"strconv"
 	"strings"
 	"time"
 
@@ -31,6 +32,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
+	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/google"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/serializer"
@@ -116,9 +118,16 @@ func createPullSecret(clientset *kubernetes.Clientset, ns *corev1.Namespace, cre
 		}
 	}
 
-	token, err := creds.TokenSource.Token()
-	if err != nil {
-		return err
+	// The MOCK_GOOGLE_TOKEN env var prevents using credentials to fetch the token. Instead the token will be mocked.
+	mockToken, _ := strconv.ParseBool(os.Getenv("MOCK_GOOGLE_TOKEN"))
+	var token *oauth2.Token
+	if mockToken {
+		token = &oauth2.Token{AccessToken: "mock_access_token"}
+	} else {
+		token, err = creds.TokenSource.Token()
+		if err != nil {
+			return err
+		}
 	}
 	var dockercfg string
 	registries := append(gcr_config.DefaultGCRRegistries[:], gcr_config.DefaultARRegistries[:]...)