fix: auto read kubernetes service discovery token

apisix/discovery/kubernetes/init.lua

@@ -283,13 +283,21 @@ local function read_env(key)
     return key
 end
 
+local function read_token(token_file)
+    local token, err = util.read_file(token_file)
+    if err then
+        return nil, err
+    end
+
+    -- remove possible extra whitespace
+    return util.trim(token)
+end
 
 local function get_apiserver(conf)
     local apiserver = {
         schema = "",
         host = "",
         port = "",
-        token = ""
     }
 
     apiserver.schema = conf.service.schema
@@ -319,28 +327,37 @@ local function get_apiserver(conf)
     end
 
     if conf.client.token then
-        apiserver.token, err = read_env(conf.client.token)
+        local token, err = read_env(conf.client.token)
         if err then
             return nil, err
         end
+        apiserver.token = util.trim(token)
     elseif conf.client.token_file and conf.client.token_file ~= "" then
-        local file
-        file, err = read_env(conf.client.token_file)
-        if err then
-            return nil, err
-        end
+        setmetatable(apiserver, {
+            __index = function(_, key)
+                if key ~= "token" then
+                    return
+                end
 
-        apiserver.token, err = util.read_file(file)
-        if err then
-            return nil, err
-        end
+                local token_file, err = read_env(conf.client.token_file)
+                if err then
+                    core.log.error("failed to read token file path: ", err)
+                    return
+                end
+
+                local token, err = read_token(token_file)
+                if err then
+                    core.log.error("failed to read token from file: ", err)
+                    return
+                end
+                core.log.debug("re-read the token value")
+                return token
+            end
+        })
     else
         return nil, "one of [client.token,client.token_file] should be set but none"
     end
 
-    -- remove possible extra whitespace
-    apiserver.token = apiserver.token:gsub("%s+", "")
-
     if apiserver.schema == "https" and apiserver.token == "" then
         return nil, "apiserver.token should set to non-empty string when service.schema is https"
     end

t/kubernetes/discovery/kubernetes.t

@@ -40,6 +40,7 @@ env MyPort=6443;
 env KUBERNETES_SERVICE_HOST=127.0.0.1;
 env KUBERNETES_SERVICE_PORT=6443;
 env KUBERNETES_CLIENT_TOKEN=$::token_value;
+env KUBERNETES_CLIENT_TOKEN_FILE=$::token_file;
 _EOC_
 
     $block->set_value("main_config", $main_config);
@@ -94,6 +95,20 @@ _EOC_
             }
         }
 
+        location /update_token {
+            content_by_lua_block {
+                local token_file = "$::token_file"
+                local file = io.open(token_file, "w")
+                file:write("invalid_token_value")
+                file:close()
+                ngx.sleep(3)
+                file = io.open(token_file, "w")
+                local token_value = [[$::token_value]]
+                file:write(token_value)
+                file:close()
+            }
+        }
+
 _EOC_
 
     $block->set_value("config", $config);
@@ -346,3 +361,27 @@ GET /compare
 Content-type: application/json
 --- response_body
 true
+
+
+
+=== TEST 7: auto read token file before get token value
+--- yaml_config
+apisix:
+  node_listen: 1984
+  config_center: yaml
+deployment:
+  role: data_plane
+  role_data_plane:
+    config_provider: yaml
+discovery:
+  kubernetes:
+    client:
+        token_file: "${KUBERNETES_CLIENT_TOKEN_FILE}"
+--- request
+GET /update_token
+--- log_level: debug
+--- grep_error_log eval
+qr/re-read the token value/
+--- grep_error_log_out
+re-read the token value
+re-read the token value