Skip to content
Merged
45 changes: 31 additions & 14 deletions apisix/discovery/kubernetes/init.lua
Original file line number Diff line number Diff line change
Expand Up @@ -283,13 +283,21 @@ local function read_env(key)
return key
end

local function read_token(token_file)
local token, err = util.read_file(token_file)
if err then
return nil, err
end

-- remove possible extra whitespace
return util.trim(token)
end

local function get_apiserver(conf)
local apiserver = {
schema = "",
host = "",
port = "",
token = ""
}

apiserver.schema = conf.service.schema
Expand Down Expand Up @@ -319,28 +327,37 @@ local function get_apiserver(conf)
end

if conf.client.token then
apiserver.token, err = read_env(conf.client.token)
local token, err = read_env(conf.client.token)
if err then
return nil, err
end
apiserver.token = util.trim(token)
elseif conf.client.token_file and conf.client.token_file ~= "" then
local file
file, err = read_env(conf.client.token_file)
if err then
return nil, err
end
setmetatable(apiserver, {
__index = function(_, key)
if key ~= "token" then
return
end

apiserver.token, err = util.read_file(file)
if err then
return nil, err
end
local token_file, err = read_env(conf.client.token_file)
if err then
core.log.error("failed to read token file path: ", err)
return
end

local token, err = read_token(token_file)
if err then
core.log.error("failed to read token from file: ", err)
return
end
core.log.debug("re-read the token value")
return token
end
})
else
return nil, "one of [client.token,client.token_file] should be set but none"
end

-- remove possible extra whitespace
apiserver.token = apiserver.token:gsub("%s+", "")

if apiserver.schema == "https" and apiserver.token == "" then
return nil, "apiserver.token should set to non-empty string when service.schema is https"
end
Expand Down
39 changes: 39 additions & 0 deletions t/kubernetes/discovery/kubernetes.t
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ env MyPort=6443;
env KUBERNETES_SERVICE_HOST=127.0.0.1;
env KUBERNETES_SERVICE_PORT=6443;
env KUBERNETES_CLIENT_TOKEN=$::token_value;
env KUBERNETES_CLIENT_TOKEN_FILE=$::token_file;
_EOC_

$block->set_value("main_config", $main_config);
Expand Down Expand Up @@ -94,6 +95,20 @@ _EOC_
}
}

location /update_token {
content_by_lua_block {
local token_file = "$::token_file"
local file = io.open(token_file, "w")
file:write("invalid_token_value")
file:close()
ngx.sleep(3)
file = io.open(token_file, "w")
local token_value = [[$::token_value]]
file:write(token_value)
file:close()
}
}

_EOC_

$block->set_value("config", $config);
Expand Down Expand Up @@ -346,3 +361,27 @@ GET /compare
Content-type: application/json
--- response_body
true



=== TEST 7: auto read token file before get token value
--- yaml_config
apisix:
node_listen: 1984
config_center: yaml
deployment:
role: data_plane
role_data_plane:
config_provider: yaml
discovery:
kubernetes:
client:
token_file: "${KUBERNETES_CLIENT_TOKEN_FILE}"
--- request
GET /update_token
--- log_level: debug
--- grep_error_log eval
qr/re-read the token value/
--- grep_error_log_out
re-read the token value
re-read the token value
Loading