Remove partial application chains

Author: akshaymankar

kubernetes-client/src/Kubernetes/Client/Auth/OIDC.hs

@@ -72,15 +72,16 @@ getToken auth@(OIDCAuth{..}) = do
   case maybeIdToken of
     Nothing -> fetchToken auth
     Just idToken -> do
-      let maybeExp = decodeClaims (Text.encodeUtf8 idToken)
-                   & rightToMaybe
-                   & fmap snd
-                   & (>>= jwtExp)
-      case maybeExp of
+      let maybeExpiry = do
+            (_, claims) <- decodeClaims (Text.encodeUtf8 idToken)
+                           & rightToMaybe
+            jwtExp claims
+      case maybeExpiry of
         Nothing -> fetchToken auth
-        Just (IntDate expiryDate) -> if now < expiryDate
-                                     then pure idToken
-                                     else fetchToken auth
+        Just (IntDate expiryDate) ->
+          if now < expiryDate
+          then pure idToken
+          else fetchToken auth
 
 fetchToken :: OIDCAuth -> IO Text
 fetchToken auth@(OIDCAuth{..}) = do
@@ -178,7 +179,6 @@ parseCAData :: TLS.ClientParams -> Map Text Text -> Maybe (IO (Either ParseCertE
 parseCAData tlsParams authInfo = do
   caBase64 <- Map.lookup "idp-certificate-authority-data" authInfo
   Just $ pure $ do
-    caText <- Text.encodeUtf8 caBase64
-              & B64.decode
+    caText <- B64.decode (Text.encodeUtf8 caBase64)
               & mapLeft Base64ParsingFailed
     updateClientParams tlsParams caText

kubernetes-client/src/Kubernetes/Client/Config.hs

@@ -68,17 +68,13 @@ mkKubeClientConfig
   -> KubeConfigSource
   -> IO (NH.Manager, K.KubernetesClientConfig)
 mkKubeClientConfig oidcCache (KubeConfigFile f) = do
-  kubeConfigFile <- decodeFileThrow f
-  masterURI <- getCluster kubeConfigFile
-         & fmap server
-         & either (const $ pure "localhost:8080") return
-  tlsParams <- defaultTLSClientParams
-               & fmap (tlsValidation kubeConfigFile)
-               & (>>= (addCACertData kubeConfigFile))
-               & (>>= addCACertFile kubeConfigFile (takeDirectory f))
+  kubeConfig <- decodeFileThrow f
+  masterURI <-  server <$> getCluster kubeConfig
+                & either (const $ pure "localhost:8080") return
+  tlsParams <- configureTLSParams kubeConfig (takeDirectory f)
   clientConfig <- K.newConfig & fmap (setMasterURI masterURI)
   (tlsParamsWithAuth, clientConfigWithAuth) <-
-    case getAuthInfo kubeConfigFile of
+    case getAuthInfo kubeConfig of
       Left _          -> return (tlsParams,clientConfig)
       Right (_, auth) -> applyAuthSettings oidcCache auth (tlsParams, clientConfig)
   mgr <- newManager tlsParamsWithAuth
@@ -112,6 +108,13 @@ newManager cp = NH.newManager (mkManagerSettings (TLSSettings cp) Nothing)
 serviceAccountDir :: FilePath
 serviceAccountDir = "/var/run/secrets/kubernetes.io/serviceaccount"
 
+configureTLSParams :: Config -> FilePath -> IO TLS.ClientParams
+configureTLSParams cfg dir = do
+  defaultTLS <- defaultTLSClientParams
+  withCACertData <- addCACertData cfg defaultTLS
+  withCACertFile <- addCACertFile cfg dir withCACertData
+  return $ tlsValidation cfg withCACertFile
+
 tlsValidation :: Config -> TLS.ClientParams -> TLS.ClientParams
 tlsValidation cfg tlsParams =
   case getCluster cfg of