Add the ability to inject authenticators.

Author: brendandburns

src/config.ts

@@ -65,6 +65,12 @@ export class KubeConfig implements SecurityAuthentication {
         new OpenIDConnectAuth(),
     ];
 
+    // Optionally add additional external authenticators, you must do this
+    // before you load a kubeconfig file that references them.
+    public static addAuthenticator(authenticator: Authenticator): void {
+        this.authenticators.push(authenticator);
+    }
+
     /**
      * The list of all known clusters
      */

src/config_test.ts

@@ -9,6 +9,7 @@ import { mock } from 'node:test';
 
 import mockfs from 'mock-fs';
 
+import { Authenticator } from './auth.js';
 import { Headers } from 'node-fetch';
 import { HttpMethod } from './index.js';
 import { assertRequestAgentsEqual, assertRequestOptionsEqual } from './test/match-buffer.js';
@@ -1703,5 +1704,45 @@ describe('KubeConfig', () => {
             }
             validateFileLoad(kc);
         });
+
+        it('should inject a custom Authenticator', async () => {
+            class CustomAuthenticator implements Authenticator {
+                public isAuthProvider(user: User): boolean {
+                    return user.authProvider === 'custom';
+                }
+
+                public async applyAuthentication(user: User, opts: RequestOptions): Promise<void> {
+                    if (user.authProvider === 'custom') {
+                        // Simulate token retrieval
+                        const token = 'test-token';
+                        opts.headers = opts.headers || {};
+                        opts.headers.Authorization = `Bearer ${token}`;
+                    } else {
+                        throw new Error('No custom configuration found');
+                    }
+                }
+            }
+
+            const customAuthenticator = new CustomAuthenticator();
+            KubeConfig.addAuthenticator(customAuthenticator);
+            const kc = new KubeConfig();
+
+            const cluster: Cluster = {
+                name: 'test-cluster',
+                server: 'https://localhost:6443',
+                skipTLSVerify: false,
+            };
+            const user: User = {
+                name: 'test-user',
+                authProvider: 'custom',
+            };
+
+            kc.loadFromClusterAndUser(cluster, user);
+
+            const opts: RequestOptions = {};
+            await kc.applyToHTTPSOptions(opts);
+
+            strictEqual(opts.headers!.Authorization, 'Bearer test-token');
+        });
     });
 });