Skip to content

Commit d796c4b

Browse files
brendandburnsbrendandburns
committed
Fix exec auth and add better tests.
1 parent d90e420 commit d796c4b

File tree

2 files changed

+21
-2
lines changed

2 files changed

+21
-2
lines changed

src/config_test.ts

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -685,7 +685,13 @@ describe('KubeConfig', () => {
685685
it('should exec with exec auth', () => {
686686
const config = new KubeConfig();
687687
const token = 'token';
688-
const responseStr = `'{ "token": "${token}" }'`;
688+
const responseStr = `'{
689+
"apiVersion": "client.authentication.k8s.io/v1beta1",
690+
"kind": "ExecCredential",
691+
"status": {
692+
"token": "${token}"
693+
}
694+
}'`;
689695
config.loadFromClusterAndUser(
690696
{ skipTLSVerify: false } as Cluster,
691697
{

src/exec_auth.ts

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,12 +4,25 @@ import { Authenticator } from './auth';
44
import { User } from './config_types';
55

66
export class ExecAuth implements Authenticator {
7+
private tokenCache: any = {};
8+
79
public isAuthProvider(user: User) {
810
return user.authProvider.name === 'exec' ||
911
(user.authProvider.config && user.authProvider.config.exec);
1012
}
1113

1214
public getToken(user: User): string | null {
15+
// TODO: Handle client cert auth here, requires auth refactor.
16+
// See https://kubernetes.io/docs/reference/access-authn-authz/authentication/#input-and-output-formats
17+
// for details on this protocol.
18+
const cachedToken = this.tokenCache[user.name];
19+
if (cachedToken) {
20+
const date = Date.parse(cachedToken.status.expirationTimestamp);
21+
if (date < Date.now()) {
22+
return cachedToken.status.token;
23+
}
24+
this.tokenCache[user.name] = null;
25+
}
1326
const config = user.authProvider.config;
1427
if (!config.exec.command) {
1528
throw new Error('No command was specified for exec authProvider!');
@@ -27,7 +40,7 @@ export class ExecAuth implements Authenticator {
2740
const result = shell.exec(cmd, opts);
2841
if (result.code === 0) {
2942
const obj = JSON.parse(result.stdout);
30-
return `Bearer ${obj.token}`;
43+
return `Bearer ${obj.status.token}`;
3144
}
3245
throw new Error(result.stderr);
3346
}

0 commit comments

Comments
 (0)