OpenId token not refreshed if the config is in-memory
ttbadr opened this issue · comments
As title, If we use a in-memory config, the token not refreshed.
I found the method below, it only save the new token when the config is file
@ttbadr : Could you please provide more details? How are OpenID parameters being provided to KubernetesClient (like refresh_token, OpenID identity provider URL, etc)?
@rohanKanojia I think the root cause is here
this method persistKubeConfigWithUpdatedAuthInfo
will be called when the refresh token request success, and persist the new token to the config.
but you can see that if the config is not a file then return, if the config is a file then save the new token to the kubeconfig.
so if the config is in-memory, the new token will be ignore, the next client request will use the old token and fail
@ttbadr : May I know which cluster you're using? It might be difficult for us to reproduce this. Is it possible for you to create a pull request to fix this?
@rohanKanojia I use the k8s, I create a pull request to fix it #5888, can you help to review it. thx
@ttbadr : Thanks a lot! Could you please add a test case to validate your fix? Also, could you please provide more details about your setup? I'm wondering from which source KubernetesClient is fetchin refresh token for performing refresh, it will help us out in doing review.
@rohanKanojia ok, I can add some test cases. Sorry I can't provide the source, It's a internal k8s cluster
@ttbadr : I'm not asking for your cluster details. I'm requesting you to elaborate more on your problem. How is Config loaded by KubernetesClient? Is it via some local .kubeconfig
file or via ConfigBuilder?
@rohanKanojia I build the Kubeclient via ConfigBuilder, the code like below:
Config config = new ConfigBuilder().withAutoConfigure(false)
.withNameSpace(namespace)
.withMasterUrl(url)
.withAutoOAuthToken(token)
.withCaCertData(base64CaData)
.withAuthProvider(new AuthProviderConfigBuilder()
.withName(providerName)
.withConfig(configMap)
.build()).build();
new KubernetesClientBuilder().withConfig(config).build();
btw, I can't find the ConfigBuilder class in the source, is it genarated by some maven task?
@ttbadr: Yes, it's generated using sundrio annotation processor