OpenId token not refreshed if the config is in-memory about kubernetes-client HOT 10 CLOSED

@ttbadr : Could you please provide more details? How are OpenID parameters being provided to KubernetesClient (like refresh_token, OpenID identity provider URL, etc)?

from kubernetes-client.

@rohanKanojia I use the k8s, I create a pull request to fix it #5888, can you help to review it. thx

from kubernetes-client.

@rohanKanojia I build the Kubeclient via ConfigBuilder, the code like below:

Config config = new ConfigBuilder().withAutoConfigure(false)
        .withNameSpace(namespace)
        .withMasterUrl(url)
        .withAutoOAuthToken(token)
        .withCaCertData(base64CaData)
        .withAuthProvider(new AuthProviderConfigBuilder()
                .withName(providerName)
                .withConfig(configMap)
                .build()).build();
new KubernetesClientBuilder().withConfig(config).build();

btw, I can't find the ConfigBuilder class in the source, is it genarated by some maven task?

from kubernetes-client.

@rohanKanojia I think the root cause is here
this method persistKubeConfigWithUpdatedAuthInfo will be called when the refresh token request success, and persist the new token to the config.
but you can see that if the config is not a file then return, if the config is a file then save the new token to the kubeconfig.
so if the config is in-memory, the new token will be ignore, the next client request will use the old token and fail

from kubernetes-client.

@ttbadr : May I know which cluster you're using? It might be difficult for us to reproduce this. Is it possible for you to create a pull request to fix this?

from kubernetes-client.

@ttbadr : Thanks a lot! Could you please add a test case to validate your fix? Also, could you please provide more details about your setup? I'm wondering from which source KubernetesClient is fetchin refresh token for performing refresh, it will help us out in doing review.

from kubernetes-client.

@rohanKanojia ok, I can add some test cases. Sorry I can't provide the source, It's a internal k8s cluster

from kubernetes-client.

@ttbadr : I'm not asking for your cluster details. I'm requesting you to elaborate more on your problem. How is Config loaded by KubernetesClient? Is it via some local .kubeconfig file or via ConfigBuilder?

from kubernetes-client.

@ttbadr: Yes, it's generated using sundrio annotation processor

from kubernetes-client.

After working on the refactor of the OpenIDConnectionUtils, I'm noticing that these changes might actually create a regression for #4802 which was fixed by #4951

Please, @Vlatombe, could you review #5888 and verify it won't cause a regression for your use cases.

from kubernetes-client.