kubernetes-client
kubernetes-client copied to clipboard
fabric8io
TokenRefreshInterceptor overwrites Oauth token to empty string
Describe the bug
If no auth provider config found or auth provider is not OIDC, the new Config should inherit the oauth token from the old Config, but with currently logic, it'll always be empty.
if (newestConfig.getAuthProvider() != null && newestConfig.getAuthProvider().getName().equalsIgnoreCase("oidc")) {
newAccessToken = OpenIDConnectionUtils.resolveOIDCTokenFromAuthConfig(newestConfig.getAuthProvider().getConfig(),
factory.newBuilder());
} else {
**newAccessToken = CompletableFuture.completedFuture(newestConfig.getOauthToken());** // newAccessToken will always be empty.
}
code link: https://github.com/fabric8io/kubernetes-client/blob/0bd34f8553827ad1e82b3b74b43fb4c33351af93/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/utils/TokenRefreshInterceptor.java#L70-L75
Fabric8 Kubernetes Client version
6.1.1
Steps to reproduce
Config config = new ConfigBuilder().withMasterUrl("https://k8s.url") .withCaCertData("xxx...xxx") .withOauthToken("valid-token") .build(); KubernetesClient client = new KubernetesClientBuilder().withConfig(config).build(); client.apps().deployments().list().getItems().forEach(System.out::println); // works Thread.sleep(2 * 60 * 1000); client.apps().deployments().list().getItems().forEach(System.out::println); // will fail with 401 as TokenRefreshInterceptor will overwrite oauth token to empty string
Expected behavior
If no auth provider config found or auth provider is not OIDC, the new Config should inherit the oauth token from the old Config
Runtime
Kubernetes (vanilla)
Kubernetes API Server version
1.23
Environment
Azure
Fabric8 Kubernetes Client Logs
No response
Additional context
No response
