if (serviceTokenCandidate != null) { LOGGER.debug("Found service account token at: ["+KUBERNETES_SERVICE_ACCOUNT_TOKEN_PATH+"]."); config.setOauthToken(serviceTokenCandidate); String txt = "Configured service account doesn't have access. Service account may have been revoked."; config.getErrorMessages().put(401, "Unauthorized! " + txt);
config.setClientKeyFile(clientKeyFile); config.setClientKeyData(currentAuthInfo.getClientKeyData()); config.setOauthToken(currentAuthInfo.getToken()); config.setUsername(currentAuthInfo.getUsername()); config.setPassword(currentAuthInfo.getPassword()); config.setOauthToken(currentAuthInfo.getAuthProvider().getConfig().get(ACCESS_TOKEN)); } else { // https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins ExecConfig exec = currentAuthInfo.getExec(); config.setOauthToken(ec.status.token); } else { LOGGER.warn("No token returned");
config.setKeyStoreFile(Utils.getSystemPropertyOrEnvVar(KUBERNETES_KEYSTORE_FILE_PROPERTY, config.getKeyStoreFile())); config.setOauthToken(Utils.getSystemPropertyOrEnvVar(KUBERNETES_OAUTH_TOKEN_SYSTEM_PROPERTY, config.getOauthToken())); config.setUsername(Utils.getSystemPropertyOrEnvVar(KUBERNETES_AUTH_BASIC_USERNAME_SYSTEM_PROPERTY, config.getUsername())); config.setPassword(Utils.getSystemPropertyOrEnvVar(KUBERNETES_AUTH_BASIC_PASSWORD_SYSTEM_PROPERTY, config.getPassword()));
private boolean tryServiceAccount(Config config) { LOGGER.debug("Trying to configure client from service account..."); if (Utils.getSystemPropertyOrEnvVar(KUBERNETES_AUTH_TRYSERVICEACCOUNT_SYSTEM_PROPERTY, true)) { boolean serviceAccountCaCertExists = Files.isRegularFile(new File(KUBERNETES_SERVICE_ACCOUNT_CA_CRT_PATH).toPath()); if (serviceAccountCaCertExists) { LOGGER.debug("Found service account ca cert at: ["+KUBERNETES_SERVICE_ACCOUNT_CA_CRT_PATH+"]."); config.setCaCertFile(KUBERNETES_SERVICE_ACCOUNT_CA_CRT_PATH); } else { LOGGER.debug("Did not find service account ca cert at: ["+KUBERNETES_SERVICE_ACCOUNT_CA_CRT_PATH+"]."); } try { String serviceTokenCandidate = new String(Files.readAllBytes(new File(KUBERNETES_SERVICE_ACCOUNT_TOKEN_PATH).toPath())); if (serviceTokenCandidate != null) { LOGGER.debug("Found service account token at: ["+KUBERNETES_SERVICE_ACCOUNT_TOKEN_PATH+"]."); config.setOauthToken(serviceTokenCandidate); String txt = "Configured service account doesn't have access. Service account may have been revoked."; config.getErrorMessages().put(401, "Unauthorized! " + txt); config.getErrorMessages().put(403, "Forbidden!" + txt); return true; } else { LOGGER.debug("Did not find service account token at: ["+KUBERNETES_SERVICE_ACCOUNT_TOKEN_PATH+"]."); } } catch (IOException e) { // No service account token available... LOGGER.warn("Error reading service account token from: ["+KUBERNETES_SERVICE_ACCOUNT_TOKEN_PATH+"]. Ignoring."); } } return false; }
config.setClientKeyFile(absolutify(kubeConfigFile, currentAuthInfo.getClientKey())); config.setClientKeyData(currentAuthInfo.getClientKeyData()); config.setOauthToken(currentAuthInfo.getToken()); config.setUsername(currentAuthInfo.getUsername()); config.setPassword(currentAuthInfo.getPassword()); config.setOauthToken(currentAuthInfo.getAuthProvider().getConfig().get(ACCESS_TOKEN));
private void updateKubeConfig(Config kubeConfig, JsonObject config, K8SDiscovery annotation) { final String user = ConfigurationUtil.getStringConfiguration(config, USER, annotation.user()); final String password = ConfigurationUtil.getStringConfiguration(config, PASSWORD, annotation.password()); final String api_token = ConfigurationUtil.getStringConfiguration(config, API_TOKEN, annotation.api_token()); final String master_url = ConfigurationUtil.getStringConfiguration(config, MASTER_URL, annotation.master_url()); final String namespace = ConfigurationUtil.getStringConfiguration(config, NAMESPACE, annotation.namespace()); if (StringUtil.isNullOrEmpty(kubeConfig.getUsername())) kubeConfig.setUsername(user); if (StringUtil.isNullOrEmpty(kubeConfig.getPassword())) kubeConfig.setPassword(password); if (StringUtil.isNullOrEmpty(kubeConfig.getOauthToken())) kubeConfig.setOauthToken(api_token); if (StringUtil.isNullOrEmpty(kubeConfig.getMasterUrl())) kubeConfig.setMasterUrl(master_url); if (StringUtil.isNullOrEmpty(kubeConfig.getNamespace())) kubeConfig.setNamespace(namespace); // check oauthToken if (StringUtil.isNullOrEmpty(kubeConfig.getOauthToken())) kubeConfig.setOauthToken(TokenUtil.getAccountToken()); } }
config.setUserAgent(Utils.getSystemPropertyOrEnvVar(KUBERNETES_USER_AGENT, config.getUserAgent())); config.setOauthToken(Utils.getSystemPropertyOrEnvVar(KUBERNETES_OAUTH_TOKEN_SYSTEM_PROPERTY, config.getOauthToken())); config.setUsername(Utils.getSystemPropertyOrEnvVar(KUBERNETES_AUTH_BASIC_USERNAME_SYSTEM_PROPERTY, config.getUsername())); config.setPassword(Utils.getSystemPropertyOrEnvVar(KUBERNETES_AUTH_BASIC_PASSWORD_SYSTEM_PROPERTY, config.getPassword()));