Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix for gcloud token expiry #3908

Merged
merged 1 commit into from
May 10, 2023
Merged

Fix for gcloud token expiry #3908

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 8 additions & 12 deletions porch/controllers/remoterootsyncsets/pkg/remoteclient/getremoteclient.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,11 +138,11 @@ func (r *RemoteClientGetter) getCCRESTConfig(ctx context.Context, cluster *unstr
func (r *RemoteClientGetter) getConfigConnectorTokenSource(ctx context.Context, ns string) (oauth2.TokenSource, error) {
if os.Getenv("USE_DEV_AUTH") != "" {
klog.Warningf("using default authentication, intended for local development only")
accessToken, err := GetDefaultAccessToken(ctx)
accessTokenSource, err := GetDefaultAccessTokenSource(ctx)
if err != nil {
return nil, err
}
return oauth2.StaticTokenSource(accessToken), nil
return accessTokenSource, nil
}

gvr := schema.GroupVersionResource{
Expand Down Expand Up @@ -422,21 +422,17 @@ func (r *RemoteClientGetter) getHubMembershipRESTConfig(ctx context.Context, clu
return restConfig, nil
}

func GetDefaultAccessToken(ctx context.Context) (*oauth2.Token, error) {
// GetDefaultAccessTokenSource gets the default gcloud access token,
// assuming the user has logged in with gcloud (the application-default context).
// This is intended for local development.
func GetDefaultAccessTokenSource(ctx context.Context) (oauth2.TokenSource, error) {
// Note: Not all tools support specifying the access token, so
// the user still needs to log in with ADC. e.g. terraform
// https://github.com/hashicorp/terraform/issues/21680

accessToken, err := google.DefaultTokenSource(ctx, "https://www.googleapis.com/auth/cloud-platform")
defaultTokenSource, err := google.DefaultTokenSource(ctx, "https://www.googleapis.com/auth/cloud-platform")
if err != nil {
return nil, fmt.Errorf("unable to get default access-token from gcloud: %w", err)
}
token, err := accessToken.Token()
if err != nil {
return nil, fmt.Errorf("unable to get token from token source: %w", err)
}

return &oauth2.Token{
AccessToken: token.AccessToken,
}, nil
return defaultTokenSource, nil
}