Skip to content

Commit

Permalink
feat: load service account token from a different path
Browse files Browse the repository at this point in the history
  • Loading branch information
@omerlh
omerlh committed Jan 30, 2024
1 parent 35271d1 commit d21542c
Show file tree
Hide file tree
Showing 2 changed files with 78 additions and 1 deletion.
3 changes: 2 additions & 1 deletion src/config.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -211,6 +211,7 @@ export class KubeConfig {
const clusterName = 'inCluster';
const userName = 'inClusterUser';
const contextName = 'inClusterContext';
const tokenFile = process.env.TOKEN_FILE_PATH ? process.env.TOKEN_FILE_PATH : `${pathPrefix}${Config.SERVICEACCOUNT_TOKEN_PATH}`

let scheme = 'https';
if (port === '80' || port === '8080' || port === '8001') {
Expand All @@ -237,7 +238,7 @@ export class KubeConfig {
authProvider: {
name: 'tokenFile',
config: {
tokenFile: `${pathPrefix}${Config.SERVICEACCOUNT_TOKEN_PATH}`,
tokenFile
},
},
},
Expand Down
76 changes: 76 additions & 0 deletions src/config_test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,81 @@ describe('KubeConfig', () => {
const userOut = kc.getCurrentUser();
expect(userOut).to.equal(user);
});

});

describe('loadFromCluster', () => {
let originalTokenPath: string | undefined;

before(() => {
originalTokenPath = process.env['TOKEN_FILE_PATH'];

delete process.env['TOKEN_FILE_PATH']
})

after(() => {
process.env['TOKEN_FILE_PATH'] = originalTokenPath
})

it('should load from default env vars', () => {
const kc = new KubeConfig();
const cluster = {
name: 'inCluster',
server: 'https://undefined:undefined',
skipTLSVerify: false,
caFile: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt'
} as Cluster;

const user = {
authProvider: {
name: 'tokenFile',
config: {
tokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token'
}
},
name: 'inClusterUser'
} as User;

kc.loadFromCluster();

const clusterOut = kc.getCurrentCluster();

expect(cluster).to.deep.equals(clusterOut)

const userOut = kc.getCurrentUser();
expect(userOut).to.deep.equals(user);
});

it('should support custom token file path', () => {
const kc = new KubeConfig();
process.env['TOKEN_FILE_PATH'] = '/etc/tokenFile'
const cluster = {
name: 'inCluster',
server: 'https://undefined:undefined',
skipTLSVerify: false,
caFile: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt'
} as Cluster;

const user = {
authProvider: {
name: 'tokenFile',
config: {
tokenFile: '/etc/tokenFile'
}
},
name: 'inClusterUser'
} as User;

kc.loadFromCluster();

const clusterOut = kc.getCurrentCluster();

expect(cluster).to.deep.equals(clusterOut)

const userOut = kc.getCurrentUser();
expect(userOut).to.deep.equals(user);
});

});

describe('clusterConstructor', () => {
Expand Down Expand Up @@ -490,6 +565,7 @@ describe('KubeConfig', () => {
originalEnvVars.USERPROFILE = process.env.USERPROFILE;
originalEnvVars.HOMEDRIVE = process.env.HOMEDRIVE;
originalEnvVars.HOMEPATH = process.env.HOMEPATH;


delete process.env.HOME;
delete process.env.USERPROFILE;
Expand Down

0 comments on commit d21542c

Please sign in to comment.