From 96767a3b8235794e6c1434b163d41b12fb21f68c Mon Sep 17 00:00:00 2001 From: Brendan Burns Date: Fri, 20 Jul 2018 14:33:50 -0700 Subject: [PATCH] Add support for refreshing Azure tokens. --- config/kube_config.py | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/config/kube_config.py b/config/kube_config.py index 4d23977d..ddd3d02b 100644 --- a/config/kube_config.py +++ b/config/kube_config.py @@ -18,7 +18,9 @@ import json import os import tempfile +import time +import adal import google.auth import google.auth.transport.requests import oauthlib.oauth2 @@ -202,10 +204,29 @@ def _load_azure_token(self, provider): return if 'access-token' not in provider['config']: return - # TODO: Refresh token here... + if 'expires-on' in provider['config']: + if int(provider['config']['expires-on']) < time.gmtime(): + self._refresh_azure_token(provider['config']) self.token = 'Bearer %s' % provider['config']['access-token'] return self.token + def _refresh_azure_token(self, config): + tenant = config['tenant-id'] + authority = 'https://login.microsoftonline.com/{}'.format(tenant) + context = adal.AuthenticationContext( + authority, validate_authority=True, + ) + refresh_token = config['refresh-token'] + client_id = config['client-id'] + token_response = context.acquire_token_with_refresh_token( + refresh_token, client_id, '00000002-0000-0000-c000-000000000000') + + provider = self._user['auth-provider']['config'] + provider.value['access-token'] = token_response['accessToken'] + provider.value['expires-on'] = token_response['expiresOn'] + if self._config_persister: + self._config_persister(self._config.value) + def _load_gcp_token(self, provider): if (('config' not in provider) or ('access-token' not in provider['config']) or