Skip to content
This repository has been archived by the owner on Mar 13, 2022. It is now read-only.

set expiration on token of incluster config and reload if expires #191

Merged
merged 1 commit into from
Apr 27, 2020
Merged

set expiration on token of incluster config and reload if expires #191

merged 1 commit into from
Apr 27, 2020

Conversation

zshihang
Copy link
Contributor

@zshihang zshihang commented Apr 13, 2020
edited
Loading

fixes kubernetes-client/python/issues/616. by default, this will set an expiration period of 1 minutes on service account token. as we are graduating the Beta feature Projected Service Account Volume to GA, we expect clients to reload token before it expires.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Apr 13, 2020
@k8s-ci-robot
Copy link
Contributor

Welcome @zshihang!

It looks like this is your first PR to kubernetes-client/python-base 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-client/python-base has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot k8s-ci-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Apr 13, 2020
@roycaihw
Copy link
Member

/cc

@zshihang
Copy link
Contributor Author

/assign @roycaihw

@codecov-io
Copy link

Codecov Report

Merging #191 into master will increase coverage by 0.00%.
The diff coverage is 81.25%.

Impacted file tree graph

@@           Coverage Diff           @@
##           master     #191   +/-   ##
=======================================
  Coverage   92.23%   92.24%           
=======================================
  Files          13       13           
  Lines        1481     1521   +40     
=======================================
+ Hits         1366     1403   +37     
- Misses        115      118    +3
Impacted Files Coverage Δ
config/incluster_config_test.py 91.83% <75.00%> (-5.47%) ⬇️
config/incluster_config.py 93.65% <87.50%> (+8.54%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b87a5fe...3cfc41e. Read the comment docs.

roycaihw
roycaihw reviewed Apr 27, 2020
View reviewed changes
Copy link
Member

@roycaihw roycaihw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

config/incluster_config.py
if identifier == 'authorization' and identifier in self.api_key and in_cluster_config.token_expires_at <= datetime.datetime.now():
in_cluster_config._read_token_file()
self.api_key[identifier] = "bearer " + in_cluster_config.token
return f(self, identifier)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: I'm a little concerned what if someone calls load_and_set more than once in the same program. Will we end up with nested if conditions?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good point. i assumed load_and_set will only be called once. maybe enforce this restriction in a separate PR

@k8s-ci-robot k8s-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Apr 27, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: roycaihw, zshihang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 27, 2020
@k8s-ci-robot k8s-ci-robot merged commit bf5c599 into kubernetes-client:master Apr 27, 2020
@zshihang zshihang mentioned this pull request May 5, 2020
Merged
@AlexisZam AlexisZam mentioned this pull request Nov 10, 2022
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@roycaihw roycaihw roycaihw left review comments

@yliaog yliaog Awaiting requested review from yliaog

Assignees

@roycaihw roycaihw

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm Indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

periodically reload InClusterConfig token
4 participants
@zshihang @k8s-ci-robot @roycaihw @codecov-io