Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix kubernetes client patch for RBAC #504

Closed
wants to merge 1 commit into from
Closed

Fix kubernetes client patch for RBAC #504

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 3 additions & 10 deletions control_panel_api/k8s_patch.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,8 @@
from kubernetes.config.kube_config import _is_expired


def load_token(self):
if 'auth-provider' not in self._user:
return

provider = self._user['auth-provider']

if ('name' not in provider
or 'config' not in provider
or provider['name'] != 'oidc'):
def load_token(self, provider):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see that provider was taken out from the self._user['auth-provider'] before but now it's a parameter of load_token() - I can't see the change to the client code calling this tho, what am I missing?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

load_token is a monkey patch for KubeConfigLoad._load_oid_token in the Python Kubernetes client library. They have a fix for the issue in a PR, but it has been waiting to be merged for months. Hopefully they will merge it soon and we can remove this patch.
In the meantime, they changed the signature of _load_oid_token to take the provider dict, so this change is to keep up.

if 'config' not in provider:
return

parts = provider['config']['id-token'].split('.')
Expand All @@ -24,7 +17,7 @@ def load_token(self):
return None

jwt_attributes = json.loads(
base64.b64decode(parts[1] + '==').decode('utf-8')
base64.b64decode(parts[1] + '==')
)

expire = jwt_attributes.get('exp')
Expand Down