Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TokenRefreshInterceptor overwrites Oauth token to empty string #4442

Closed
precompiler opened this issue Sep 22, 2022 · 0 comments · Fixed by #4461
Closed

TokenRefreshInterceptor overwrites Oauth token to empty string #4442

precompiler opened this issue Sep 22, 2022 · 0 comments · Fixed by #4461
Assignees
@manusa
Labels
bug
Milestone
6.2.0

Comments

@precompiler
Copy link

precompiler commented Sep 22, 2022
edited

Describe the bug

If no auth provider config found or auth provider is not OIDC, the new Config should inherit the oauth token from the old Config, but with current logic, it'll always be empty.

if (newestConfig.getAuthProvider() != null && newestConfig.getAuthProvider().getName().equalsIgnoreCase("oidc")) {
  newAccessToken = OpenIDConnectionUtils.resolveOIDCTokenFromAuthConfig(newestConfig.getAuthProvider().getConfig(),
      factory.newBuilder());
} else {
  **newAccessToken = CompletableFuture.completedFuture(newestConfig.getOauthToken());** // newAccessToken will always be empty.
}

code link:

kubernetes-client/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/utils/TokenRefreshInterceptor.java

Lines 70 to 75 in 0bd34f8

if (newestConfig.getAuthProvider() != null && newestConfig.getAuthProvider().getName().equalsIgnoreCase("oidc")) {
newAccessToken = OpenIDConnectionUtils.resolveOIDCTokenFromAuthConfig(newestConfig.getAuthProvider().getConfig(),
factory.newBuilder());
} else {
newAccessToken = CompletableFuture.completedFuture(newestConfig.getOauthToken());
}

Fabric8 Kubernetes Client version

6.1.1

Steps to reproduce

Config config = new ConfigBuilder().withMasterUrl("https://k8s.url")
.withCaCertData("xxx...xxx")
.withOauthToken("valid-token")
.build();
KubernetesClient client = new KubernetesClientBuilder().withConfig(config).build();
client.apps().deployments().list().getItems().forEach(System.out::println); // works
Thread.sleep(2 * 60 * 1000);
client.apps().deployments().list().getItems().forEach(System.out::println); // will fail with 401 as TokenRefreshInterceptor will overwrite oauth token to empty string

Expected behavior

If no auth provider config found or auth provider is not OIDC, the new Config should inherit the oauth token from the old Config

Runtime

Kubernetes (vanilla)

Kubernetes API Server version

1.23

Environment

Azure

Fabric8 Kubernetes Client Logs

No response

Additional context

No response
@manusa manusa added this to the 6.2.0 milestone Sep 29, 2022
@manusa manusa added bug 5.12.x Backportable tentative labels Sep 29, 2022
@manusa manusa mentioned this issue Sep 29, 2022
Closed
11 tasks
@manusa manusa self-assigned this Sep 29, 2022
@manusa manusa mentioned this issue Sep 29, 2022
Merged
11 tasks
@manusa manusa removed the 5.12.x Backportable tentative label Sep 29, 2022
manusa added a commit to shawkins/kubernetes-client that referenced this issue Nov 8, 2022
@manusa
test: remove unneeded mocks for fabric8io#4442 tests
7964f14 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
manusa added a commit that referenced this issue Nov 8, 2022
@manusa
test: remove unneeded mocks for #4442 tests
1faf6b5 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@manusa manusa

Labels
bug
Projects
None yet
Milestone
6.2.0
2 participants
@manusa @precompiler