Prevented unnecessary writes to the main kubeconfig file (#912)

* Prevented unnecessary writes to the main kubeconfig file * Updated changelog
giantswarm · Oct 13, 2022 · 0eb52af · 0eb52af
1 parent d0ffd89
commit 0eb52af
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 12 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -15,6 +15,10 @@ and this project's packages adheres to [Semantic Versioning](http://semver.org/s
 
 - Added read header timeout to http server
 
+### Changed
+
+- Adjusted `kubectl gs login` command to ensure that it writes to the main kubeconfig file only in case there are actual changes in the content of the file.
+
 ## [2.24.1] - 2022-10-12
 
 ### Fixed

diff --git a/cmd/login/clientcert.go b/cmd/login/clientcert.go
@@ -392,8 +392,9 @@ func printWCClientCertCredentials(k8sConfigAccess clientcmd.ConfigAccess, fs afe
 	if err != nil {
 		return "", false, microerror.Mask(err)
 	}
-	// Because we are still in the MC context we need to switch back to the origin context after creating the WC kubeconfig file
-	if c.loginOptions.originContext != "" {
+	// Change back to the origin context if needed
+	if c.loginOptions.originContext != "" && config.CurrentContext != "" && c.loginOptions.originContext != config.CurrentContext {
+		// Because we are still in the MC context we need to switch back to the origin context after creating the WC kubeconfig file
 		config.CurrentContext = c.loginOptions.originContext
 		err = clientcmd.ModifyConfig(k8sConfigAccess, *config, false)
 		if err != nil {

diff --git a/pkg/middleware/renewtoken/renewtoken.go b/pkg/middleware/renewtoken/renewtoken.go
@@ -10,6 +10,13 @@ import (
 	"github.com/giantswarm/kubectl-gs/pkg/oidc"
 )
 
+const (
+	refreshTokenKey = "refresh-token"
+	idTokenKey      = "id-token"
+	idpIssuerUrlKey = "idp-issuer-url"
+	clientIdKey     = "client-id"
+)
+
 // Middleware will attempt to renew the current context's auth info token.
 // If the renewal fails, this middleware will not fail.
 func Middleware(config genericclioptions.RESTClientGetter) middleware.Middleware {
@@ -30,25 +37,26 @@ func Middleware(config genericclioptions.RESTClientGetter) middleware.Middleware
 		var auther *oidc.Authenticator
 		{
 			oidcConfig := oidc.Config{
-				Issuer:   authProvider.Config["idp-issuer-url"],
-				ClientID: authProvider.Config["client-id"],
+				Issuer:   authProvider.Config[idpIssuerUrlKey],
+				ClientID: authProvider.Config[clientIdKey],
 			}
 			auther, err = oidc.New(ctx, oidcConfig)
 			if err != nil {
 				return nil
 			}
 		}
 
-		{
-			idToken, rToken, err := auther.RenewToken(ctx, authProvider.Config["refresh-token"])
-			if err != nil {
-				return nil
-			}
-			authProvider.Config["refresh-token"] = rToken
-			authProvider.Config["id-token"] = idToken
+		idToken, rToken, err := auther.RenewToken(ctx, authProvider.Config[refreshTokenKey])
+		if err != nil {
+			return nil
 		}
 
-		_ = clientcmd.ModifyConfig(k8sConfigAccess, *config, true)
+		// Update the config only in case there are actual changes
+		if authProvider.Config[refreshTokenKey] != rToken || authProvider.Config[idTokenKey] != idToken {
+			authProvider.Config[refreshTokenKey] = rToken
+			authProvider.Config[idTokenKey] = idToken
+			_ = clientcmd.ModifyConfig(k8sConfigAccess, *config, true)
+		}
 
 		return nil
 	}