OpenId token not refreshed if the config is in-memory #5880
Comments
|
@ttbadr : Could you please provide more details? How are OpenID parameters being provided to KubernetesClient (like refresh_token, OpenID identity provider URL, etc)? |
|
@rohanKanojia I think the root cause is here |
|
@ttbadr : May I know which cluster you're using? It might be difficult for us to reproduce this. Is it possible for you to create a pull request to fix this? |
|
@rohanKanojia I use the k8s, I create a pull request to fix it #5888, can you help to review it. thx |
|
@ttbadr : Thanks a lot! Could you please add a test case to validate your fix? Also, could you please provide more details about your setup? I'm wondering from which source KubernetesClient is fetchin refresh token for performing refresh, it will help us out in doing review. |
|
@rohanKanojia ok, I can add some test cases. Sorry I can't provide the source, It's a internal k8s cluster |
|
@ttbadr : I'm not asking for your cluster details. I'm requesting you to elaborate more on your problem. How is Config loaded by KubernetesClient? Is it via some local |
|
@rohanKanojia I build the Kubeclient via ConfigBuilder, the code like below: Config config = new ConfigBuilder().withAutoConfigure(false)
.withNameSpace(namespace)
.withMasterUrl(url)
.withAutoOAuthToken(token)
.withCaCertData(base64CaData)
.withAuthProvider(new AuthProviderConfigBuilder()
.withName(providerName)
.withConfig(configMap)
.build()).build();
new KubernetesClientBuilder().withConfig(config).build();btw, I can't find the ConfigBuilder class in the source, is it genarated by some maven task? |
|
@ttbadr: Yes, it's generated using sundrio annotation processor |
As title, If we use a in-memory config, the token not refreshed.
I found the method below, it only save the new token when the config is file
kubernetes-client/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/utils/OpenIDConnectionUtils.java
Line 107 in a741e4b
The text was updated successfully, but these errors were encountered: