From 9d045921ead5c1e21b11cf0bd3ecd4937702d520 Mon Sep 17 00:00:00 2001 From: Hans Pagh Date: Tue, 7 Mar 2023 15:40:07 +0100 Subject: [PATCH] fix requesting tokens from refresh --- lib/k8s/client/mint_http_provider.ex | 2 +- lib/k8s/conn/auth/azure.ex | 43 +++++++++++++++++++++++----- 2 files changed, 37 insertions(+), 8 deletions(-) diff --git a/lib/k8s/client/mint_http_provider.ex b/lib/k8s/client/mint_http_provider.ex index 4052a458..55ee5a56 100644 --- a/lib/k8s/client/mint_http_provider.ex +++ b/lib/k8s/client/mint_http_provider.ex @@ -194,7 +194,7 @@ defmodule K8s.Client.MintHTTPProvider do @spec get_content_type(keyword()) :: binary | nil defp get_content_type(headers) do case List.keyfind(headers, "content-type", 0) do - {_key, content_type} -> content_type + {_key, content_type} -> content_type |> String.split(";") |> List.first() _ -> nil end end diff --git a/lib/k8s/conn/auth/azure.ex b/lib/k8s/conn/auth/azure.ex index 49a4edc8..33197b8a 100644 --- a/lib/k8s/conn/auth/azure.ex +++ b/lib/k8s/conn/auth/azure.ex @@ -2,8 +2,10 @@ defmodule K8s.Conn.Auth.Azure do @moduledoc """ `auth-provider` for azure """ - alias K8s.Conn.RequestOptions alias K8s.Conn.Error + alias K8s.Conn.RequestOptions + + require Logger @behaviour K8s.Conn.Auth defstruct [:token] @@ -19,19 +21,23 @@ defmodule K8s.Conn.Auth.Azure do "auth-provider" => %{ "config" => %{ "access-token" => token, - "tenant-id" => _tenant, + "tenant-id" => tenant, "expires-on" => expires_on, - "refresh-token" => _refresh_token, - "client-id" => _client_id, - "apiserver-id" => _apiserver_id + "refresh-token" => refresh_token, + "client-id" => client_id, + "apiserver-id" => apiserver_id }, "name" => "azure" } }, _ ) do - if parse_expires(expires_on) <= DateTime.utc_now() do - {:error, %Error{message: "Azure token expired please refresh manually"}} + if DateTime.diff(DateTime.utc_now(), parse_expires(expires_on)) >= 0 do + Logger.info( + "Azure token expired, using refresh token get new access, this will stop working when refresh token expires" + ) + + {:ok, %__MODULE__{token: refresh_token(tenant, refresh_token, client_id, apiserver_id)}} else {:ok, %__MODULE__{token: token}} end @@ -47,6 +53,29 @@ defmodule K8s.Conn.Auth.Azure do end end + @spec refresh_token(String.t(), String.t(), String.t(), String.t()) :: String.t() + defp refresh_token(tenant, refresh_token, client_id, _apiserver_id) do + payload = + URI.encode_query(%{ + "client_id" => client_id, + "grant_type" => "refresh_token", + "refresh_token" => refresh_token + }) + + {:ok, res} = + K8s.Client.MintHTTPProvider.request( + :post, + URI.new!("https://login.microsoftonline.com/#{tenant}/oauth2/v2.0/token"), + payload, + %{ + "Content-Type" => "application/x-www-form-urlencoded" + }, + ssl: [] + ) + + res["access_token"] + end + defimpl RequestOptions, for: __MODULE__ do @spec generate(K8s.Conn.Auth.Azure.t()) :: RequestOptions.generate_t() def generate(%K8s.Conn.Auth.Azure{token: token}) do