Ability to directly specify the auth token

[jemerald]

Currently the withKubeConfig function only accepts Jenkins credentialsId, but our company requires actual user's token when deploying to production (as a mean to restrict the users that can deploy to production).

So out pipeline would prompt the user to enter his token before deploying to production.

Is it possible to add an extra parameter in the plugin to allow passing in the token directly?

[maxlaverse]

Hi @jemerald,
This use case is not supported currently
As a workaround have you thought about executing kubectl config set-credentials --token=$USER_INPUT as the first command within the withKubeConfig() block ?

[jemerald]

I have thought about that, however it has 2 problems:

1. expose the token on the job's console log, which is not desirable.
2. kubectl config set-credentials --token=$USER_INPUT doesn't actually work as we need to specify the username kubectl config set-credentials <username> --token=$USER_INPUT. Looking at the file content it looks like withKubeConfig uses the credentialsId as the username, but that's an implementation detail of the plugin that we probably shouldn't rely on.

We are current using this workaround:

def kubeConfig = readYaml file: env.KUBECONFIG
kubeConfig.users[0].user.token = authToken
writeYaml file: env.KUBECONFIG, data: kubeConfig, overwrite: true

However this workaround is still a little coupled to the structure of the config file.

Will you consider adding support for passing in the token to withKubeConfig?

[maxlaverse]

However this workaround is still a little coupled to the structure of the config file.

Agreed

Will you consider adding support for passing in the token to withKubeConfig?

The purpose of this plugin is to help configure kubectl, so it would make sense to have this feature integrated in the plugin if users need it. I'm not sure how quick I would find time to implement it myself however