use the appropriate token file for in-cluster only.

kiali · Jan 17, 2024 · c076628 · c076628
1 parent f3c0ab1
commit c076628
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 12 deletions.
diff --git a/kubernetes/client.go b/kubernetes/client.go
@@ -130,12 +130,7 @@ func getConfigForLocalCluster() (*rest.Config, error) {
 	remoteSecretPath := kialiconfig.Get().Deployment.RemoteSecretPath
 	if remoteSecret, readErr := GetRemoteSecret(remoteSecretPath); readErr == nil {
 		log.Debugf("Using remote secret for local cluster config found at: [%s]. Kiali must be running outside the kube cluster.", remoteSecretPath)
-		cc, err := clientcmd.NewDefaultClientConfig(*remoteSecret, nil).ClientConfig()
-		if err != nil {
-			return cc, err
-		}
-		cc.BearerTokenFile = remoteSecretPath
-		return cc, nil
+		return clientcmd.NewDefaultClientConfig(*remoteSecret, nil).ClientConfig()
 	} else {
 		log.Debugf("Unable to read remote secret. It may or may not exist. Error: %v. Falling back to in cluster config", readErr)
 		// Fallback to in cluster config

diff --git a/kubernetes/client_factory.go b/kubernetes/client_factory.go
@@ -440,9 +440,6 @@ func (cf *clientFactory) getConfig(clusterInfo *RemoteClusterInfo) (*rest.Config
 			return nil, err
 		}
 
-		// Set the token file so the underlying client can refresh it when needed.
-		remoteConfig.BearerTokenFile = clusterInfo.SecretFile
-
 		// Use the remote config entirely for remote clusters.
 		clientConfig = *remoteConfig
 	} else {

diff --git a/kubernetes/cluster_secret_test.go b/kubernetes/cluster_secret_test.go
@@ -14,7 +14,7 @@ func TestReloadRemoteClusterSecret(t *testing.T) {
 
 	const testClusterName = "TestRemoteCluster"
 
-	remoteSecretFilename := createTestRemoteClusterSecret(t, testClusterName, remoteClusterYAML)
+	createTestRemoteClusterSecret(t, testClusterName, remoteClusterYAML)
 
 	clientFactory := NewTestingClientFactory(t)
 
@@ -38,6 +38,6 @@ func TestReloadRemoteClusterSecret(t *testing.T) {
 	testRCI := rcis[testClusterName]
 	restConfig, err = clientFactory.getConfig(&testRCI)
 	check.Nil(err)
-	check.Equal(remoteSecretFilename, restConfig.BearerTokenFile, "BearerTokenFile should always be set to the remote cluster secret file")
+	check.Equal("", restConfig.BearerTokenFile, "BearerTokenFile is never set")
 	check.Equal("token", restConfig.BearerToken, "BearerToken should be set to the value in the remote cluster yaml")
 }
diff --git a/kubernetes/token.go b/kubernetes/token.go
@@ -27,7 +27,7 @@ func GetKialiTokenForHomeCluster() (string, string, error) {
 			currentContextAuthInfo := remoteSecret.Contexts[remoteSecret.CurrentContext].AuthInfo
 			if authInfo, ok := remoteSecret.AuthInfos[currentContextAuthInfo]; ok {
 				KialiTokenForHomeCluster = authInfo.Token
-				KialiTokenFileForHomeCluster = config.Get().Deployment.RemoteSecretPath
+				KialiTokenFileForHomeCluster = authInfo.TokenFile
 			} else {
 				return "", "", fmt.Errorf("auth info not found for current context: [%s]. Current context must be set for kiali remote secret", remoteSecret.CurrentContext)
 			}