-
-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add support for auth providers #4
Conversation
requesting review from @ahmetb |
I'm confident this is not how it's supposed to work. There's no guarantee that
I highly discourage this approach. |
Hi Ahmet thanks for your feedback. I've already imported auth as you suggested, but its still an issue (with current implementation) The prob is that we need 'token' being used in the request to use TokenReviewRequest api. I am trying to get it by injecting a custom http.RoundTripper now. is there a way to retrieve the effective token used in the request using client-go? |
2bb12a2
to
a7566e9
Compare
Hi Ahmet, thanks for your valuable feedback. I've tried a diff approach to make it work. Please let me know what u think about it. Also following are results of some tests I did with this new approach: with valid gcp token: ➜ kubectl-whoami git:(auth-providers) go run main.go --context gke_kubectl-whoami-259606_asia-south1-a_kubectl-whoami With invalid gcp token With minikube basic auth with cert auth with valid service account token with token of wrong cluster with invalid token |
Please don’t put tokens on the internet like this :) I think you should take the roundtripper approach and get the token from the header after a successful request. Don’t try to read token from kubeconfig; it won’t work easily. |
:) thanks for the tip, I am usually extra paranoids with credentials. Also those tokens are from my minikube cluster which I already deleted so shud be fine. (but given how easy it is to do that mistake, thank you again for the reminder to not put tokens on public internet) I've updated the PR to use the round-tripper approach. Seems to work fine. if there are no other concerns, I will merge the code and cut a new release. Thanks again |
No description provided.