feat(provider/kubernetes): v2 allow service account auth (#2429)

clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/security/KubernetesNamedAccountCredentials.java

@@ -368,6 +368,7 @@ private C buildCredentials() {
               .context(context)
               .oAuthServiceAccount(oAuthServiceAccount)
               .oAuthScopes(oAuthScopes)
+              .serviceAccount(serviceAccount)
               .userAgent(userAgent)
               .namespaces(namespaces)
               .omitNamespaces(omitNamespaces)

clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v2/op/job/KubectlJobExecutor.java

@@ -435,18 +435,20 @@ private List<String> kubectlAuthPrefix(KubernetesV2Credentials credentials) {
       command.add("9");
     }
 
-    if (credentials.getOAuthServiceAccount() != null && !credentials.getOAuthServiceAccount().isEmpty()) {
-      command.add("--token=" + getOAuthToken(credentials));
-    }
+    if (!credentials.isServiceAccount()) {
+      if (credentials.getOAuthServiceAccount() != null && !credentials.getOAuthServiceAccount().isEmpty()) {
+        command.add("--token=" + getOAuthToken(credentials));
+      }
 
-    String kubeconfigFile = credentials.getKubeconfigFile();
-    if (StringUtils.isNotEmpty(kubeconfigFile)) {
-      command.add("--kubeconfig=" + kubeconfigFile);
-    }
+      String kubeconfigFile = credentials.getKubeconfigFile();
+      if (StringUtils.isNotEmpty(kubeconfigFile)) {
+        command.add("--kubeconfig=" + kubeconfigFile);
+      }
 
-    String context = credentials.getContext();
-    if (StringUtils.isNotEmpty(context)) {
-      command.add("--context=" + context);
+      String context = credentials.getContext();
+      if (StringUtils.isNotEmpty(context)) {
+        command.add("--context=" + context);
+      }
     }
 
     return command;

clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v2/security/KubernetesV2Credentials.java

@@ -65,6 +65,7 @@ public class KubernetesV2Credentials implements KubernetesCredentials {
   private final List<String> omitNamespaces;
   private final List<KubernetesKind> kinds;
   private final List<KubernetesKind> omitKinds;
+  @Getter private final boolean serviceAccount;
 
   // TODO(lwander) make configurable
   private final static int namespaceExpirySeconds = 30;
@@ -154,6 +155,7 @@ public static class Builder {
     List<String> kinds;
     List<String> omitKinds;
     boolean debug;
+    boolean serviceAccount;
 
     public Builder accountName(String accountName) {
       this.accountName = accountName;
@@ -210,6 +212,11 @@ public Builder debug(boolean debug) {
       return this;
     }
 
+    public Builder serviceAccount(boolean serviceAccount) {
+      this.serviceAccount = serviceAccount;
+      return this;
+    }
+
     public Builder oAuthServiceAccount(String oAuthServiceAccount) {
       this.oAuthServiceAccount = oAuthServiceAccount;
       return this;
@@ -263,6 +270,7 @@ public KubernetesV2Credentials build() {
           context,
           oAuthServiceAccount,
           oAuthScopes,
+          serviceAccount,
           customResources,
           KubernetesKind.fromStringList(kinds),
           KubernetesKind.fromStringList(omitKinds),
@@ -281,6 +289,7 @@ private KubernetesV2Credentials(@NotNull String accountName,
       String context,
       String oAuthServiceAccount,
       List<String> oAuthScopes,
+      boolean serviceAccount,
       @NotNull List<CustomKubernetesResource> customResources,
       @NotNull List<KubernetesKind> kinds,
       @NotNull List<KubernetesKind> omitKinds,
@@ -297,6 +306,7 @@ private KubernetesV2Credentials(@NotNull String accountName,
     this.context = context;
     this.oAuthServiceAccount = oAuthServiceAccount;
     this.oAuthScopes = oAuthScopes;
+    this.serviceAccount = serviceAccount;
     this.customResources = customResources;
     this.kinds = kinds;
     this.omitKinds = omitKinds;