diff --git a/cmd/pinniped/cmd/login.go b/cmd/pinniped/cmd/login.go index e27442ee..d1d1d151 100644 --- a/cmd/pinniped/cmd/login.go +++ b/cmd/pinniped/cmd/login.go @@ -5,6 +5,8 @@ package cmd import ( "github.com/spf13/cobra" + clientauthv1beta1 "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1" + "k8s.io/client-go/tools/auth/exec" ) //nolint: gochecknoglobals @@ -20,3 +22,15 @@ var loginCmd = &cobra.Command{ func init() { rootCmd.AddCommand(loginCmd) } + +func loadClusterInfo() *clientauthv1beta1.Cluster { + obj, _, err := exec.LoadExecCredentialFromEnv() + if err != nil { + return nil + } + cred, ok := obj.(*clientauthv1beta1.ExecCredential) + if !ok { + return nil + } + return cred.Spec.Cluster +} diff --git a/cmd/pinniped/cmd/login_oidc.go b/cmd/pinniped/cmd/login_oidc.go index 4d751d35..34ead8f8 100644 --- a/cmd/pinniped/cmd/login_oidc.go +++ b/cmd/pinniped/cmd/login_oidc.go @@ -167,11 +167,13 @@ func runOIDCLogin(cmd *cobra.Command, deps oidcLoginCommandDeps, flags oidcLogin opts = append(opts, oidcclient.WithClient(client)) } - // Look up cached credentials based on a hash of all the CLI arguments. + // Look up cached credentials based on a hash of all the CLI arguments and the cluster info. cacheKey := struct { - Args []string `json:"args"` + Args []string `json:"args"` + ClusterInfo *clientauthv1beta1.Cluster `json:"cluster"` }{ - Args: os.Args[1:], + Args: os.Args[1:], + ClusterInfo: loadClusterInfo(), } var credCache *execcredcache.Cache if flags.credentialCachePath != "" { diff --git a/cmd/pinniped/cmd/login_static.go b/cmd/pinniped/cmd/login_static.go index da7ff8e6..4b9ac2fd 100644 --- a/cmd/pinniped/cmd/login_static.go +++ b/cmd/pinniped/cmd/login_static.go @@ -117,13 +117,15 @@ func runStaticLogin(out io.Writer, deps staticLoginDeps, flags staticLoginParams } cred := tokenCredential(&oidctypes.Token{IDToken: &oidctypes.IDToken{Token: token}}) - // Look up cached credentials based on a hash of all the CLI arguments and the current token value. + // Look up cached credentials based on a hash of all the CLI arguments, the current token value, and the cluster info. cacheKey := struct { - Args []string `json:"args"` - Token string `json:"token"` + Args []string `json:"args"` + Token string `json:"token"` + ClusterInfo *clientauthv1beta1.Cluster `json:"cluster"` }{ - Args: os.Args[1:], - Token: token, + Args: os.Args[1:], + Token: token, + ClusterInfo: loadClusterInfo(), } var credCache *execcredcache.Cache if flags.credentialCachePath != "" {