Add cluster info to cache key for cluster-specific credential cache.

This isn't strictly necessary because we currently always have the concierge endpoint and CA as CLI flags, but it doesn't hurt and it's better to err on the side of _not_ reusing a cache entry.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
This commit is contained in:
Matt Moyer 2021-04-08 17:00:14 -05:00
parent 271c006b6c
commit 3b461572ea
No known key found for this signature in database
GPG Key ID: EAE88AD172C5AE2D
3 changed files with 26 additions and 8 deletions

View File

@ -5,6 +5,8 @@ package cmd
import ( import (
"github.com/spf13/cobra" "github.com/spf13/cobra"
clientauthv1beta1 "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1"
"k8s.io/client-go/tools/auth/exec"
) )
//nolint: gochecknoglobals //nolint: gochecknoglobals
@ -20,3 +22,15 @@ var loginCmd = &cobra.Command{
func init() { func init() {
rootCmd.AddCommand(loginCmd) rootCmd.AddCommand(loginCmd)
} }
func loadClusterInfo() *clientauthv1beta1.Cluster {
obj, _, err := exec.LoadExecCredentialFromEnv()
if err != nil {
return nil
}
cred, ok := obj.(*clientauthv1beta1.ExecCredential)
if !ok {
return nil
}
return cred.Spec.Cluster
}

View File

@ -167,11 +167,13 @@ func runOIDCLogin(cmd *cobra.Command, deps oidcLoginCommandDeps, flags oidcLogin
opts = append(opts, oidcclient.WithClient(client)) opts = append(opts, oidcclient.WithClient(client))
} }
// Look up cached credentials based on a hash of all the CLI arguments. // Look up cached credentials based on a hash of all the CLI arguments and the cluster info.
cacheKey := struct { cacheKey := struct {
Args []string `json:"args"` Args []string `json:"args"`
ClusterInfo *clientauthv1beta1.Cluster `json:"cluster"`
}{ }{
Args: os.Args[1:], Args: os.Args[1:],
ClusterInfo: loadClusterInfo(),
} }
var credCache *execcredcache.Cache var credCache *execcredcache.Cache
if flags.credentialCachePath != "" { if flags.credentialCachePath != "" {

View File

@ -117,13 +117,15 @@ func runStaticLogin(out io.Writer, deps staticLoginDeps, flags staticLoginParams
} }
cred := tokenCredential(&oidctypes.Token{IDToken: &oidctypes.IDToken{Token: token}}) cred := tokenCredential(&oidctypes.Token{IDToken: &oidctypes.IDToken{Token: token}})
// Look up cached credentials based on a hash of all the CLI arguments and the current token value. // Look up cached credentials based on a hash of all the CLI arguments, the current token value, and the cluster info.
cacheKey := struct { cacheKey := struct {
Args []string `json:"args"` Args []string `json:"args"`
Token string `json:"token"` Token string `json:"token"`
ClusterInfo *clientauthv1beta1.Cluster `json:"cluster"`
}{ }{
Args: os.Args[1:], Args: os.Args[1:],
Token: token, Token: token,
ClusterInfo: loadClusterInfo(),
} }
var credCache *execcredcache.Cache var credCache *execcredcache.Cache
if flags.credentialCachePath != "" { if flags.credentialCachePath != "" {