Skip to content

Commit 0fbfd8f

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #1549 from omerlh/feat/service-account-custom-path
feat: custom path for service account token (supporting TokenVolume projection)
2 parents 4fedbd6 + 342b796 commit 0fbfd8f

File tree

2 files changed

+95
-2
lines changed

2 files changed

+95
-2
lines changed

src/config.ts

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -211,6 +211,12 @@ export class KubeConfig {
211211
const clusterName = 'inCluster';
212212
const userName = 'inClusterUser';
213213
const contextName = 'inClusterContext';
214+
const tokenFile = process.env.TOKEN_FILE_PATH
215+
? process.env.TOKEN_FILE_PATH
216+
: `${pathPrefix}${Config.SERVICEACCOUNT_TOKEN_PATH}`;
217+
const caFile = process.env.KUBERNETES_CA_FILE_PATH
218+
? process.env.KUBERNETES_CA_FILE_PATH
219+
: `${pathPrefix}${Config.SERVICEACCOUNT_CA_PATH}`;
214220

215221
let scheme = 'https';
216222
if (port === '80' || port === '8080' || port === '8001') {
@@ -226,7 +232,7 @@ export class KubeConfig {
226232
this.clusters = [
227233
{
228234
name: clusterName,
229-
caFile: `${pathPrefix}${Config.SERVICEACCOUNT_CA_PATH}`,
235+
caFile,
230236
server: `${scheme}://${serverHost}:${port}`,
231237
skipTLSVerify: false,
232238
},
@@ -237,7 +243,7 @@ export class KubeConfig {
237243
authProvider: {
238244
name: 'tokenFile',
239245
config: {
240-
tokenFile: `${pathPrefix}${Config.SERVICEACCOUNT_TOKEN_PATH}`,
246+
tokenFile,
241247
},
242248
},
243249
},

src/config_test.ts

Lines changed: 87 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -152,6 +152,93 @@ describe('KubeConfig', () => {
152152
});
153153
});
154154

155+
describe('loadFromCluster', () => {
156+
let originalTokenPath: string | undefined;
157+
let originalCaFilePath: string | undefined;
158+
159+
before(() => {
160+
originalTokenPath = process.env['TOKEN_FILE_PATH'];
161+
originalCaFilePath = process.env['KUBERNETES_CA_FILE_PATH'];
162+
163+
delete process.env['TOKEN_FILE_PATH'];
164+
delete process.env['KUBERNETES_CA_FILE_PATH'];
165+
});
166+
167+
after(() => {
168+
delete process.env['TOKEN_FILE_PATH'];
169+
delete process.env['KUBERNETES_CA_FILE_PATH'];
170+
171+
if (originalTokenPath) {
172+
process.env['TOKEN_FILE_PATH'] = originalTokenPath;
173+
}
174+
175+
if (originalCaFilePath) {
176+
process.env['KUBERNETES_CA_FILE_PATH'] = originalCaFilePath;
177+
}
178+
});
179+
180+
it('should load from default env vars', () => {
181+
const kc = new KubeConfig();
182+
const cluster = {
183+
name: 'inCluster',
184+
server: 'https://undefined:undefined',
185+
skipTLSVerify: false,
186+
caFile: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt',
187+
} as Cluster;
188+
189+
const user = {
190+
authProvider: {
191+
name: 'tokenFile',
192+
config: {
193+
tokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
194+
},
195+
},
196+
name: 'inClusterUser',
197+
} as User;
198+
199+
kc.loadFromCluster();
200+
201+
const clusterOut = kc.getCurrentCluster();
202+
203+
expect(cluster).to.deep.equals(clusterOut);
204+
205+
const userOut = kc.getCurrentUser();
206+
expect(userOut).to.deep.equals(user);
207+
});
208+
209+
it('should support custom token file path', () => {
210+
const kc = new KubeConfig();
211+
process.env['TOKEN_FILE_PATH'] = '/etc/tokenFile';
212+
process.env['KUBERNETES_CA_FILE_PATH'] = '/etc/ca.crt';
213+
214+
const cluster = {
215+
name: 'inCluster',
216+
server: 'https://undefined:undefined',
217+
skipTLSVerify: false,
218+
caFile: '/etc/ca.crt',
219+
} as Cluster;
220+
221+
const user = {
222+
authProvider: {
223+
name: 'tokenFile',
224+
config: {
225+
tokenFile: '/etc/tokenFile',
226+
},
227+
},
228+
name: 'inClusterUser',
229+
} as User;
230+
231+
kc.loadFromCluster();
232+
233+
const clusterOut = kc.getCurrentCluster();
234+
235+
expect(cluster).to.deep.equals(clusterOut);
236+
237+
const userOut = kc.getCurrentUser();
238+
expect(userOut).to.deep.equals(user);
239+
});
240+
});
241+
155242
describe('clusterConstructor', () => {
156243
it('should load from options', () => {
157244
const cluster = {

0 commit comments

Comments
 (0)