feat: load service account token from a different path

omerlh · omerlh · commit d21542c4e339 · 2024-01-30T16:26:20.000+02:00
diff --git a/src/config.ts b/src/config.ts
@@ -211,6 +211,7 @@ export class KubeConfig {
         const clusterName = 'inCluster';
         const userName = 'inClusterUser';
         const contextName = 'inClusterContext';
+        const tokenFile = process.env.TOKEN_FILE_PATH ? process.env.TOKEN_FILE_PATH :  `${pathPrefix}${Config.SERVICEACCOUNT_TOKEN_PATH}`
 
         let scheme = 'https';
         if (port === '80' || port === '8080' || port === '8001') {
@@ -237,7 +238,7 @@ export class KubeConfig {
                 authProvider: {
                     name: 'tokenFile',
                     config: {
-                        tokenFile: `${pathPrefix}${Config.SERVICEACCOUNT_TOKEN_PATH}`,
+                        tokenFile
                     },
                 },
             },
diff --git a/src/config_test.ts b/src/config_test.ts
@@ -150,6 +150,81 @@ describe('KubeConfig', () => {
             const userOut = kc.getCurrentUser();
             expect(userOut).to.equal(user);
         });
+
+    });
+
+    describe('loadFromCluster', () => {
+        let originalTokenPath: string | undefined;
+
+        before(() => {
+            originalTokenPath = process.env['TOKEN_FILE_PATH'];
+
+            delete process.env['TOKEN_FILE_PATH']
+        })
+
+        after(() => {
+            process.env['TOKEN_FILE_PATH'] = originalTokenPath
+        })
+
+        it('should load from default env vars', () => {
+            const kc = new KubeConfig();
+            const cluster = {
+                name: 'inCluster',
+                server: 'https://undefined:undefined',
+                skipTLSVerify: false,
+                caFile: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt'
+            } as Cluster;
+
+            const user = {
+                authProvider: {
+                    name: 'tokenFile',
+                    config: {
+                        tokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token'
+                    }
+                },
+                name: 'inClusterUser'
+            } as User;
+
+            kc.loadFromCluster();
+
+            const clusterOut = kc.getCurrentCluster();
+
+            expect(cluster).to.deep.equals(clusterOut)
+
+            const userOut = kc.getCurrentUser();
+            expect(userOut).to.deep.equals(user);
+        });
+
+        it('should support custom token file path', () => {
+            const kc = new KubeConfig();
+            process.env['TOKEN_FILE_PATH'] = '/etc/tokenFile'
+            const cluster = {
+                name: 'inCluster',
+                server: 'https://undefined:undefined',
+                skipTLSVerify: false,
+                caFile: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt'
+            } as Cluster;
+
+            const user = {
+                authProvider: {
+                    name: 'tokenFile',
+                    config: {
+                        tokenFile: '/etc/tokenFile'
+                    }
+                },
+                name: 'inClusterUser'
+            } as User;
+
+            kc.loadFromCluster();
+
+            const clusterOut = kc.getCurrentCluster();
+
+            expect(cluster).to.deep.equals(clusterOut)
+
+            const userOut = kc.getCurrentUser();
+            expect(userOut).to.deep.equals(user);
+        });
+
     });
 
     describe('clusterConstructor', () => {
@@ -490,6 +565,7 @@ describe('KubeConfig', () => {
             originalEnvVars.USERPROFILE = process.env.USERPROFILE;
             originalEnvVars.HOMEDRIVE = process.env.HOMEDRIVE;
             originalEnvVars.HOMEPATH = process.env.HOMEPATH;
+            
 
             delete process.env.HOME;
             delete process.env.USERPROFILE;
