Add oidc auth #48
Add oidc auth #48
Conversation
|
Hi @ltamaster you will want to run the following against the files you modified:- $ pip install pycodestyle
$ pycodestyle ...The Travis CI is failing due to coding style errors. |
|
@dmyerscough thanks, I will try |
|
JFYI: I tried this patch and it works fine against our kubernetes cluster. Seems that only one unit test is failing. Maybe the last thing what prevents this PR from being merged. |
Codecov Report
@@ Coverage Diff @@
## master #48 +/- ##
==========================================
- Coverage 93.64% 93.29% -0.36%
==========================================
Files 11 11
Lines 866 939 +73
==========================================
+ Hits 811 876 +65
- Misses 55 63 +8
Continue to review full report at Codecov.
|
|
Nice work @ltamaster, I just saw you message now and see you applied a fix to the unit test. |
|
thanks @dmyerscough, finally I found the issue !!! |
|
Re-posting comment here from closed PR #31. Seems to affect this new PR as well. I apologize in advance if this is already supported, but from looking at the PR, I think there needs to be a way to refresh the token not only at configuration initialization time but also during invocation of the K8 API calls. The token might expire right before a call thus causing the call to fail with an authentication failure. This will be needed for services that run a long time and rely on being able to reach the K8 Api Server (also short services that happen to be unlucky). I think this can be done with a check to 'exp' field in the id-token right before a call_api or catch a 401 return status and perform a refresh token operation and update the configuration object with the new id_token and refresh_token values from the OAuth server. |
|
@roycaihw - what prevents this pr to get merged and added to 6.0.0? |
@mvle I agree that we need to ensure
@mcalmer Sorry I didn't get a chance to look at this yet. |
|
i think the suggestion for refreshing token is fine, but can be done in a separate PR. For this PR, I see many commits, @ltamaster could you please squash the commits? |
|
Hi @yliaog I can do that, but I understand that I need a new PR for that right? |
|
i think you can use the same PR for squashing commits, so all the history can still be kept. |
Fix for the `TypeError: Incorrect padding` error Adding test with "mocked" variables Persist the new token (refresh token) and add a not-ssl-verification for the refresh token call (i didn't find a way to pass the certificate to OAuth2Session fixing the refresh-token problem (ssl certificate) and saving returning the new refresh-token Fix test fixing coding style errors Fixing test update-pep8 Fix test_oidc_with_refresh error
ltamaster
force-pushed
the
add-oidc-auth-support
branch
from
d00b077 to
1118961
Compare
|
not sure how you did it, did you try something like what's described here (https://eli.thegreenplace.net/2014/02/19/squashing-github-pull-requests-into-a-single-commit) |
|
Hi @yliaog, finally I squashed the commits, please take a look. |
|
thanks @ltamaster, this PR is merged. The remaining issues are tracked separately. |
|
@mvle could you please file another issue to track the feature request for refreshing token? |
|
@ltamaster I was planning on updating the base submodule when we do the 6.0.0 release. PR is also welcome to do the update :) (e.g. kubernetes-client/python#475) |
No description provided.