Add a ConfigPersister for AuthProvider plugins in kubectl/clients.

2016-04-14 11:55:34 -07:00
parent 86293810af
commit 13a7d92d0f
14 changed files with 350 additions and 36 deletions
--- a/plugin/pkg/client/auth/gcp/gcp.go
+++ b/plugin/pkg/client/auth/gcp/gcp.go
@@ -18,6 +18,7 @@ package gcp

 import (
 	"net/http"
+	"time"

 	"github.com/golang/glog"
 	"golang.org/x/net/context"
@@ -35,14 +36,15 @@ func init() {

 type gcpAuthProvider struct {
 	tokenSource oauth2.TokenSource
+	persister   restclient.AuthProviderConfigPersister
 }

-func newGCPAuthProvider() (restclient.AuthProvider, error) {
-	ts, err := google.DefaultTokenSource(context.TODO(), "https://www.googleapis.com/auth/cloud-platform")
+func newGCPAuthProvider(_ string, gcpConfig map[string]string, persister restclient.AuthProviderConfigPersister) (restclient.AuthProvider, error) {
+	ts, err := newCachedTokenSource(gcpConfig["access-token"], gcpConfig["expiry"], persister)
 	if err != nil {
 		return nil, err
 	}
-	return &gcpAuthProvider{ts}, nil
+	return &gcpAuthProvider{ts, persister}, nil
 }

 func (g *gcpAuthProvider) WrapTransport(rt http.RoundTripper) http.RoundTripper {
@@ -51,3 +53,54 @@ func (g *gcpAuthProvider) WrapTransport(rt http.RoundTripper) http.RoundTripper
 		Base:   rt,
 	}
 }
+
+func (g *gcpAuthProvider) Login() error { return nil }
+
+type cachedTokenSource struct {
+	source      oauth2.TokenSource
+	accessToken string
+	expiry      time.Time
+	persister   restclient.AuthProviderConfigPersister
+}
+
+func newCachedTokenSource(accessToken, expiry string, persister restclient.AuthProviderConfigPersister) (*cachedTokenSource, error) {
+	var expiryTime time.Time
+	if parsedTime, err := time.Parse(time.RFC3339Nano, expiry); err == nil {
+		expiryTime = parsedTime
+	}
+	ts, err := google.DefaultTokenSource(context.Background(), "https://www.googleapis.com/auth/cloud-platform")
+	if err != nil {
+		return nil, err
+	}
+	return &cachedTokenSource{
+		source:      ts,
+		accessToken: accessToken,
+		expiry:      expiryTime,
+		persister:   persister,
+	}, nil
+}
+
+func (t *cachedTokenSource) Token() (*oauth2.Token, error) {
+	tok := &oauth2.Token{
+		AccessToken: t.accessToken,
+		TokenType:   "Bearer",
+		Expiry:      t.expiry,
+	}
+	if tok.Valid() && !tok.Expiry.IsZero() {
+		return tok, nil
+	}
+	tok, err := t.source.Token()
+	if err != nil {
+		return nil, err
+	}
+	if t.persister != nil {
+		cached := map[string]string{
+			"access-token": tok.AccessToken,
+			"expiry":       tok.Expiry.Format(time.RFC3339Nano),
+		}
+		if err := t.persister.Persist(cached); err != nil {
+			glog.V(4).Infof("Failed to persist token: %v", err)
+		}
+	}
+	return tok, nil
+}