Fix for authentication expiry - Automatically attempt to refresh auth tokens before they expire #317
Conversation
There was a problem hiding this comment.
This looks great!
From what I can see this will handle updating your local k8s config with tokens from GKE periodically. I'm not sure I see where the auth gets refreshed though. I expect the client objects will pick up the config once and then also need refreshing.
What do you think?
|
This should actually be handled by this chunk: class AutoRefreshConfiguration(Configuration):
"""
Extends kubernetes_async Configuration to support automatic token refresh.
Lets us keep track of the loader object
"""
def __init__(self, loader, *args, **kwargs):
super(AutoRefreshConfiguration, self).__init__(*args, **kwargs)
self.refresh_api_key_hook = AutoRefreshConfiguration.refresh_api_key
self.loader = loaderEvery time you have a cluster interaction via __call_api, it retrieves the latest credentials for Configuration in client.api_client.py with a call to 'update_params_for_auth', which eventually calls 'get_api_key_with_prefix' on the Configuration object. At this point, if you've set 'refresh_api_key_hook', it will be called before the auth token is retrieved from the Configuration. I wanted to trigger the auth update here, but Configuration isn't written to be async, so I don't think we can await here. Instead, I have the periodic credential refresh on the loader, and then in 'refresh_api_key_hook' update to the latest token retrieved by the loader. |
|
Ah ok great! |
drobison00
changed the title
|
Hi, I currently hit the same issue about #286 and seems this PR would fix that. |
Resolves #286
@jacobtomlinson Putting this up to get feedback on the approach. If it seems reasonable, I can extend it to other authentication methods.