Fixes #3097 : refresh token with autoconfigure even if authprovider i…

…s null

CHANGELOG.md

@@ -24,6 +24,7 @@
 * Fix #3047: NPE when getting version when there is no build date
 * Fix #3024: stopAllRegisteredInformers will not call startWatcher
 * Fix #3067: Added a patch(PatchContext, item) operation to be more explicit about patching and diffing behavior
+* Fix #3097: refresh token with autoconfigure even if authprovider is null
 
 #### Improvements
 * Fix #2788: Support FIPS mode in kubernetes-client with BouncyCastleFipsProvider

kubernetes-client/src/main/java/io/fabric8/kubernetes/client/utils/TokenRefreshInterceptor.java

@@ -31,7 +31,7 @@
  * Interceptor for handling expired OIDC tokens.
  */
 public class TokenRefreshInterceptor implements Interceptor {
-  private Config config;
+  private final Config config;
   public TokenRefreshInterceptor(Config config) {
     this.config = config;
   }
@@ -50,10 +50,11 @@ public Response intercept(Chain chain) throws IOException {
       }
       AuthInfo currentAuthInfo = KubeConfigUtils.getUserAuthInfo(kubeConfig, currentContext);
       // Check if AuthProvider is set or not
-      if (currentAuthInfo != null && currentAuthInfo.getAuthProvider() != null) {
+      if (currentAuthInfo != null) {
         response.close();
         String newAccessToken;
-        if (currentAuthInfo.getAuthProvider().getName().toLowerCase().equals("oidc")) {
+        // Check if AuthProvider is set to oicd
+        if (currentAuthInfo.getAuthProvider() != null && currentAuthInfo.getAuthProvider().getName().equalsIgnoreCase("oidc")) {
           newAccessToken = OpenIDConnectionUtils.resolveOIDCTokenFromAuthConfig(currentAuthInfo.getAuthProvider().getConfig());
         } else {
           Config newestConfig = Config.autoConfigure(currentContextName);

kubernetes-client/src/test/java/io/fabric8/kubernetes/client/utils/TokenRefreshInterceptorTest.java

@@ -0,0 +1,67 @@
+/**
+ * Copyright (C) 2015 Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.fabric8.kubernetes.client.utils;
+
+import io.fabric8.kubernetes.client.Config;
+import okhttp3.Interceptor;
+import okhttp3.MediaType;
+import okhttp3.Protocol;
+import okhttp3.Request;
+import okhttp3.Response;
+import okhttp3.ResponseBody;
+import org.junit.jupiter.api.Test;
+import org.mockito.Mockito;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.nio.file.StandardCopyOption;
+import java.util.Objects;
+
+import static io.fabric8.kubernetes.client.Config.KUBERNETES_KUBECONFIG_FILE;
+
+public class TokenRefreshInterceptorTest {
+
+  @Test
+  public void shouldAutoconfigureAfter401() throws IOException {
+    try {
+      // Prepare kubeconfig for autoconfiguration
+      File tempFile = Files.createTempFile("test", "kubeconfig").toFile();
+      Files.copy(Objects.requireNonNull(getClass().getResourceAsStream("/test-kubeconfig-tokeninterceptor")), Paths.get(tempFile.getPath()), StandardCopyOption.REPLACE_EXISTING);
+      System.setProperty(KUBERNETES_KUBECONFIG_FILE, tempFile.getAbsolutePath());
+
+      // Prepare http call
+      Interceptor.Chain chain = Mockito.mock(Interceptor.Chain.class, Mockito.RETURNS_DEEP_STUBS);
+      Request req = new Request.Builder().url("http://mock").build();
+      Mockito.when(chain.request()).thenReturn(req);
+      final Response.Builder responseBuilder = new Response.Builder()
+        .request(req)
+        .protocol(Protocol.HTTP_1_1)
+        .message("")
+        .body(ResponseBody.create(MediaType.parse("text"), "foo"));
+      Mockito.when(chain.proceed(Mockito.any())).thenReturn(responseBuilder.code(HttpURLConnection.HTTP_UNAUTHORIZED).build(), responseBuilder.code(HttpURLConnection.HTTP_OK).build());
+
+      // Call
+      new TokenRefreshInterceptor(Config.autoConfigure(null)).intercept(chain);
+      Mockito.verify(chain).proceed(Mockito.argThat(argument -> "Bearer token".equals(argument.header("Authorization"))));
+    } finally {
+      // Remove any side effect
+      System.clearProperty(KUBERNETES_KUBECONFIG_FILE);
+    }
+  }
+}

kubernetes-client/src/test/resources/test-kubeconfig-tokeninterceptor

@@ -0,0 +1,20 @@
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority: testns/ca.pem
+    insecure-skip-tls-verify: true
+    server: https://172.28.128.4:8443
+  name: 172-28-128-4:8443
+contexts:
+- context:
+    cluster: 172-28-128-4:8443
+    namespace: testns
+    user: user/172-28-128-4:8443
+  name: testns/172-28-128-4:8443/user
+current-context: testns/172-28-128-4:8443/user
+kind: Config
+preferences: {}
+users:
+- name: user/172-28-128-4:8443
+  user:
+    token: token