remove required idp-certificate-authority-data in kubeconfig for oidc…

… toke refresh, kubernetes-client/python#493

config/kube_config.py

@@ -255,22 +255,27 @@ def _load_oid_token(self):
         return self.token
 
     def _refresh_oidc(self, provider):
-        ca_cert = tempfile.NamedTemporaryFile(delete=True)
+        config = Configuration()
 
-        if PY3:
-            cert = base64.b64decode(
-                provider['config']['idp-certificate-authority-data']
-            ).decode('utf-8')
-        else:
-            cert = base64.b64decode(
-                provider['config']['idp-certificate-authority-data'] + "=="
-            )
+        if 'idp-certificate-authority-data' in provider['config']:
+          ca_cert = tempfile.NamedTemporaryFile(delete=True)
 
-        with open(ca_cert.name, 'w') as fh:
-            fh.write(cert)
+          if PY3:
+              cert = base64.b64decode(
+                  provider['config']['idp-certificate-authority-data']
+              ).decode('utf-8')
+          else:
+              cert = base64.b64decode(
+                  provider['config']['idp-certificate-authority-data'] + "=="
+              )
 
-        config = Configuration()
-        config.ssl_ca_cert = ca_cert.name
+          with open(ca_cert.name, 'w') as fh:
+              fh.write(cert)
+
+          config.ssl_ca_cert = ca_cert.name
+
+        else:
+          config.verify_ssl = False
 
         client = ApiClient(configuration=config)
 
@@ -301,7 +306,7 @@ def _refresh_oidc(self, provider):
                 refresh_token=provider['config']['refresh-token'],
                 auth=(provider['config']['client-id'],
                       provider['config']['client-secret']),
-                verify=ca_cert.name
+                verify=config.ssl_ca_cert if config.verify_ssl else None
             )
         except oauthlib.oauth2.rfc6749.errors.InvalidClientIdError:
             return