From 897b48ea04200abfcdb6c2a5204692d9ff03d836 Mon Sep 17 00:00:00 2001 From: mvle Date: Wed, 23 May 2018 21:35:32 +0000 Subject: [PATCH] remove required idp-certificate-authority-data in kubeconfig for oidc toke refresh, kubernetes-client/python#493 --- config/kube_config.py | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/config/kube_config.py b/config/kube_config.py index b1e2136e..b13f0ba8 100644 --- a/config/kube_config.py +++ b/config/kube_config.py @@ -255,22 +255,27 @@ def _load_oid_token(self): return self.token def _refresh_oidc(self, provider): - ca_cert = tempfile.NamedTemporaryFile(delete=True) + config = Configuration() - if PY3: - cert = base64.b64decode( - provider['config']['idp-certificate-authority-data'] - ).decode('utf-8') - else: - cert = base64.b64decode( - provider['config']['idp-certificate-authority-data'] + "==" - ) + if 'idp-certificate-authority-data' in provider['config']: + ca_cert = tempfile.NamedTemporaryFile(delete=True) - with open(ca_cert.name, 'w') as fh: - fh.write(cert) + if PY3: + cert = base64.b64decode( + provider['config']['idp-certificate-authority-data'] + ).decode('utf-8') + else: + cert = base64.b64decode( + provider['config']['idp-certificate-authority-data'] + "==" + ) - config = Configuration() - config.ssl_ca_cert = ca_cert.name + with open(ca_cert.name, 'w') as fh: + fh.write(cert) + + config.ssl_ca_cert = ca_cert.name + + else: + config.verify_ssl = False client = ApiClient(configuration=config) @@ -301,7 +306,7 @@ def _refresh_oidc(self, provider): refresh_token=provider['config']['refresh-token'], auth=(provider['config']['client-id'], provider['config']['client-secret']), - verify=ca_cert.name + verify=config.ssl_ca_cert if config.verify_ssl else None ) except oauthlib.oauth2.rfc6749.errors.InvalidClientIdError: return