Skip to content
This repository has been archived by the owner on Mar 13, 2022. It is now read-only.

Conversation

axelsteingrimsson
Copy link
Contributor

This would fix the issue described in: #54

This is similar to the PR to fix the issue with refreshing the service account token, except this is specifically targeted at addressing service account tokens that are authenticated using RBAC.

The issue is essentially that if the service account that is making a request to the Kubernetes API server and the request is authenticated using RBAC, then the access token will be invalid because it isn't signed by an email. By passing the "https://www.googleapis.com/auth/userinfo.email" when creating the credentials it will generate an access token that can be authenticated using RBAC.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Dec 12, 2018
@k8s-ci-robot k8s-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Dec 12, 2018
@codecov-io
Copy link

Codecov Report

Merging #110 into master will not change coverage.
The diff coverage is 0%.

Impacted file tree graph

@@           Coverage Diff           @@
##           master     #110   +/-   ##
=======================================
  Coverage   92.04%   92.04%           
=======================================
  Files          13       13           
  Lines        1182     1182           
=======================================
  Hits         1088     1088           
  Misses         94       94
Impacted Files Coverage Δ
config/kube_config.py 84.24% <0%> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5c242ea...1637d56. Read the comment docs.

@micw523
Copy link
Contributor

micw523 commented Dec 13, 2018

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Dec 13, 2018
@axelsteingrimsson
Copy link
Contributor Author

Hey there @mbohlool and @yliaog, (sorry for the ping) it's no big rush, but would you guys mind taking a look at this if you have any time soon? :)

@yliaog
Copy link
Contributor

yliaog commented Apr 8, 2019

thanks for the pr. so you have tested it manually that it works, right? just want to double confirm.

@axelsteingrimsson
Copy link
Contributor Author

Yes, we've been running a patched version of this client with this change for the past few months in production and we haven't seen any adverse behaviour.

@yliaog
Copy link
Contributor

yliaog commented Apr 8, 2019

/lgtm
/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: axelsteingrimsson, yliaog

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 8, 2019
@k8s-ci-robot k8s-ci-robot merged commit 1d5231c into kubernetes-client:master Apr 8, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm Indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants