Skip to content
This repository has been archived by the owner on Mar 13, 2022. It is now read-only.

Add support for refreshing Azure tokens. #77

Merged
merged 1 commit into from
Jul 23, 2018
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 22 additions & 1 deletion config/kube_config.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,9 @@
import json
import os
import tempfile
import time

import adal
import google.auth
import google.auth.transport.requests
import oauthlib.oauth2
Expand Down Expand Up @@ -202,10 +204,29 @@ def _load_azure_token(self, provider):
return
if 'access-token' not in provider['config']:
return
# TODO: Refresh token here...
if 'expires-on' in provider['config']:
if int(provider['config']['expires-on']) < time.gmtime():
self._refresh_azure_token(provider['config'])
self.token = 'Bearer %s' % provider['config']['access-token']
return self.token

def _refresh_azure_token(self, config):
tenant = config['tenant-id']
authority = 'https://login.microsoftonline.com/{}'.format(tenant)
context = adal.AuthenticationContext(
authority, validate_authority=True,
)
refresh_token = config['refresh-token']
client_id = config['client-id']
token_response = context.acquire_token_with_refresh_token(
refresh_token, client_id, '00000002-0000-0000-c000-000000000000')

provider = self._user['auth-provider']['config']
provider.value['access-token'] = token_response['accessToken']
provider.value['expires-on'] = token_response['expiresOn']
if self._config_persister:
self._config_persister(self._config.value)

def _load_gcp_token(self, provider):
if (('config' not in provider) or
('access-token' not in provider['config']) or
Expand Down