kontena / k8s-client

Ruby Kubernetes API client
Apache License 2.0
76 stars 26 forks source link

Support for OIDC auth #101

Closed pastjean closed 3 years ago

pastjean commented 5 years ago

With a authentication scheme

  user:
    auth-provider:
      config:
        client-id: xxx
        client-secret: xxx
        id-token: xxx
        idp-issuer-url: https://accounts.google.com
        refresh-token: xxx
      name: oidc

It breaks with this stacktrace

Traceback (most recent call last):
    12: from /Users/pa/.brew/Cellar/mortar/HEAD-317118c/libexec/bin/mortar:23:in `<main>'
    11: from /Users/pa/.brew/Cellar/mortar/HEAD-317118c/libexec/bin/mortar:23:in `load'
    10: from /Users/pa/.brew/Cellar/mortar/HEAD-317118c/libexec/gems/kontena-mortar-0.3.2/bin/mortar:13:in `<top (required)>'
     9: from /Users/pa/.brew/Cellar/mortar/HEAD-317118c/libexec/gems/clamp-1.3.0/lib/clamp/command.rb:140:in `run'
     8: from /Users/pa/.brew/Cellar/mortar/HEAD-317118c/libexec/gems/clamp-1.3.0/lib/clamp/command.rb:66:in `run'
     7: from /Users/pa/.brew/Cellar/mortar/HEAD-317118c/libexec/gems/clamp-1.3.0/lib/clamp/subcommand/execution.rb:18:in `execute'
     6: from /Users/pa/.brew/Cellar/mortar/HEAD-317118c/libexec/gems/clamp-1.3.0/lib/clamp/command.rb:66:in `run'
     5: from /Users/pa/.brew/Cellar/mortar/HEAD-317118c/libexec/gems/kontena-mortar-0.3.2/lib/mortar/fire_command.rb:64:in `execute'
     4: from /Users/pa/.brew/Cellar/mortar/HEAD-317118c/libexec/gems/kontena-mortar-0.3.2/lib/mortar/mixins/client_helper.rb:7:in `client'
     3: from /Users/pa/.brew/Cellar/mortar/HEAD-317118c/libexec/gems/kontena-mortar-0.3.2/lib/mortar/mixins/client_helper.rb:14:in `create_client'
     2: from /Users/pa/.brew/Cellar/mortar/HEAD-317118c/libexec/gems/k8s-client-0.8.2/lib/k8s/client.rb:39:in `config'
     1: from /Users/pa/.brew/Cellar/mortar/HEAD-317118c/libexec/gems/k8s-client-0.8.2/lib/k8s/transport.rb:79:in `config'
/Users/pa/.brew/Cellar/mortar/HEAD-317118c/libexec/gems/k8s-client-0.8.2/lib/k8s/transport.rb:79:in

It's been very long since i'm out of ruby but that'd be a nice addition, or at least a decent error message.

I've falled back to basic/token auth to make it work but working with OIDC auth would be awesome.