Is your enhancement related to a problem? Please describe
follows up on redhat-developer/devspaces-gateway-plugin#310
When you have kube config set to use certificates ("client-certificate(-data)", "client-key(-data)") and then switch to token, the certificates need to be removed. Both are mutually exclusive. The code for this exists in OpenShiftClientFactory and KubeConfigUpdate. It would be better to have this centralized instead of spread out.
UpdateToken:
private fun setTokenFor(username: String, config: KubeConfig) {
config.users?.find { user ->
username == Utils.getValue(user, arrayOf("name"))
}?.apply {
Utils.setValue(this, token, arrayOf("user", "token"))
==> removeClientCerts(this)
}
}
UpdateClientCert
private fun setClientCert(config: KubeConfig, username: String) {
config.users?.find { user ->
username == Utils.getValue(user, arrayOf("name"))
}?.apply {
Utils.setValue(this, clientCertPem, arrayOf("user", "client-certificate-data"))
Utils.setValue(this, clientKeyPem, arrayOf("user", "client-key-data"))
==> removeToken(this)
}
}
OpenShiftClientFactory
val usingToken = token?.isNotEmpty() == true
val usingClientCert = clientCert != null
&& clientKey != null
require(usingToken.xor(usingClientCert)) {
"Provide either token OR clientCert + clientKey."
}
Describe the solution you'd like
A suggested approach would be to implement in KubeConfigUser
fun tokenOnly(token: String) =
KubeConfigUser(token = token.trim())
fun clientCertOnly(cert: CertificateSource, key: CertificateSource) =
KubeConfigUser(
token = null,
clientCertificate = cert,
clientKey = key,
)
Describe alternatives you've considered
No response
Additional context
No response
Is your enhancement related to a problem? Please describe
follows up on redhat-developer/devspaces-gateway-plugin#310
When you have kube config set to use certificates ("client-certificate(-data)", "client-key(-data)") and then switch to token, the certificates need to be removed. Both are mutually exclusive. The code for this exists in
OpenShiftClientFactoryandKubeConfigUpdate. It would be better to have this centralized instead of spread out.UpdateToken:UpdateClientCertOpenShiftClientFactoryDescribe the solution you'd like
A suggested approach would be to implement in
KubeConfigUserDescribe alternatives you've considered
No response
Additional context
No response