Skip to content

[Gateway][Refactor]: token and certificates are mutually exclusive. Code for it is spread out #23866

Description

@adietish

Is your enhancement related to a problem? Please describe

follows up on redhat-developer/devspaces-gateway-plugin#310

When you have kube config set to use certificates ("client-certificate(-data)", "client-key(-data)") and then switch to token, the certificates need to be removed. Both are mutually exclusive. The code for this exists in OpenShiftClientFactory and KubeConfigUpdate. It would be better to have this centralized instead of spread out.

UpdateToken:

        private fun setTokenFor(username: String, config: KubeConfig) {
            config.users?.find { user ->
                username == Utils.getValue(user, arrayOf("name"))
            }?.apply {
                Utils.setValue(this, token, arrayOf("user", "token"))

==>             removeClientCerts(this)
            }
        }

UpdateClientCert

        private fun setClientCert(config: KubeConfig, username: String) {
            config.users?.find { user ->
                username == Utils.getValue(user, arrayOf("name"))
            }?.apply {
                Utils.setValue(this, clientCertPem, arrayOf("user", "client-certificate-data"))
                Utils.setValue(this, clientKeyPem, arrayOf("user", "client-key-data"))

==>            removeToken(this)
            }
        }

OpenShiftClientFactory

        val usingToken = token?.isNotEmpty() == true
        val usingClientCert = clientCert != null
                && clientKey != null

        require(usingToken.xor(usingClientCert)) {
            "Provide either token OR clientCert + clientKey."
        }

Describe the solution you'd like

A suggested approach would be to implement in KubeConfigUser

        fun tokenOnly(token: String) =
            KubeConfigUser(token = token.trim())
        fun clientCertOnly(cert: CertificateSource, key: CertificateSource) =
            KubeConfigUser(
                token = null,
                clientCertificate = cert,
                clientKey = key,
            )

Describe alternatives you've considered

No response

Additional context

No response

Metadata

Metadata

Labels

area/editor/jetbrainsJetBrains IDEs supportkind/enhancementA feature request - must adhere to the feature request template.team/CThis team is responsible for the the IDEs and Extensions

Fields

No fields configured for Feature.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions