-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[receiver/kubeletstats] fix client to refresh service account tokens #26316
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
# Use this changelog template to create an entry for release notes. | ||
|
||
# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' | ||
change_type: bug_fix | ||
|
||
# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver) | ||
component: receiver/kubeletstats | ||
|
||
# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). | ||
note: "Fixes client to refresh service account token when authenticating with kubelet" | ||
|
||
# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists. | ||
issues: [26120] | ||
|
||
# (Optional) One or more lines of additional information to render under the primary note. | ||
# These lines will be padded with 2 spaces and then inserted directly into the document. | ||
# Use pipe (|) for multiline entries. | ||
subtext: | ||
|
||
# If your change doesn't affect end users or the exported elements of any package, | ||
# you should instead start your pull request title with [chore] or use the "Skip Changelog" label. | ||
# Optional: The change log or logs in which this entry should be included. | ||
# e.g. '[user]' or '[user, api]' | ||
# Include 'user' if the change is relevant to end users. | ||
# Include 'api' if there is a change to a library API. | ||
# Default: '[user]' | ||
change_logs: [user] |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9,6 +9,7 @@ | |
package kubelet | ||
|
||
import ( | ||
"crypto/tls" | ||
"crypto/x509" | ||
"errors" | ||
"io" | ||
|
@@ -102,15 +103,29 @@ func TestDefaultTLSClient(t *testing.T) { | |
} | ||
|
||
func TestSvcAcctClient(t *testing.T) { | ||
server := httptest.NewUnstartedServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { | ||
// Check if call is authenticated using token from test file | ||
require.Equal(t, req.Header.Get("Authorization"), "Bearer s3cr3t") | ||
_, err := rw.Write([]byte(`OK`)) | ||
require.NoError(t, err) | ||
})) | ||
cert, err := tls.LoadX509KeyPair("./testdata/testcert.crt", "./testdata/testkey.key") | ||
require.NoError(t, err) | ||
server.TLS = &tls.Config{Certificates: []tls.Certificate{cert}} | ||
server.StartTLS() | ||
defer server.Close() | ||
|
||
p := &saClientProvider{ | ||
endpoint: "localhost:9876", | ||
caCertPath: certPath, | ||
endpoint: server.Listener.Addr().String(), | ||
caCertPath: "./testdata/testcert.crt", | ||
tokenPath: "./testdata/token", | ||
logger: zap.NewNop(), | ||
} | ||
cl, err := p.BuildClient() | ||
client, err := p.BuildClient() | ||
require.NoError(t, err) | ||
require.Equal(t, "s3cr3t", string(cl.(*clientImpl).tok)) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
|
||
resp, err := client.Get("/") | ||
require.NoError(t, err) | ||
require.Equal(t, []byte(`OK`), resp) | ||
} | ||
|
||
func TestNewKubeConfigClient(t *testing.T) { | ||
|
@@ -268,7 +283,6 @@ func TestBuildReq(t *testing.T) { | |
req, err := cl.(*clientImpl).buildReq("/foo") | ||
require.NoError(t, err) | ||
require.NotNil(t, req) | ||
require.Equal(t, req.Header["Authorization"][0], "bearer s3cr3t") | ||
} | ||
|
||
func TestBuildBadReq(t *testing.T) { | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,19 +1,33 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIDLDCCAhSgAwIBAgIJAO8ClxUckM5xMA0GCSqGSIb3DQEBCwUAMEsxCzAJBgNV | ||
BAYTAk9UMRYwFAYDVQQIDA1PcGVuVGVsZW1ldHJ5MRAwDgYDVQQHDAdTZXJ2aWNl | ||
MRIwEAYDVQQDDAkxMjcuMC4wLjEwHhcNMjAwNTA2MDAzMTQ0WhcNMjEwNTA2MDAz | ||
MTQ0WjBLMQswCQYDVQQGEwJPVDEWMBQGA1UECAwNT3BlblRlbGVtZXRyeTEQMA4G | ||
A1UEBwwHU2VydmljZTESMBAGA1UEAwwJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0B | ||
AQEFAAOCAQ8AMIIBCgKCAQEAyVL12RmIXJP/K1wkGDW2k9OKvmP/kX0w2iPEZ7f0 | ||
3kUvDpAUjGHr3FnnOYYmxQU+gXK0g/pRupNh5n4GuzFGbQNEAl1V+dmAB5w/yX3p | ||
SSZVZmsIRRgTVRd1501mDNqRS6aOy8+PhFUF7rI6V5KBaizLch6ojOtDSouUTnRI | ||
9o47WSeyVALHFllm1BYlCBoiSZ/ZX2BJOteJ/9fawPQzVMSmNOQcymRiHqeBlhlI | ||
gIPFEOh68oJScGNRVin0tnxfUr7eO+cR3iC20aCUXsL3Yq1KKXrxD3/0T8ICK5DM | ||
qWj4gKC4CVlIF68zvVWD/jKSR9u9Gs+aRxA2ZHF+scsHgQIDAQABoxMwETAPBgNV | ||
HREECDAGhwR/AAABMA0GCSqGSIb3DQEBCwUAA4IBAQA2DT7VxpFLCqc0FHW16yZ9 | ||
/9fQChEN5IBe6mjbysjeYhef8w7xP03wl6SwFXFpTQDFqz6KdolH+Zl4gm6MsrsX | ||
nQNP8fkHfNtHr+28JPDPWC5aWx5xfdQ4ybfeEV+xdNmrKeKGOcQ+Nmjcx06ysy0J | ||
OSjOBwyTvlCIOF5AnafFuCk81EnbMLQeIvsfudXTAi0aw6HMmS2UgmGUcwGsFDRt | ||
Xx1n1nLclK73f2a9mrzrh1s3lMom1FLaZ8fRecB9cVZJAHdw7RDtkG0qFf+v9Hk0 | ||
y8JKVfSmRIveHz62a/61T36VSKIO0qksdR4wEPCjADsdpagVMrwjyu8qShLFXRkn | ||
MIIFuDCCA6CgAwIBAgIUX6gHrM+cXSsdSQTFUTl7ISB8xoYwDQYJKoZIhvcNAQEL | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. updated cert since the ones checked in have expired |
||
BQAwYzELMAkGA1UEBhMCT1QxFjAUBgNVBAgMDU9wZW50ZWxlbWV0cnkxEDAOBgNV | ||
BAcMB1NlcnZpY2UxFjAUBgNVBAoMDU9wZW50ZWxlbWV0cnkxEjAQBgNVBAMMCTEy | ||
Ny4wLjAuMTAeFw0yMzA4MzAxNTQ5MTJaFw0zMzA4MjcxNTQ5MTJaMGMxCzAJBgNV | ||
BAYTAk9UMRYwFAYDVQQIDA1PcGVudGVsZW1ldHJ5MRAwDgYDVQQHDAdTZXJ2aWNl | ||
MRYwFAYDVQQKDA1PcGVudGVsZW1ldHJ5MRIwEAYDVQQDDAkxMjcuMC4wLjEwggIi | ||
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQD1bq9pqg6CYsAYfB1OIK1sj8kc | ||
Ia1wCVEJ+fr7Mw+DmDR3nEto6W+2+JU5n2FZWGrV8mPztJVd9WdMXEsJTVC/gNX1 | ||
92X8YmiJOWzfglalYzWO9LJn9hrdgS56j0F++MXRNDgouZNlRXfU7dYErn3x6NIe | ||
DaIoAGep6ekO5JyW0AjeuVw+Th9kT0CThzCRwB3CpPmKD0Zwt3mAgsDDTlN6PopR | ||
fmeeDQ9tiiA33uVOfXQfmXcXfoUYr1E4JmuO+OrjR4xoFRfvvSJW8cqCm6TZi5k0 | ||
lfKC23lso3r6qojIMGHTOhjxuPuY5kMSq8RrtnjIB8l2ulcDZWSnKTqiOmkwThBe | ||
uHuOCsGbjt9YEeF/7LRU+R02G5Ybt3PWnHiUlNzuZkbeCqrQ2/LJLhiGPQ/+D2LT | ||
i9D0Vc2TsswhCz+5UpyvJe4/CDuR5oeniVoyVpN9wxyUDG80c7H0tOYAp/BTptjy | ||
ASGjr7Iq2RMpsP12dyjbIxalYBQdlyoSjfnNnf4knHFtum7DzyDc6e0/tY5vzetA | ||
7ij+k8+S19PLOrEw/BVSlC34xa/epcsLgxWh4wSCBs6h5Eg0Rgvh6riPdoAHOUb1 | ||
U33WAIUmSk2JqUqrVCtoV/4B6WMzbuwH0tFJkVTcXs6jDsR77wrhIsv8zXRzt+ar | ||
XT+b61pFf9EJVeizSQIDAQABo2QwYjAdBgNVHQ4EFgQUep0QJqlnV6W2WHfHu6sM | ||
fIPQWdswHwYDVR0jBBgwFoAUep0QJqlnV6W2WHfHu6sMfIPQWdswDwYDVR0TAQH/ | ||
BAUwAwEB/zAPBgNVHREECDAGhwR/AAABMA0GCSqGSIb3DQEBCwUAA4ICAQDTTYkH | ||
+L7LZDAbFQ9XaWs12NtvR+BzWNAWtY06KEy/Bxd/me2fi1UjdQDjSMQCQjeRyVXZ | ||
Xj6hJmZ+CFsdKpl1v7i9CxmHPyUUGrm2C+pYxeG9gg7e682FfKnSH9pTmD1SowSR | ||
6vX30PWJcgizhXrnrvNjZCZFie6lbDmsmkIu2ZCtJonaNUWuSA3uX2ZYQhGCgimJ | ||
+T6G5wKlJUcpT2QgI7I3qqijc8a76wvQbqW3hdsquygiugcI0d9riyuH/GuwtHUy | ||
JTTef5BSGkt+oVqXHsfsRmM+BHQQh46dDaRcECKDi2kHLIF1SfonrWf7Z1hIVbec | ||
i58GNs4oXP1HDG97Uz8hw6prn1tWJFjjhev990WWWPSW3NFuPkoZ3Q1CGU15IRI7 | ||
ezcIIDkcOyqsCGgHjQYFMdSiBgXXBf7xxN6e1byvTJQLppz51rShd1yFuWZ7Ca5X | ||
5D4TfI6F/KSYSt07F6YhfjOkUsItwaYNLEO0CA4dP01mbh+Nu2VgRLxsgKKQoHhY | ||
Ru55HmjEkE8Bq+jOQ52f2eFPmuDyxt4fm+RrqNr6GblVypmUSZneJclkcVSa5uIT | ||
Dnze9zEN9yorfK+75tzVN2/B4tA4UtQ2/Osqcw/fLgYQOacK24EYeeCJmOAI+4Ym | ||
+aF1tP4s2ptfLFm0lDgVlGr1j6UDIV3RClraVA== | ||
-----END CERTIFICATE----- |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,27 +1,52 @@ | ||
-----BEGIN RSA PRIVATE KEY----- | ||
MIIEpAIBAAKCAQEAyVL12RmIXJP/K1wkGDW2k9OKvmP/kX0w2iPEZ7f03kUvDpAU | ||
jGHr3FnnOYYmxQU+gXK0g/pRupNh5n4GuzFGbQNEAl1V+dmAB5w/yX3pSSZVZmsI | ||
RRgTVRd1501mDNqRS6aOy8+PhFUF7rI6V5KBaizLch6ojOtDSouUTnRI9o47WSey | ||
VALHFllm1BYlCBoiSZ/ZX2BJOteJ/9fawPQzVMSmNOQcymRiHqeBlhlIgIPFEOh6 | ||
8oJScGNRVin0tnxfUr7eO+cR3iC20aCUXsL3Yq1KKXrxD3/0T8ICK5DMqWj4gKC4 | ||
CVlIF68zvVWD/jKSR9u9Gs+aRxA2ZHF+scsHgQIDAQABAoIBAG/6OMw8K2By4ObZ | ||
JSpiFd87NlyXejsOCvIKGuAlrYlDqdzLvuImRO4XA0k3mLDVLeMKTeVqgbLo7vco | ||
+c18ptNTkaxPBdcmZtPU0JXd9re9HpsMxVjI/1fA6M9yeWSE3XPafGpYVFcig140 | ||
u8ahsmG/8JjU/KME6DS6Vg8dFsgrb0aJypv1VxA2n4xeWkbwVdniTlny4LFhwvvk | ||
P4dgnGNhUHkeet+re9YZEkXJbNp9hXP/wdEwLJ5tUNI/exngxQaAJ6fP2e1htFoJ | ||
a8TGTwjEwRIAocjI8ieHnUO4lARF8uhEzhSadtZNZvKgbNpE5xJNl9OH9pkQTjo2 | ||
4CLOxpECgYEA8ZbV2o1EcdCKvIWAYhYbBHYe2gadcnO04gtA1bbGk/+YtzaiS20W | ||
zq2qKDhrQJ6sCFe17CN9hM0gdkpsyS1nLtR3F3MVacYe8STh7BD61E5ens+wDWJU | ||
zva3bS1CRMPthZ+i0xc4AOgXDZewD1rxb8rvT5SeXYRZGkvyh9TAzocCgYEA1VVC | ||
lLy3EG/geiMAWd+FnTwWnMViGb8rDY03vJDSKEes9b8HqwEPsX0I3TVeyyYBM3Te | ||
sPYqJxBFh5afU8DYhNue9UbJKSN4j1jg43pK58i99LT+lGRAVaJZLVbsWiEF3MwX | ||
8muCtELAT7j9648oEUX4sF/nnz422Q0VPRS5s7cCgYAqrDHqALnuQJ/A3PPoX282 | ||
QocAi9qTtMxmgQZauYYp7iPTeNsB56r3psU/hXesWlqYvqVrqHkrU/A/9LVyc4qe | ||
QvkmMzW9ETm17oXZZMZpac5czuKR+qRwSjPsHOpvqwvxZlkkYB2MS3KG/BwlGjM7 | ||
Q+UxcVbnvdDfTDrysym7UQKBgQDFeVPVjM7EZ1tak7XKe68aOjoQSmIhxSTcOYGD | ||
imcPJDIFlRxK/gOB32TqJ3IlCHwKHr/Y/TVNzbEe7p1zkMqcSRPepfSloREDWFls | ||
GJLn9ZlowHX79MTcwBhecNz+HR1pIn90RnLJ3BRad7qMZ4rGWof28//bF2L8DjE/ | ||
xkSUBwKBgQCAki3+tscHa1ZQ+VZmvTeQ9gwNZt+cm0FzavhjnvWZAKCrKwg+MvAN | ||
BifZjKsPK7u9u1QGuPP0Zn/Zw3VoMlrC/Paa/OZzwTtb2yN824wbMo0Qvm5WciS7 | ||
DXyNy887h1NLGEyMh6rGUutmI6OPf8WaLqcxrz16dhtr9+N6YDZ/tQ== | ||
-----END RSA PRIVATE KEY----- | ||
-----BEGIN PRIVATE KEY----- | ||
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQD1bq9pqg6CYsAY | ||
fB1OIK1sj8kcIa1wCVEJ+fr7Mw+DmDR3nEto6W+2+JU5n2FZWGrV8mPztJVd9WdM | ||
XEsJTVC/gNX192X8YmiJOWzfglalYzWO9LJn9hrdgS56j0F++MXRNDgouZNlRXfU | ||
7dYErn3x6NIeDaIoAGep6ekO5JyW0AjeuVw+Th9kT0CThzCRwB3CpPmKD0Zwt3mA | ||
gsDDTlN6PopRfmeeDQ9tiiA33uVOfXQfmXcXfoUYr1E4JmuO+OrjR4xoFRfvvSJW | ||
8cqCm6TZi5k0lfKC23lso3r6qojIMGHTOhjxuPuY5kMSq8RrtnjIB8l2ulcDZWSn | ||
KTqiOmkwThBeuHuOCsGbjt9YEeF/7LRU+R02G5Ybt3PWnHiUlNzuZkbeCqrQ2/LJ | ||
LhiGPQ/+D2LTi9D0Vc2TsswhCz+5UpyvJe4/CDuR5oeniVoyVpN9wxyUDG80c7H0 | ||
tOYAp/BTptjyASGjr7Iq2RMpsP12dyjbIxalYBQdlyoSjfnNnf4knHFtum7DzyDc | ||
6e0/tY5vzetA7ij+k8+S19PLOrEw/BVSlC34xa/epcsLgxWh4wSCBs6h5Eg0Rgvh | ||
6riPdoAHOUb1U33WAIUmSk2JqUqrVCtoV/4B6WMzbuwH0tFJkVTcXs6jDsR77wrh | ||
Isv8zXRzt+arXT+b61pFf9EJVeizSQIDAQABAoICAAyJJZ++ojzV5SSjAz6sM9tv | ||
iSi9Dh4ita9OI7v8nspchfKFisL+KFj2v614pujgt507oxANrVLmH8tyS9la5/jO | ||
EG+eniiK0LbQlm9gmYMbSv8lH68obnUZnel/42skMvtlYMhwuRbzOkSHjNbCoFdw | ||
qjnDfcCwC5ttwXwDoH1h/Q/+NPhQNnGBzEU0wp3xK3v3f/DlqJYFgwjVtNmM6L3d | ||
z6QLsihsF5mDVHOyGHF+viWGicMLEOqCuuHksXn1HA81hnYC/Mzfks9QzISJBV2g | ||
sBez4HX/Vod+Xp/Kwc+CzB5VMXS4O26S9UJRAGh1gpwJ7Mf6Cst3PHG+zPpABEMM | ||
H5VFI7xmFViN9tfWmw6AsGH/VNPZwJnB9YRW224gbEMMshmAU7KZoYWezV7Z4BGD | ||
/ikNCpZUw1fTiQYi1N4lZBY6ncPYY5z1JOV6O7muynexbuAyvIOVPpZGgJgb9je1 | ||
iGkjcX+dQkSE/sy2oujxB51y15607iubW6hwUogutSmcEQmI4vx+2kBf8MPBJyeI | ||
31MnLAaqSMCZKgG86FunFo6O7radWbNlQQ2CZkHDMkef5s0p1jB8LlxJ0xLnb59V | ||
RKKmeZ9V5BbIuksyVpgGHvi1kI/6z2Svh8hQ0avcUoc0uQ/9urK4VnqUdTnjMbvG | ||
kGna2NriKVvlYojxWy0BAoIBAQD/EIO3gKHllAdjpTo9dn3mkxNS2gB6g2MYnTD1 | ||
VrK8gOvfZHdKTvqAM8sYhwrl7Z9FIznGGB0Nbi4KfVGtd8M1XI31etBHmrFQz0HO | ||
+5QCT8fj3q/9AelDwgI5CCa4lywtZfjlzL8f80CGrZ0+/SplpaCcWzQlumKYx/bZ | ||
jl1Luhj/SJwpe7hvtku3/pA0fTBkJc6VQDiWYDJ+8Z/m4fniBMXPOEAd9V/iI1ux | ||
11DjnX+nbpYvbQncC3rV2wabm63NyiMGEVd4KPk8LNUgaoCfTyK2jMnrKchLA+e5 | ||
V9XYr/LVDsijWpdIQLKXBL4Jbs8sMpSXq0k+uT0NtIj1r18BAoIBAQD2VSB5+ioO | ||
7GPW/pf4AeF+FafiSrqIMWDi4fsxggkDVsOAud9GyqPi9YfaeIJ2ctLg8usyPjph | ||
eQUYKJijbGZm9RObxNYvvo2HhCJ0sT11jK5bKzhgyHqJM94Yfl6ocBgS2r/9Ledh | ||
jXhg4kmA4FBbFHijndAdLI7Q5Zu4eanLlMDFurE9s5/nrk8kSh54YnF5tWJm5BoB | ||
fqSGJnsjd9Wux2WuMkw23H/bh5WNBiGL9yU7ipnFycB+G6GQNy2FSFe1Hnkj0+M+ | ||
Tn4AeuXB1se32l0MmHolhkT+Q1FfRWBCFVeSC7231EcYSWsmZKEX92HG5HUzteXw | ||
0bTsQHCrApxJAoIBAQDE1Guw2hUVYyxomwLcl2oE2w6Yax7fbDC2t+cmDKeVjC95 | ||
jr/3mgb5k/5wiRXB5aN46PwWgFk7GgFxms/C+56quSfbfdDo0NlwsN/p6H6JYiOx | ||
FxHcPvNRlI++jynCXPZ8eiqeu2fqMf9jburfxuJG2o+c2UzeqHyZxgYaUSBx5cSQ | ||
i+nmoVDs9FJuRIXn24vSXNKUnqCMeuO8zp1EwLHi1ygHBzODau15Ryvli3EilVID | ||
VPWU16I6Kqm6CnGI95QiMJDih9NmKMhcxYQapdVoGtuA4BiZ3v5v1S2m+79MnkrY | ||
W7Y9SRVhbnviyogUI2zAgK/mcwns22nf/6eJYLIBAoIBAAWPID+AdMiHby1f64AO | ||
Us9sn7BMrW77ZktYfDm+zINFxv21tCM92Xr6vYkhpRgVOUsYUFR+8QRYHdRQvjkZ | ||
7imuqDWguJC1RS5kvf5SLafkd97Y19nfTFyiTgXRfENi3Dg4tZJ6Ibmi3q+ZC72b | ||
0lRr3tkaa6Ls6YAvXldIb5uHjN4pe2yADEDHP0P7ZDqlRhhQDptx1GBqQj5AyhCf | ||
2LOsDlBjFDM8wKnsomRfWgx1lGKGmzfKeMyfxQKjLCTQ4CHXQTacxokWbmOGYn8A | ||
YNt2UxlAq6kDIbV3QXPb9fMn1iUWnL50TPJwXbmtFbGbxJofd8Gl/j10Dhgy0Bgb | ||
4/kCggEBAJthdPKPGudGm2wvxSKawNRwnzcg2I8CsVkiWOqbMxkATLRS+c9h0Tyw | ||
fqsDjlTCSplBqbfHbH4n3MagyCFE4bMHl3cSM+xxP283g+xX+xlsKjrNY3hVAS0k | ||
wu9spUaoX9Fy1L9icN2E9P6Fy8wGQ2w3zdKOj0zJTjP58mYEu2Y/RNiYZmjStPL2 | ||
0vlqkEkWCYd1qPOpDCENvUMrIyf0qIbcv4zZLuE+ORlAAHgJr7F/FNX4mdye17S+ | ||
CpRo1VtVBvxxX45J12ZijpNkVwRHXdsJ8sEb6wY1oK9GP5lMR6t3+rhcg8I8Udyc | ||
xwQFnl9NoVd+jhwW8bP/WSAAL53OvgU= | ||
-----END PRIVATE KEY----- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have not been passing the user provided
InsecureSkipVerify
config when authType is service account. I am keeping the same behavior here and will create a different issue to address this.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
#26319 Any ideas/context if this was done intentionally?