Use id-token for oidc Authentication Provider

This basically restores the functionality that has been added in kube-rs#70. Same caveats apply here: auto-refresh of expired id-token is not supported.
twz123 · Feb 13, 2021 · 4821d3c · 4821d3c
1 parent 6311728
commit 4821d3c
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/kube/src/service/auth/mod.rs b/kube/src/service/auth/mod.rs
@@ -94,6 +94,16 @@ impl TryFrom<&AuthInfo> for Authentication {
     /// https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
     fn try_from(auth_info: &AuthInfo) -> Result<Self, Self::Error> {
         if let Some(provider) = &auth_info.auth_provider {
+            if provider.name == "oidc" {
+                return match provider.config.get("id-token") {
+                    Some(id_token) => Ok(Authentication::Token(id_token.clone())),
+                    None => Err(ConfigError::AuthExec(
+                        "No id-token for oidc Authentication provider ".into(),
+                    )
+                    .into()),
+                };
+            }
+
             match token_from_provider(provider)? {
                 ProviderToken::GcpCommand(token, Some(expiry)) => {
                     let mut info = auth_info.clone();