(kyuubi) branch master updated: [KYUUBI #6883] Using withOauthTokenProvider instead of withOauthToken to support token refresh

Tue, 14 Jan 2025 09:25:56 -0800 

This is an automated email from the ASF dual-hosted git repository.

chengpan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kyuubi.git


The following commit(s) were added to refs/heads/master by this push:
     new 26174278c5 [KYUUBI #6883] Using withOauthTokenProvider instead of 
withOauthToken to support token refresh
26174278c5 is described below

commit 26174278c5f0715d16d11531db1495e45630fe49
Author: Wang, Fei <[email protected]>
AuthorDate: Wed Jan 15 01:25:34 2025 +0800

    [KYUUBI #6883] Using withOauthTokenProvider instead of withOauthToken to 
support token refresh
    
    ### Why are the changes needed?
    
    Address comments: 
https://github.com/apache/kyuubi/discussions/6877#discussioncomment-11743818
    
    > I guess this is a Kyuubi implementation issue, we just read the content 
from the kyuubi.kubernetes.authenticate.oauthTokenFile and call 
ConfigBuilder.withOauthToken, I guess this approach does not support token 
refresh...
    
    ### How was this patch tested?
    
    Existing GA.
    
    ### Was this patch authored or co-authored using generative AI tooling?
    
    No.
    
    Closes #6883 from turboFei/k8s_token_provider.
    
    Closes #6883
    
    69dd28d27 [Wang, Fei] comments
    a01040f94 [Wang, Fei] withOauthTokenProvider
    
    Authored-by: Wang, Fei <[email protected]>
    Signed-off-by: Cheng Pan <[email protected]>
---
 .../src/main/scala/org/apache/kyuubi/util/KubernetesUtils.scala   | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git 
a/kyuubi-server/src/main/scala/org/apache/kyuubi/util/KubernetesUtils.scala 
b/kyuubi-server/src/main/scala/org/apache/kyuubi/util/KubernetesUtils.scala
index 02b52f9266..db75980f15 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/util/KubernetesUtils.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/util/KubernetesUtils.scala
@@ -23,7 +23,7 @@ import java.util.Locale
 import com.fasterxml.jackson.databind.ObjectMapper
 import com.google.common.base.Charsets
 import com.google.common.io.Files
-import io.fabric8.kubernetes.client.{Config, ConfigBuilder, KubernetesClient, 
KubernetesClientBuilder}
+import io.fabric8.kubernetes.client.{Config, ConfigBuilder, KubernetesClient, 
KubernetesClientBuilder, OAuthTokenProvider}
 import io.fabric8.kubernetes.client.Config.autoConfigure
 import io.fabric8.kubernetes.client.okhttp.OkHttpClientFactory
 import okhttp3.{Dispatcher, OkHttpClient}
@@ -78,7 +78,11 @@ object KubernetesUtils extends Logging {
       .withOption(oauthTokenValue) { (token, configBuilder) =>
         configBuilder.withOauthToken(token)
       }.withOption(oauthTokenFile) { (file, configBuilder) =>
-        configBuilder.withOauthToken(Files.asCharSource(file, 
Charsets.UTF_8).read())
+        // Prior to Kubernetes 1.24, the default token never expired.
+        // In newer versions, it expires after 1 hour by defaults.
+        configBuilder.withOauthTokenProvider(new OAuthTokenProvider {
+          override def getToken: String = Files.asCharSource(file, 
Charsets.UTF_8).read()
+        })
       }.withOption(caCertFile) { (file, configBuilder) =>
         configBuilder.withCaCertFile(file)
       }.withOption(clientKeyFile) { (file, configBuilder) =>

Reply via email to