Skip to content

Commit 789de6a

Browse files
yliaogyliaog
authored
Merge pull request kubernetes-client#55 from flylo/flipped_sign
fixing flipped sign in expiry time padding
2 parents 2010e2d + 3932d29 commit 789de6a

File tree

2 files changed

+38
-13
lines changed

2 files changed

+38
-13
lines changed

config/kube_config.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@ def _create_temp_file_with_content(content):
6363

6464

6565
def _is_expired(expiry):
66-
return ((parse_rfc3339(expiry) + EXPIRY_SKEW_PREVENTION_DELAY) <=
66+
return ((parse_rfc3339(expiry) - EXPIRY_SKEW_PREVENTION_DELAY) <=
6767
datetime.datetime.utcnow().replace(tzinfo=UTC))
6868

6969

config/kube_config_test.py

+37-12
Original file line numberDiff line numberDiff line change
@@ -22,24 +22,38 @@
2222

2323
import mock
2424
import yaml
25-
from six import PY3
25+
from six import PY3, next
2626

2727
from .config_exception import ConfigException
28-
from .dateutil import parse_rfc3339
2928
from .kube_config import (ConfigNode, FileOrData, KubeConfigLoader,
3029
_cleanup_temp_files, _create_temp_file_with_content,
3130
list_kube_config_contexts, load_kube_config,
3231
new_client_from_config)
3332

3433
BEARER_TOKEN_FORMAT = "Bearer %s"
3534

35+
EXPIRY_DATETIME_FORMAT = "%Y-%m-%dT%H:%M:%SZ"
36+
# should be less than kube_config.EXPIRY_SKEW_PREVENTION_DELAY
37+
EXPIRY_TIMEDELTA = 2
38+
3639
NON_EXISTING_FILE = "zz_non_existing_file_472398324"
3740

3841

3942
def _base64(string):
4043
return base64.encodestring(string.encode()).decode()
4144

4245

46+
def _format_expiry_datetime(dt):
47+
return dt.strftime(EXPIRY_DATETIME_FORMAT)
48+
49+
50+
def _get_expiry(loader):
51+
expired_gcp_conf = (item for item in loader._config.value.get("users")
52+
if item.get("name") == "expired_gcp")
53+
return next(expired_gcp_conf).get("user").get("auth-provider") \
54+
.get("config").get("expiry")
55+
56+
4357
def _raise_exception(st):
4458
raise Exception(st)
4559

@@ -59,6 +73,8 @@ def _raise_exception(st):
5973
TEST_PASSWORD = "pass"
6074
# token for me:pass
6175
TEST_BASIC_TOKEN = "Basic bWU6cGFzcw=="
76+
TEST_TOKEN_EXPIRY = _format_expiry_datetime(
77+
datetime.datetime.utcnow() - datetime.timedelta(minutes=EXPIRY_TIMEDELTA))
6278

6379
TEST_SSL_HOST = "https://test-host"
6480
TEST_CERTIFICATE_AUTH = "cert-auth"
@@ -194,10 +210,12 @@ class TestConfigNode(BaseTestCase):
194210
{"name": "test_name2",
195211
"value": {"key1", "test"}},
196212
{"name": "test_name3", "value": [1, 2, 3]}],
197-
"with_names_dup": [{"name": "test_name", "value": "test_value"},
198-
{"name": "test_name",
199-
"value": {"key1", "test"}},
200-
{"name": "test_name3", "value": [1, 2, 3]}]}
213+
"with_names_dup": [
214+
{"name": "test_name", "value": "test_value"},
215+
{"name": "test_name",
216+
"value": {"key1", "test"}},
217+
{"name": "test_name3", "value": [1, 2, 3]}
218+
]}
201219

202220
def setUp(self):
203221
super(TestConfigNode, self).setUp()
@@ -213,7 +231,8 @@ def test_normal_map_array_operations(self):
213231
self.assertEqual(3, len(self.node['key2']))
214232

215233
self.assertEqual("test_obj/key3", self.node['key3'].name)
216-
self.assertEqual({"inner_key": "inner_value"}, self.node['key3'].value)
234+
self.assertEqual({"inner_key": "inner_value"},
235+
self.node['key3'].value)
217236
self.assertEqual("inner_value", self.node['key3']["inner_key"])
218237
self.assertEqual(1, len(self.node['key3']))
219238

@@ -255,7 +274,8 @@ def test_get_with_name_on_name_does_not_exists(self):
255274
def test_get_with_name_on_duplicate_name(self):
256275
self.expect_exception(
257276
lambda: self.node['with_names_dup'].get_with_name('test_name'),
258-
"Expected only one object with name test_name in test_obj/with_names_dup list")
277+
"Expected only one object with name test_name in "
278+
"test_obj/with_names_dup list")
259279

260280

261281
class FakeConfig:
@@ -421,7 +441,8 @@ class TestKubeConfigLoader(BaseTestCase):
421441
"name": "ssl",
422442
"cluster": {
423443
"server": TEST_SSL_HOST,
424-
"certificate-authority-data": TEST_CERTIFICATE_AUTH_BASE64,
444+
"certificate-authority-data":
445+
TEST_CERTIFICATE_AUTH_BASE64,
425446
}
426447
},
427448
{
@@ -462,7 +483,7 @@ class TestKubeConfigLoader(BaseTestCase):
462483
"name": "gcp",
463484
"config": {
464485
"access-token": TEST_DATA_BASE64,
465-
"expiry": "2000-01-01T12:00:00Z", # always in past
486+
"expiry": TEST_TOKEN_EXPIRY, # always in past
466487
}
467488
},
468489
"token": TEST_DATA_BASE64, # should be ignored
@@ -492,7 +513,8 @@ class TestKubeConfigLoader(BaseTestCase):
492513
"id-token": TEST_OIDC_EXPIRED_LOGIN,
493514
"idp-certificate-authority-data": TEST_OIDC_CA,
494515
"idp-issuer-url": "https://example.org/identity",
495-
"refresh-token": "lucWJjEhlxZW01cXI3YmVlcYnpxNGhzk"
516+
"refresh-token":
517+
"lucWJjEhlxZW01cXI3YmVlcYnpxNGhzk"
496518
}
497519
}
498520
}
@@ -578,7 +600,6 @@ def test_load_gcp_token_no_refresh(self):
578600
loader.token)
579601

580602
def test_load_gcp_token_with_refresh(self):
581-
582603
def cred(): return None
583604
cred.token = TEST_ANOTHER_DATA_BASE64
584605
cred.expiry = datetime.datetime.now()
@@ -587,7 +608,11 @@ def cred(): return None
587608
config_dict=self.TEST_KUBE_CONFIG,
588609
active_context="expired_gcp",
589610
get_google_credentials=lambda: cred)
611+
original_expiry = _get_expiry(loader)
590612
self.assertTrue(loader._load_gcp_token())
613+
new_expiry = _get_expiry(loader)
614+
# assert that the configs expiry actually updates
615+
self.assertTrue(new_expiry > original_expiry)
591616
self.assertEqual(BEARER_TOKEN_FORMAT % TEST_ANOTHER_DATA_BASE64,
592617
loader.token)
593618

0 commit comments

Comments
 (0)