From 81e84efc453235344522c58f5bec857eb0e241c1 Mon Sep 17 00:00:00 2001
From: Vladimir Jigulin <vjigulin@mirantis.com>
Date: Wed, 10 Jul 2019 15:29:23 +0400
Subject: [PATCH] Improve similarity with kubelet in handling of oidc
 kubeconfigs

- allow 'client-secret' to be empty
---
 config/kube_config.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/config/kube_config.py b/config/kube_config.py
index 386b82c1..63152de8 100644
--- a/config/kube_config.py
+++ b/config/kube_config.py
@@ -361,13 +361,14 @@ def _refresh_oidc(self, provider):
             return
 
         response = json.loads(response.data)
+        client_secret = provider['config'].safe_get('client-secret')
 
         request = OAuth2Session(
             client_id=provider['config']['client-id'],
             token=provider['config']['refresh-token'],
             auto_refresh_kwargs={
                 'client_id': provider['config']['client-id'],
-                'client_secret': provider['config']['client-secret']
+                'client_secret': client_secret
             },
             auto_refresh_url=response['token_endpoint']
         )
@@ -377,7 +378,7 @@ def _refresh_oidc(self, provider):
                 token_url=response['token_endpoint'],
                 refresh_token=provider['config']['refresh-token'],
                 auth=(provider['config']['client-id'],
-                      provider['config']['client-secret']),
+                      client_secret),
                 verify=config.ssl_ca_cert if config.verify_ssl else None
             )
         except oauthlib.oauth2.rfc6749.errors.InvalidClientIdError: