Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AccessTokenAuth should not be private/final #290

Open
thadeusb opened this issue Sep 16, 2019 · 0 comments
Open

AccessTokenAuth should not be private/final #290

thadeusb opened this issue Sep 16, 2019 · 0 comments

Comments

@thadeusb
Copy link

We generate access tokens to use with Kubernetes through a custom Vault (https://www.vaultproject.io/) interface. This interface just generates an AccessToken in a string that we then need to pass into Skuber to use, however the interface we implemented is custom and unique to our company, and so adding a pull request to Skuber to just implement a VaultAuth would not work.

Unfortunately, because TokenAuth (and AuthProviderAuth) is marked as a final case class, we cannot override these with our own custom VaultAuth provider. To get around this issue we end up having to call k8sInit for every interaction we need to do, so we can make sure to use fresh credentials.

  val credProvider = CustomVaultCredentialProvider(...)
  def k8s()(implicit a: ActorSystem, m: Materializer): KubernetesClient = {
    val k8sCluster = Cluster(
      server = clusterEndpoint,
      certificateAuthority = Some(Right(clusterCA))
    )
    val k8sContext = Context(
      k8sCluster,
      // This is where the token gets refreshed for skuber.
      TokenAuth(credProvider.refreshAccessToken().getTokenValue))
    )
    val k8sConfig = Configuration(
      clusters = Map("default" -> k8sCluster),
      contexts = Map("default" -> k8sContext),
      currentContext = k8sContext
    )
    k8sInit(k8sConfig)
  }

 // Do something with it
 k8s.get[JobList]...

I am requesting to make AccessTokenAuth subclassable from outside of skuber. That way we can implement a VaultTokenAuth extends AccessTokenAuth and have it work similarly to the existing GcpAuth.
@thadeusb thadeusb changed the title TokenAuth should not be private/final AccessTokenAuth should not be private/final Sep 16, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@thadeusb