[KYUUBI #6883] Using withOauthTokenProvider instead of withOauthToken…

… to support token refresh ### Why are the changes needed? Address comments: #6877 (reply in thread) > I guess this is a Kyuubi implementation issue, we just read the content from the kyuubi.kubernetes.authenticate.oauthTokenFile and call ConfigBuilder.withOauthToken, I guess this approach does not support token refresh... ### How was this patch tested? Existing GA. ### Was this patch authored or co-authored using generative AI tooling? No. Closes #6883 from turboFei/k8s_token_provider. Closes #6883 69dd28d [Wang, Fei] comments a01040f [Wang, Fei] withOauthTokenProvider Authored-by: Wang, Fei <[email protected]> Signed-off-by: Cheng Pan <[email protected]> (cherry picked from commit 2617427) Signed-off-by: Cheng Pan <[email protected]>
apache · Jan 14, 2025 · 803c8e1 · 803c8e1
1 parent a363054
commit 803c8e1
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/util/KubernetesUtils.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/util/KubernetesUtils.scala
@@ -23,7 +23,7 @@ import java.util.Locale
 import com.fasterxml.jackson.databind.ObjectMapper
 import com.google.common.base.Charsets
 import com.google.common.io.Files
-import io.fabric8.kubernetes.client.{Config, ConfigBuilder, KubernetesClient, KubernetesClientBuilder}
+import io.fabric8.kubernetes.client.{Config, ConfigBuilder, KubernetesClient, KubernetesClientBuilder, OAuthTokenProvider}
 import io.fabric8.kubernetes.client.Config.autoConfigure
 import io.fabric8.kubernetes.client.okhttp.OkHttpClientFactory
 import okhttp3.{Dispatcher, OkHttpClient}
@@ -78,7 +78,11 @@ object KubernetesUtils extends Logging {
       .withOption(oauthTokenValue) { (token, configBuilder) =>
         configBuilder.withOauthToken(token)
       }.withOption(oauthTokenFile) { (file, configBuilder) =>
-        configBuilder.withOauthToken(Files.asCharSource(file, Charsets.UTF_8).read())
+        // Prior to Kubernetes 1.24, the default token never expired.
+        // In newer versions, it expires after 1 hour by defaults.
+        configBuilder.withOauthTokenProvider(new OAuthTokenProvider {
+          override def getToken: String = Files.asCharSource(file, Charsets.UTF_8).read()
+        })
       }.withOption(caCertFile) { (file, configBuilder) =>
         configBuilder.withCaCertFile(file)
       }.withOption(clientKeyFile) { (file, configBuilder) =>