support ExecCredential authentication (#36)

* add exec auth method * kube config exec.env is optional * Update pykube/http.py Co-Authored-By: Daniel Middlecote <[email protected]> * add a version check * commit black changes * avoid referencing or changing os.environ Co-authored-by: zoidbergwill <[email protected]> Co-authored-by: Daniel Middlecote <[email protected]>
hjacobs · Jan 15, 2020 · 8602da2 · 8602da2
1 parent 045e597
commit 8602da2
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/pykube/http.py b/pykube/http.py
@@ -7,6 +7,7 @@
 import posixpath
 import shlex
 import subprocess
+import os
 
 try:
     import google.auth
@@ -98,6 +99,24 @@ def send(self, request, **kwargs):
             pass
         elif "token" in config.user and config.user["token"]:
             request.headers["Authorization"] = "Bearer {}".format(config.user["token"])
+
+        elif "exec" in config.user:
+            exec_conf = config.user["exec"]
+
+            if exec_conf["apiVersion"] == "client.authentication.k8s.io/v1alpha1":
+                cmd_env_vars = dict(os.environ)
+                for env_var in exec_conf.get("env") or []:
+                    cmd_env_vars[env_var["name"]] = env_var["value"]
+
+                output = subprocess.check_output(
+                    [exec_conf["command"]] + exec_conf["args"], env=cmd_env_vars
+                )
+
+                parsed_out = json.loads(output)
+                token = parsed_out["status"]["token"]
+
+            request.headers["Authorization"] = "Bearer {}".format(token)
+
         elif "auth-provider" in config.user:
             auth_provider = config.user["auth-provider"]
             if auth_provider.get("name") == "gcp":