From 90c885faf367277f7ad47e9b6378d12d2ddecb12 Mon Sep 17 00:00:00 2001
From: Andre Dietisheim <adietish@redhat.com>
Date: Wed, 21 Aug 2024 19:54:20 +0200
Subject: [PATCH] update token in file listed in KUBECONFIG env var (#6240)

Signed-off-by: Andre Dietisheim <adietish@redhat.com>
---
 .../io/fabric8/kubernetes/client/Config.java  | 64 ++++++++++++++++++-
 .../client/utils/OpenIDConnectionUtils.java   |  3 +-
 2 files changed, 62 insertions(+), 5 deletions(-)

diff --git a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/Config.java b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/Config.java
index 10b1c09f633..44aa9750ec6 100644
--- a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/Config.java
+++ b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/Config.java
@@ -119,7 +119,9 @@ public class Config {
   public static final String KUBERNETES_NAMESPACE_PATH = "/var/run/secrets/kubernetes.io/serviceaccount/namespace";
   public static final String KUBERNETES_NAMESPACE_FILE = "kubenamespace";
   public static final String KUBERNETES_NAMESPACE_SYSTEM_PROPERTY = "kubernetes.namespace";
+  @Deprecated
   public static final String KUBERNETES_KUBECONFIG_FILE = "kubeconfig";
+  public static final String KUBERNETES_KUBECONFIG_FILES = "kubeconfig";
   public static final String KUBERNETES_SERVICE_HOST_PROPERTY = "KUBERNETES_SERVICE_HOST";
   public static final String KUBERNETES_SERVICE_PORT_PROPERTY = "KUBERNETES_SERVICE_PORT";
   public static final String KUBERNETES_SERVICE_ACCOUNT_TOKEN_PATH = "/var/run/secrets/kubernetes.io/serviceaccount/token";
@@ -934,7 +936,7 @@ public static String getKubeconfigFilename() {
 
   public static String[] getKubeconfigFilenames() {
     String[] fileNames = null;
-    String fileName = Utils.getSystemPropertyOrEnvVar(KUBERNETES_KUBECONFIG_FILE);
+    String fileName = Utils.getSystemPropertyOrEnvVar(KUBERNETES_KUBECONFIG_FILES);
 
     fileNames = fileName.split(File.pathSeparator);
     if (fileNames.length == 0) {
@@ -1734,17 +1736,73 @@ public NamedContext getCurrentContext() {
   public void setCurrentContext(NamedContext context) {
     this.currentContext = context;
   }
-
   /**
    *
    * Returns the path to the file that this configuration was loaded from. Returns {@code null} if no file was used.
+   * @deprecated use {@link #getFiles} instead.
    *
-   * @return the path to the kubeConfig file
+   * @return the kubeConfig file
    */
+  @Deprecated
   public File getFile() {
     return file;
   }
 
+  /**
+   * Returns the kube config files that are used to configure this client.
+   * Returns the files that are listed in the KUBERNETES_KUBECONFIG_FILES env or system variables.
+   * Returns the default kube config file if it's not set'.
+   *
+   * @return
+   */
+  public List<File> getFiles() {
+    return files;
+  }
+
+  public KubeConfigFile getFile(String username) {
+    if (username == null
+            || username.isEmpty()) {
+      return null;
+    }
+    return Arrays.stream(getKubeconfigFilenames())
+            .map(filename -> {
+              try {
+                return new KubeConfigFile(file, KubeConfigUtils.parseConfig(file));
+              } catch (IOException e) {
+                return null;
+              }
+            })
+            .filter(entry -> entry != null
+                    && entry.getConfig() != null
+                    && hasAuthInfo(username, entry.getConfig())
+            )
+            .findFirst()
+            .orElse(null);
+  }
+
+  private boolean hasAuthInfo(String username, io.fabric8.kubernetes.api.model.Config kubeConfig) {
+    return kubeConfig.getUsers().stream()
+            .anyMatch(namedAuthInfo -> username.equals(namedAuthInfo.getUser().getUsername()));
+  }
+
+  public static class KubeConfigFile {
+    private final File file;
+    private final io.fabric8.kubernetes.api.model.Config config;
+
+    private KubeConfigFile(File file, io.fabric8.kubernetes.api.model.Config config) {
+      this.file = file;
+      this.config = config;
+    }
+
+    public File getFile() {
+      return file;
+    }
+
+    public io.fabric8.kubernetes.api.model.Config getConfig() {
+      return config;
+    }
+  }
+
   @JsonIgnore
   public Readiness getReadiness() {
     return Readiness.getInstance();
diff --git a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/utils/OpenIDConnectionUtils.java b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/utils/OpenIDConnectionUtils.java
index c2ae79374a8..d08fff123fe 100644
--- a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/utils/OpenIDConnectionUtils.java
+++ b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/utils/OpenIDConnectionUtils.java
@@ -21,7 +21,6 @@
 import io.fabric8.kubernetes.api.model.AuthProviderConfig;
 import io.fabric8.kubernetes.api.model.NamedAuthInfo;
 import io.fabric8.kubernetes.client.Config;
-import io.fabric8.kubernetes.client.Config.KubeConfigFile;
 import io.fabric8.kubernetes.client.KubernetesClientException;
 import io.fabric8.kubernetes.client.http.HttpClient;
 import io.fabric8.kubernetes.client.http.HttpRequest;
@@ -202,7 +201,7 @@ private static void persistOAuthTokenToFile(Config currentConfig, String token,
     if (currentConfig.getFile() != null && currentConfig.getCurrentContext() != null) {
       try {
         final String userName = currentConfig.getCurrentContext().getContext().getUser();
-        KubeConfigFile kubeConfigFile = currentConfig.getFile(userName);
+        Config.KubeConfigFile kubeConfigFile = currentConfig.getFile(userName);
         if (kubeConfigFile == null) {
           LOGGER.warn("oidc: failure while persisting new tokens into KUBECONFIG: file for user {} not found", userName);
           return;