Created by: zshihang
this PR fixes Java client as a part in #6023
kubernetes cluster issues bounded service account token which has expiration set. kubernetes java client right now doesn't reload token if it expires because it is using the AccessTokenAuthentication
authenticator by building a client like this
builder.setAuthentication(new AccessTokenAuthentication(token));
this AccessTokenAuthentication
authenticator is relying on the built-in ApiKeyAuth
in OpenAPI to set the token like this :
https://github.com/kubernetes-client/java/blob/7779bc0939b5e2708147a71ec0fcf54d75062627/util/src/main/java/io/kubernetes/client/util/credentials/AccessTokenAuthentication.java#L18
and will not reload afterwards.
with this PR, kubernetes java client can implement a different authenticator something like AccessTokenNeverExpiresAuthentication to reload token once it expires and inject it in OpenAPI through setDefaultAuthentication(AccessTokenNeverExpiresAuthentication)
.
CC: @bbdouglas, @sreeshas, @jfiala, @lukoyanov, @cbornet, @jeff9finger, @karismann, @Zomzog, @lwlee2608, @bkabrda
-
Read the contribution guidelines. -
If contributing template-only or documentation-only changes which will change sample output, build the project before. -
Run the shell script(s) under ./bin/
(or Windows batch scripts under.\bin\windows
) to update Petstore samples related to your fix. This is important, as CI jobs will verify all generator outputs of your HEAD commit, and these must match the expectations made by your contribution. You only need to run./bin/{LANG}-petstore.sh
,./bin/openapi3/{LANG}-petstore.sh
if updating the code or mustache templates for a language ({LANG}
) (e.g. php, ruby, python, etc). -
File the PR against the correct branch: master
,4.3.x
,5.0.x
. Default:master
. -
Copy the technical committee to review the pull request if your PR is targeting a particular programming language.