Merge pull request #134 from ninech/client-token

fix: use dynamic auth by default

api/client.go

@@ -43,12 +43,6 @@ func New(ctx context.Context, apiClusterContext, project string, opts ...ClientO
 		return nil, err
 	}
 
-	token, err := GetTokenFromConfig(ctx, client.Config)
-	if err != nil {
-		return nil, err
-	}
-	client.Config.BearerToken = token
-
 	scheme, err := NewScheme()
 	if err != nil {
 		return nil, err
@@ -72,9 +66,9 @@ func New(ctx context.Context, apiClusterContext, project string, opts ...ClientO
 }
 
 // LogClient sets up a log client connected to the provided address.
-func LogClient(address string, insecure bool) ClientOpt {
+func LogClient(ctx context.Context, address string, insecure bool) ClientOpt {
 	return func(c *Client) error {
-		logClient, err := log.NewClient(address, c.Config.BearerToken, c.Project, insecure)
+		logClient, err := log.NewClient(address, c.Token(ctx), c.Project, insecure)
 		if err != nil {
 			return fmt.Errorf("unable to create log client: %w", err)
 		}
@@ -83,6 +77,24 @@ func LogClient(address string, insecure bool) ClientOpt {
 	}
 }
 
+// StaticToken configures the client to get a bearer token once and then set it
+// statically in the client config. This means the client will not automatically
+// renew the token when it expires.
+func StaticToken(ctx context.Context) ClientOpt {
+	return func(c *Client) error {
+		c.Config.BearerToken = c.Token(ctx)
+		tokenClient, err := runtimeclient.NewWithWatch(c.Config, runtimeclient.Options{
+			Scheme: c.Scheme(),
+		})
+		if err != nil {
+			return err
+		}
+		c.WithWatch = tokenClient
+
+		return nil
+	}
+}
+
 // NewScheme returns a *runtime.Scheme with all the relevant types registered.
 func NewScheme() (*runtime.Scheme, error) {
 	scheme := runtime.NewScheme()
@@ -136,12 +148,17 @@ func (c *Client) GetConnectionSecret(ctx context.Context, mg resource.Managed) (
 	return secret, nil
 }
 
-func (c *Client) Token() string {
+func (c *Client) Token(ctx context.Context) string {
 	if c.Config == nil {
 		return ""
 	}
 
-	return c.Config.BearerToken
+	token, err := GetTokenFromConfig(ctx, c.Config)
+	if err != nil {
+		return ""
+	}
+
+	return token
 }
 
 func LoadingRules() (*clientcmd.ClientConfigLoadingRules, error) {

auth/print_access_token.go

@@ -10,6 +10,6 @@ import (
 type PrintAccessTokenCmd struct{}
 
 func (o *PrintAccessTokenCmd) Run(ctx context.Context, client *api.Client) error {
-	fmt.Println(client.Token())
+	fmt.Println(client.Token(ctx))
 	return nil
 }

auth/whoami.go

@@ -22,7 +22,7 @@ func (s *WhoAmICmd) Run(ctx context.Context, client *api.Client) error {
 		return err
 	}
 
-	userInfo, err := api.GetUserInfoFromToken(client.Token())
+	userInfo, err := api.GetUserInfoFromToken(client.Token(ctx))
 	if err != nil {
 		return err
 	}

create/application.go

@@ -113,7 +113,7 @@ func (app *applicationCmd) Run(ctx context.Context, client *api.Client) error {
 	if !app.SkipRepoAccessCheck {
 		validator := &validation.RepositoryValidator{
 			GitInformationServiceURL: app.GitInformationServiceURL,
-			Token:                    client.Token(),
+			Token:                    client.Token(ctx),
 			Debug:                    app.Debug,
 		}
 		if err := validator.Validate(ctx, &newApp.Spec.ForProvider.Git.GitTarget, auth); err != nil {

get/build.go

@@ -92,7 +92,7 @@ func pullImage(ctx context.Context, apiClient *api.Client, build *apps.Build) er
 	registryAuth, err := registry.EncodeAuthConfig(registry.AuthConfig{
 		// technically the username does not matter, it just needs to be set to something
 		Username: "registry",
-		Password: apiClient.Token(),
+		Password: apiClient.Token(ctx),
 	})
 	if err != nil {
 		return err

main.go

@@ -76,7 +76,10 @@ func main() {
 		// call parse already. Note that this won't parse the flag for
 		// completion but it will work for the default and env.
 		_, _ = parser.Parse(os.Args[1:])
-		c, err := api.New(ctx, nctl.APICluster, nctl.Project)
+		// the client for the predictor requires a static token in the client config
+		// since dynamic exec config seems to break with some shells during completion.
+		// The exact reason for that is unknown.
+		c, err := api.New(ctx, nctl.APICluster, nctl.Project, api.StaticToken(ctx))
 		if err != nil {
 			return nil, err
 		}
@@ -134,7 +137,7 @@ func main() {
 		return
 	}
 
-	client, err := api.New(ctx, nctl.APICluster, nctl.Project, api.LogClient(nctl.LogAPIAddress, nctl.LogAPIInsecure))
+	client, err := api.New(ctx, nctl.APICluster, nctl.Project, api.LogClient(ctx, nctl.LogAPIAddress, nctl.LogAPIInsecure))
 	if err != nil {
 		fmt.Println(err)
 		fmt.Printf("\nUnable to get API client, are you logged in?\n\nUse `%s` to login.\n", format.Command().Login())

update/application.go

@@ -119,7 +119,7 @@ func (cmd *applicationCmd) Run(ctx context.Context, client *api.Client) error {
 		if !cmd.SkipRepoAccessCheck {
 			validator := &validation.RepositoryValidator{
 				GitInformationServiceURL: cmd.GitInformationServiceURL,
-				Token:                    client.Token(),
+				Token:                    client.Token(ctx),
 				Debug:                    cmd.Debug,
 			}