Skip to content

Commit

Permalink
move clientKeyData to SecretString
Browse files Browse the repository at this point in the history 
Signed-off-by: Carson Anderson <rcanderson23@gmail.com>
  • Loading branch information
@rcanderson23
rcanderson23 committed Nov 25, 2022
1 parent 73422b4 commit 079f460
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 6 deletions.
14 changes: 9 additions & 5 deletions kube-client/src/client/auth/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,10 @@ use tower::{filter::AsyncPredicate, BoxError};

use crate::config::{AuthInfo, AuthProviderConfig, ExecConfig};

#[cfg(feature = "oauth")] mod oauth;
#[cfg(feature = "oauth")] pub use oauth::Error as OAuthError;
#[cfg(feature = "oauth")]
mod oauth;
#[cfg(feature = "oauth")]
pub use oauth::Error as OAuthError;

#[derive(Error, Debug)]
/// Client auth errors
Expand Down Expand Up @@ -90,7 +92,7 @@ pub(crate) enum Auth {
Basic(String, SecretString),
Bearer(SecretString),
RefreshableToken(RefreshableToken),
Certificate(String, String)
Certificate(String, SecretString),
}

// Token file reference. Reloads at least once per minute.
Expand Down Expand Up @@ -292,8 +294,10 @@ impl TryFrom<&AuthInfo> for Auth {
if let Some(exec) = &auth_info.exec {
let creds = auth_exec(exec)?;
let status = creds.status.ok_or(Error::ExecPluginFailed)?;
if let (Some(client_certificate_data), Some(client_key_data)) = (status.client_certificate_data, status.client_key_data) {
return Ok(Self::Certificate(client_certificate_data, client_key_data))
if let (Some(client_certificate_data), Some(client_key_data)) =
(status.client_certificate_data, status.client_key_data)
{
return Ok(Self::Certificate(client_certificate_data, client_key_data.into()));
}
let expiration = status
.expiration_timestamp
Expand Down
2 changes: 1 addition & 1 deletion kube-client/src/client/config_ext.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -233,7 +233,7 @@ impl Config {
fn exec_identity_pem(&self) -> Option<Vec<u8>> {
match Auth::try_from(&self.auth_info) {
Ok(Auth::Certificate(client_certificate_data, client_key_data)) => {
let mut buffer = client_key_data.as_bytes().to_vec();
let mut buffer = client_key_data.expose_secret().as_bytes().to_vec();
buffer.extend_from_slice(client_certificate_data.as_bytes());
Some(buffer)
}
Expand Down

0 comments on commit 079f460

Please sign in to comment.