config.setOauthToken(serviceTokenCandidate); String txt = "Configured service account doesn't have access. Service account may have been revoked."; config.getErrorMessages().put(401, "Unauthorized! " + txt); config.getErrorMessages().put(403, "Forbidden!" + txt); return true; } else {
/** * Checks if the response status code is the expected and throws the appropriate KubernetesClientException if not. * * @param request The {#link Request} object. * @param response The {@link Response} object. * @throws KubernetesClientException When the response code is not the expected. */ protected void assertResponseCode(Request request, Response response) { int statusCode = response.code(); String customMessage = config.getErrorMessages().get(statusCode); if (response.isSuccessful()) { return; } else if (customMessage != null) { throw requestFailure(request, createStatus(statusCode, combineMessages(customMessage, createStatus(response)))); } else { throw requestFailure(request, createStatus(response)); } }
config.getErrorMessages().put(401, "Unauthorized! Token may have expired! Please log-in again."); config.getErrorMessages().put(403, "Forbidden! User "+currentContext.getUser()+ " doesn't have permission.");
private boolean tryServiceAccount(Config config) { LOGGER.debug("Trying to configure client from service account..."); if (Utils.getSystemPropertyOrEnvVar(KUBERNETES_AUTH_TRYSERVICEACCOUNT_SYSTEM_PROPERTY, true)) { boolean serviceAccountCaCertExists = Files.isRegularFile(new File(KUBERNETES_SERVICE_ACCOUNT_CA_CRT_PATH).toPath()); if (serviceAccountCaCertExists) { LOGGER.debug("Found service account ca cert at: ["+KUBERNETES_SERVICE_ACCOUNT_CA_CRT_PATH+"]."); config.setCaCertFile(KUBERNETES_SERVICE_ACCOUNT_CA_CRT_PATH); } else { LOGGER.debug("Did not find service account ca cert at: ["+KUBERNETES_SERVICE_ACCOUNT_CA_CRT_PATH+"]."); } try { String serviceTokenCandidate = new String(Files.readAllBytes(new File(KUBERNETES_SERVICE_ACCOUNT_TOKEN_PATH).toPath())); if (serviceTokenCandidate != null) { LOGGER.debug("Found service account token at: ["+KUBERNETES_SERVICE_ACCOUNT_TOKEN_PATH+"]."); config.setOauthToken(serviceTokenCandidate); String txt = "Configured service account doesn't have access. Service account may have been revoked."; config.getErrorMessages().put(401, "Unauthorized! " + txt); config.getErrorMessages().put(403, "Forbidden!" + txt); return true; } else { LOGGER.debug("Did not find service account token at: ["+KUBERNETES_SERVICE_ACCOUNT_TOKEN_PATH+"]."); } } catch (IOException e) { // No service account token available... LOGGER.warn("Error reading service account token from: ["+KUBERNETES_SERVICE_ACCOUNT_TOKEN_PATH+"]. Ignoring."); } } return false; }
/** * Checks if the response status code is the expected and throws the appropriate KubernetesClientException if not. * * @param request The {#link Request} object. * @param response The {@link Response} object. * @throws KubernetesClientException When the response code is not the expected. */ protected void assertResponseCode(Request request, Response response) { int statusCode = response.code(); String customMessage = config.getErrorMessages().get(statusCode); if (response.isSuccessful()) { return; } else if (customMessage != null) { throw requestFailure(request, createStatus(statusCode, customMessage)); } else { throw requestFailure(request, createStatus(response)); } }
kubernetesConfig.getHttpsProxy(), kubernetesConfig.getNoProxy(), kubernetesConfig.getErrorMessages(), kubernetesConfig.getUserAgent(), kubernetesConfig.getTlsVersions(),
config.getErrorMessages().put(401, "Unauthorized! Token may have expired! Please log-in again."); config.getErrorMessages().put(403, "Forbidden! User "+currentContext.getUser()+ " doesn't have permission.");
kubernetesConfig.getHttpsProxy(), kubernetesConfig.getNoProxy(), kubernetesConfig.getErrorMessages(), kubernetesConfig.getUserAgent(), kubernetesConfig.getTlsVersions(),