Merge bf9a220dd0 into a27727f8d0

ui/operator_ui/cluster_discovery.py

@@ -24,14 +24,16 @@ def generate_cluster_id(url: str):
     return CLUSTER_ID_INVALID_CHARS.sub('-', url.lower()).strip('-')
 
 
-class StaticAuthorizationHeaderAuth(AuthBase):
+class KubernetesConfigAuth(AuthBase):
-    '''Static authentication with given "Authorization" header'''
+    '''Dynamic authentication using the Kubernetes configuration to load the service account token'''
 
-    def __init__(self, authorization):
+    def __init__(self, config):
-        self.authorization = authorization
+        self.config = config
 
     def __call__(self, request):
-        request.headers['Authorization'] = self.authorization
+        authorization = self.config.get_api_key_with_prefix('authorization')
+        if authorization:
+            request.headers['Authorization'] = authorization
         return request
 
 
@@ -66,19 +68,20 @@ class StaticClusterDiscoverer:
 
         if not api_server_urls:
             try:
-                kubernetes.config.load_incluster_config()
+                config = kubernetes.client.Configuration()
+                kubernetes.config.load_incluster_config(config)
             except kubernetes.config.ConfigException:
                 # we are not running inside a cluster
                 # => assume default kubectl proxy URL
                 cluster = Cluster(generate_cluster_id(DEFAULT_CLUSTERS), DEFAULT_CLUSTERS)
             else:
                 logger.info("in cluster configuration failed")
-                config = kubernetes.client.Configuration()
+                auth = KubernetesConfigAuth(config)
                 cluster = Cluster(
                     generate_cluster_id(config.host),
                     config.host,
                     ssl_ca_cert=config.ssl_ca_cert,
-                    auth=StaticAuthorizationHeaderAuth(config.api_key['authorization']))
+                    auth=auth)
             self._clusters.append(cluster)
         else:
             for api_server_url in api_server_urls:
@@ -110,11 +113,7 @@ class KubeconfigDiscoverer:
                 continue
             config = kubernetes.client.ConfigurationObject()
             kubernetes.config.load_kube_config(config_file, context=context['name'], client_configuration=config)
-            authorization = config.api_key.get('authorization')
+            auth = KubernetesConfigAuth(config)
-            if authorization:
-                auth = StaticAuthorizationHeaderAuth(authorization)
-            else:
-                auth = None
             cluster = Cluster(
                 context['name'],
                 config.host,

ui/requirements.txt

@@ -7,7 +7,7 @@ furl==2.1.3
 gevent==24.2.1
 jq==1.7.0
 json_delta>=2.0.2
-kubernetes==11.0.0
+kubernetes==34.1.0
 python-json-logger==2.0.7
 requests==2.32.4
 stups-tokens>=1.1.19