Refresh GKE OAuth2 tokens#32673
Merged
Merged
Conversation
Closed
2 tasks
hussein-awala
approved these changes
Jul 18, 2023
hussein-awala
left a comment
Member
There was a problem hiding this comment.
I attempted a similar solution previously, but without using refresh_api_key_hook. However, I believe that yours should work and resolve the issue. LGTM.
Just a small nit comment
Comment on lines
394
to
397
Member
There was a problem hiding this comment.
You could always set the api_key and use the _get_token method, which return the old api_key if it is still valid and a new one if not.
Suggested change
| creds = self.get_credentials() | |
| if not GKEPodHook._is_credentials_valid(creds): | |
| GKEPodHook._refresh_token(creds) | |
| configuration.api_key = {"authorization": creds.token} | |
| configuration.api_key = {"authorization": self._get_token(self.get_credentials())} |
Contributor
Author
There was a problem hiding this comment.
Thank you for the review! Fixed
Member
|
You should fix the failed tests before merging, for static checks, here is the doc. |
fdemiane
marked this pull request as ready for review
July 19, 2023 10:23
Contributor
|
@potiuk @hussein-awala If it is approved, can we merge this PR? |
potiuk
approved these changes
Jul 20, 2023
|
Awesome work, congrats on your first merged pull request! You are invited to check our Issue Tracker for additional contributions. |
69 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
closes: #31648
When GKEStartPodOperator is taking more than one hour to complete, it is failing with "unauthorised" error messages because the OAuth2 token that was used wasn't being refreshed before API calls.
In this PR we are making sure to refresh expired tokens before API calls to kubernetes.