diff --git a/staging/src/k8s.io/client-go/tools/clientcmd/client_config.go b/staging/src/k8s.io/client-go/tools/clientcmd/client_config.go index 8ce3b87483..3f6bebaf16 100644 --- a/staging/src/k8s.io/client-go/tools/clientcmd/client_config.go +++ b/staging/src/k8s.io/client-go/tools/clientcmd/client_config.go @@ -500,9 +500,9 @@ func (config *inClusterClientConfig) ClientConfig() (*restclient.Config, error) if server := config.overrides.ClusterInfo.Server; len(server) > 0 { icc.Host = server } - if token := config.overrides.AuthInfo.Token; len(token) > 0 { - icc.BearerToken = token - icc.BearerTokenFile = "" + if len(config.overrides.AuthInfo.Token) > 0 || len(config.overrides.AuthInfo.TokenFile) > 0 { + icc.BearerToken = config.overrides.AuthInfo.Token + icc.BearerTokenFile = config.overrides.AuthInfo.TokenFile } if certificateAuthorityFile := config.overrides.ClusterInfo.CertificateAuthority; len(certificateAuthorityFile) > 0 { icc.TLSClientConfig.CAFile = certificateAuthorityFile diff --git a/staging/src/k8s.io/client-go/tools/clientcmd/client_config_test.go b/staging/src/k8s.io/client-go/tools/clientcmd/client_config_test.go index a13f08ae7d..59c9c2170f 100644 --- a/staging/src/k8s.io/client-go/tools/clientcmd/client_config_test.go +++ b/staging/src/k8s.io/client-go/tools/clientcmd/client_config_test.go @@ -548,6 +548,30 @@ func TestInClusterClientConfigPrecedence(t *testing.T) { }, }, }, + { + overrides: &ConfigOverrides{ + ClusterInfo: clientcmdapi.Cluster{ + Server: "https://host-from-overrides.com", + CertificateAuthority: "/path/to/ca-from-overrides.crt", + }, + AuthInfo: clientcmdapi.AuthInfo{ + Token: "token-from-override", + TokenFile: "tokenfile-from-override", + }, + }, + }, + { + overrides: &ConfigOverrides{ + ClusterInfo: clientcmdapi.Cluster{ + Server: "https://host-from-overrides.com", + CertificateAuthority: "/path/to/ca-from-overrides.crt", + }, + AuthInfo: clientcmdapi.AuthInfo{ + Token: "", + TokenFile: "tokenfile-from-override", + }, + }, + }, { overrides: &ConfigOverrides{}, }, @@ -556,13 +580,15 @@ func TestInClusterClientConfigPrecedence(t *testing.T) { for _, tc := range tt { expectedServer := "https://host-from-cluster.com" expectedToken := "token-from-cluster" + expectedTokenFile := "tokenfile-from-cluster" expectedCAFile := "/path/to/ca-from-cluster.crt" icc := &inClusterClientConfig{ inClusterConfigProvider: func() (*restclient.Config, error) { return &restclient.Config{ - Host: expectedServer, - BearerToken: expectedToken, + Host: expectedServer, + BearerToken: expectedToken, + BearerTokenFile: expectedTokenFile, TLSClientConfig: restclient.TLSClientConfig{ CAFile: expectedCAFile, }, @@ -579,8 +605,9 @@ func TestInClusterClientConfigPrecedence(t *testing.T) { if overridenServer := tc.overrides.ClusterInfo.Server; len(overridenServer) > 0 { expectedServer = overridenServer } - if overridenToken := tc.overrides.AuthInfo.Token; len(overridenToken) > 0 { - expectedToken = overridenToken + if len(tc.overrides.AuthInfo.Token) > 0 || len(tc.overrides.AuthInfo.TokenFile) > 0 { + expectedToken = tc.overrides.AuthInfo.Token + expectedTokenFile = tc.overrides.AuthInfo.TokenFile } if overridenCAFile := tc.overrides.ClusterInfo.CertificateAuthority; len(overridenCAFile) > 0 { expectedCAFile = overridenCAFile @@ -592,6 +619,9 @@ func TestInClusterClientConfigPrecedence(t *testing.T) { if clientConfig.BearerToken != expectedToken { t.Errorf("Expected token %v, got %v", expectedToken, clientConfig.BearerToken) } + if clientConfig.BearerTokenFile != expectedTokenFile { + t.Errorf("Expected tokenfile %v, got %v", expectedTokenFile, clientConfig.BearerTokenFile) + } if clientConfig.TLSClientConfig.CAFile != expectedCAFile { t.Errorf("Expected Certificate Authority %v, got %v", expectedCAFile, clientConfig.TLSClientConfig.CAFile) }