Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document a way how to use TokenRequest for existing ServiceAccount #5133

Closed
pjastrzabek-roche opened this issue May 15, 2023 · 5 comments · Fixed by #5249
Closed

Document a way how to use TokenRequest for existing ServiceAccount #5133

pjastrzabek-roche opened this issue May 15, 2023 · 5 comments · Fixed by #5249
Assignees
@rohanKanojia
Labels
enhancement
Milestone
6.8.0

Comments

@pjastrzabek-roche
Copy link

Is your task related to a problem? Please describe

I am trying to create new expiring token for existing ServiceAccount, basically equivalent of

kubect create serviceaccount my-service-account -n xxx
kubectl create token my-service-account -n xxx --duration=1h

I see there is TokenRequestBuilder and TokenRequest but the latter do not extend HasMetadata thus I cannot use generic API for creation.

Is there any way to call this api?

Describe the solution you'd like

Having an API for easy token creation.
See something similar in go sdk
https://github.com/kubernetes/client-go/blob/686b396dc0681d7f140bd2ee6b3c3bdea56cab4d/kubernetes/typed/core/v1/serviceaccount.go#L214

Describe alternatives you've considered

No response

Additional context

No response
@rohanKanojia
Copy link
Member

Looks like we don't support this yet. We need to add support for this resource

https://kubernetes.io/docs/reference/kubernetes-api/authentication-resources/token-request-v1/

@manusa manusa moved this to Planned in Eclipse JKube May 17, 2023
@pjastrzabek-roche
Copy link
Author

What could be possible timeframe for adding this? Due to this we have to use other client just for this usecase.

@rohanKanojia
Copy link
Member

@pjastrzabek-roche : Hi, I plan to pick this up when I upgrade Kubernetes model to v1.27.0 #5056 . Hopefully, I will be able to start working on this next week.

@rohanKanojia rohanKanojia self-assigned this Jun 13, 2023
@sunix sunix moved this from Planned to In Progress in Eclipse JKube Jun 14, 2023
rohanKanojia added a commit to rohanKanojia/kubernetes-client that referenced this issue Jun 14, 2023
@rohanKanojia
feat (kubernetes-model-generator) : Add TokenRequest to authenticatio…
5e0318f 
…n v1 model (fabric8io#5133)

Add a model for type TokenRequest to
kubernetes-model-admissionregistration in `io.fabric8.kubernetes.api.model.authentication` package

Signed-off-by: Rohan Kumar <rohaan@redhat.com>
@rohanKanojia rohanKanojia mentioned this issue Jun 14, 2023
Merged
11 tasks
rohanKanojia added a commit to rohanKanojia/kubernetes-client that referenced this issue Jun 14, 2023
@rohanKanojia
feat (kubernetes-client-api) : Add TokenRequestable DSL to request to…
e6e4ffa 
…ken for ServiceAccount (fabric8io#5133)

+ Add new DSL method tokenRequest() which will request apiserver for
  token for the given ServiceAccount.
+ Since this TokenRequest isn't any standard resource but subresource
  for ServiceAccount, add ServiceAccountResource in order to add new
  TokenRequestable interface for ServiceAccount

Signed-off-by: Rohan Kumar <rohaan@redhat.com>
manusa pushed a commit that referenced this issue Jun 15, 2023
@rohanKanojia @manusa
feat (kubernetes-model-generator) : Add TokenRequest to authenticatio…
36e104c 
…n v1 model (#5133)

Add a model for type TokenRequest to
kubernetes-model-admissionregistration in `io.fabric8.kubernetes.api.model.authentication` package

Signed-off-by: Rohan Kumar <rohaan@redhat.com>
rohanKanojia added a commit to rohanKanojia/kubernetes-client that referenced this issue Jun 15, 2023
@rohanKanojia
feat (kubernetes-client-api) : Add TokenRequestable DSL to request to…
e76270b 
…ken for ServiceAccount (fabric8io#5133)

+ Add new DSL method tokenRequest() which will request apiserver for
  token for the given ServiceAccount.
+ Since this TokenRequest isn't any standard resource but subresource
  for ServiceAccount, add ServiceAccountResource in order to add new
  TokenRequestable interface for ServiceAccount

Signed-off-by: Rohan Kumar <rohaan@redhat.com>
@rohanKanojia rohanKanojia mentioned this issue Jun 15, 2023
Merged
11 tasks
@rohanKanojia
Copy link
Member

@pjastrzabek-roche : I've created a PR adding DSL method tokenRequest() to ServiceAccount DSL. Would appreciate if you could review if it's as per your expectations. You can see sample usage here.

@manusa manusa added the Waiting on feedback Issues that require feedback from User/Other community members label Jun 15, 2023
@pjastrzabek-roche
Copy link
Author

Functional-wise this is what we need. LGTM!

rohanKanojia added a commit to rohanKanojia/kubernetes-client that referenced this issue Jun 15, 2023
@rohanKanojia
feat (kubernetes-client-api) : Add TokenRequestable DSL to request to…
9379d1e 
…ken for ServiceAccount (fabric8io#5133)

+ Add new DSL method tokenRequest() which will request apiserver for
  token for the given ServiceAccount.
+ Since this TokenRequest isn't any standard resource but subresource
  for ServiceAccount, add ServiceAccountResource in order to add new
  TokenRequestable interface for ServiceAccount

Signed-off-by: Rohan Kumar <rohaan@redhat.com>
@manusa manusa removed the Waiting on feedback Issues that require feedback from User/Other community members label Jun 15, 2023
rohanKanojia added a commit to rohanKanojia/kubernetes-client that referenced this issue Jun 15, 2023
@rohanKanojia
feat (kubernetes-client-api) : Add TokenRequestable DSL to request to…
844d217 
…ken for ServiceAccount (fabric8io#5133)

+ Add new DSL method tokenRequest() which will request apiserver for
  token for the given ServiceAccount.
+ Since this TokenRequest isn't any standard resource but subresource
  for ServiceAccount, add ServiceAccountResource in order to add new
  TokenRequestable interface for ServiceAccount

Signed-off-by: Rohan Kumar <rohaan@redhat.com>
rohanKanojia added a commit to rohanKanojia/kubernetes-client that referenced this issue Jun 15, 2023
@rohanKanojia
feat (kubernetes-client-api) : Add TokenRequestable DSL to request to…
e3ee39e 
…ken for ServiceAccount (fabric8io#5133)

+ Add new DSL method tokenRequest() which will request apiserver for
  token for the given ServiceAccount.
+ Since this TokenRequest isn't any standard resource but subresource
  for ServiceAccount, add ServiceAccountResource in order to add new
  TokenRequestable interface for ServiceAccount

Signed-off-by: Rohan Kumar <rohaan@redhat.com>
@rohanKanojia rohanKanojia moved this from In Progress to Review in Eclipse JKube Jun 15, 2023
@manusa manusa added this to the 6.8.0 milestone Jun 16, 2023
manusa pushed a commit that referenced this issue Jun 16, 2023
@rohanKanojia @manusa
feat (kubernetes-client-api) : Add TokenRequestable DSL to request to…
8c8f4db 
…ken for ServiceAccount (#5133)

+ Add new DSL method tokenRequest() which will request apiserver for
  token for the given ServiceAccount.
+ Since this TokenRequest isn't any standard resource but subresource
  for ServiceAccount, add ServiceAccountResource in order to add new
  TokenRequestable interface for ServiceAccount

Signed-off-by: Rohan Kumar <rohaan@redhat.com>
@github-project-automation github-project-automation bot moved this from Review to Done in Eclipse JKube Jun 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rohanKanojia rohanKanojia

Labels
enhancement
Projects
None yet
Milestone
6.8.0
3 participants
@manusa @rohanKanojia @pjastrzabek-roche