From e8ba3d2802d4f6f89f72609879011f96546748d4 Mon Sep 17 00:00:00 2001
From: karmab <karimboumedhel@gmail.com>
Date: Sun, 25 Jun 2023 23:55:03 +0200
Subject: [PATCH] gke: use dedicated token retriever

---
 kcli.spec                       |  1 +
 kvirt/cluster/gke/__init__.py   |  1 -
 kvirt/cluster/gke/kubeconfig.j2 |  2 +-
 kvirt/gketoken.py               | 32 ++++++++++++++++++++++++++++++++
 setup.py                        |  1 +
 5 files changed, 35 insertions(+), 2 deletions(-)
 create mode 100755 kvirt/gketoken.py

diff --git a/kcli.spec b/kcli.spec
index a26c3cdf4..773e568df 100644
--- a/kcli.spec
+++ b/kcli.spec
@@ -59,6 +59,7 @@ rm -rf %{buildroot}
 %attr(0755,root,root) %{_bindir}/ksushy
 %attr(0755,root,root) %{_bindir}/ignitionmerger
 %attr(0755,root,root) %{_bindir}/ekstoken
+%attr(0755,root,root) %{_bindir}/gketoken
 
 
 %changelog
diff --git a/kvirt/cluster/gke/__init__.py b/kvirt/cluster/gke/__init__.py
index 105814da8..d2863ecdf 100644
--- a/kvirt/cluster/gke/__init__.py
+++ b/kvirt/cluster/gke/__init__.py
@@ -211,7 +211,6 @@ def create(config, cluster, overrides, dnsconfig=None):
         get_kubeconfig(config, cluster, zonal=zonal)
         sleep(5)
     success(f"Kubernetes cluster {cluster} deployed!!!")
-    info2(f"export GOOGLE_APPLICATION_CREDENTIALS={os.environ['GOOGLE_APPLICATION_CREDENTIALS']}")
     info2(f"export KUBECONFIG=$HOME/.kcli/clusters/{cluster}/auth/kubeconfig")
     info2("export PATH=$PWD:$PATH")
     return {'result': 'success'}
diff --git a/kvirt/cluster/gke/kubeconfig.j2 b/kvirt/cluster/gke/kubeconfig.j2
index 99e5c21cf..c1b3a2741 100644
--- a/kvirt/cluster/gke/kubeconfig.j2
+++ b/kvirt/cluster/gke/kubeconfig.j2
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Config
 current-context: my-cluster
 contexts: [{name: my-cluster, context: {cluster: cluster-1, user: user-1}}]
-users: [{name: user-1, user: {auth-provider: {name: gcp}}}]
+users: [{name: user-1, user: {exec: {apiVersion: client.authentication.k8s.io/v1beta1, args: [prueba_gke], command: gketoken, interactiveMode: Never}}}]
 clusters:
 - name: cluster-1
   cluster:
diff --git a/kvirt/gketoken.py b/kvirt/gketoken.py
new file mode 100755
index 000000000..98c9e8cdc
--- /dev/null
+++ b/kvirt/gketoken.py
@@ -0,0 +1,32 @@
+#!/usr/bin/env python
+# coding=utf-8
+
+# import base64
+from kvirt.config import Kconfig
+import os
+import json
+import sys
+import google.auth
+import google.auth.transport.requests
+
+
+def cli():
+    if len(sys.argv) != 2:
+        print("Usage gketoken $client")
+        sys.exit(1)
+    client = sys.argv[1]
+    config = Kconfig(client)
+    os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = os.path.expanduser(config.options.get('credentials'))
+    credentials, your_project_id = google.auth.default(scopes=["https://www.googleapis.com/auth/cloud-platform"])
+    auth_req = google.auth.transport.requests.Request()
+    credentials.refresh(auth_req)
+    token = credentials.token
+    # encoded = base64.urlsafe_b64encode(data.encode("utf-8"))
+    # token = encoded.decode("utf-8").rstrip("=")
+    result = {'apiVersion': 'client.authentication.k8s.io/v1beta1', 'kind': 'ExecCredential', 'spec': {},
+              'status': {'expirationTimestamp': '2030-10-01T15:05:17Z', 'token': token}}
+    print(json.dumps(result))
+
+
+if __name__ == '__main__':
+    cli()
diff --git a/setup.py b/setup.py
index 6c30d9a9e..f31685af5 100644
--- a/setup.py
+++ b/setup.py
@@ -54,5 +54,6 @@
         ksushy=kvirt.ksushy.main:run
         ignitionmerger=kvirt.ignitionmerger:cli
         ekstoken=kvirt.ekstoken:cli
+        gketoken=kvirt.gketoken:cli
     ''',
 )