Skip to content

Clean up oidc refresh flow #343

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
marta-lokhova merged 1 commit into from
Nov 19, 2025
Merged

Clean up oidc refresh flow #343

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 25 additions & 33 deletions src/FSLibrary/StellarSupercluster.fs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,65 +76,57 @@ let ConnectToCluster (cfgFile: string) (nsOpt: string option) : (Kubernetes * st

LogInfo "Connecting to cluster using kubeconfig %s" cfgFileExpanded

let ctx =
Seq.tryFind (fun (c: Context) -> c.Name = cfgInit.CurrentContext) cfgInit.Contexts

let ns =
match nsOpt with
| Some ns ->
LogInfo "Using explicit namespace '%s'" ns
ns
| None ->
(let ctxOpt =
Seq.tryFind (fun (c: Context) -> c.Name = cfgInit.CurrentContext) cfgInit.Contexts

match ctxOpt with
| Some c ->
LogInfo "Using namespace '%s' from kubeconfig context '%s'" c.ContextDetails.Namespace c.Name
c.ContextDetails.Namespace
| None ->
LogInfo "Using default namespace 'stellar-supercluster'"
"stellar-supercluster")

let ctxs =
cfgInit.Contexts
|> Seq.where (fun (c: Context) -> c.ContextDetails.Namespace = ns)
match ctx with
| Some c ->
LogInfo "Using namespace '%s' from kubeconfig context '%s'" c.ContextDetails.Namespace c.Name
c.ContextDetails.Namespace
| None ->
LogInfo "Using default namespace 'stellar-supercluster'"
"stellar-supercluster"


// Try updating the config if we are using OIDC authentication
// We reset the id-token using kubectl, and then, try refreshing since the builtin refresh flow is a
// little broken
let newConfig =
Some()
// Find username for selected namespace
// Get username from selected context
|> Option.bind
(fun _ ->
match Seq.length ctxs with
| 1 ->
match ctx with
| Some c ->
try
let username = (Seq.exactlyOne ctxs).ContextDetails.User
LogInfo "User is '%s'" username
let users = cfgInit.Users |> Seq.where (fun (u: User) -> u.Name = username)
Some(username, users)
with
| :? NullReferenceException -> None
| :? ArgumentNullException -> None
| n ->
LogWarn "Could not determine user for ns '%s' (%d matching contexts found)" ns n
let username = c.ContextDetails.User
LogInfo "Username is '%s'" username
Some username
with :? NullReferenceException ->
LogWarn "No context details for context with name '%s'" cfgInit.CurrentContext
None
| None ->
LogWarn "Could not find context with name '%s'" cfgInit.CurrentContext
None)
// Find user block for username
|> Option.bind
(fun state ->
let username, users = state
(fun username ->
let users = cfgInit.Users |> Seq.where (fun (u: User) -> u.Name = username)

match Seq.length users with
| 1 -> Some(username, users)
| 1 -> Some(username, Seq.exactlyOne users)
| n ->
LogWarn "Could not determine user block for '%s' (%d candidates)" username n
None)
// Check that user uses oidc auth; if so, try resetting id-token
|> Option.bind
(fun state ->
let username, users = state
let user = Seq.exactlyOne users

(fun (username, user) ->
try
let provider = user.UserCredentials.AuthProvider
let authCfg = provider.Config
Expand Down