diff --git a/cmd/gke-gcloud-auth-plugin/cred.go b/cmd/gke-gcloud-auth-plugin/cred.go index 0255727697..928b118917 100644 --- a/cmd/gke-gcloud-auth-plugin/cred.go +++ b/cmd/gke-gcloud-auth-plugin/cred.go @@ -104,6 +104,7 @@ var ( location = pflag.String("location", "", fmt.Sprintf("Location of the Cluster %s.", applicableOnlyForEdgeCloud)) cluster = pflag.String("cluster", "", fmt.Sprintf("Name of the Cluster %s.", applicableOnlyForEdgeCloud)) impersonateServiceAccount = pflag.String("impersonate_service_account", "", "Impersonate a service account to retrieve tokens for the Cluster.") + configuration = pflag.String("configuration", "", "Optional named configuration to use for gcloud command") ) func main() { @@ -138,6 +139,7 @@ func main() { account: *account, project: *project, impersonateServiceAccount: *impersonateServiceAccount, + configuration: *configuration, } } diff --git a/cmd/gke-gcloud-auth-plugin/cred_test.go b/cmd/gke-gcloud-auth-plugin/cred_test.go index f09409f4d8..f51e70c839 100644 --- a/cmd/gke-gcloud-auth-plugin/cred_test.go +++ b/cmd/gke-gcloud-auth-plugin/cred_test.go @@ -115,6 +115,13 @@ var ( "extra_args": "--project=` + fakeProject + ` --account=` + fakeAccount + `" }` + wantCacheFileWithConfiguration = `{ + "current_context": "gke_user-gke-dev_us-east1-b_cluster-1", + "access_token": "ya29.gcloud_t0k3n", + "token_expiry": "2022-01-01T00:00:00Z", + "extra_args": "--configuration=my-config" +}` + wantCacheFileImpersonateServiceAccount = `{ "current_context": "gke_user-gke-dev_us-east1-b_cluster-1", "access_token": "ya29.gcloud_t0k3n", @@ -225,6 +232,28 @@ func TestExecCredential(t *testing.T) { "--account=" + fakeAccount, }, }, + { + testName: "NewGcloudAccessTokenWithConfiguration", + p: &plugin{ + k8sStartingConfig: fakeK8sStartingConfig, + getCacheFilePath: fakeGetCacheFilePath, + readFile: fakeReadFile, + timeNow: fakeTimeNow, + tokenProvider: &gcloudTokenProvider{ + readGcloudConfigRaw: fakeGcloudConfigOutput, + readFile: fakeReadFile, + configuration: "my-config", + }, + }, + wantToken: fakeExecCredential("ya29.gcloud_t0k3n", &metav1.Time{Time: newYears}), + wantCacheFile: wantCacheFileWithConfiguration, + wantGcloudArgs: []string{ + "config", + "config-helper", + "--format=json", + "--configuration=my-config", + }, + }, { testName: "NewGcloudAccessTokenWithImpersonateServiceAccount", p: &plugin{ diff --git a/cmd/gke-gcloud-auth-plugin/gcloud_token_provider.go b/cmd/gke-gcloud-auth-plugin/gcloud_token_provider.go index aae2e2b320..82a69b94a8 100644 --- a/cmd/gke-gcloud-auth-plugin/gcloud_token_provider.go +++ b/cmd/gke-gcloud-auth-plugin/gcloud_token_provider.go @@ -31,6 +31,7 @@ type gcloudTokenProvider struct { account string project string impersonateServiceAccount string + configuration string } // readGcloudConfig returns an object which represents gcloud config output @@ -88,7 +89,7 @@ func (p *gcloudTokenProvider) useCache() bool { } func (p *gcloudTokenProvider) getExtraArgs() []string { - extraArgs := make([]string, 0, 3) + extraArgs := make([]string, 0, 4) if p.project != "" { extraArgs = append(extraArgs, fmt.Sprintf("--project=%s", p.project)) } @@ -98,6 +99,9 @@ func (p *gcloudTokenProvider) getExtraArgs() []string { if p.impersonateServiceAccount != "" { extraArgs = append(extraArgs, fmt.Sprintf("--impersonate-service-account=%s", p.impersonateServiceAccount)) } + if p.configuration != "" { + extraArgs = append(extraArgs, fmt.Sprintf("--configuration=%s", p.configuration)) + } return extraArgs }