support ExecCredential authentication (#36)

* add exec auth method

* kube config exec.env is optional

* Update pykube/http.py

Co-Authored-By: Daniel Middlecote <[email protected]>

* add a version check

* commit black changes

* avoid referencing or changing os.environ

Co-authored-by: zoidbergwill <[email protected]>
Co-authored-by: Daniel Middlecote <[email protected]>

Author: 3 people

pykube/http.py

@@ -7,6 +7,7 @@
 import posixpath
 import shlex
 import subprocess
+import os
 
 try:
     import google.auth
@@ -98,6 +99,24 @@ def send(self, request, **kwargs):
             pass
         elif "token" in config.user and config.user["token"]:
             request.headers["Authorization"] = "Bearer {}".format(config.user["token"])
+
+        elif "exec" in config.user:
+            exec_conf = config.user["exec"]
+
+            if exec_conf["apiVersion"] == "client.authentication.k8s.io/v1alpha1":
+                cmd_env_vars = dict(os.environ)
+                for env_var in exec_conf.get("env") or []:
+                    cmd_env_vars[env_var["name"]] = env_var["value"]
+
+                output = subprocess.check_output(
+                    [exec_conf["command"]] + exec_conf["args"], env=cmd_env_vars
+                )
+
+                parsed_out = json.loads(output)
+                token = parsed_out["status"]["token"]
+
+            request.headers["Authorization"] = "Bearer {}".format(token)
+
         elif "auth-provider" in config.user:
             auth_provider = config.user["auth-provider"]
             if auth_provider.get("name") == "gcp":