| 111 | } |
| 112 | |
| 113 | func newAuthenticator(c *cache, config *api.ExecConfig) (*Authenticator, error) { |
| 114 | key := cacheKey(config) |
| 115 | if a, ok := c.get(key); ok { |
| 116 | return a, nil |
| 117 | } |
| 118 | |
| 119 | gv, ok := apiVersions[config.APIVersion] |
| 120 | if !ok { |
| 121 | return nil, fmt.Errorf("exec plugin: invalid apiVersion %q", config.APIVersion) |
| 122 | } |
| 123 | |
| 124 | a := &Authenticator{ |
| 125 | cmd: config.Command, |
| 126 | args: config.Args, |
| 127 | group: gv, |
| 128 | |
| 129 | stdin: os.Stdin, |
| 130 | stderr: os.Stderr, |
| 131 | interactive: terminal.IsTerminal(int(os.Stdout.Fd())), |
| 132 | now: time.Now, |
| 133 | environ: os.Environ, |
| 134 | } |
| 135 | |
| 136 | for _, env := range config.Env { |
| 137 | a.env = append(a.env, env.Name+"="+env.Value) |
| 138 | } |
| 139 | |
| 140 | return c.put(key, a), nil |
| 141 | } |
| 142 | |
| 143 | // Authenticator is a client credential provider that rotates credentials by executing a plugin. |
| 144 | // The plugin input and output are defined by the API group client.authentication.k8s.io. |