From d49d5ddb1e757948e1178ffa42eeb223b80a7612 Mon Sep 17 00:00:00 2001
From: Tom Cain <tom@tjcain.com>
Date: Tue, 27 Oct 2020 11:16:47 +0000
Subject: [PATCH] add optional path to cache kubectl token

---
 cmd/kubectl_token.go | 43 ++++++++++++++++++++++++++++++-------------
 main_test.go         |  7 +++++++
 2 files changed, 37 insertions(+), 13 deletions(-)

diff --git a/cmd/kubectl_token.go b/cmd/kubectl_token.go
index f445339e..8f905dfe 100644
--- a/cmd/kubectl_token.go
+++ b/cmd/kubectl_token.go
@@ -17,6 +17,7 @@ import (
 	url2 "net/url"
 	"os"
 	"os/signal"
+	"path"
 	"path/filepath"
 	"strings"
 	"time"
@@ -109,6 +110,11 @@ func CredentialCommand() cli.Command {
 				Name:  "skip-verify",
 				Usage: "Skip verification of the CACerts presented by the Server",
 			},
+			cli.StringFlag{
+				Name:   "cache-dir",
+				Usage:  "The absolute path for the kubectl-token .cache directory",
+				EnvVar: "RANCHER_CACHE_DIR",
+			},
 		},
 		Subcommands: []cli.Command{
 			cli.Command{
@@ -141,8 +147,13 @@ func runCredential(ctx *cli.Context) error {
 	}
 	clusterID := ctx.String("cluster")
 
+	dir, err := getCacheDir(ctx)
+	if err != nil {
+		return err
+	}
+
 	cachedCredName := fmt.Sprintf("%s_%s", userID, clusterID)
-	cachedCred, err := loadCachedCredential(cachedCredName)
+	cachedCred, err := loadCachedCredential(cachedCredName, dir)
 	if err != nil {
 		customPrint(fmt.Errorf("LoadToken: %v", err))
 	}
@@ -164,7 +175,7 @@ func runCredential(ctx *cli.Context) error {
 		return err
 	}
 
-	if err := cacheCredential(newCred, fmt.Sprintf("%s_%s", userID, clusterID)); err != nil {
+	if err := cacheCredential(newCred, fmt.Sprintf("%s_%s", userID, clusterID), dir); err != nil {
 		customPrint(fmt.Errorf("CacheToken: %v", err))
 	}
 
@@ -175,7 +186,7 @@ func deleteCachedCredential(ctx *cli.Context) error {
 	if len(ctx.Args()) == 0 {
 		return cli.ShowSubcommandHelp(ctx)
 	}
-	dir, err := os.Getwd()
+	dir, err := getCacheDir(ctx)
 	if err != nil {
 		return err
 	}
@@ -195,11 +206,7 @@ func deleteCachedCredential(ctx *cli.Context) error {
 	return nil
 }
 
-func loadCachedCredential(key string) (*ExecCredential, error) {
-	dir, err := os.Getwd()
-	if err != nil {
-		return nil, err
-	}
+func loadCachedCredential(key, dir string) (*ExecCredential, error) {
 	cachePath := filepath.Join(dir, kubeConfigCache, fmt.Sprintf("%s%s", key, cachedFileExt))
 	f, err := os.Open(cachePath)
 	if err != nil {
@@ -222,15 +229,12 @@ func loadCachedCredential(key string) (*ExecCredential, error) {
 	return execCredential, nil
 }
 
-func cacheCredential(cred *ExecCredential, id string) error {
+func cacheCredential(cred *ExecCredential, id, dir string) error {
 	// cache only if valid
 	if cred.Status.Token == "" {
 		return nil
 	}
-	dir, err := os.Getwd()
-	if err != nil {
-		return err
-	}
+
 	cachePathDir := filepath.Join(dir, kubeConfigCache)
 	if err := os.MkdirAll(cachePathDir, os.FileMode(0700)); err != nil {
 		return err
@@ -521,6 +525,19 @@ func generateKey() (string, error) {
 	return string(token), nil
 }
 
+func getCacheDir(ctx *cli.Context) (string, error) {
+	p := ctx.String("cache-path")
+	if p == "" {
+		return os.Getwd()
+	}
+
+	if !path.IsAbs(p) {
+		return "", fmt.Errorf("cache dir requires an absolute path")
+	}
+
+	return p, nil
+}
+
 func getTLSConfig(input *LoginInput) (*tls.Config, error) {
 	config := &tls.Config{}
 	if input.skipVerify || input.caCerts == "" {
diff --git a/main_test.go b/main_test.go
index 5bf6730a..ece005e3 100644
--- a/main_test.go
+++ b/main_test.go
@@ -27,6 +27,7 @@ func (m *MainTestSuite) TestParseArgs(c *check.C) {
 		{"rancher", "run", "--debug", "-f=b"},
 		{"rancher", "run", "--debug", "-=b"},
 		{"rancher", "run", "--debug", "-"},
+		{"rancher", "token", "--cache-dir=/path/to/cache"},
 	}
 	r0, err := parseArgs(input[0])
 	if err != nil {
@@ -61,4 +62,10 @@ func (m *MainTestSuite) TestParseArgs(c *check.C) {
 		c.Fatal(err)
 	}
 	c.Assert(r5, check.DeepEquals, []string{"rancher", "run", "--debug", "-"})
+
+	r6, err := parseArgs(input[6])
+	if err != nil {
+		c.Fatal(err)
+	}
+	c.Assert(r6, check.DeepEquals, []string{"rancher", "token", "--cache-dir=/path/to/cache"})
 }