Add --token-cache-storage flag (#1236)

pkg/cmd/cmd_test.go

@@ -120,6 +120,7 @@ func TestCmd_Run(t *testing.T) {
 					},
 					TokenCacheConfig: tokencache.Config{
 						Directory: filepath.Join(userHomeDir, ".kube/cache/oidc-login"),
+						Storage:   tokencache.StorageAuto,
 					},
 					GrantOptionSet: authentication.GrantOptionSet{
 						AuthCodeBrowserOption: &authcode.BrowserOption{
@@ -138,6 +139,7 @@ func TestCmd_Run(t *testing.T) {
 					"--oidc-client-secret", "YOUR_CLIENT_SECRET",
 					"--oidc-extra-scope", "email",
 					"--oidc-extra-scope", "profile",
+					"--token-cache-storage", "disk",
 					"-v1",
 				},
 				in: credentialplugin.Input{
@@ -149,6 +151,7 @@ func TestCmd_Run(t *testing.T) {
 					},
 					TokenCacheConfig: tokencache.Config{
 						Directory: filepath.Join(userHomeDir, ".kube/cache/oidc-login"),
+						Storage:   tokencache.StorageDisk,
 					},
 					GrantOptionSet: authentication.GrantOptionSet{
 						AuthCodeBrowserOption: &authcode.BrowserOption{
@@ -174,6 +177,7 @@ func TestCmd_Run(t *testing.T) {
 					},
 					TokenCacheConfig: tokencache.Config{
 						Directory: filepath.Join(userHomeDir, ".kube/cache/oidc-login"),
+						Storage:   tokencache.StorageAuto,
 					},
 					GrantOptionSet: authentication.GrantOptionSet{
 						AuthCodeBrowserOption: &authcode.BrowserOption{
@@ -201,6 +205,7 @@ func TestCmd_Run(t *testing.T) {
 					},
 					TokenCacheConfig: tokencache.Config{
 						Directory: filepath.Join(userHomeDir, ".kube/oidc-cache"),
+						Storage:   tokencache.StorageAuto,
 					},
 					GrantOptionSet: authentication.GrantOptionSet{
 						AuthCodeBrowserOption: &authcode.BrowserOption{

pkg/cmd/get_token.go

@@ -72,6 +72,10 @@ func (cmd *GetToken) New() *cobra.Command {
 			if err != nil {
 				return fmt.Errorf("get-token: %w", err)
 			}
+			tokenCacheConfig, err := o.tokenCacheOptions.tokenCacheConfig()
+			if err != nil {
+				return fmt.Errorf("get-token: %w", err)
+			}
 			in := credentialplugin.Input{
 				Provider: oidc.Provider{
 					IssuerURL:      o.IssuerURL,
@@ -82,7 +86,7 @@ func (cmd *GetToken) New() *cobra.Command {
 					ExtraScopes:    o.ExtraScopes,
 				},
 				ForceRefresh:     o.ForceRefresh,
-				TokenCacheConfig: o.tokenCacheOptions.tokenCacheConfig(),
+				TokenCacheConfig: tokenCacheConfig,
 				GrantOptionSet:   grantOptionSet,
 				TLSClientConfig:  o.tlsOptions.tlsClientConfig(),
 			}

pkg/cmd/tokencache.go

@@ -1,8 +1,10 @@
 package cmd
 
 import (
+	"fmt"
 	"os"
 	"path/filepath"
+	"strings"
 
 	"github.com/int128/kubelogin/pkg/tokencache"
 	"github.com/spf13/pflag"
@@ -16,32 +18,35 @@ func getDefaultTokenCacheDir() string {
 	return filepath.Join("~", ".kube", "cache", "oidc-login")
 }
 
+var allTokenCacheStorage = strings.Join([]string{"auto", "keyring", "disk"}, "|")
+
 type tokenCacheOptions struct {
-	TokenCacheDir string
-	ForceKeyring  bool
-	NoKeyring     bool
+	TokenCacheDir     string
+	TokenCacheStorage string
 }
 
 func (o *tokenCacheOptions) addFlags(f *pflag.FlagSet) {
-	f.StringVar(&o.TokenCacheDir, "token-cache-dir", getDefaultTokenCacheDir(), "Path to a directory for token cache")
-	f.BoolVar(&o.ForceKeyring, "force-keyring", false, "If set, cached tokens will be stored in the OS keyring")
-	f.BoolVar(&o.NoKeyring, "no-keyring", false, "If set, cached tokens will be stored on disk")
+	f.StringVar(&o.TokenCacheDir, "token-cache-dir", getDefaultTokenCacheDir(), "Path to a directory of the token cache")
+	f.StringVar(&o.TokenCacheStorage, "token-cache-storage", "auto", fmt.Sprintf("Storage for the token cache. One of (%s)", allTokenCacheStorage))
 }
 
 func (o *tokenCacheOptions) expandHomedir() {
 	o.TokenCacheDir = expandHomedir(o.TokenCacheDir)
 }
 
-func (o *tokenCacheOptions) tokenCacheConfig() tokencache.Config {
-	tokenStorage := tokencache.StorageAuto
-	switch {
-	case o.ForceKeyring:
-		tokenStorage = tokencache.StorageKeyring
-	case o.NoKeyring:
-		tokenStorage = tokencache.StorageDisk
-	}
-	return tokencache.Config{
+func (o *tokenCacheOptions) tokenCacheConfig() (tokencache.Config, error) {
+	config := tokencache.Config{
 		Directory: o.TokenCacheDir,
-		Storage:   tokenStorage,
 	}
+	switch o.TokenCacheStorage {
+	case "auto":
+		config.Storage = tokencache.StorageAuto
+	case "keyring":
+		config.Storage = tokencache.StorageKeyring
+	case "disk":
+		config.Storage = tokencache.StorageDisk
+	default:
+		return tokencache.Config{}, fmt.Errorf("token-cache-storage must be one of (%s)", allTokenCacheStorage)
+	}
+	return config, nil
 }