Extract tokenCacheOptions (#1232)

* Extract tokenCacheOptions * Refactor
2026-02-14 16:39:51 +00:00 · 2025-01-12 13:21:03 +09:00
parent 1681d84fae
commit ccc6b772db
3 changed files with 59 additions and 39 deletions
--- a/pkg/cmd/cmd.go
+++ b/pkg/cmd/cmd.go
@@ -2,8 +2,6 @@ package cmd

 import (
 	"context"
-	"os"
-	"path/filepath"
 	"runtime"

 	"github.com/google/wire"
@@ -24,17 +22,7 @@ type Interface interface {
 	Run(ctx context.Context, args []string, version string) int
 }

-func getDefaultTokenCacheDir(key, fallback string) string {
-	if value, ok := os.LookupEnv(key); ok {
-		return value
-	}
-	return fallback
-}
-
 var defaultListenAddress = []string{"127.0.0.1:8000", "127.0.0.1:18000"}
-var defaultTokenCacheDir = filepath.Join(
-	getDefaultTokenCacheDir("KUBECACHEDIR", filepath.Join("~", ".kube", "cache")),
-	"oidc-login")

 const defaultAuthenticationTimeoutSec = 180

--- a/pkg/cmd/get_token.go
+++ b/pkg/cmd/get_token.go
@@ -6,7 +6,6 @@ import (

 	"github.com/int128/kubelogin/pkg/infrastructure/logger"
 	"github.com/int128/kubelogin/pkg/oidc"
-	"github.com/int128/kubelogin/pkg/tokencache"
 	"github.com/int128/kubelogin/pkg/usecases/credentialplugin"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
@@ -20,12 +19,10 @@ type getTokenOptions struct {
 	ExtraScopes           []string
 	UsePKCE               bool
 	UseAccessToken        bool
-	TokenCacheDir         string
+	tokenCacheOptions     tokenCacheOptions
 	tlsOptions            tlsOptions
 	authenticationOptions authenticationOptions
 	ForceRefresh          bool
-	ForceKeyring          bool
-	NoKeyring             bool
 }

 func (o *getTokenOptions) addFlags(f *pflag.FlagSet) {
@@ -35,19 +32,16 @@ func (o *getTokenOptions) addFlags(f *pflag.FlagSet) {
 	f.StringSliceVar(&o.ExtraScopes, "oidc-extra-scope", nil, "Scopes to request to the provider")
 	f.BoolVar(&o.UsePKCE, "oidc-use-pkce", false, "Force PKCE usage")
 	f.BoolVar(&o.UseAccessToken, "oidc-use-access-token", false, "Instead of using the id_token, use the access_token to authenticate to Kubernetes")
-	f.StringVar(&o.TokenCacheDir, "token-cache-dir", defaultTokenCacheDir, "Path to a directory for token cache")
 	f.BoolVar(&o.ForceRefresh, "force-refresh", false, "If set, refresh the ID token regardless of its expiration time")
-	f.BoolVar(&o.ForceKeyring, "force-keyring", false, "If set, cached tokens will be stored in the OS keyring")
-	f.BoolVar(&o.NoKeyring, "no-keyring", false, "If set, cached tokens will be stored on disk")
+	o.tokenCacheOptions.addFlags(f)
 	o.tlsOptions.addFlags(f)
 	o.authenticationOptions.addFlags(f)
 }

-func (o *getTokenOptions) expandHomedir() error {
-	o.TokenCacheDir = expandHomedir(o.TokenCacheDir)
+func (o *getTokenOptions) expandHomedir() {
+	o.tokenCacheOptions.expandHomedir()
 	o.authenticationOptions.expandHomedir()
 	o.tlsOptions.expandHomedir()
-	return nil
 }

 type GetToken struct {
@@ -73,20 +67,11 @@ func (cmd *GetToken) New() *cobra.Command {
 			return nil
 		},
 		RunE: func(c *cobra.Command, _ []string) error {
-			if err := o.expandHomedir(); err != nil {
-				return err
-			}
+			o.expandHomedir()
 			grantOptionSet, err := o.authenticationOptions.grantOptionSet()
 			if err != nil {
 				return fmt.Errorf("get-token: %w", err)
 			}
-			tokenStorage := tokencache.StorageAuto
-			switch {
-			case o.ForceKeyring:
-				tokenStorage = tokencache.StorageKeyring
-			case o.NoKeyring:
-				tokenStorage = tokencache.StorageDisk
-			}
 			in := credentialplugin.Input{
 				Provider: oidc.Provider{
 					IssuerURL:      o.IssuerURL,
@@ -96,13 +81,10 @@ func (cmd *GetToken) New() *cobra.Command {
 					UseAccessToken: o.UseAccessToken,
 					ExtraScopes:    o.ExtraScopes,
 				},
-				ForceRefresh: o.ForceRefresh,
-				TokenCacheConfig: tokencache.Config{
-					Directory: o.TokenCacheDir,
-					Storage:   tokenStorage,
-				},
-				GrantOptionSet:  grantOptionSet,
-				TLSClientConfig: o.tlsOptions.tlsClientConfig(),
+				ForceRefresh:     o.ForceRefresh,
+				TokenCacheConfig: o.tokenCacheOptions.tokenCacheConfig(),
+				GrantOptionSet:   grantOptionSet,
+				TLSClientConfig:  o.tlsOptions.tlsClientConfig(),
 			}
 			if err := cmd.GetToken.Do(c.Context(), in); err != nil {
 				return fmt.Errorf("get-token: %w", err)
--- a/pkg/cmd/tokencache.go
+++ b/pkg/cmd/tokencache.go
@@ -0,0 +1,50 @@
+package cmd
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/int128/kubelogin/pkg/tokencache"
+	"github.com/spf13/pflag"
+)
+
+func getDefaultTokenCacheDir(key, fallback string) string {
+	if value, ok := os.LookupEnv(key); ok {
+		return value
+	}
+	return fallback
+}
+
+var defaultTokenCacheDir = filepath.Join(
+	getDefaultTokenCacheDir("KUBECACHEDIR", filepath.Join("~", ".kube", "cache")),
+	"oidc-login")
+
+type tokenCacheOptions struct {
+	TokenCacheDir string
+	ForceKeyring  bool
+	NoKeyring     bool
+}
+
+func (o *tokenCacheOptions) addFlags(f *pflag.FlagSet) {
+	f.StringVar(&o.TokenCacheDir, "token-cache-dir", defaultTokenCacheDir, "Path to a directory for token cache")
+	f.BoolVar(&o.ForceKeyring, "force-keyring", false, "If set, cached tokens will be stored in the OS keyring")
+	f.BoolVar(&o.NoKeyring, "no-keyring", false, "If set, cached tokens will be stored on disk")
+}
+
+func (o *tokenCacheOptions) expandHomedir() {
+	o.TokenCacheDir = expandHomedir(o.TokenCacheDir)
+}
+
+func (o *tokenCacheOptions) tokenCacheConfig() tokencache.Config {
+	tokenStorage := tokencache.StorageAuto
+	switch {
+	case o.ForceKeyring:
+		tokenStorage = tokencache.StorageKeyring
+	case o.NoKeyring:
+		tokenStorage = tokencache.StorageDisk
+	}
+	return tokencache.Config{
+		Directory: o.TokenCacheDir,
+		Storage:   tokenStorage,
+	}
+}