Add support for Azure AAD based authentication. (#193)

src/KubernetesClient/KubeConfigModels/AuthProvider.cs

@@ -0,0 +1,24 @@
+namespace k8s.KubeConfigModels
+{
+    using System.Collections.Generic;
+    using YamlDotNet.RepresentationModel;
+    using YamlDotNet.Serialization;
+
+    /// <summary>
+    /// Contains information that describes identity information.  This is use to tell the kubernetes cluster who you are.
+    /// </summary>
+    public class AuthProvider {
+        /// <summary>
+        /// Gets or sets the nickname for this auth provider.
+        /// </summary>
+        [YamlMember(Alias = "name")]
+        public string Name { get; set; }
+
+        /// <summary>
+        /// Gets or sets the configuration for this auth provider
+        /// </summary>
+        [YamlMember(Alias = "config")]
+        public Dictionary<string, string> Config { get; set; }
+
+    }
+}

src/KubernetesClient/KubeConfigModels/UserCredentials.cs

@@ -73,7 +73,7 @@ namespace k8s.KubeConfigModels
         /// Gets or sets custom authentication plugin for the kubernetes cluster.
         /// </summary>
         [YamlMember(Alias = "auth-provider", ApplyNamingConventions = false)]
-        public Dictionary<string, dynamic> AuthProvider { get; set; }
+        public AuthProvider AuthProvider { get; set; }
 
         /// <summary>
         /// Gets or sets additional information. This is useful for extenders so that reads and writes don't clobber unknown fields.

src/KubernetesClient/KubernetesClientConfiguration.ConfigFile.cs

@@ -239,6 +239,27 @@ namespace k8s
                 userCredentialsFound = true;
             }
 
+            if (userDetails.UserCredentials.AuthProvider != null) {
+                if (userDetails.UserCredentials.AuthProvider.Name == "azure" &&
+                    userDetails.UserCredentials.AuthProvider.Config != null &&
+                    userDetails.UserCredentials.AuthProvider.Config.ContainsKey("access-token")) {
+                    var config = userDetails.UserCredentials.AuthProvider.Config;
+                    if (config.ContainsKey("expires-on")) {
+                        var expires = DateTimeOffset.FromUnixTimeSeconds(Int32.Parse(config["expires-on"]));
+                        if (DateTimeOffset.Compare(expires, DateTimeOffset.Now) <= 0) {
+                            var tenantId = config["tenant-id"];
+                            var clientId = config["client-id"];
+                            var apiServerId = config["apiserver-id"];
+                            var refresh = config["refresh-token"];
+                            var newToken = RenewAzureToken(tenantId, clientId, apiServerId, refresh);
+                            config["access-token"] = newToken;
+                        }
+                    }
+                    AccessToken = config["access-token"];
+                    userCredentialsFound = true;
+                }
+            }
+
             if (!userCredentialsFound)
             {
                 throw new KubeConfigException(
@@ -246,6 +267,10 @@ namespace k8s
             }
         }
 
+        public static string RenewAzureToken(string tenantId, string clientId, string apiServerId, string refresh) {
+            throw new KubeConfigException("Refresh not supported.");
+        }
+
         /// <summary>
         ///     Loads entire Kube Config from default or explicit file path
         /// </summary>

tests/KubernetesClient.Tests/KubernetesClientConfigurationTests.cs

@@ -438,7 +438,7 @@ namespace k8s.Tests
 
             if (expectedCreds.AuthProvider != null)
             {
-                Assert.True(expectedCreds.AuthProvider.All(x => actualCreds.AuthProvider.Contains(x)));
+                Assert.True(expectedCreds.AuthProvider.Config.All(x => actualCreds.AuthProvider.Config.Contains(x)));
             }
         }
     }