Fix token race (#2)

.github/workflows/pull_request.yaml

@@ -23,7 +23,7 @@ jobs:
 
       - name: Build Go binary
         run: |
-          cd ./conformance
+          cd ./e2e
           go build -ldflags "-s -w" -o bin/conformance .
         env:
           GOOS: linux
@@ -40,7 +40,7 @@ jobs:
       - name: Build and push
         uses: docker/build-push-action@v2
         with:
-          context: ./conformance
+          context: ./e2e
           push: true
           tags: ghcr.io/castai/k8s-client-go/conformance:${{ github.sha }}
 
@@ -49,5 +49,5 @@ jobs:
 
       - name: Run tests
         run: |
-          cd ./conformance
+          cd ./e2e
           IMG=ghcr.io/castai/k8s-client-go/conformance:${{ github.sha }} ./run.sh

client.go

@@ -13,6 +13,7 @@ import (
 	"net/url"
 	"os"
 	"strings"
+	"sync"
 	"time"
 
 	"github.com/fsnotify/fsnotify"
@@ -25,8 +26,12 @@ const (
 
 // Interface is minimal kubernetes Client interface.
 type Interface interface {
+	// Do sends HTTP request to API server.
 	Do(req *http.Request) (*http.Response, error)
+	// GetRequest prepares HTTP GET request with Authorization header.
 	GetRequest(url string) (*http.Request, error)
+	// Token returns current access token.
+	Token() string
 }
 
 // NewInCluster creates Client if it is inside Kubernetes.
@@ -53,7 +58,7 @@ func NewInCluster() (*Client, error) {
 
 	client := &Client{
 		Host:       "https://" + net.JoinHostPort(host, port),
-		Token:      string(token),
+		token:      string(token),
 		HttpClient: httpClient,
 		ResponseDecoderFunc: func(r io.Reader) ResponseDecoder {
 			return json.NewDecoder(r)
@@ -77,7 +82,9 @@ func NewInCluster() (*Client, error) {
 				if event.Op&fsnotify.Write == fsnotify.Write {
 					token, err := ioutil.ReadFile(serviceAccountToken)
 					if err == nil {
-						client.Token = string(token)
+						client.tokenMu.Lock()
+						client.token = string(token)
+						client.tokenMu.Unlock()
 					}
 				}
 			case _, ok := <-watcher.Errors:
@@ -99,9 +106,11 @@ func NewInCluster() (*Client, error) {
 type Client struct {
 	Host                string
 	HttpClient          *http.Client
-	Token               string
 	ResponseDecoderFunc func(r io.Reader) ResponseDecoder
 	Logger              Logger
+
+	tokenMu sync.RWMutex
+	token   string
 }
 
 func (kc *Client) GetRequest(ctx context.Context, url string) (*http.Request, error) {
@@ -116,8 +125,8 @@ func (kc *Client) GetRequest(ctx context.Context, url string) (*http.Request, er
 	if err != nil {
 		return nil, err
 	}
-	if len(kc.Token) > 0 {
-		req.Header.Set("Authorization", "Bearer "+kc.Token)
+	if token := kc.Token(); len(token) > 0 {
+		req.Header.Set("Authorization", "Bearer "+token)
 	}
 	return req, nil
 }
@@ -126,6 +135,13 @@ func (kc *Client) Do(req *http.Request) (*http.Response, error) {
 	return kc.HttpClient.Do(req)
 }
 
+func (kc *Client) Token() string {
+	kc.tokenMu.RLock()
+	defer kc.tokenMu.RUnlock()
+
+	return kc.token
+}
+
 func Get[T Object](kc *Client, ctx context.Context, reqURL string, _ GetOptions) (T, error) {
 	var t T
 	u, err := url.Parse(reqURL)

conformance/main.go → e2e/main.go

@@ -37,7 +37,7 @@ func main() {
 	}
 
 	if err := testEndpoints(nativeClient, kc); err != nil {
-		log.Fatalf("testing endpoints: %w", err)
+		log.Fatalf("testing endpoints: %v", err)
 	}
 }
 

conformance/run.sh → e2e/run.sh

@@ -24,4 +24,4 @@ trap log ERR
 kubectl delete ns conformance || true
 kubectl create ns conformance
 kubectl apply -f job.yaml --dry-run=client -oyaml | sed "s/replace-img/$(echo "$img" | sed 's/\//\\\//g')/" | kubectl apply -f - -n conformance
-kubectl wait --for=condition=complete --timeout=10s job/conformance -n conformance
+kubectl wait --for=condition=complete --timeout=15s job/conformance -n conformance