From 74b62897ed1d6a22398bf9f9ee966c82493afb58 Mon Sep 17 00:00:00 2001
From: Kent Dong <ch3cho@qq.com>
Date: Wed, 6 Mar 2024 15:16:34 +0800
Subject: [PATCH] fix: Fix the auth error returned by controller due to token
 expiration (#299)

---
 .../kubernetes/KubernetesClientService.java   | 40 ++++++++++++-------
 1 file changed, 25 insertions(+), 15 deletions(-)

diff --git a/backend/sdk/src/main/java/com/alibaba/higress/sdk/service/kubernetes/KubernetesClientService.java b/backend/sdk/src/main/java/com/alibaba/higress/sdk/service/kubernetes/KubernetesClientService.java
index 6cd2b012..fb09fa52 100644
--- a/backend/sdk/src/main/java/com/alibaba/higress/sdk/service/kubernetes/KubernetesClientService.java
+++ b/backend/sdk/src/main/java/com/alibaba/higress/sdk/service/kubernetes/KubernetesClientService.java
@@ -39,6 +39,7 @@
 import com.alibaba.higress.sdk.constant.KubernetesConstants;
 import com.alibaba.higress.sdk.constant.KubernetesConstants.Label;
 import com.alibaba.higress.sdk.constant.Separators;
+import com.alibaba.higress.sdk.exception.BusinessException;
 import com.alibaba.higress.sdk.http.HttpStatus;
 import com.alibaba.higress.sdk.service.kubernetes.crd.mcp.V1McpBridge;
 import com.alibaba.higress.sdk.service.kubernetes.crd.mcp.V1McpBridgeList;
@@ -102,7 +103,7 @@ public class KubernetesClientService {
 
     private final String controllerJwtPolicy;
 
-    private String controllerAccessToken;
+    private final String controllerAccessToken;
 
     private boolean ingressV1Supported;
 
@@ -121,9 +122,6 @@ public KubernetesClientService(HigressServiceConfig config) throws IOException {
 
         if (inCluster) {
             client = ClientBuilder.cluster().build();
-            if (StringUtils.isEmpty(controllerAccessToken)) {
-                controllerAccessToken = readTokenFromFile();
-            }
             log.info("init KubernetesClientService InCluster");
         } else {
             String kubeConfigPath = !Strings.isNullOrEmpty(kubeConfig) ? kubeConfig : KUBE_CONFIG_DEFAULT_PATH;
@@ -160,11 +158,16 @@ public List<RegistryzService> gatewayServiceList() throws IOException {
         Request request = buildControllerRequest("/debug/registryz");
         log.info("gatewayServiceList url {}", request.url());
         try (Response response = okHttpClient.newCall(request).execute()) {
-            if (response.body() != null) {
-                String responseString = new String(response.body().bytes());
-                if (StringUtils.isNotEmpty(responseString)) {
-                    return JSON.parseArray(responseString, RegistryzService.class);
-                }
+            if (!response.isSuccessful()) {
+                throw new BusinessException(
+                    "Failed to get gateway service list from controller. Code=" + response.code());
+            }
+            if (response.body() == null) {
+                throw new BusinessException("Empty response got from controller when loading gateway service list.");
+            }
+            String responseString = new String(response.body().bytes());
+            if (StringUtils.isNotEmpty(responseString)) {
+                return JSON.parseArray(responseString, RegistryzService.class);
             }
         }
         return null;
@@ -174,11 +177,15 @@ public Map<String, Map<String, IstioEndpointShard>> gatewayServiceEndpoint() thr
         Request request = buildControllerRequest("/debug/endpointShardz");
         log.info("gatewayServiceEndpoint url {}", request.url());
         try (Response response = okHttpClient.newCall(request).execute()) {
-            if (response.body() != null) {
-                String responseString = new String(response.body().bytes());
-                if (StringUtils.isNotEmpty(responseString)) {
-                    return JSON.parseObject(responseString, new TypeReference<>() {});
-                }
+            if (!response.isSuccessful()) {
+                throw new BusinessException("Failed to get service endpoints from controller. Code=" + response.code());
+            }
+            if (response.body() == null) {
+                throw new BusinessException("Empty response got from controller when loading service endpoints.");
+            }
+            String responseString = new String(response.body().bytes());
+            if (StringUtils.isNotEmpty(responseString)) {
+                return JSON.parseObject(responseString, new TypeReference<>() {});
             }
         }
         return null;
@@ -507,11 +514,14 @@ private void checkResponseStatus(V1Status status) {
         // TODO: Throw exception accordingly.
     }
 
-    private Request buildControllerRequest(String path) {
+    private Request buildControllerRequest(String path) throws IOException {
         String serviceHost = inCluster ? controllerServiceName + "." + controllerNamespace : controllerServiceHost;
         String url = "http://" + serviceHost + ":" + controllerServicePort + path;
         Request.Builder builder = new Request.Builder().url(url);
         String token = controllerAccessToken;
+        if (Strings.isNullOrEmpty(token) && inCluster) {
+            token = readTokenFromFile();
+        }
         if (!Strings.isNullOrEmpty(token)) {
             builder.addHeader(HttpHeaders.AUTHORIZATION, "Bearer " + token);
         }