From f5d2eaabebfc03b4359d333dc82540a8adb09683 Mon Sep 17 00:00:00 2001
From: idogada-akamai <120371099+idogada-akamai@users.noreply.github.com>
Date: Mon, 11 Nov 2024 18:57:57 +0200
Subject: [PATCH] Avoid overwriting entire KubeCredentials block (#397)

* Avoid overwriting entire KubeCredentials block

* Add test for cached credentials (credit to @bigkevmcd)

* Add field name

* Reuse existing context
---
 cmd/kubectl_token.go      |  3 ++-
 cmd/kubectl_token_test.go | 56 ++++++++++++++++++++++++++++++++++++++-
 2 files changed, 57 insertions(+), 2 deletions(-)

diff --git a/cmd/kubectl_token.go b/cmd/kubectl_token.go
index dfd8ece8..fc930651 100644
--- a/cmd/kubectl_token.go
+++ b/cmd/kubectl_token.go
@@ -296,11 +296,12 @@ func cacheCredential(ctx *cli.Context, cred *config.ExecCredential, id string) e
 		return err
 	}
 
-	if sc.KubeCredentials[id] == nil {
+	if sc.KubeCredentials == nil {
 		sc.KubeCredentials = make(map[string]*config.ExecCredential)
 	}
 	sc.KubeCredentials[id] = cred
 	cf.Servers[server] = sc
+
 	return cf.Write()
 }
 
diff --git a/cmd/kubectl_token_test.go b/cmd/kubectl_token_test.go
index 1f8a28e8..c9fe45c1 100644
--- a/cmd/kubectl_token_test.go
+++ b/cmd/kubectl_token_test.go
@@ -1,17 +1,20 @@
 package cmd
 
 import (
+	"flag"
 	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"testing"
+	"time"
 
+	"github.com/rancher/cli/config"
 	apiv3 "github.com/rancher/rancher/pkg/apis/management.cattle.io/v3"
 	"github.com/stretchr/testify/assert"
+	"github.com/urfave/cli"
 )
 
 func Test_getAuthProviders(t *testing.T) {
-
 	setupServer := func(response string) *httptest.Server {
 		return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			fmt.Fprint(w, response)
@@ -114,3 +117,54 @@ var responseOK = `{
         }
     ]
 }`
+
+func Test_cacheCredential(t *testing.T) {
+	tempDir := t.TempDir()
+
+	cred := &config.ExecCredential{Status: &config.ExecCredentialStatus{Token: "test-token"}}
+	flagSet := flag.NewFlagSet("test", 0)
+	flagSet.String("server", "rancher.example.com", "doc")
+	flagSet.String("config", tempDir, "doc")
+	cliCtx := cli.NewContext(nil, flagSet, nil)
+
+	err := cacheCredential(cliCtx, cred, "dev-server")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	cfg, err := loadConfig(cliCtx)
+	if err != nil {
+		t.Fatal(err)
+	}
+	expires := &config.Time{Time: time.Now().Add(time.Hour * 2)}
+	cfg.CurrentServer = "rancher.example.com"
+	cfg.Servers["rancher.example.com"].KubeCredentials["dev-server"].Status.ClientKeyData = "this-is-not-real"
+	cfg.Servers["rancher.example.com"].KubeCredentials["dev-server"].Status.ExpirationTimestamp = expires
+	if err := cfg.Write(); err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = cfg.FocusedServer()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	cred = &config.ExecCredential{Status: &config.ExecCredentialStatus{Token: "new-token"}}
+	err = cacheCredential(cliCtx, cred, "local")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	cfg, err = loadConfig(cliCtx)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if v := cfg.Servers["rancher.example.com"].KubeCredentials["dev-server"].Status.ClientKeyData; v != "this-is-not-real" {
+		t.Errorf("got ClientKeyData %q, want \"this-is-not-real\"", v)
+	}
+	if v := cfg.Servers["rancher.example.com"].KubeCredentials["dev-server"].Status.ExpirationTimestamp; !v.Time.Equal(expires.Time) {
+		t.Errorf("got ExpirationTimestamp %v, want %v", v, expires)
+	}
+
+}