Add exec value source type (#5050)

* config: introduce ExecSource value source * auth: introduce OidcTokenSourceAuthProvider * auth: use OidcTokenSourceAuthProvider if tokenSource config is present on the client * cmd: allow exec token source only if CLI flag was passed
2026-01-11 22:23:12 +00:00 · 2025-11-17 17:20:21 +01:00
parent f736d171ac
commit 66973a03db
10 changed files with 179 additions and 20 deletions
--- a/pkg/config/v1/client.go
+++ b/pkg/config/v1/client.go
@@ -239,8 +239,16 @@ type AuthOIDCClientConfig struct {
 	// Supports http, https, socks5, and socks5h proxy protocols.
 	// If empty, no proxy is used for OIDC connections.
 	ProxyURL string `json:"proxyURL,omitempty"`
+
+	// TokenSource specifies a custom dynamic source for the authorization token.
+	// This is mutually exclusive with every other field of this structure.
+	TokenSource *ValueSource `json:"tokenSource,omitempty"`
 }

 type VirtualNetConfig struct {
 	Address string `json:"address,omitempty"`
 }
+
+type UnsafeFeatures struct {
+	TokenSourceExec bool
+}