k8s: add flush-credentials command (#2379)

* k8s: add flush-credentials command

* Update cmd/pomerium-cli/kubernetes.go

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

cmd/pomerium-cli/cache.go

@@ -5,6 +5,7 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
+	"io/fs"
 	"os"
 	"path/filepath"
 	"time"
@@ -36,6 +37,25 @@ func cachedCredentialPath(serverURL string) string {
 	return filepath.Join(cachePath(), id+".json")
 }
 
+func clearAllCachedCredentials() {
+	_ = filepath.Walk(cachePath(), func(p string, fi fs.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+
+		if fi.IsDir() {
+			return nil
+		}
+
+		return os.Remove(p)
+	})
+}
+
+func clearCachedCredential(serverURL string) {
+	fn := cachedCredentialPath(serverURL)
+	_ = os.Remove(fn)
+}
+
 func loadCachedCredential(serverURL string) *ExecCredential {
 	fn := cachedCredentialPath(serverURL)
 

cmd/pomerium-cli/kubernetes.go

@@ -18,6 +18,7 @@ import (
 func init() {
 	addTLSFlags(kubernetesExecCredentialCmd)
 	kubernetesCmd.AddCommand(kubernetesExecCredentialCmd)
+	kubernetesCmd.AddCommand(kubernetesFlushCredentialsCmd)
 	rootCmd.AddCommand(kubernetesCmd)
 }
 
@@ -25,6 +26,18 @@ var kubernetesCmd = &cobra.Command{
 	Use: "k8s",
 }
 
+var kubernetesFlushCredentialsCmd = &cobra.Command{
+	Use: "flush-credentials [API Server URL]",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		if len(args) == 0 {
+			clearAllCachedCredentials()
+		} else {
+			clearCachedCredential(args[0])
+		}
+		return nil
+	},
+}
+
 var kubernetesExecCredentialCmd = &cobra.Command{
 	Use: "exec-credential",
 	RunE: func(cmd *cobra.Command, args []string) error {