// Complete fills CreateBasicAuthSecretOptions fields with data and checks for mutual exclusivity // between flags from different option groups. func (o *CreateBasicAuthSecretOptions) Complete(f *kcmdutil.Factory, args []string) error { if len(args) != 1 { return errors.New("must have exactly one argument: secret name") } o.SecretName = args[0] if o.PromptForPassword { if len(o.Password) != 0 { return errors.New("must provide either --prompt or --password flag") } if !term.IsTerminal(o.Reader) { return errors.New("provided reader is not a terminal") } o.Password = cmdutil.PromptForPasswordString(o.Reader, o.Out, "Password: "******"password must be provided") } } if f != nil { client, err := f.Client() if err != nil { return err } namespace, _, err := f.DefaultNamespace() if err != nil { return err } o.SecretsInterface = client.Secrets(namespace) } return nil }
func (o *CreateDockerConfigOptions) Complete(f *kcmdutil.Factory, args []string) error { if len(args) != 1 { return errors.New("must have exactly one argument: secret name") } o.SecretName = args[0] client, err := f.Client() if err != nil { return err } namespace, _, err := f.DefaultNamespace() if err != nil { return err } o.SecretsInterface = client.Secrets(namespace) return nil }
var data []byte if secretName != "" { // Get the namespace this is running in from the env variable. namespace := os.Getenv("POD_NAMESPACE") if namespace == "" { return nil, fmt.Errorf("unexpected: POD_NAMESPACE env var returned empty string") } // Get a client to talk to the k8s apiserver, to fetch secrets from it. client, err := client.NewInCluster() if err != nil { return nil, fmt.Errorf("error in creating in-cluster client: %s", err) } data = []byte{} var secret *api.Secret err = wait.PollImmediate(1*time.Second, getSecretTimeout, func() (bool, error) { secret, err = client.Secrets(namespace).Get(secretName) if err == nil { return true, nil } glog.Warningf("error in fetching secret: %s", err) return false, nil }) if err != nil { return nil, fmt.Errorf("timed out waiting for secret: %s", err) } if secret == nil { return nil, fmt.Errorf("unexpected: received null secret %s", secretName) } ok := false data, ok = secret.Data[KubeconfigSecretDataKey] if !ok {
// This is to inject a different kubeconfigGetter in tests. // We dont use the standard one which calls NewInCluster in tests to avoid having to setup service accounts and mount files with secret tokens. var KubeconfigGetterForCluster = func(c *federation_v1alpha1.Cluster) clientcmd.KubeconfigGetter { return func() (*clientcmdapi.Config, error) { // Get the namespace this is running in from the env variable. namespace := os.Getenv("POD_NAMESPACE") if namespace == "" { return nil, fmt.Errorf("unexpected: POD_NAMESPACE env var returned empty string") } // Get a client to talk to the k8s apiserver, to fetch secrets from it. client, err := client.NewInCluster() if err != nil { return nil, fmt.Errorf("error in creating in-cluster client: %s", err) } secret, err := client.Secrets(namespace).Get(c.Spec.SecretRef.Name) if err != nil { return nil, fmt.Errorf("error in fetching secret: %s", err) } data, ok := secret.Data[KubeconfigSecretDataKey] if !ok { return nil, fmt.Errorf("secret does not have data with key: %s", KubeconfigSecretDataKey) } return clientcmd.Load(data) } } type ClusterClient struct { discoveryClient *discovery.DiscoveryClient kubeClient *clientset.Clientset }