func (o *CreateKubeconfigOptions) Run() error {
serviceAccount, err := o.SAClient.Get(o.SAName)
if err != nil {
return err
}
for _, reference := range serviceAccount.Secrets {
secret, err := o.SecretsClient.Get(reference.Name)
if err != nil {
continue
}
if serviceaccounts.IsValidServiceAccountToken(serviceAccount, secret) {
token, exists := secret.Data[kapi.ServiceAccountTokenKey]
if !exists {
return fmt.Errorf("service account token %q for service account %q did not contain token data", secret.Name, serviceAccount.Name)
}
cfg := &o.RawConfig
if err := clientcmdapi.MinifyConfig(cfg); err != nil {
return fmt.Errorf("invalid configuration, unable to create new config file: %v", err)
}
ctx := cfg.Contexts[cfg.CurrentContext]
ctx.Namespace = o.ContextNamespace
// rename the current context
cfg.CurrentContext = o.SAName
cfg.Contexts = map[string]*clientcmdapi.Context{
cfg.CurrentContext: ctx,
}
// use the server name
ctx.AuthInfo = o.SAName
cfg.AuthInfos = map[string]*clientcmdapi.AuthInfo{
ctx.AuthInfo: {
Token: string(token),
},
}
out, err := kclientcmd.Write(*cfg)
if err != nil {
return err
}
fmt.Fprintf(o.Out, string(out))
return nil
}
}
return fmt.Errorf("could not find a service account token for service account %q", serviceAccount.Name)
}
func CreateKubeconfigSecret(clientset *client.Clientset, kubeconfig *clientcmdapi.Config, namespace, name string, dryRun bool) (*api.Secret, error) {
configBytes, err := clientcmd.Write(*kubeconfig)
if err != nil {
return nil, err
}
// Build the secret object with the minified and flattened
// kubeconfig content.
secret := &api.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: name,
Namespace: namespace,
},
Data: map[string][]byte{
KubeconfigSecretDataKey: configBytes,
},
}
if !dryRun {
return clientset.Core().Secrets(namespace).Create(secret)
}
return secret, nil
}
func fakeJoinHostFactory(clusterName, clusterCtx, secretName, server, token string) (cmdutil.Factory, error) {
if clusterCtx == "" {
clusterCtx = clusterName
}
if secretName == "" {
secretName = clusterName
}
kubeconfig := clientcmdapi.Config{
Clusters: map[string]*clientcmdapi.Cluster{
clusterCtx: {
Server: server,
},
},
AuthInfos: map[string]*clientcmdapi.AuthInfo{
clusterCtx: {
Token: token,
},
},
Contexts: map[string]*clientcmdapi.Context{
clusterCtx: {
Cluster: clusterCtx,
AuthInfo: clusterCtx,
},
},
CurrentContext: clusterCtx,
}
configBytes, err := clientcmd.Write(kubeconfig)
if err != nil {
return nil, err
}
secretObject := v1.Secret{
TypeMeta: unversioned.TypeMeta{
Kind: "Secret",
APIVersion: "v1",
},
ObjectMeta: v1.ObjectMeta{
Name: secretName,
Namespace: util.DefaultFederationSystemNamespace,
},
Data: map[string][]byte{
"kubeconfig": configBytes,
},
}
f, tf, codec, _ := cmdtesting.NewAPIFactory()
ns := dynamic.ContentConfig().NegotiatedSerializer
tf.ClientConfig = kubefedtesting.DefaultClientConfig()
tf.Client = &fake.RESTClient{
NegotiatedSerializer: ns,
Client: fake.CreateHTTPClient(func(req *http.Request) (*http.Response, error) {
switch p, m := req.URL.Path, req.Method; {
case p == "/api/v1/namespaces/federation-system/secrets" && m == http.MethodPost:
body, err := ioutil.ReadAll(req.Body)
if err != nil {
return nil, err
}
var got v1.Secret
_, _, err = codec.Decode(body, nil, &got)
if err != nil {
return nil, err
}
if !api.Semantic.DeepEqual(got, secretObject) {
return nil, fmt.Errorf("Unexpected secret object\n\tDiff: %s", diff.ObjectGoPrintDiff(got, secretObject))
}
return &http.Response{StatusCode: http.StatusCreated, Header: kubefedtesting.DefaultHeader(), Body: kubefedtesting.ObjBody(codec, &secretObject)}, nil
default:
return nil, fmt.Errorf("unexpected request: %#v\n%#v", req.URL, req)
}
}),
}
return f, nil
}