Exemplo n.º 1
0
func TestTokenLeavesCert(t *testing.T) {
	authInfoWithCerts := clientcmdapi.NewAuthInfo()
	authInfoWithCerts.ClientCertificate = "cert"
	authInfoWithCerts.ClientCertificateData = []byte("certdata")
	authInfoWithCerts.ClientKey = "key"
	authInfoWithCerts.ClientKeyData = []byte("keydata")

	authInfoWithTokenAndCerts := clientcmdapi.NewAuthInfo()
	authInfoWithTokenAndCerts.Token = "token"
	authInfoWithTokenAndCerts.ClientCertificate = "cert"
	authInfoWithTokenAndCerts.ClientCertificateData = []byte("certdata")
	authInfoWithTokenAndCerts.ClientKey = "key"
	authInfoWithTokenAndCerts.ClientKeyData = []byte("keydata")

	startingConfig := newRedFederalCowHammerConfig()
	startingConfig.AuthInfos["another-user"] = authInfoWithCerts

	expectedConfig := newRedFederalCowHammerConfig()
	expectedConfig.AuthInfos["another-user"] = authInfoWithTokenAndCerts

	test := configCommandTest{
		args:           []string{"set-credentials", "another-user", "--" + clientcmd.FlagBearerToken + "=token"},
		startingConfig: startingConfig,
		expectedConfig: expectedConfig,
	}

	test.run(t)
}
Exemplo n.º 2
0
// Creates a clientcmdapi.Config object with access to the API server with a token
func MakeClientConfigWithToken(serverURL, clusterName, userName string, caCert []byte, token string) *clientcmdapi.Config {
	config := createBasicClientConfig(serverURL, clusterName, userName, caCert)

	authInfo := clientcmdapi.NewAuthInfo()
	authInfo.Token = token

	config.AuthInfos[userName] = authInfo
	return config
}
Exemplo n.º 3
0
// Creates a clientcmdapi.Config object with access to the API server with client certificates
func MakeClientConfigWithCerts(serverURL, clusterName, userName string, caCert []byte, clientKey []byte, clientCert []byte) *clientcmdapi.Config {
	config := createBasicClientConfig(serverURL, clusterName, userName, caCert)

	authInfo := clientcmdapi.NewAuthInfo()
	authInfo.ClientKeyData = clientKey
	authInfo.ClientCertificateData = clientCert

	config.AuthInfos[userName] = authInfo
	return config
}
Exemplo n.º 4
0
func TestNewEmptyAuth(t *testing.T) {
	expectedConfig := *clientcmdapi.NewConfig()
	expectedConfig.AuthInfos["the-user-name"] = clientcmdapi.NewAuthInfo()
	test := configCommandTest{
		args:           []string{"set-credentials", "the-user-name"},
		startingConfig: *clientcmdapi.NewConfig(),
		expectedConfig: expectedConfig,
	}

	test.run(t)
}
Exemplo n.º 5
0
func TestUnsetField(t *testing.T) {
	expectedConfig := newRedFederalCowHammerConfig()
	expectedConfig.AuthInfos["red-user"] = clientcmdapi.NewAuthInfo()
	test := configCommandTest{
		args:           []string{"unset", "users.red-user.token"},
		startingConfig: newRedFederalCowHammerConfig(),
		expectedConfig: expectedConfig,
	}

	test.run(t)
}
Exemplo n.º 6
0
func TestTokenClearsBasic(t *testing.T) {
	authInfoWithBasic := clientcmdapi.NewAuthInfo()
	authInfoWithBasic.Username = "******"
	authInfoWithBasic.Password = "******"

	authInfoWithToken := clientcmdapi.NewAuthInfo()
	authInfoWithToken.Token = "token"

	startingConfig := newRedFederalCowHammerConfig()
	startingConfig.AuthInfos["another-user"] = authInfoWithBasic

	expectedConfig := newRedFederalCowHammerConfig()
	expectedConfig.AuthInfos["another-user"] = authInfoWithToken

	test := configCommandTest{
		args:           []string{"set-credentials", "another-user", "--" + clientcmd.FlagBearerToken + "=token"},
		startingConfig: startingConfig,
		expectedConfig: expectedConfig,
	}

	test.run(t)
}
Exemplo n.º 7
0
func TestAdditionalAuth(t *testing.T) {
	expectedConfig := newRedFederalCowHammerConfig()
	authInfo := clientcmdapi.NewAuthInfo()
	authInfo.Token = "token"
	expectedConfig.AuthInfos["another-user"] = authInfo
	test := configCommandTest{
		args:           []string{"set-credentials", "another-user", "--" + clientcmd.FlagBearerToken + "=token"},
		startingConfig: newRedFederalCowHammerConfig(),
		expectedConfig: expectedConfig,
	}

	test.run(t)
}
Exemplo n.º 8
0
func TestCertLeavesToken(t *testing.T) {
	authInfoWithToken := clientcmdapi.NewAuthInfo()
	authInfoWithToken.Token = "token"

	authInfoWithTokenAndCerts := clientcmdapi.NewAuthInfo()
	authInfoWithTokenAndCerts.Token = "token"
	authInfoWithTokenAndCerts.ClientCertificate = "/cert"
	authInfoWithTokenAndCerts.ClientKey = "/key"

	startingConfig := newRedFederalCowHammerConfig()
	startingConfig.AuthInfos["another-user"] = authInfoWithToken

	expectedConfig := newRedFederalCowHammerConfig()
	expectedConfig.AuthInfos["another-user"] = authInfoWithTokenAndCerts

	test := configCommandTest{
		args:           []string{"set-credentials", "another-user", "--" + clientcmd.FlagCertFile + "=/cert", "--" + clientcmd.FlagKeyFile + "=/key"},
		startingConfig: startingConfig,
		expectedConfig: expectedConfig,
	}

	test.run(t)
}
Exemplo n.º 9
0
func TestTokenAndCertAllowed(t *testing.T) {
	expectedConfig := newRedFederalCowHammerConfig()
	authInfo := clientcmdapi.NewAuthInfo()
	authInfo.Token = "token"
	authInfo.ClientCertificate = "/cert-file"
	expectedConfig.AuthInfos["another-user"] = authInfo
	test := configCommandTest{
		args:           []string{"set-credentials", "another-user", "--" + clientcmd.FlagCertFile + "=/cert-file", "--" + clientcmd.FlagBearerToken + "=token"},
		startingConfig: newRedFederalCowHammerConfig(),
		expectedConfig: expectedConfig,
	}

	test.run(t)
}
Exemplo n.º 10
0
func TestEmptyTokenAndCertAllowed(t *testing.T) {
	fakeCertFile, _ := ioutil.TempFile("", "cert-file")
	defer os.Remove(fakeCertFile.Name())
	expectedConfig := newRedFederalCowHammerConfig()
	authInfo := clientcmdapi.NewAuthInfo()
	authInfo.ClientCertificate = path.Base(fakeCertFile.Name())
	expectedConfig.AuthInfos["another-user"] = authInfo

	test := configCommandTest{
		args:           []string{"set-credentials", "another-user", "--" + clientcmd.FlagCertFile + "=" + fakeCertFile.Name(), "--" + clientcmd.FlagBearerToken + "="},
		startingConfig: newRedFederalCowHammerConfig(),
		expectedConfig: expectedConfig,
	}

	test.run(t)
}
Exemplo n.º 11
0
func TestEmbedClientKey(t *testing.T) {
	fakeKeyFile, _ := ioutil.TempFile("", "")
	defer os.Remove(fakeKeyFile.Name())
	fakeData := []byte("fake-data")
	ioutil.WriteFile(fakeKeyFile.Name(), fakeData, 0600)
	expectedConfig := newRedFederalCowHammerConfig()
	authInfo := clientcmdapi.NewAuthInfo()
	authInfo.ClientKeyData = fakeData
	expectedConfig.AuthInfos["another-user"] = authInfo

	test := configCommandTest{
		args:           []string{"set-credentials", "another-user", "--" + clientcmd.FlagKeyFile + "=" + fakeKeyFile.Name(), "--" + clientcmd.FlagEmbedCerts + "=true"},
		startingConfig: newRedFederalCowHammerConfig(),
		expectedConfig: expectedConfig,
	}

	test.run(t)
}
Exemplo n.º 12
0
func updateKubeconfig(config util.AdminConfig, name, endpoint string, entKeyPairs *entityKeyPairs, dryRun bool) error {
	po := config.PathOptions()
	kubeconfig, err := po.GetStartingConfig()
	if err != nil {
		return err
	}

	// Populate API server endpoint info.
	cluster := clientcmdapi.NewCluster()
	// Prefix "https" as the URL scheme to endpoint.
	if !strings.HasPrefix(endpoint, "https://") {
		endpoint = fmt.Sprintf("https://%s", endpoint)
	}
	cluster.Server = endpoint
	cluster.CertificateAuthorityData = certutil.EncodeCertPEM(entKeyPairs.ca.Cert)

	// Populate credentials.
	authInfo := clientcmdapi.NewAuthInfo()
	authInfo.ClientCertificateData = certutil.EncodeCertPEM(entKeyPairs.admin.Cert)
	authInfo.ClientKeyData = certutil.EncodePrivateKeyPEM(entKeyPairs.admin.Key)
	authInfo.Username = AdminCN

	// Populate context.
	context := clientcmdapi.NewContext()
	context.Cluster = name
	context.AuthInfo = name

	// Update the config struct with API server endpoint info,
	// credentials and context.
	kubeconfig.Clusters[name] = cluster
	kubeconfig.AuthInfos[name] = authInfo
	kubeconfig.Contexts[name] = context

	if !dryRun {
		// Write the update kubeconfig.
		if err := clientcmd.ModifyConfig(po, *kubeconfig, true); err != nil {
			return err
		}
	}

	return nil
}
Exemplo n.º 13
0
func (o createAuthInfoOptions) run() error {
	err := o.validate()
	if err != nil {
		return err
	}

	config, err := o.configAccess.GetStartingConfig()
	if err != nil {
		return err
	}

	startingStanza, exists := config.AuthInfos[o.name]
	if !exists {
		startingStanza = clientcmdapi.NewAuthInfo()
	}
	authInfo := o.modifyAuthInfo(*startingStanza)
	config.AuthInfos[o.name] = &authInfo

	if err := clientcmd.ModifyConfig(o.configAccess, *config, true); err != nil {
		return err
	}

	return nil
}
Exemplo n.º 14
0
func addConversionFuncs(scheme *runtime.Scheme) error {
	return scheme.AddConversionFuncs(
		func(in *Cluster, out *api.Cluster, s conversion.Scope) error {
			return s.DefaultConvert(in, out, conversion.IgnoreMissingFields)
		},
		func(in *api.Cluster, out *Cluster, s conversion.Scope) error {
			return s.DefaultConvert(in, out, conversion.IgnoreMissingFields)
		},
		func(in *Preferences, out *api.Preferences, s conversion.Scope) error {
			return s.DefaultConvert(in, out, conversion.IgnoreMissingFields)
		},
		func(in *api.Preferences, out *Preferences, s conversion.Scope) error {
			return s.DefaultConvert(in, out, conversion.IgnoreMissingFields)
		},
		func(in *AuthInfo, out *api.AuthInfo, s conversion.Scope) error {
			return s.DefaultConvert(in, out, conversion.IgnoreMissingFields)
		},
		func(in *api.AuthInfo, out *AuthInfo, s conversion.Scope) error {
			return s.DefaultConvert(in, out, conversion.IgnoreMissingFields)
		},
		func(in *Context, out *api.Context, s conversion.Scope) error {
			return s.DefaultConvert(in, out, conversion.IgnoreMissingFields)
		},
		func(in *api.Context, out *Context, s conversion.Scope) error {
			return s.DefaultConvert(in, out, conversion.IgnoreMissingFields)
		},

		func(in *Config, out *api.Config, s conversion.Scope) error {
			out.CurrentContext = in.CurrentContext
			if err := s.Convert(&in.Preferences, &out.Preferences, 0); err != nil {
				return err
			}

			out.Clusters = make(map[string]*api.Cluster)
			if err := s.Convert(&in.Clusters, &out.Clusters, 0); err != nil {
				return err
			}
			out.AuthInfos = make(map[string]*api.AuthInfo)
			if err := s.Convert(&in.AuthInfos, &out.AuthInfos, 0); err != nil {
				return err
			}
			out.Contexts = make(map[string]*api.Context)
			if err := s.Convert(&in.Contexts, &out.Contexts, 0); err != nil {
				return err
			}
			out.Extensions = make(map[string]runtime.Object)
			if err := s.Convert(&in.Extensions, &out.Extensions, 0); err != nil {
				return err
			}
			return nil
		},
		func(in *api.Config, out *Config, s conversion.Scope) error {
			out.CurrentContext = in.CurrentContext
			if err := s.Convert(&in.Preferences, &out.Preferences, 0); err != nil {
				return err
			}

			out.Clusters = make([]NamedCluster, 0, 0)
			if err := s.Convert(&in.Clusters, &out.Clusters, 0); err != nil {
				return err
			}
			out.AuthInfos = make([]NamedAuthInfo, 0, 0)
			if err := s.Convert(&in.AuthInfos, &out.AuthInfos, 0); err != nil {
				return err
			}
			out.Contexts = make([]NamedContext, 0, 0)
			if err := s.Convert(&in.Contexts, &out.Contexts, 0); err != nil {
				return err
			}
			out.Extensions = make([]NamedExtension, 0, 0)
			if err := s.Convert(&in.Extensions, &out.Extensions, 0); err != nil {
				return err
			}
			return nil
		},
		func(in *[]NamedCluster, out *map[string]*api.Cluster, s conversion.Scope) error {
			for _, curr := range *in {
				newCluster := api.NewCluster()
				if err := s.Convert(&curr.Cluster, newCluster, 0); err != nil {
					return err
				}
				(*out)[curr.Name] = newCluster
			}

			return nil
		},
		func(in *map[string]*api.Cluster, out *[]NamedCluster, s conversion.Scope) error {
			allKeys := make([]string, 0, len(*in))
			for key := range *in {
				allKeys = append(allKeys, key)
			}
			sort.Strings(allKeys)

			for _, key := range allKeys {
				newCluster := (*in)[key]
				oldCluster := &Cluster{}
				if err := s.Convert(newCluster, oldCluster, 0); err != nil {
					return err
				}

				namedCluster := NamedCluster{key, *oldCluster}
				*out = append(*out, namedCluster)
			}

			return nil
		},
		func(in *[]NamedAuthInfo, out *map[string]*api.AuthInfo, s conversion.Scope) error {
			for _, curr := range *in {
				newAuthInfo := api.NewAuthInfo()
				if err := s.Convert(&curr.AuthInfo, newAuthInfo, 0); err != nil {
					return err
				}
				(*out)[curr.Name] = newAuthInfo
			}

			return nil
		},
		func(in *map[string]*api.AuthInfo, out *[]NamedAuthInfo, s conversion.Scope) error {
			allKeys := make([]string, 0, len(*in))
			for key := range *in {
				allKeys = append(allKeys, key)
			}
			sort.Strings(allKeys)

			for _, key := range allKeys {
				newAuthInfo := (*in)[key]
				oldAuthInfo := &AuthInfo{}
				if err := s.Convert(newAuthInfo, oldAuthInfo, 0); err != nil {
					return err
				}

				namedAuthInfo := NamedAuthInfo{key, *oldAuthInfo}
				*out = append(*out, namedAuthInfo)
			}

			return nil
		},
		func(in *[]NamedContext, out *map[string]*api.Context, s conversion.Scope) error {
			for _, curr := range *in {
				newContext := api.NewContext()
				if err := s.Convert(&curr.Context, newContext, 0); err != nil {
					return err
				}
				(*out)[curr.Name] = newContext
			}

			return nil
		},
		func(in *map[string]*api.Context, out *[]NamedContext, s conversion.Scope) error {
			allKeys := make([]string, 0, len(*in))
			for key := range *in {
				allKeys = append(allKeys, key)
			}
			sort.Strings(allKeys)

			for _, key := range allKeys {
				newContext := (*in)[key]
				oldContext := &Context{}
				if err := s.Convert(newContext, oldContext, 0); err != nil {
					return err
				}

				namedContext := NamedContext{key, *oldContext}
				*out = append(*out, namedContext)
			}

			return nil
		},
		func(in *[]NamedExtension, out *map[string]runtime.Object, s conversion.Scope) error {
			for _, curr := range *in {
				var newExtension runtime.Object
				if err := s.Convert(&curr.Extension, &newExtension, 0); err != nil {
					return err
				}
				(*out)[curr.Name] = newExtension
			}

			return nil
		},
		func(in *map[string]runtime.Object, out *[]NamedExtension, s conversion.Scope) error {
			allKeys := make([]string, 0, len(*in))
			for key := range *in {
				allKeys = append(allKeys, key)
			}
			sort.Strings(allKeys)

			for _, key := range allKeys {
				newExtension := (*in)[key]
				oldExtension := &runtime.RawExtension{}
				if err := s.Convert(newExtension, oldExtension, 0); err != nil {
					return err
				}

				namedExtension := NamedExtension{key, *oldExtension}
				*out = append(*out, namedExtension)
			}

			return nil
		},
	)
}