// SetupContext creates a new cluster and context in ~/.kube using the provided API Server. If setCurrent is true, it is made the current context. func SetupContext(clusterName, contextName, kubeAPIServer string, setCurrent bool) error { pathOpts := kubectlcfg.NewDefaultPathOptions() config, err := getConfig(pathOpts) if err != nil { return err } cluster, exists := config.Clusters[clusterName] if !exists { cluster = kubecfg.NewCluster() } // configure cluster cluster.Server = kubeAPIServer cluster.InsecureSkipTLSVerify = true config.Clusters[clusterName] = cluster context, exists := config.Contexts[contextName] if !exists { context = kubecfg.NewContext() } // configure context context.Cluster = clusterName config.Contexts[contextName] = context // set as current if requested if setCurrent { config.CurrentContext = contextName } return kubectlcfg.ModifyConfig(pathOpts, *config, true) }
// setupKubeconfig reads config from disk, adds the minikube settings, and writes it back. // activeContext is true when minikube is the CurrentContext // If no CurrentContext is set, the given name will be used. func setupKubeconfig(server, certAuth string) error { configFile := constants.KubeconfigPath // read existing config or create new if does not exist config, err := kubeconfig.ReadConfigOrNew(configFile) if err != nil { return err } currentContextName := config.CurrentContext currentContext := config.Contexts[currentContextName] clusterName, err := ocfg.GetClusterNicknameFromURL(server) if err != nil { return err } cluster := cfg.NewCluster() cluster.Server = server cluster.CertificateAuthorityData = []byte(certAuth) config.Clusters[clusterName] = cluster // user userName := "******" + clusterName user := cfg.NewAuthInfo() if currentContext != nil && currentContext.AuthInfo == userName { currentUser := config.AuthInfos[userName] if currentUser != nil { user.Token = config.AuthInfos[userName].Token } } config.AuthInfos[userName] = user // context context := cfg.NewContext() context.Cluster = clusterName context.AuthInfo = userName context.Namespace = api.NamespaceDefault contextName := ocfg.GetContextNickname(api.NamespaceDefault, clusterName, userName) if currentContext != nil && currentContext.Cluster == clusterName && currentContext.AuthInfo == userName { contextName = currentContextName context.Namespace = currentContext.Namespace } config.Contexts[contextName] = context config.CurrentContext = contextName // write back to disk if err := kubeconfig.WriteConfig(config, configFile); err != nil { return err } fmt.Println("oc is now configured to use the cluster.") if len(user.Token) == 0 { fmt.Println("Run this command to use the cluster: ") fmt.Println("oc login --username=admin --password=admin") } return nil }
func TestSetCurrentContext(t *testing.T) { expectedConfig := newRedFederalCowHammerConfig() startingConfig := newRedFederalCowHammerConfig() newContextName := "the-new-context" startingConfig.Contexts[newContextName] = clientcmdapi.NewContext() expectedConfig.Contexts[newContextName] = clientcmdapi.NewContext() expectedConfig.CurrentContext = newContextName test := configCommandTest{ args: []string{"use-context", "the-new-context"}, startingConfig: startingConfig, expectedConfig: expectedConfig, } test.run(t) }
func TestNewEmptyContext(t *testing.T) { expectedConfig := *clientcmdapi.NewConfig() expectedConfig.Contexts["new-context"] = clientcmdapi.NewContext() test := configCommandTest{ args: []string{"set-context", "new-context"}, startingConfig: *clientcmdapi.NewConfig(), expectedConfig: expectedConfig, } test.run(t) }
func TestSetIntoNewConfig(t *testing.T) { expectedConfig := *clientcmdapi.NewConfig() context := clientcmdapi.NewContext() context.AuthInfo = "fake-user" expectedConfig.Contexts["new-context"] = context test := configCommandTest{ args: []string{"set", "contexts.new-context.user", "fake-user"}, startingConfig: *clientcmdapi.NewConfig(), expectedConfig: expectedConfig, } test.run(t) }
// CreateConfig takes a clientCfg and builds a config (kubeconfig style) from it. func CreateConfig(namespace string, clientCfg *client.Config) (*clientcmdapi.Config, error) { clusterNick, err := GetClusterNicknameFromConfig(clientCfg) if err != nil { return nil, err } userNick, err := GetUserNicknameFromConfig(clientCfg) if err != nil { return nil, err } contextNick, err := GetContextNicknameFromConfig(namespace, clientCfg) if err != nil { return nil, err } config := clientcmdapi.NewConfig() credentials := clientcmdapi.NewAuthInfo() credentials.Token = clientCfg.BearerToken credentials.ClientCertificate = clientCfg.TLSClientConfig.CertFile if len(credentials.ClientCertificate) == 0 { credentials.ClientCertificateData = clientCfg.TLSClientConfig.CertData } credentials.ClientKey = clientCfg.TLSClientConfig.KeyFile if len(credentials.ClientKey) == 0 { credentials.ClientKeyData = clientCfg.TLSClientConfig.KeyData } config.AuthInfos[userNick] = credentials cluster := clientcmdapi.NewCluster() cluster.Server = clientCfg.Host cluster.CertificateAuthority = clientCfg.CAFile if len(cluster.CertificateAuthority) == 0 { cluster.CertificateAuthorityData = clientCfg.CAData } cluster.InsecureSkipTLSVerify = clientCfg.Insecure if clientCfg.GroupVersion != nil { cluster.APIVersion = clientCfg.GroupVersion.String() } config.Clusters[clusterNick] = cluster context := clientcmdapi.NewContext() context.Cluster = clusterNick context.AuthInfo = userNick context.Namespace = namespace config.Contexts[contextNick] = context config.CurrentContext = contextNick return config, nil }
func TestKubectlValidation(t *testing.T) { testCases := []struct { data string err bool }{ {`{"apiVersion": "v1", "kind": "thisObjectShouldNotExistInAnyGroup"}`, true}, {`{"apiVersion": "invalidVersion", "kind": "Pod"}`, true}, {`{"apiVersion": "v1", "kind": "Pod"}`, false}, // The following test the experimental api. // TODO: Replace with something more robust. These may move. {`{"apiVersion": "extensions/v1beta1", "kind": "Ingress"}`, false}, {`{"apiVersion": "extensions/v1beta1", "kind": "Job"}`, false}, {`{"apiVersion": "vNotAVersion", "kind": "Job"}`, true}, } components := framework.NewMasterComponents(&framework.Config{}) defer components.Stop(true, true) ctx := clientcmdapi.NewContext() cfg := clientcmdapi.NewConfig() // Enable swagger api on master. components.KubeMaster.InstallSwaggerAPI() cluster := clientcmdapi.NewCluster() cluster.Server = components.ApiServer.URL cluster.InsecureSkipTLSVerify = true cfg.Contexts = map[string]*clientcmdapi.Context{"test": ctx} cfg.CurrentContext = "test" overrides := clientcmd.ConfigOverrides{ ClusterInfo: *cluster, } cmdConfig := clientcmd.NewNonInteractiveClientConfig(*cfg, "test", &overrides, nil) factory := util.NewFactory(cmdConfig) schema, err := factory.Validator(true, "") if err != nil { t.Errorf("failed to get validator: %v", err) return } for i, test := range testCases { err := schema.ValidateBytes([]byte(test.data)) if err == nil { if test.err { t.Errorf("case %d: expected error", i) } } else { if !test.err { t.Errorf("case %d: unexpected error: %v", i, err) } } } }
func TestAdditionalContext(t *testing.T) { expectedConfig := newRedFederalCowHammerConfig() context := clientcmdapi.NewContext() context.Cluster = "some-cluster" context.AuthInfo = "some-user" context.Namespace = "different-namespace" expectedConfig.Contexts["different-context"] = context test := configCommandTest{ args: []string{"set-context", "different-context", "--" + clientcmd.FlagClusterName + "=some-cluster", "--" + clientcmd.FlagAuthInfoName + "=some-user", "--" + clientcmd.FlagNamespace + "=different-namespace"}, startingConfig: newRedFederalCowHammerConfig(), expectedConfig: expectedConfig, } test.run(t) }
func MakeClientConfigWithToken(config *clientcmdapi.Config, clusterName string, userName string, token string) *clientcmdapi.Config { newConfig := config name := fmt.Sprintf("%s@%s", userName, clusterName) authInfo := clientcmdapi.NewAuthInfo() authInfo.Token = token context := clientcmdapi.NewContext() context.Cluster = clusterName context.AuthInfo = userName newConfig.AuthInfos[userName] = authInfo newConfig.Contexts[name] = context newConfig.CurrentContext = name return newConfig }
func MakeClientConfigWithCerts(config *clientcmdapi.Config, clusterName string, userName string, clientKey []byte, clientCert []byte) *clientcmdapi.Config { newConfig := config name := fmt.Sprintf("%s@%s", userName, clusterName) authInfo := clientcmdapi.NewAuthInfo() authInfo.ClientKeyData = clientKey authInfo.ClientCertificateData = clientCert context := clientcmdapi.NewContext() context.Cluster = clusterName context.AuthInfo = userName newConfig.AuthInfos[userName] = authInfo newConfig.Contexts[name] = context newConfig.CurrentContext = name return newConfig }
func updateKubeconfig(config util.AdminConfig, name, endpoint string, entKeyPairs *entityKeyPairs, dryRun bool) error { po := config.PathOptions() kubeconfig, err := po.GetStartingConfig() if err != nil { return err } // Populate API server endpoint info. cluster := clientcmdapi.NewCluster() // Prefix "https" as the URL scheme to endpoint. if !strings.HasPrefix(endpoint, "https://") { endpoint = fmt.Sprintf("https://%s", endpoint) } cluster.Server = endpoint cluster.CertificateAuthorityData = certutil.EncodeCertPEM(entKeyPairs.ca.Cert) // Populate credentials. authInfo := clientcmdapi.NewAuthInfo() authInfo.ClientCertificateData = certutil.EncodeCertPEM(entKeyPairs.admin.Cert) authInfo.ClientKeyData = certutil.EncodePrivateKeyPEM(entKeyPairs.admin.Key) authInfo.Username = AdminCN // Populate context. context := clientcmdapi.NewContext() context.Cluster = name context.AuthInfo = name // Update the config struct with API server endpoint info, // credentials and context. kubeconfig.Clusters[name] = cluster kubeconfig.AuthInfos[name] = authInfo kubeconfig.Contexts[name] = context if !dryRun { // Write the update kubeconfig. if err := clientcmd.ModifyConfig(po, *kubeconfig, true); err != nil { return err } } return nil }
// MergeConfig adds the additional Config stanzas to the startingConfig. It blindly stomps clusters and users, but // it searches for a matching context before writing a new one. func MergeConfig(startingConfig, addition clientcmdapi.Config) (*clientcmdapi.Config, error) { ret := startingConfig for requestedKey, value := range addition.Clusters { ret.Clusters[requestedKey] = value } for requestedKey, value := range addition.AuthInfos { ret.AuthInfos[requestedKey] = value } requestedContextNamesToActualContextNames := map[string]string{} for requestedKey, newContext := range addition.Contexts { actualContext := clientcmdapi.NewContext() actualContext.AuthInfo = newContext.AuthInfo actualContext.Cluster = newContext.Cluster actualContext.Namespace = newContext.Namespace actualContext.Extensions = newContext.Extensions if existingName := FindExistingContextName(startingConfig, *actualContext); len(existingName) > 0 { // if this already exists, just move to the next, our job is done requestedContextNamesToActualContextNames[requestedKey] = existingName continue } requestedContextNamesToActualContextNames[requestedKey] = requestedKey ret.Contexts[requestedKey] = actualContext } if len(addition.CurrentContext) > 0 { if newCurrentContext, exists := requestedContextNamesToActualContextNames[addition.CurrentContext]; exists { ret.CurrentContext = newCurrentContext } else { ret.CurrentContext = addition.CurrentContext } } return &ret, nil }
// setupKubeconfig reads config from disk, adds the minikube settings, and writes it back. // activeContext is true when minikube is the CurrentContext // If no CurrentContext is set, the given name will be used. func setupKubeconfig(name, server, certAuth, cliCert, cliKey string) error { configFile := constants.KubeconfigPath // read existing config or create new if does not exist config, err := kubeconfig.ReadConfigOrNew(configFile) if err != nil { return err } clusterName := name cluster := cfg.NewCluster() cluster.Server = server cluster.CertificateAuthority = certAuth config.Clusters[clusterName] = cluster // user userName := name user := cfg.NewAuthInfo() user.ClientCertificate = cliCert user.ClientKey = cliKey config.AuthInfos[userName] = user // context contextName := name context := cfg.NewContext() context.Cluster = clusterName context.AuthInfo = userName config.Contexts[contextName] = context // Always set current context to minikube. config.CurrentContext = contextName // write back to disk if err := kubeconfig.WriteConfig(config, configFile); err != nil { return err } return nil }
// minikubeConfig returns a config that reasonably approximates a localkube cluster func minikubeConfig(config *api.Config) { // cluster clusterName := "minikube" cluster := api.NewCluster() cluster.Server = "https://192.168.99.100:" + strconv.Itoa(constants.APIServerPort) cluster.CertificateAuthority = "/home/tux/.minikube/apiserver.crt" config.Clusters[clusterName] = cluster // user userName := "******" user := api.NewAuthInfo() user.ClientCertificate = "/home/tux/.minikube/apiserver.crt" user.ClientKey = "/home/tux/.minikube/apiserver.key" config.AuthInfos[userName] = user // context contextName := "minikube" context := api.NewContext() context.Cluster = clusterName context.AuthInfo = userName config.Contexts[contextName] = context config.CurrentContext = contextName }
func (o createContextOptions) run() error { err := o.validate() if err != nil { return err } config, err := o.configAccess.GetStartingConfig() if err != nil { return err } startingStanza, exists := config.Contexts[o.name] if !exists { startingStanza = clientcmdapi.NewContext() } context := o.modifyContext(*startingStanza) config.Contexts[o.name] = &context if err := clientcmd.ModifyConfig(o.configAccess, *config, true); err != nil { return err } return nil }
func init() { err := api.Scheme.AddConversionFuncs( func(in *Cluster, out *api.Cluster, s conversion.Scope) error { return s.DefaultConvert(in, out, conversion.IgnoreMissingFields) }, func(in *api.Cluster, out *Cluster, s conversion.Scope) error { return s.DefaultConvert(in, out, conversion.IgnoreMissingFields) }, func(in *Preferences, out *api.Preferences, s conversion.Scope) error { return s.DefaultConvert(in, out, conversion.IgnoreMissingFields) }, func(in *api.Preferences, out *Preferences, s conversion.Scope) error { return s.DefaultConvert(in, out, conversion.IgnoreMissingFields) }, func(in *AuthInfo, out *api.AuthInfo, s conversion.Scope) error { return s.DefaultConvert(in, out, conversion.IgnoreMissingFields) }, func(in *api.AuthInfo, out *AuthInfo, s conversion.Scope) error { return s.DefaultConvert(in, out, conversion.IgnoreMissingFields) }, func(in *Context, out *api.Context, s conversion.Scope) error { return s.DefaultConvert(in, out, conversion.IgnoreMissingFields) }, func(in *api.Context, out *Context, s conversion.Scope) error { return s.DefaultConvert(in, out, conversion.IgnoreMissingFields) }, func(in *Config, out *api.Config, s conversion.Scope) error { out.CurrentContext = in.CurrentContext if err := s.Convert(&in.Preferences, &out.Preferences, 0); err != nil { return err } out.Clusters = make(map[string]*api.Cluster) if err := s.Convert(&in.Clusters, &out.Clusters, 0); err != nil { return err } out.AuthInfos = make(map[string]*api.AuthInfo) if err := s.Convert(&in.AuthInfos, &out.AuthInfos, 0); err != nil { return err } out.Contexts = make(map[string]*api.Context) if err := s.Convert(&in.Contexts, &out.Contexts, 0); err != nil { return err } out.Extensions = make(map[string]runtime.Object) if err := s.Convert(&in.Extensions, &out.Extensions, 0); err != nil { return err } return nil }, func(in *api.Config, out *Config, s conversion.Scope) error { out.CurrentContext = in.CurrentContext if err := s.Convert(&in.Preferences, &out.Preferences, 0); err != nil { return err } out.Clusters = make([]NamedCluster, 0, 0) if err := s.Convert(&in.Clusters, &out.Clusters, 0); err != nil { return err } out.AuthInfos = make([]NamedAuthInfo, 0, 0) if err := s.Convert(&in.AuthInfos, &out.AuthInfos, 0); err != nil { return err } out.Contexts = make([]NamedContext, 0, 0) if err := s.Convert(&in.Contexts, &out.Contexts, 0); err != nil { return err } out.Extensions = make([]NamedExtension, 0, 0) if err := s.Convert(&in.Extensions, &out.Extensions, 0); err != nil { return err } return nil }, func(in *[]NamedCluster, out *map[string]*api.Cluster, s conversion.Scope) error { for _, curr := range *in { newCluster := api.NewCluster() if err := s.Convert(&curr.Cluster, newCluster, 0); err != nil { return err } (*out)[curr.Name] = newCluster } return nil }, func(in *map[string]*api.Cluster, out *[]NamedCluster, s conversion.Scope) error { allKeys := make([]string, 0, len(*in)) for key := range *in { allKeys = append(allKeys, key) } sort.Strings(allKeys) for _, key := range allKeys { newCluster := (*in)[key] oldCluster := &Cluster{} if err := s.Convert(newCluster, oldCluster, 0); err != nil { return err } namedCluster := NamedCluster{key, *oldCluster} *out = append(*out, namedCluster) } return nil }, func(in *[]NamedAuthInfo, out *map[string]*api.AuthInfo, s conversion.Scope) error { for _, curr := range *in { newAuthInfo := api.NewAuthInfo() if err := s.Convert(&curr.AuthInfo, newAuthInfo, 0); err != nil { return err } (*out)[curr.Name] = newAuthInfo } return nil }, func(in *map[string]*api.AuthInfo, out *[]NamedAuthInfo, s conversion.Scope) error { allKeys := make([]string, 0, len(*in)) for key := range *in { allKeys = append(allKeys, key) } sort.Strings(allKeys) for _, key := range allKeys { newAuthInfo := (*in)[key] oldAuthInfo := &AuthInfo{} if err := s.Convert(newAuthInfo, oldAuthInfo, 0); err != nil { return err } namedAuthInfo := NamedAuthInfo{key, *oldAuthInfo} *out = append(*out, namedAuthInfo) } return nil }, func(in *[]NamedContext, out *map[string]*api.Context, s conversion.Scope) error { for _, curr := range *in { newContext := api.NewContext() if err := s.Convert(&curr.Context, newContext, 0); err != nil { return err } (*out)[curr.Name] = newContext } return nil }, func(in *map[string]*api.Context, out *[]NamedContext, s conversion.Scope) error { allKeys := make([]string, 0, len(*in)) for key := range *in { allKeys = append(allKeys, key) } sort.Strings(allKeys) for _, key := range allKeys { newContext := (*in)[key] oldContext := &Context{} if err := s.Convert(newContext, oldContext, 0); err != nil { return err } namedContext := NamedContext{key, *oldContext} *out = append(*out, namedContext) } return nil }, func(in *[]NamedExtension, out *map[string]runtime.Object, s conversion.Scope) error { for _, curr := range *in { var newExtension runtime.Object if err := s.Convert(&curr.Extension, &newExtension, 0); err != nil { return err } (*out)[curr.Name] = newExtension } return nil }, func(in *map[string]runtime.Object, out *[]NamedExtension, s conversion.Scope) error { allKeys := make([]string, 0, len(*in)) for key := range *in { allKeys = append(allKeys, key) } sort.Strings(allKeys) for _, key := range allKeys { newExtension := (*in)[key] oldExtension := &runtime.RawExtension{} if err := s.Convert(newExtension, oldExtension, 0); err != nil { return err } namedExtension := NamedExtension{key, *oldExtension} *out = append(*out, namedExtension) } return nil }, ) if err != nil { // If one of the conversion functions is malformed, detect it immediately. panic(err) } }
func modifyConfig(configAccess clientcmd.ConfigAccess, suppliedConfig *clientcmdapi.Config) error { config, err := configAccess.GetStartingConfig() if err != nil { return err } for name, authInfo := range suppliedConfig.AuthInfos { initial, ok := config.AuthInfos[name] if !ok { initial = clientcmdapi.NewAuthInfo() } modifiedAuthInfo := *initial var setToken, setBasic bool if len(authInfo.ClientCertificate) > 0 { modifiedAuthInfo.ClientCertificate = authInfo.ClientCertificate } if len(authInfo.ClientCertificateData) > 0 { modifiedAuthInfo.ClientCertificateData = authInfo.ClientCertificateData } if len(authInfo.ClientKey) > 0 { modifiedAuthInfo.ClientKey = authInfo.ClientKey } if len(authInfo.ClientKeyData) > 0 { modifiedAuthInfo.ClientKeyData = authInfo.ClientKeyData } if len(authInfo.Token) > 0 { modifiedAuthInfo.Token = authInfo.Token setToken = len(modifiedAuthInfo.Token) > 0 } if len(authInfo.Username) > 0 { modifiedAuthInfo.Username = authInfo.Username setBasic = setBasic || len(modifiedAuthInfo.Username) > 0 } if len(authInfo.Password) > 0 { modifiedAuthInfo.Password = authInfo.Password setBasic = setBasic || len(modifiedAuthInfo.Password) > 0 } // If any auth info was set, make sure any other existing auth types are cleared if setToken || setBasic { if !setToken { modifiedAuthInfo.Token = "" } if !setBasic { modifiedAuthInfo.Username = "" modifiedAuthInfo.Password = "" } } config.AuthInfos[name] = &modifiedAuthInfo } for name, cluster := range suppliedConfig.Clusters { initial, ok := config.Clusters[name] if !ok { initial = clientcmdapi.NewCluster() } modifiedCluster := *initial if len(cluster.Server) > 0 { modifiedCluster.Server = cluster.Server } if cluster.InsecureSkipTLSVerify { modifiedCluster.InsecureSkipTLSVerify = cluster.InsecureSkipTLSVerify // Specifying insecure mode clears any certificate authority if modifiedCluster.InsecureSkipTLSVerify { modifiedCluster.CertificateAuthority = "" modifiedCluster.CertificateAuthorityData = nil } } if len(cluster.CertificateAuthorityData) > 0 { modifiedCluster.CertificateAuthorityData = cluster.CertificateAuthorityData modifiedCluster.InsecureSkipTLSVerify = false } if len(cluster.CertificateAuthority) > 0 { modifiedCluster.CertificateAuthority = cluster.CertificateAuthority modifiedCluster.InsecureSkipTLSVerify = false } config.Clusters[name] = &modifiedCluster } for name, context := range suppliedConfig.Contexts { initial, ok := config.Contexts[name] if !ok { initial = clientcmdapi.NewContext() } modifiedContext := *initial if len(context.Cluster) > 0 { modifiedContext.Cluster = context.Cluster } if len(context.AuthInfo) > 0 { modifiedContext.AuthInfo = context.AuthInfo } if len(context.Namespace) > 0 { modifiedContext.Namespace = context.Namespace } config.Contexts[name] = &modifiedContext } if err := clientcmd.ModifyConfig(configAccess, *config, true); err != nil { return err } return nil }