exec credential provider: InteractiveMode support

The value here is that the exec plugin author can use the kubeconfig to assert how standard input is treated with respect to the exec plugin, e.g., - an exec plugin author can ensure that kubectl fails if it cannot provide standard input to an exec plugin that needs it (Always) - an exec plugin author can ensure that an client-go process will still call an exec plugin that prefers standard input even if standard input is not available (IfAvailable) Signed-off-by: Andrew Keesler <akeesler@vmware.com> Kubernetes-commit: cd83d89ac94c5b61fdd38840098e7223e5af0d34
2025-09-12 13:25:29 +00:00 · 2021-06-14 17:15:36 -04:00
parent 1bccfc8c60
commit 37ed584bed
19 changed files with 659 additions and 83 deletions
--- a/pkg/apis/clientauthentication/types.go
+++ b/pkg/apis/clientauthentication/types.go
@@ -47,7 +47,7 @@ type ExecCredentialSpec struct {
 	Response *Response

 	// Interactive is true when the transport detects the command is being called from an
-	// interactive prompt.
+	// interactive prompt, i.e., when stdin has been passed to this exec plugin.
 	// +optional
 	Interactive bool

--- a/pkg/apis/clientauthentication/v1beta1/conversion.go
+++ b/pkg/apis/clientauthentication/v1beta1/conversion.go
@@ -22,7 +22,7 @@ import (
 )

 func Convert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec(in *clientauthentication.ExecCredentialSpec, out *ExecCredentialSpec, s conversion.Scope) error {
-	// This conversion intentionally omits the Response and Interactive fields, which were only
+	// This conversion intentionally omits the Response field, which were only
 	// supported in v1alpha1.
 	return autoConvert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec(in, out, s)
 }
--- a/pkg/apis/clientauthentication/v1beta1/types.go
+++ b/pkg/apis/clientauthentication/v1beta1/types.go
@@ -46,6 +46,9 @@ type ExecCredentialSpec struct {
 	// ExecConfig.ProvideClusterInfo).
 	// +optional
 	Cluster *Cluster `json:"cluster,omitempty"`
+
+	// Interactive declares whether stdin has been passed to this exec plugin.
+	Interactive bool `json:"interactive"`
 }

 // ExecCredentialStatus holds credentials for the transport to use.
--- a/pkg/apis/clientauthentication/v1beta1/zz_generated.conversion.go
+++ b/pkg/apis/clientauthentication/v1beta1/zz_generated.conversion.go
@@ -149,6 +149,7 @@ func autoConvert_v1beta1_ExecCredentialSpec_To_clientauthentication_ExecCredenti
 	} else {
 		out.Cluster = nil
 	}
+	out.Interactive = in.Interactive
 	return nil
 }

@@ -159,7 +160,7 @@ func Convert_v1beta1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSp

 func autoConvert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec(in *clientauthentication.ExecCredentialSpec, out *ExecCredentialSpec, s conversion.Scope) error {
 	// WARNING: in.Response requires manual conversion: does not exist in peer-type
-	// WARNING: in.Interactive requires manual conversion: does not exist in peer-type
+	out.Interactive = in.Interactive
 	if in.Cluster != nil {
 		in, out := &in.Cluster, &out.Cluster
 		*out = new(Cluster)