Remove reference to internal types in kuberc types
* Remove unserialized types from public APIs
Also remove defaulting
* Don't do conversion gen for plugin policy types
Because the plugin policy types are explicitly allowed to be empty, they
should not affect conversion. The autogenerated conversion functions for
the `Preference` type will leave those fields empty.
* Remove defaulting tests
Comments and simplifications (h/t jordan liggitt)
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Kubernetes-commit: fab280950dabfefabe6a8578b7a76372a9b21874
This is what happens when writing back a OIDC refresh token:
- plugin/pkg/client/auth/oidc/oidc.go:282
Calls `Persist` to save the new refresh token.
- tools/clientcmd/config.go:372
Calls `ModifyConfig` to save the config.
- tools/clientcmd/config.go:167
Calls `configAccess.GetLoadingPrecedence()` to get the files
listed from the `KUBECONFIG` environment variable.
- tools/clientcmd/loader.go:334
If the `ConfigAccess` was a `ClientConfigLoadingRules`, it
directly returns the `Precedence` slice from its `rules`
field.
THE PROBLEM:
The slice can be modified by the caller, unintentionally
changing the value of the `ClientConfigLoadingRules`'
`Precedence` field.
- tools/clientcmd/config.go:170
Then proceeds to in-place sort the slice returned by the
`ConfigAccess`. This is the same slice (by identity)
as the `ClientConfigLoadingRules`' `Precedence` field,
destroying its intended order.
- tools/clientcmd/config.go:179
Calls `configAccess.GetStartingConfig` to read the original
config so it can be compared with the new config.
- tools/clientcmd/loader.go:339
Calls `NewNonInteractiveDeferredLoadingClientConfig` with
itself as a parameter.
CONSEQUENCE:
At this point, its the `Precedence` has been
unintentionally sorted. When it loads the
config again, it gives precedence to whichever
file comes first in ascending alphabetical order.
- tools/clientcmd/config.go:192
If the file returned by `GetStartingConfig` has a
different `current-context` than the new config,
it calls `writeCurrentContext` to update the first
kubeconfig file in the `KUBECONFIG` environment
variable.
- tools/clientcmd/config.go:403
Calls `configAccess.GetDefaultFilename` to find the
destination kubeconfig file.
- tools/clientcmd/loader.go:358
Iterates through the kubeconfig files returned by
`GetLoadingPreferences` to find the first file
that exists.
CONSEQUENCE:
With the slice being sorted earlier, the files
returned by this call of `GetLoadingPreferences`
will be sorted alphabetically, rather than by
their intended order.
Kubernetes-commit: ffa084f81129ea685b176a282921c4d54906c539
Calling os.Exit() skipped the
`defer os.RemoveAll(tmp)`
above and thus dangling files & dirs would appear in their $TMPDIR.
Since go1.15 we can safely remove os.Exit() from TestMain() function.
As this exact issue was common enough so that go1.15 changed[1] the API of
TestMain to no longer require os.Exit to be called.
Reproducer:
$ (cd staging/src/k8s.io/client-go; go test ./tools/clientcmd)
$ ls -d /tmp/testkubeconfig*
/tmp/testkubeconfig1015943687
[1]: https://go-review.googlesource.com/c/go/+/219639
Kubernetes-commit: 457df1cf9817e29381609fbf2d85854a6b6a52ac
The "// import <path>" comment has been superseded by Go modules.
We don't have to remove them, but doing so has some advantages:
- They are used inconsistently, which is confusing.
- We can then also remove the (currently broken) hack/update-vanity-imports.sh.
- Last but not least, it would be a first step towards avoiding the k8s.io domain.
This commit was generated with
sed -i -e 's;^package \(.*\) // import.*;package \1;' $(git grep -l '^package.*// import' | grep -v 'vendor/')
Everything was included, except for
package labels // import k8s.io/kubernetes/pkg/util/labels
because that package is marked as "read-only".
Kubernetes-commit: 8a908e0c0bd96a3455edf7e3b5f5af90564e65b0
These are long gone, removed in 2016:
* AuthPath removal: https://github.com/kubernetes/kubernetes/pull/29216
* Flag removal: https://github.com/kubernetes/kubernetes/pull/40048
This removes the remnants from clientcmd, mostly in the comments
describing how the configuration is loaded.
Since getServerIdentificationPartialConfig can no longer fail (it
copies fields from one struct to another), this drops the error
return, along with the error handling in the caller.
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Kubernetes-commit: 8a8238ba7f850241de9c5cc4b22fa1a6b6a19480
The path module has a few different functions:
Clean, Split, Join, Ext, Dir, Base, IsAbs. These functions do not
take into account the OS-specific path separator, meaning that they
won't behave as intended on Windows.
For example, Dir is supposed to return all but the last element of the
path. For the path "C:\some\dir\somewhere", it is supposed to return
"C:\some\dir\", however, it returns ".".
Instead of these functions, the ones in filepath should be used instead.
Kubernetes-commit: 856bb5c8f266f5276f1a576f47be622d7cb384e7
T.Setenv ensures that the environment is returned to its prior state
when the test ends. It also panics when called from a parallel test to
prevent racy test interdependencies.
Kubernetes-commit: ac5ce5cbce7ddb6ffeff755d1cf670afadb8e1fb
* Add warning log callback in client-go loading rules
This provides a way to consumers use their own custom warning
mechanisms instead default klog warning.
* Use typed error instead plain string
* Fix interface change in unit test
Kubernetes-commit: 2ea6896f90c8b757d8a247d393b9a13fff2dab58
T.Setenv ensures that the environment is returned to its prior state
when the test ends. It also panics when called from a parallel test to
prevent racy test interdependencies.
Kubernetes-commit: 89467ad3e9b051515fa9632a7373d6ef01723256
This was making my eyes bleed as I read over code.
I used the following in vim. I made them up on the fly, but they seemed
to pass manual inspection.
:g/},\n\s*{$/s//}, {/
:w
:g/{$\n\s*{$/s//{{/
:w
:g/^\(\s*\)},\n\1},$/s//}},/
:w
:g/^\(\s*\)},$\n\1}$/s//}}/
:w
Kubernetes-commit: d55b67b349021b6c46fc6ce78f2a36bd4217145f
* Add RedactSecrets function
* Move RedactSecrets method to existing RawBytesData case
* Update TestRedactSecrets to use new pattern of os.CreateTemp()
Kubernetes-commit: e721272d10dd6c4d85ff613182ba0eaddcec9272
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Kubernetes-commit: a9593d634c6a053848413e600dadbf974627515f
* Enable setting proxyurl in kubeconfig via kubectl config
This PR enables setting `proxy-url` in kubeconfig via kubectl config.
* Add godoc for proxy-url unit tests
Kubernetes-commit: afdde383210294c3da573decc44b5ce55cffcb94
This allows to check for specific errors using `errors.Is`.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Kubernetes-commit: a5647fa417de6d17ba200f1b4bcd2bb28cceb22c
The value here is that the exec plugin author can use the kubeconfig to assert
how standard input is treated with respect to the exec plugin, e.g.,
- an exec plugin author can ensure that kubectl fails if it cannot provide
standard input to an exec plugin that needs it (Always)
- an exec plugin author can ensure that an client-go process will still call an
exec plugin that prefers standard input even if standard input is not
available (IfAvailable)
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
Kubernetes-commit: cd83d89ac94c5b61fdd38840098e7223e5af0d34
Errors from staticcheck:
cmd/preferredimports/preferredimports.go:38:2:
package golang.org/x/crypto/ssh/terminal is deprecated:
this package moved to golang.org/x/term. (SA1019)
vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go:36:2:
package golang.org/x/crypto/ssh/terminal is deprecated:
this package moved to golang.org/x/term. (SA1019)
vendor/k8s.io/client-go/tools/clientcmd/auth_loaders.go:26:2:
package golang.org/x/crypto/ssh/terminal is deprecated:
this package moved to golang.org/x/term. (SA1019)
Please review the above warnings. You can test via:
hack/verify-staticcheck.sh <failing package>
If the above warnings do not make sense, you can exempt the line or
file. See:
https://staticcheck.io/docs/#ignoring-problems
generated:
- hack/update-internal-modules.sh
- hack/lint-dependencies.sh
- hack/update-vendor.sh
Signed-off-by: Stephen Augustus <foo@auggie.dev>
Kubernetes-commit: d9435800b65d6787beaf061546599d757b8e87c9
If configuration object is used concurrently
it is not safe to mutate self.
There is no need for mutation so avoid it
just in case.
Kubernetes-commit: 9e360eb05efafd0fcabd5a065b62cb8226da94c2
