Add client auth plugin framework for kubectl with GCP auth plugin.

2025-10-15 03:29:39 +00:00 · 2016-03-05 18:00:36 -08:00
parent 6320e41b4f
commit 03f9b5adc0
11 changed files with 375 additions and 12 deletions
--- a/pkg/client/unversioned/clientcmd/api/types.go
+++ b/pkg/client/unversioned/clientcmd/api/types.go
@@ -94,6 +94,8 @@ type AuthInfo struct {
 	Username string `json:"username,omitempty"`
 	// Password is the password for basic authentication to the kubernetes cluster.
 	Password string `json:"password,omitempty"`
+	// AuthProvider specifies a custom authentication plugin for the kubernetes cluster.
+	AuthProvider *AuthProviderConfig `json:"auth-provider,omitempty"`
 	// Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
 	Extensions map[string]runtime.Object `json:"extensions,omitempty"`
 }
@@ -112,6 +114,11 @@ type Context struct {
 	Extensions map[string]runtime.Object `json:"extensions,omitempty"`
 }

+// AuthProviderConfig holds the configuration for a specified auth provider.
+type AuthProviderConfig struct {
+	Name string `json:"name"`
+}
+
 // NewConfig is a convenience function that returns a new Config object with non-nil maps
 func NewConfig() *Config {
 	return &Config{
--- a/pkg/client/unversioned/clientcmd/api/types_test.go
+++ b/pkg/client/unversioned/clientcmd/api/types_test.go
@@ -58,14 +58,17 @@ func Example_ofOptionsConfig() {
 	defaultConfig.AuthInfos["red-mage-via-token"] = &AuthInfo{
 		Token: "my-secret-token",
 	}
+	defaultConfig.AuthInfos["black-mage-via-auth-provider"] = &AuthInfo{
+		AuthProvider: &AuthProviderConfig{Name: "gcp"},
+	}
 	defaultConfig.Contexts["bravo-as-black-mage"] = &Context{
 		Cluster:   "bravo",
-		AuthInfo:  "black-mage-via-file",
+		AuthInfo:  "black-mage-via-auth-provider",
 		Namespace: "yankee",
 	}
 	defaultConfig.Contexts["alfa-as-black-mage"] = &Context{
 		Cluster:   "alfa",
-		AuthInfo:  "black-mage-via-file",
+		AuthInfo:  "black-mage-via-auth-provider",
 		Namespace: "zulu",
 	}
 	defaultConfig.Contexts["alfa-as-white-mage"] = &Context{
@@ -95,7 +98,7 @@ func Example_ofOptionsConfig() {
 	//     LocationOfOrigin: ""
 	//     cluster: alfa
 	//     namespace: zulu
-	//     user: black-mage-via-file
+	//     user: black-mage-via-auth-provider
 	//   alfa-as-white-mage:
 	//     LocationOfOrigin: ""
 	//     cluster: alfa
@@ -104,11 +107,15 @@ func Example_ofOptionsConfig() {
 	//     LocationOfOrigin: ""
 	//     cluster: bravo
 	//     namespace: yankee
-	//     user: black-mage-via-file
+	//     user: black-mage-via-auth-provider
 	// current-context: alfa-as-white-mage
 	// preferences:
 	//   colors: true
 	// users:
+	//   black-mage-via-auth-provider:
+	//     LocationOfOrigin: ""
+	//     auth-provider:
+	//       name: gcp
 	//   red-mage-via-token:
 	//     LocationOfOrigin: ""
 	//     token: my-secret-token
--- a/pkg/client/unversioned/clientcmd/api/v1/types.go
+++ b/pkg/client/unversioned/clientcmd/api/v1/types.go
@@ -88,6 +88,8 @@ type AuthInfo struct {
 	Username string `json:"username,omitempty"`
 	// Password is the password for basic authentication to the kubernetes cluster.
 	Password string `json:"password,omitempty"`
+	// AuthProvider specifies a custom authentication plugin for the kubernetes cluster.
+	AuthProvider *AuthProviderConfig `json:"auth-provider,omitempty"`
 	// Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
 	Extensions []NamedExtension `json:"extensions,omitempty"`
 }
@@ -135,3 +137,8 @@ type NamedExtension struct {
 	// Extension holds the extension information
 	Extension runtime.RawExtension `json:"extension"`
 }
+
+// AuthProviderConfig holds the configuration for a specified auth provider.
+type AuthProviderConfig struct {
+	Name string `json:"name"`
+}