diff --git a/contrib/completions/bash/kubectl b/contrib/completions/bash/kubectl index 4d29416a5c5..192b3434242 100644 --- a/contrib/completions/bash/kubectl +++ b/contrib/completions/bash/kubectl @@ -721,7 +721,6 @@ _kubectl_config_set-credentials() flags_with_completion=() flags_completion=() - flags+=("--auth-path=") flags+=("--client-certificate=") flags+=("--client-key=") flags+=("--embed-certs") @@ -916,8 +915,6 @@ _kubectl() flags+=("--alsologtostderr") flags+=("--api-version=") - flags+=("--auth-path=") - two_word_flags+=("-a") flags+=("--certificate-authority=") flags+=("--client-certificate=") flags+=("--client-key=") diff --git a/docs/man/man1/kubectl-api-versions.1 b/docs/man/man1/kubectl-api-versions.1 index c03601aff08..0c66fdba938 100644 --- a/docs/man/man1/kubectl-api-versions.1 +++ b/docs/man/man1/kubectl-api-versions.1 @@ -31,10 +31,6 @@ Print available API versions. \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-cluster-info.1 b/docs/man/man1/kubectl-cluster-info.1 index 1584b294850..df5e04fd01c 100644 --- a/docs/man/man1/kubectl-cluster-info.1 +++ b/docs/man/man1/kubectl-cluster-info.1 @@ -31,10 +31,6 @@ Display addresses of the master and services with label kubernetes.io/cluster\-s \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-config-set-cluster.1 b/docs/man/man1/kubectl-config-set-cluster.1 index a63c4c3c545..a99b2cee93f 100644 --- a/docs/man/man1/kubectl-config-set-cluster.1 +++ b/docs/man/man1/kubectl-config-set-cluster.1 @@ -48,10 +48,6 @@ Specifying a name that already exists will merge new fields on top of existing v \fB\-\-alsologtostderr\fP=false log to standard error as well as files -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-client\-certificate\fP="" Path to a client key file for TLS. diff --git a/docs/man/man1/kubectl-config-set-context.1 b/docs/man/man1/kubectl-config-set-context.1 index 19043acb03b..987073b8f77 100644 --- a/docs/man/man1/kubectl-config-set-context.1 +++ b/docs/man/man1/kubectl-config-set-context.1 @@ -44,10 +44,6 @@ Specifying a name that already exists will merge new fields on top of existing v \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-config-set-credentials.1 b/docs/man/man1/kubectl-config-set-credentials.1 index 77afc1832df..63e4ad24026 100644 --- a/docs/man/man1/kubectl-config-set-credentials.1 +++ b/docs/man/man1/kubectl-config-set-credentials.1 @@ -33,10 +33,6 @@ Bearer token and basic auth are mutually exclusive. .SH OPTIONS -.PP -\fB\-\-auth\-path\fP="" - auth\-path for the user entry in kubeconfig - .PP \fB\-\-client\-certificate\fP="" path to client\-certificate for the user entry in kubeconfig diff --git a/docs/man/man1/kubectl-config-set.1 b/docs/man/man1/kubectl-config-set.1 index ce977f677e1..25a449dc44f 100644 --- a/docs/man/man1/kubectl-config-set.1 +++ b/docs/man/man1/kubectl-config-set.1 @@ -33,10 +33,6 @@ PROPERTY\_VALUE is the new value you wish to set. \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-config-unset.1 b/docs/man/man1/kubectl-config-unset.1 index 4bfb6f77c6e..ea10fae82a7 100644 --- a/docs/man/man1/kubectl-config-unset.1 +++ b/docs/man/man1/kubectl-config-unset.1 @@ -32,10 +32,6 @@ PROPERTY\_NAME is a dot delimited name where each token represents either a attr \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-config-use-context.1 b/docs/man/man1/kubectl-config-use-context.1 index 12814efc699..cabbdaf8aad 100644 --- a/docs/man/man1/kubectl-config-use-context.1 +++ b/docs/man/man1/kubectl-config-use-context.1 @@ -31,10 +31,6 @@ Sets the current\-context in a kubeconfig file \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-config-view.1 b/docs/man/man1/kubectl-config-view.1 index 0438e65b62f..5036cabcc23 100644 --- a/docs/man/man1/kubectl-config-view.1 +++ b/docs/man/man1/kubectl-config-view.1 @@ -67,10 +67,6 @@ You can use \-\-output=template \-\-template=TEMPLATE to extract specific values \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-config.1 b/docs/man/man1/kubectl-config.1 index e99d2bece1c..fb6687cf2e1 100644 --- a/docs/man/man1/kubectl-config.1 +++ b/docs/man/man1/kubectl-config.1 @@ -41,10 +41,6 @@ The loading order follows these rules: \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-create.1 b/docs/man/man1/kubectl-create.1 index ca9b27364c7..f77d10e17d4 100644 --- a/docs/man/man1/kubectl-create.1 +++ b/docs/man/man1/kubectl-create.1 @@ -38,10 +38,6 @@ JSON and YAML formats are accepted. \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-delete.1 b/docs/man/man1/kubectl-delete.1 index 57df45ecf7e..c28b1d15c32 100644 --- a/docs/man/man1/kubectl-delete.1 +++ b/docs/man/man1/kubectl-delete.1 @@ -63,10 +63,6 @@ will be lost along with the rest of the resource. \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-describe.1 b/docs/man/man1/kubectl-describe.1 index 38b2e3ba9a1..a165eca4d1c 100644 --- a/docs/man/man1/kubectl-describe.1 +++ b/docs/man/man1/kubectl-describe.1 @@ -35,10 +35,6 @@ given resource. \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-exec.1 b/docs/man/man1/kubectl-exec.1 index 5324972cbcb..c22746ab7e3 100644 --- a/docs/man/man1/kubectl-exec.1 +++ b/docs/man/man1/kubectl-exec.1 @@ -47,10 +47,6 @@ Execute a command in a container. \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-expose.1 b/docs/man/man1/kubectl-expose.1 index 99ac27d97f5..3ea4b73ad90 100644 --- a/docs/man/man1/kubectl-expose.1 +++ b/docs/man/man1/kubectl-expose.1 @@ -100,10 +100,6 @@ selector for a new Service on the specified port. \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-get.1 b/docs/man/man1/kubectl-get.1 index 5b87150369c..d9f9cb53509 100644 --- a/docs/man/man1/kubectl-get.1 +++ b/docs/man/man1/kubectl-get.1 @@ -68,10 +68,6 @@ of the \-\-template flag, you can filter the attributes of the fetched resource( \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-label.1 b/docs/man/man1/kubectl-label.1 index 192f087d183..00946e8319b 100644 --- a/docs/man/man1/kubectl-label.1 +++ b/docs/man/man1/kubectl-label.1 @@ -68,10 +68,6 @@ If \-\-resource\-version is specified, then updates will use this resource versi \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-log.1 b/docs/man/man1/kubectl-log.1 index 3cea9c32782..08f7fdce663 100644 --- a/docs/man/man1/kubectl-log.1 +++ b/docs/man/man1/kubectl-log.1 @@ -39,10 +39,6 @@ Print the logs for a container in a pod. If the pod has only one container, the \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-namespace.1 b/docs/man/man1/kubectl-namespace.1 index 6f0a0819c56..95094304347 100644 --- a/docs/man/man1/kubectl-namespace.1 +++ b/docs/man/man1/kubectl-namespace.1 @@ -34,10 +34,6 @@ namespace has been superceded by the context.namespace field of .kubeconfig file \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-port-forward.1 b/docs/man/man1/kubectl-port-forward.1 index 0f99fb29f64..ee535ccd456 100644 --- a/docs/man/man1/kubectl-port-forward.1 +++ b/docs/man/man1/kubectl-port-forward.1 @@ -35,10 +35,6 @@ Forward one or more local ports to a pod. \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-proxy.1 b/docs/man/man1/kubectl-proxy.1 index 5ac2fcd5a1f..ccb42822da0 100644 --- a/docs/man/man1/kubectl-proxy.1 +++ b/docs/man/man1/kubectl-proxy.1 @@ -47,10 +47,6 @@ Run a proxy to the Kubernetes API server. \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-resize.1 b/docs/man/man1/kubectl-resize.1 index 9d2d25ab5c1..86ecbb583b0 100644 --- a/docs/man/man1/kubectl-resize.1 +++ b/docs/man/man1/kubectl-resize.1 @@ -49,10 +49,6 @@ resize is sent to the server. \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-rolling-update.1 b/docs/man/man1/kubectl-rolling-update.1 index 83bb6f08046..c5d28ffe22f 100644 --- a/docs/man/man1/kubectl-rolling-update.1 +++ b/docs/man/man1/kubectl-rolling-update.1 @@ -85,10 +85,6 @@ existing controller and overwrite at least one (common) label in its replicaSele \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-run-container.1 b/docs/man/man1/kubectl-run-container.1 index e59ae88e6fe..2d0c0b7e382 100644 --- a/docs/man/man1/kubectl-run-container.1 +++ b/docs/man/man1/kubectl-run-container.1 @@ -81,10 +81,6 @@ Creates a replication controller to manage the created container(s). \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-stop.1 b/docs/man/man1/kubectl-stop.1 index 060f2eaf211..54de59515af 100644 --- a/docs/man/man1/kubectl-stop.1 +++ b/docs/man/man1/kubectl-stop.1 @@ -51,10 +51,6 @@ If the resource is resizable it will be resized to 0 before deletion. \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-update.1 b/docs/man/man1/kubectl-update.1 index f400c93a6c5..92e8dfac6a7 100644 --- a/docs/man/man1/kubectl-update.1 +++ b/docs/man/man1/kubectl-update.1 @@ -42,10 +42,6 @@ JSON and YAML formats are accepted. \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-version.1 b/docs/man/man1/kubectl-version.1 index 1640fdd5b75..984fb3810ef 100644 --- a/docs/man/man1/kubectl-version.1 +++ b/docs/man/man1/kubectl-version.1 @@ -35,10 +35,6 @@ Print the client and server version information. \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl.1 b/docs/man/man1/kubectl.1 index 7c62909a0e6..8c0a22ef164 100644 --- a/docs/man/man1/kubectl.1 +++ b/docs/man/man1/kubectl.1 @@ -29,10 +29,6 @@ Find more information at \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/pkg/client/clientcmd/api/helpers.go b/pkg/client/clientcmd/api/helpers.go index 394a9cfd02f..5ea762a3c57 100644 --- a/pkg/client/clientcmd/api/helpers.go +++ b/pkg/client/clientcmd/api/helpers.go @@ -96,16 +96,12 @@ func ShortenConfig(config *Config) { } // Flatten changes the config object into a self contained config (useful for making secrets) -// AuthPath is not handled. func FlattenConfig(config *Config) error { for key, authInfo := range config.AuthInfos { baseDir, err := MakeAbs(path.Dir(authInfo.LocationOfOrigin), "") if err != nil { return err } - if len(authInfo.AuthPath) != 0 { - return fmt.Errorf("auth path of %v is not empty: %v", key, authInfo.AuthPath) - } if err := FlattenContent(&authInfo.ClientCertificate, &authInfo.ClientCertificateData, baseDir); err != nil { return err diff --git a/pkg/client/clientcmd/api/types.go b/pkg/client/clientcmd/api/types.go index 81daa386e28..2d74a96e674 100644 --- a/pkg/client/clientcmd/api/types.go +++ b/pkg/client/clientcmd/api/types.go @@ -69,8 +69,6 @@ type Cluster struct { type AuthInfo struct { // LocationOfOrigin indicates where this object came from. It is used for round tripping config post-merge, but never serialized. LocationOfOrigin string - // AuthPath is the path to a kubernetes auth file (~/.kubernetes_auth). If you provide an AuthPath, the other options specified are ignored - AuthPath string `json:"auth-path,omitempty"` // ClientCertificate is the path to a client cert file for TLS. ClientCertificate string `json:"client-certificate,omitempty"` // ClientCertificateData contains PEM-encoded data from a client cert file for TLS. Overrides ClientCertificate diff --git a/pkg/client/clientcmd/api/types_test.go b/pkg/client/clientcmd/api/types_test.go index dbb6766af19..3caf18fae62 100644 --- a/pkg/client/clientcmd/api/types_test.go +++ b/pkg/client/clientcmd/api/types_test.go @@ -53,9 +53,6 @@ func ExampleOfOptionsConfig() { APIVersion: "v1beta1", InsecureSkipTLSVerify: false, } - defaultConfig.AuthInfos["black-mage-via-file"] = AuthInfo{ - AuthPath: "path/to/my/.kubernetes_auth", - } defaultConfig.AuthInfos["white-mage-via-cert"] = AuthInfo{ ClientCertificate: "path/to/my/client-cert-filename", ClientKey: "path/to/my/client-key-filename", @@ -116,9 +113,6 @@ func ExampleOfOptionsConfig() { // preferences: // colors: true // users: - // black-mage-via-file: - // LocationOfOrigin: "" - // auth-path: path/to/my/.kubernetes_auth // red-mage-via-token: // LocationOfOrigin: "" // token: my-secret-token diff --git a/pkg/client/clientcmd/api/v1/types.go b/pkg/client/clientcmd/api/v1/types.go index 325d998de30..3f29f435bc7 100644 --- a/pkg/client/clientcmd/api/v1/types.go +++ b/pkg/client/clientcmd/api/v1/types.go @@ -65,8 +65,6 @@ type Cluster struct { // AuthInfo contains information that describes identity information. This is use to tell the kubernetes cluster who you are. type AuthInfo struct { - // AuthPath is the path to a kubernetes auth file (~/.kubernetes_auth). If you provide an AuthPath, the other options specified are ignored - AuthPath string `json:"auth-path,omitempty"` // ClientCertificate is the path to a client cert file for TLS. ClientCertificate string `json:"client-certificate,omitempty"` // ClientCertificateData contains PEM-encoded data from a client cert file for TLS. Overrides ClientCertificate diff --git a/pkg/client/clientcmd/client_config.go b/pkg/client/clientcmd/client_config.go index 38a2e43f5bc..21cae3d25b3 100644 --- a/pkg/client/clientcmd/client_config.go +++ b/pkg/client/clientcmd/client_config.go @@ -117,25 +117,6 @@ func (config DirectClientConfig) ClientConfig() (*client.Config, error) { func getServerIdentificationPartialConfig(configAuthInfo clientcmdapi.AuthInfo, configClusterInfo clientcmdapi.Cluster) (*client.Config, error) { mergedConfig := &client.Config{} - defaultAuthPathInfo, err := NewDefaultAuthLoader().LoadAuth(os.Getenv("HOME") + "/.kubernetes_auth") - // if the error is anything besides a does not exist, then fail. Not existing is ok - if err != nil && !os.IsNotExist(err) { - return nil, err - } - if defaultAuthPathInfo != nil { - defaultAuthPathConfig := makeServerIdentificationConfig(*defaultAuthPathInfo) - mergo.Merge(mergedConfig, defaultAuthPathConfig) - } - - if len(configAuthInfo.AuthPath) > 0 { - authPathInfo, err := NewDefaultAuthLoader().LoadAuth(configAuthInfo.AuthPath) - if err != nil { - return nil, err - } - authPathConfig := makeServerIdentificationConfig(*authPathInfo) - mergo.Merge(mergedConfig, authPathConfig) - } - // configClusterInfo holds the information identify the server provided by .kubeconfig configClientConfig := &client.Config{} configClientConfig.CAFile = configClusterInfo.CertificateAuthority @@ -156,15 +137,6 @@ func getServerIdentificationPartialConfig(configAuthInfo clientcmdapi.AuthInfo, func getUserIdentificationPartialConfig(configAuthInfo clientcmdapi.AuthInfo, fallbackReader io.Reader) (*client.Config, error) { mergedConfig := &client.Config{} - if len(configAuthInfo.AuthPath) > 0 { - authPathInfo, err := NewDefaultAuthLoader().LoadAuth(configAuthInfo.AuthPath) - if err != nil { - return nil, err - } - authPathConfig := makeUserIdentificationConfig(*authPathInfo) - mergo.Merge(mergedConfig, authPathConfig) - } - // blindly overwrite existing values based on precedence if len(configAuthInfo.Token) > 0 { mergedConfig.BearerToken = configAuthInfo.Token @@ -180,22 +152,6 @@ func getUserIdentificationPartialConfig(configAuthInfo clientcmdapi.AuthInfo, fa mergedConfig.Password = configAuthInfo.Password } - // if there isn't sufficient information to authenticate the user to the server, merge in ~/.kubernetes_auth. - if !canIdentifyUser(*mergedConfig) { - defaultAuthPathInfo, err := NewDefaultAuthLoader().LoadAuth(os.Getenv("HOME") + "/.kubernetes_auth") - // if the error is anything besides a does not exist, then fail. Not existing is ok - if err != nil && !os.IsNotExist(err) { - return nil, err - } - if defaultAuthPathInfo != nil { - defaultAuthPathConfig := makeUserIdentificationConfig(*defaultAuthPathInfo) - previouslyMergedConfig := mergedConfig - mergedConfig = &client.Config{} - mergo.Merge(mergedConfig, defaultAuthPathConfig) - mergo.Merge(mergedConfig, previouslyMergedConfig) - } - } - // if there still isn't enough information to authenticate the user, try prompting if !canIdentifyUser(*mergedConfig) && (fallbackReader != nil) { prompter := NewPromptingAuthLoader(fallbackReader) diff --git a/pkg/client/clientcmd/loader.go b/pkg/client/clientcmd/loader.go index 8066fb13d6f..7410e5b82cd 100644 --- a/pkg/client/clientcmd/loader.go +++ b/pkg/client/clientcmd/loader.go @@ -235,7 +235,6 @@ func ResolveLocalPaths(filename string, config *clientcmdapi.Config) error { resolvedAuthInfos := make(map[string]clientcmdapi.AuthInfo) for key, authInfo := range config.AuthInfos { - authInfo.AuthPath = resolveLocalPath(configDir, authInfo.AuthPath) authInfo.ClientCertificate = resolveLocalPath(configDir, authInfo.ClientCertificate) authInfo.ClientKey = resolveLocalPath(configDir, authInfo.ClientKey) resolvedAuthInfos[key] = authInfo diff --git a/pkg/client/clientcmd/loader_test.go b/pkg/client/clientcmd/loader_test.go index a4ea5da8414..27c897d8a77 100644 --- a/pkg/client/clientcmd/loader_test.go +++ b/pkg/client/clientcmd/loader_test.go @@ -177,8 +177,8 @@ func TestConflictingCurrentContext(t *testing.T) { func TestResolveRelativePaths(t *testing.T) { pathResolutionConfig1 := clientcmdapi.Config{ AuthInfos: map[string]clientcmdapi.AuthInfo{ - "relative-user-1": {ClientCertificate: "relative/client/cert", ClientKey: "../relative/client/key", AuthPath: "../../relative/auth/path"}, - "absolute-user-1": {ClientCertificate: "/absolute/client/cert", ClientKey: "/absolute/client/key", AuthPath: "/absolute/auth/path"}, + "relative-user-1": {ClientCertificate: "relative/client/cert", ClientKey: "../relative/client/key"}, + "absolute-user-1": {ClientCertificate: "/absolute/client/cert", ClientKey: "/absolute/client/key"}, }, Clusters: map[string]clientcmdapi.Cluster{ "relative-server-1": {CertificateAuthority: "../relative/ca"}, @@ -187,8 +187,8 @@ func TestResolveRelativePaths(t *testing.T) { } pathResolutionConfig2 := clientcmdapi.Config{ AuthInfos: map[string]clientcmdapi.AuthInfo{ - "relative-user-2": {ClientCertificate: "relative/client/cert2", ClientKey: "../relative/client/key2", AuthPath: "../../relative/auth/path2"}, - "absolute-user-2": {ClientCertificate: "/absolute/client/cert2", ClientKey: "/absolute/client/key2", AuthPath: "/absolute/auth/path2"}, + "relative-user-2": {ClientCertificate: "relative/client/cert2", ClientKey: "../relative/client/key2"}, + "absolute-user-2": {ClientCertificate: "/absolute/client/cert2", ClientKey: "/absolute/client/key2"}, }, Clusters: map[string]clientcmdapi.Cluster{ "relative-server-2": {CertificateAuthority: "../relative/ca2"}, @@ -247,25 +247,21 @@ func TestResolveRelativePaths(t *testing.T) { foundAuthInfoCount++ matchStringArg(path.Join(configDir1, pathResolutionConfig1.AuthInfos["relative-user-1"].ClientCertificate), authInfo.ClientCertificate, t) matchStringArg(path.Join(configDir1, pathResolutionConfig1.AuthInfos["relative-user-1"].ClientKey), authInfo.ClientKey, t) - matchStringArg(path.Join(configDir1, pathResolutionConfig1.AuthInfos["relative-user-1"].AuthPath), authInfo.AuthPath, t) } if key == "relative-user-2" { foundAuthInfoCount++ matchStringArg(path.Join(configDir2, pathResolutionConfig2.AuthInfos["relative-user-2"].ClientCertificate), authInfo.ClientCertificate, t) matchStringArg(path.Join(configDir2, pathResolutionConfig2.AuthInfos["relative-user-2"].ClientKey), authInfo.ClientKey, t) - matchStringArg(path.Join(configDir2, pathResolutionConfig2.AuthInfos["relative-user-2"].AuthPath), authInfo.AuthPath, t) } if key == "absolute-user-1" { foundAuthInfoCount++ matchStringArg(pathResolutionConfig1.AuthInfos["absolute-user-1"].ClientCertificate, authInfo.ClientCertificate, t) matchStringArg(pathResolutionConfig1.AuthInfos["absolute-user-1"].ClientKey, authInfo.ClientKey, t) - matchStringArg(pathResolutionConfig1.AuthInfos["absolute-user-1"].AuthPath, authInfo.AuthPath, t) } if key == "absolute-user-2" { foundAuthInfoCount++ matchStringArg(pathResolutionConfig2.AuthInfos["absolute-user-2"].ClientCertificate, authInfo.ClientCertificate, t) matchStringArg(pathResolutionConfig2.AuthInfos["absolute-user-2"].ClientKey, authInfo.ClientKey, t) - matchStringArg(pathResolutionConfig2.AuthInfos["absolute-user-2"].AuthPath, authInfo.AuthPath, t) } } if foundAuthInfoCount != 4 { diff --git a/pkg/client/clientcmd/merged_client_builder_test.go b/pkg/client/clientcmd/merged_client_builder_test.go deleted file mode 100644 index 4beeb0ac228..00000000000 --- a/pkg/client/clientcmd/merged_client_builder_test.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors All rights reserved. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package clientcmd - -import ( - "encoding/json" - "io/ioutil" - "os" - "testing" - - "github.com/spf13/cobra" - - "github.com/GoogleCloudPlatform/kubernetes/pkg/clientauth" -) - -// Verifies that referencing an old .kubernetes_auth file respects all fields -func TestAuthPathUpdatesBothClusterAndUser(t *testing.T) { - authFile, _ := ioutil.TempFile("", "") - defer os.Remove(authFile.Name()) - - insecure := true - auth := &clientauth.Info{ - User: "user", - Password: "password", - CAFile: "ca-file", - CertFile: "cert-file", - KeyFile: "key-file", - BearerToken: "bearer-token", - Insecure: &insecure, - } - err := testWriteAuthInfoFile(*auth, authFile.Name()) - if err != nil { - t.Errorf("Unexpected error %v", err) - } - - cmd := &cobra.Command{ - Run: func(cmd *cobra.Command, args []string) { - }, - } - clientConfig := testBindClientConfig(cmd) - cmd.ParseFlags([]string{"--server=https://localhost", "--auth-path=" + authFile.Name()}) - - config, err := clientConfig.ClientConfig() - if err != nil { - t.Errorf("Unexpected error %v", err) - } - - matchStringArg(auth.User, config.Username, t) - matchStringArg(auth.Password, config.Password, t) - matchStringArg(auth.CAFile, config.CAFile, t) - matchStringArg(auth.CertFile, config.CertFile, t) - matchStringArg(auth.KeyFile, config.KeyFile, t) - matchStringArg(auth.BearerToken, config.BearerToken, t) - matchBoolArg(*auth.Insecure, config.Insecure, t) -} - -func testWriteAuthInfoFile(auth clientauth.Info, filename string) error { - data, err := json.Marshal(auth) - if err != nil { - return err - } - err = ioutil.WriteFile(filename, data, 0600) - return err -} - -func testBindClientConfig(cmd *cobra.Command) ClientConfig { - loadingRules := &ClientConfigLoadingRules{} - cmd.PersistentFlags().StringVar(&loadingRules.ExplicitPath, "kubeconfig", "", "Path to the kubeconfig file to use for CLI requests.") - - overrides := &ConfigOverrides{} - BindOverrideFlags(overrides, cmd.PersistentFlags(), RecommendedConfigOverrideFlags("")) - clientConfig := NewInteractiveDeferredLoadingClientConfig(loadingRules, overrides, os.Stdin) - - return clientConfig -} diff --git a/pkg/client/clientcmd/overrides.go b/pkg/client/clientcmd/overrides.go index 32121ba563a..1d98cbdf55b 100644 --- a/pkg/client/clientcmd/overrides.go +++ b/pkg/client/clientcmd/overrides.go @@ -44,7 +44,6 @@ type ConfigOverrideFlags struct { // AuthOverrideFlags holds the flag names to be used for binding command line flags for AuthInfo objects type AuthOverrideFlags struct { - AuthPath FlagInfo ClientCertificate FlagInfo ClientKey FlagInfo Token FlagInfo @@ -81,7 +80,6 @@ const ( FlagNamespace = "namespace" FlagAPIServer = "server" FlagAPIVersion = "api-version" - FlagAuthPath = "auth-path" FlagInsecure = "insecure-skip-tls-verify" FlagCertFile = "client-certificate" FlagKeyFile = "client-key" @@ -95,7 +93,6 @@ const ( // RecommendedAuthOverrideFlags is a convenience method to return recommended flag names prefixed with a string of your choosing func RecommendedAuthOverrideFlags(prefix string) AuthOverrideFlags { return AuthOverrideFlags{ - AuthPath: FlagInfo{prefix + FlagAuthPath, "", "", "Path to the auth info file. If missing, prompt the user. Only used if using https."}, ClientCertificate: FlagInfo{prefix + FlagCertFile, "", "", "Path to a client key file for TLS."}, ClientKey: FlagInfo{prefix + FlagKeyFile, "", "", "Path to a client key file for TLS."}, Token: FlagInfo{prefix + FlagBearerToken, "", "", "Bearer token for authentication to the API server."}, @@ -135,20 +132,11 @@ func RecommendedContextOverrideFlags(prefix string) ContextOverrideFlags { // BindAuthInfoFlags is a convenience method to bind the specified flags to their associated variables func BindAuthInfoFlags(authInfo *clientcmdapi.AuthInfo, flags *pflag.FlagSet, flagNames AuthOverrideFlags) { - deadString := "" - bindStringFlag(flags, &deadString, flagNames.AuthPath) bindStringFlag(flags, &authInfo.ClientCertificate, flagNames.ClientCertificate) bindStringFlag(flags, &authInfo.ClientKey, flagNames.ClientKey) bindStringFlag(flags, &authInfo.Token, flagNames.Token) bindStringFlag(flags, &authInfo.Username, flagNames.Username) bindStringFlag(flags, &authInfo.Password, flagNames.Password) - - if len(flagNames.AuthPath.LongName) > 0 { - flags.MarkDeprecated(flagNames.AuthPath.LongName, flagNames.AuthPath.LongName+" has been removed and is no longer respected") - } - if len(flagNames.AuthPath.ShortName) > 0 { - flags.MarkDeprecated(flagNames.AuthPath.ShortName, flagNames.AuthPath.ShortName+" has been removed and is no longer respected") - } } // BindClusterFlags is a convenience method to bind the specified flags to their associated variables diff --git a/pkg/client/clientcmd/validation.go b/pkg/client/clientcmd/validation.go index 2c76e50bc45..31e927ccbf2 100644 --- a/pkg/client/clientcmd/validation.go +++ b/pkg/client/clientcmd/validation.go @@ -177,17 +177,6 @@ func validateAuthInfo(authInfoName string, authInfo clientcmdapi.AuthInfo) []err if len(authInfo.Username) != 0 || len(authInfo.Password) != 0 { methods = append(methods, "basicAuth") } - if len(authInfo.AuthPath) != 0 { - usingAuthPath = true - methods = append(methods, "authFile") - - file, err := os.Open(authInfo.AuthPath) - os.IsNotExist(err) - defer file.Close() - if err != nil { - validationErrors = append(validationErrors, fmt.Errorf("unable to read auth-path %v for %v due to %v", authInfo.AuthPath, authInfoName, err)) - } - } if len(authInfo.ClientCertificate) != 0 || len(authInfo.ClientCertificateData) != 0 { // Make sure cert data and file aren't both specified diff --git a/pkg/client/clientcmd/validation_test.go b/pkg/client/clientcmd/validation_test.go index fb43e2021ee..f93aa03d737 100644 --- a/pkg/client/clientcmd/validation_test.go +++ b/pkg/client/clientcmd/validation_test.go @@ -33,7 +33,7 @@ func TestConfirmUsableBadInfoButOkConfig(t *testing.T) { CertificateAuthority: "missing", } config.AuthInfos["error"] = clientcmdapi.AuthInfo{ - AuthPath: "anything", + Username: "anything", Token: "here", } config.Contexts["dirty"] = clientcmdapi.Context{ @@ -53,7 +53,7 @@ func TestConfirmUsableBadInfoButOkConfig(t *testing.T) { badValidation := configValidationTest{ config: config, - expectedErrorSubstring: []string{"unable to read auth-path", "unable to read certificate-authority"}, + expectedErrorSubstring: []string{"unable to read certificate-authority"}, } okTest := configValidationTest{ config: config, @@ -69,7 +69,7 @@ func TestConfirmUsableBadInfoConfig(t *testing.T) { CertificateAuthority: "missing", } config.AuthInfos["error"] = clientcmdapi.AuthInfo{ - AuthPath: "anything", + Username: "anything", Token: "here", } config.Contexts["first"] = clientcmdapi.Context{ @@ -78,7 +78,7 @@ func TestConfirmUsableBadInfoConfig(t *testing.T) { } test := configValidationTest{ config: config, - expectedErrorSubstring: []string{"unable to read auth-path", "unable to read certificate-authority"}, + expectedErrorSubstring: []string{"unable to read certificate-authority"}, } test.testConfirmUsable("first", t) @@ -236,19 +236,6 @@ func TestValidateEmptyAuthInfo(t *testing.T) { test.testAuthInfo("error", t) test.testConfig(t) } -func TestValidatePathNotFoundAuthInfo(t *testing.T) { - config := clientcmdapi.NewConfig() - config.AuthInfos["error"] = clientcmdapi.AuthInfo{ - AuthPath: "missing", - } - test := configValidationTest{ - config: config, - expectedErrorSubstring: []string{"unable to read auth-path"}, - } - - test.testAuthInfo("error", t) - test.testConfig(t) -} func TestValidateCertFilesNotFoundAuthInfo(t *testing.T) { config := clientcmdapi.NewConfig() config.AuthInfos["error"] = clientcmdapi.AuthInfo{ @@ -298,21 +285,6 @@ func TestValidateCleanCertFilesAuthInfo(t *testing.T) { test.testAuthInfo("clean", t) test.testConfig(t) } -func TestValidateCleanPathAuthInfo(t *testing.T) { - tempFile, _ := ioutil.TempFile("", "") - defer os.Remove(tempFile.Name()) - - config := clientcmdapi.NewConfig() - config.AuthInfos["clean"] = clientcmdapi.AuthInfo{ - AuthPath: tempFile.Name(), - } - test := configValidationTest{ - config: config, - } - - test.testAuthInfo("clean", t) - test.testConfig(t) -} func TestValidateCleanTokenAuthInfo(t *testing.T) { config := clientcmdapi.NewConfig() config.AuthInfos["clean"] = clientcmdapi.AuthInfo{ diff --git a/pkg/kubectl/cmd/config/create_authinfo.go b/pkg/kubectl/cmd/config/create_authinfo.go index 0da40d21515..ecc96e6ffb8 100644 --- a/pkg/kubectl/cmd/config/create_authinfo.go +++ b/pkg/kubectl/cmd/config/create_authinfo.go @@ -94,8 +94,6 @@ func NewCmdConfigSetAuthInfo(out io.Writer, configAccess ConfigAccess) *cobra.Co cmd.Flags().Var(&options.password, clientcmd.FlagPassword, clientcmd.FlagPassword+" for the user entry in kubeconfig") cmd.Flags().Var(&options.embedCertData, clientcmd.FlagEmbedCerts, "embed client cert/key for the user entry in kubeconfig") - cmd.Flags().String(clientcmd.FlagAuthPath, "", clientcmd.FlagAuthPath+" for the user entry in kubeconfig") - cmd.Flags().MarkDeprecated(clientcmd.FlagAuthPath, clientcmd.FlagAuthPath+" has been removed and is no longer respected") return cmd } @@ -126,10 +124,6 @@ func (o *createAuthInfoOptions) modifyAuthInfo(existingAuthInfo clientcmdapi.Aut var setToken, setBasic bool - if o.authPath.Provided() { - modifiedAuthInfo.AuthPath = o.authPath.Value() - } - if o.clientCertificate.Provided() { certPath := o.clientCertificate.Value() if o.embedCertData.Value() { diff --git a/pkg/kubectl/cmd/util/factory.go b/pkg/kubectl/cmd/util/factory.go index fb0760e16d2..2282553a4da 100644 --- a/pkg/kubectl/cmd/util/factory.go +++ b/pkg/kubectl/cmd/util/factory.go @@ -338,7 +338,6 @@ func DefaultClientConfig(flags *pflag.FlagSet) clientcmd.ClientConfig { overrides := &clientcmd.ConfigOverrides{} flagNames := clientcmd.RecommendedConfigOverrideFlags("") // short flagnames are disabled by default. These are here for compatibility with existing scripts - flagNames.AuthOverrideFlags.AuthPath.ShortName = "a" flagNames.ClusterOverrideFlags.APIServer.ShortName = "s" clientcmd.BindOverrideFlags(overrides, flags, flagNames) diff --git a/test/e2e/util.go b/test/e2e/util.go index 8f039dca516..d6c7bda21d3 100644 --- a/test/e2e/util.go +++ b/test/e2e/util.go @@ -306,7 +306,6 @@ func validateController(c *client.Client, containerImage string, replicas int, c Failf("Timed out after %v seconds waiting for %s pods to reach valid state", podStartTimeout.Seconds(), testname) } -// kubectlCmd runs the kubectl executable. // kubectlCmd runs the kubectl executable. func kubectlCmd(args ...string) *exec.Cmd { defaultArgs := []string{} @@ -324,7 +323,6 @@ func kubectlCmd(args ...string) *exec.Cmd { } } else { - defaultArgs = append(defaultArgs, "--"+clientcmd.FlagAuthPath+"="+testContext.AuthConfig) if testContext.CertDir != "" { defaultArgs = append(defaultArgs, fmt.Sprintf("--certificate-authority=%s", filepath.Join(testContext.CertDir, "ca.crt")),