github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-30 15:05:27 +00:00
Code Issues Projects Releases Wiki Activity

Support more auth strategies in kubeadm join with discovery file (#110553)

Browse Source 
* Add support for client-go credential plugins

* Add support for authprovider authentication

* Add support for TokenFile authentication
This commit is contained in:
tallaxes 2022-06-14 08:03:45 -07:00 committed by GitHub
parent 03b18bf138
commit 4a542609aa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 37 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
cmd/kubeadm/app/util/kubeconfig/kubeconfig.go
View File

@ -124,7 +124,7 @@ func HasAuthenticationCredentials(config *clientcmdapi.Config) bool {
} }
// token authentication // token authentication
if len(authInfo.Token) != 0 { if len(authInfo.Token) != 0 || len(authInfo.TokenFile) != 0 {
return true return true
} }
@ -139,6 +139,16 @@ func HasAuthenticationCredentials(config *clientcmdapi.Config) bool {
return true return true
} }
// exec authentication
if authInfo.Exec != nil && len(authInfo.Exec.Command) != 0 {
return true
}
// authprovider authentication
if authInfo.AuthProvider != nil && len(authInfo.AuthProvider.Name) != 0 {
return true
}
return false return false
} }
@ -166,6 +176,14 @@ func EnsureAuthenticationInfoAreEmbedded(config *clientcmdapi.Config) error {
authInfo.ClientKeyData = clientKey authInfo.ClientKeyData = clientKey
authInfo.ClientKey = "" authInfo.ClientKey = ""
} }
if len(authInfo.Token) == 0 && len(authInfo.TokenFile) != 0 {
tokenBytes, err := os.ReadFile(authInfo.TokenFile)
if err != nil {
return errors.Wrap(err, "error while reading token file defined in kubeconfig")
}
authInfo.Token = string(tokenBytes)
authInfo.TokenFile = ""
}
return nil return nil
} }

18
cmd/kubeadm/app/util/kubeconfig/kubeconfig_test.go
View File

@ -313,6 +313,24 @@ func TestHasCredentials(t *testing.T) {
}, },
expected: true, expected: true,
}, },
{
name: "exec authentication credentials",
config: &clientcmdapi.Config{
CurrentContext: "kubernetes",
Contexts: map[string]*clientcmdapi.Context{"kubernetes": {AuthInfo: "kubernetes"}},
AuthInfos: map[string]*clientcmdapi.AuthInfo{"kubernetes": {Exec: &clientcmdapi.ExecConfig{Command: "command"}}},
},
expected: true,
},
{
name: "authprovider authentication credentials",
config: &clientcmdapi.Config{
CurrentContext: "kubernetes",
Contexts: map[string]*clientcmdapi.Context{"kubernetes": {AuthInfo: "kubernetes"}},
AuthInfos: map[string]*clientcmdapi.AuthInfo{"kubernetes": {AuthProvider: &clientcmdapi.AuthProviderConfig{Name: "A"}}},
},
expected: true,
},
} }
for _, rt := range testCases { for _, rt := range testCases {
t.Run(rt.name, func(t *testing.T) { t.Run(rt.name, func(t *testing.T) {