github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-31 15:25:57 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #62627 from xiangpengzhao/support-group

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 56040, 62627). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Support groups (organizations) to be specified in client cert.

**What this PR does / why we need it**:
Provide a flag `--org` for `kubeadm alpha phase kubeconfig user` to support groups (organizations) to be specified in client cert.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubeadm/issues/753

**Special notes for your reviewer**:
cc @TomRK1089

**Release note**:

```release-note
 `kubeadm alpha phase kubeconfig user` supports groups (organizations) to be specified in client cert.
```
This commit is contained in:
Kubernetes Submit Queue 2018-04-16 15:02:11 -07:00 committed by GitHub
commit 73021aeda4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/kubeadm/app/cmd/phases/kubeconfig.go
View File

@ -103,6 +103,7 @@ func getKubeConfigSubCommands(out io.Writer, outDir, defaultKubernetesVersion st
legacyscheme.Scheme.Default(cfg) legacyscheme.Scheme.Default(cfg)
var cfgPath, token, clientName string var cfgPath, token, clientName string
var organizations []string
var subCmds []*cobra.Command var subCmds []*cobra.Command
subCmdProperties := []struct { subCmdProperties := []struct {
@ -159,7 +160,7 @@ func getKubeConfigSubCommands(out io.Writer, outDir, defaultKubernetesVersion st
} }
// Otherwise, write a kubeconfig file with a generate client cert // Otherwise, write a kubeconfig file with a generate client cert
return kubeconfigphase.WriteKubeConfigWithClientCert(out, cfg, clientName) return kubeconfigphase.WriteKubeConfigWithClientCert(out, cfg, clientName, organizations)
}, },
}, },
} }
@ -188,6 +189,7 @@ func getKubeConfigSubCommands(out io.Writer, outDir, defaultKubernetesVersion st
if properties.use == "user" { if properties.use == "user" {
cmd.Flags().StringVar(&token, "token", token, "The token that should be used as the authentication mechanism for this kubeconfig, instead of client certificates") cmd.Flags().StringVar(&token, "token", token, "The token that should be used as the authentication mechanism for this kubeconfig, instead of client certificates")
cmd.Flags().StringVar(&clientName, "client-name", clientName, "The name of user. It will be used as the CN if client certificates are created") cmd.Flags().StringVar(&clientName, "client-name", clientName, "The name of user. It will be used as the CN if client certificates are created")
cmd.Flags().StringSliceVar(&organizations, "org", organizations, "The orgnizations of the client certificate. It will be used as the O if client certificates are created")
} }
subCmds = append(subCmds, cmd) subCmds = append(subCmds, cmd)

5
cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go
View File

@ -271,7 +271,7 @@ func createKubeConfigFileIfNotExists(outDir, filename string, config *clientcmda
} }
// WriteKubeConfigWithClientCert writes a kubeconfig file - with a client certificate as authentication info - to the given writer. // WriteKubeConfigWithClientCert writes a kubeconfig file - with a client certificate as authentication info - to the given writer.
func WriteKubeConfigWithClientCert(out io.Writer, cfg *kubeadmapi.MasterConfiguration, clientName string) error { func WriteKubeConfigWithClientCert(out io.Writer, cfg *kubeadmapi.MasterConfiguration, clientName string, organizations []string) error {
// creates the KubeConfigSpecs, actualized for the current MasterConfiguration // creates the KubeConfigSpecs, actualized for the current MasterConfiguration
caCert, caKey, err := pkiutil.TryLoadCertAndKeyFromDisk(cfg.CertificatesDir, kubeadmconstants.CACertAndKeyBaseName) caCert, caKey, err := pkiutil.TryLoadCertAndKeyFromDisk(cfg.CertificatesDir, kubeadmconstants.CACertAndKeyBaseName)
@ -289,7 +289,8 @@ func WriteKubeConfigWithClientCert(out io.Writer, cfg *kubeadmapi.MasterConfigur
APIServer: masterEndpoint, APIServer: masterEndpoint,
CACert: caCert, CACert: caCert,
ClientCertAuth: &clientCertAuth{ ClientCertAuth: &clientCertAuth{
CAKey: caKey, CAKey: caKey,
Organizations: organizations,
}, },
} }

4
cmd/kubeadm/app/phases/kubeconfig/kubeconfig_test.go
View File

@ -335,7 +335,7 @@ func TestWriteKubeConfigFailsIfCADoesntExists(t *testing.T) {
}{ }{
{ // Test WriteKubeConfigWithClientCert { // Test WriteKubeConfigWithClientCert
writeKubeConfigFunction: func(out io.Writer) error { writeKubeConfigFunction: func(out io.Writer) error {
return WriteKubeConfigWithClientCert(out, cfg, "myUser") return WriteKubeConfigWithClientCert(out, cfg, "myUser", []string{"myOrg"})
}, },
}, },
{ // Test WriteKubeConfigWithToken { // Test WriteKubeConfigWithToken
@ -383,7 +383,7 @@ func TestWriteKubeConfig(t *testing.T) {
}{ }{
{ // Test WriteKubeConfigWithClientCert { // Test WriteKubeConfigWithClientCert
writeKubeConfigFunction: func(out io.Writer) error { writeKubeConfigFunction: func(out io.Writer) error {
return WriteKubeConfigWithClientCert(out, cfg, "myUser") return WriteKubeConfigWithClientCert(out, cfg, "myUser", []string{"myOrg"})
}, },
withClientCert: true, withClientCert: true,
}, },