github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 05:27:21 +00:00
Code Issues Projects Releases Wiki Activity

Make get-password robust against invalid kubeconfig entries

Browse Source
This commit is contained in:
Jeff Lowdermilk 2015-03-13 12:22:49 -07:00
parent 6319f8a568
commit 8fef6fb343
2 changed files with 30 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
cluster/common.sh
View File

@ -73,3 +73,31 @@ function clear-kubeconfig() {
echo "Cleared config for ${CONTEXT} from ${KUBECONFIG}" echo "Cleared config for ${CONTEXT} from ${KUBECONFIG}"
} }
# Gets username, password for the current-context in kubeconfig, if they exist.
# Assumed vars:
# KUBECONFIG # if unset, defaults to global
#
# Vars set:
# KUBE_USER
# KUBE_PASSWORD
#
# KUBE_USER,KUBE_PASSWORD will be empty if no current-context is set, or
# the current-context user does not exist or contain basicauth entries.
function get-kubeconfig-basicauth() {
# Templates to safely extract the username,password for the current-context
# user. The long chain of 'with' commands avoids indexing nil if any of the
# entries ("current-context", "contexts"."current-context", "users", etc)
# is missing.
# Note: we save dot ('.') to $root because the 'with' action overrides it.
# See http://golang.org/pkg/text/template/.
local username='{{$root := .}}{{with index $root "current-context"}}{{with index $root "contexts" .}}{{with index . "user"}}{{with index $root "users" .}}{{index . "username"}}{{end}}{{end}}{{end}}{{end}}'
local password='{{$root := .}}{{with index $root "current-context"}}{{with index $root "contexts" .}}{{with index . "user"}}{{with index $root "users" .}}{{index . "password"}}{{end}}{{end}}{{end}}{{end}}'
KUBE_USER=$("${KUBE_ROOT}/cluster/kubectl.sh" config view -o template --template="${username}")
KUBE_PASSWORD=$("${KUBE_ROOT}/cluster/kubectl.sh" config view -o template --template="${password}")
# Handle empty/missing username|password
if [[ "${KUBE_USER}" == '<no value>' || "$KUBE_PASSWORD" == '<no value>' ]]; then
KUBE_USER=''
KUBE_PASSWORD=''
fi
}

9
cluster/gce/util.sh
View File

@ -226,7 +226,7 @@ function detect-master () {
} }
# Ensure that we have a password created for validating to the master. Will # Ensure that we have a password created for validating to the master. Will
# read from the kubernetes auth-file for the current context if available. # read from kubeconfig for the current context if available.
# #
# Assumed vars # Assumed vars
# KUBE_ROOT # KUBE_ROOT
@ -235,12 +235,7 @@ function detect-master () {
# KUBE_USER # KUBE_USER
# KUBE_PASSWORD # KUBE_PASSWORD
function get-password { function get-password {
# templates to extract the username,password for the current-context user get-kubeconfig-basicauth
# Note: we save dot ('.') to $dot because the 'with' action overrides dot
local username='{{$dot := .}}{{with $ctx := index $dot "current-context"}}{{$user := index $dot "contexts" $ctx "user"}}{{index $dot "users" $user "username"}}{{end}}'
local password='{{$dot := .}}{{with $ctx := index $dot "current-context"}}{{$user := index $dot "contexts" $ctx "user"}}{{index $dot "users" $user "password"}}{{end}}'
KUBE_USER=$("${KUBE_ROOT}/cluster/kubectl.sh" config view -o template --template="${username}")
KUBE_PASSWORD=$("${KUBE_ROOT}/cluster/kubectl.sh" config view -o template --template="${password}")
if [[ -z "${KUBE_USER}" || -z "${KUBE_PASSWORD}" ]]; then if [[ -z "${KUBE_USER}" || -z "${KUBE_PASSWORD}" ]]; then
KUBE_USER=admin KUBE_USER=admin
KUBE_PASSWORD=$(python -c 'import string,random; print "".join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(16))') KUBE_PASSWORD=$(python -c 'import string,random; print "".join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(16))')