diff --git a/staging/src/k8s.io/kubectl/pkg/cmd/certificates/certificates.go b/staging/src/k8s.io/kubectl/pkg/cmd/certificates/certificates.go index 85449071110..12474f06b4e 100644 --- a/staging/src/k8s.io/kubectl/pkg/cmd/certificates/certificates.go +++ b/staging/src/k8s.io/kubectl/pkg/cmd/certificates/certificates.go @@ -33,7 +33,8 @@ import ( "k8s.io/cli-runtime/pkg/genericclioptions" "k8s.io/cli-runtime/pkg/printers" "k8s.io/cli-runtime/pkg/resource" - clientset "k8s.io/client-go/kubernetes" + v1 "k8s.io/client-go/kubernetes/typed/certificates/v1" + "k8s.io/client-go/kubernetes/typed/certificates/v1beta1" cmdutil "k8s.io/kubectl/pkg/cmd/util" "k8s.io/kubectl/pkg/scheme" "k8s.io/kubectl/pkg/util/i18n" @@ -41,7 +42,7 @@ import ( ) // NewCmdCertificate returns `certificate` Cobra command -func NewCmdCertificate(f cmdutil.Factory, ioStreams genericclioptions.IOStreams) *cobra.Command { +func NewCmdCertificate(restClientGetter genericclioptions.RESTClientGetter, ioStreams genericclioptions.IOStreams) *cobra.Command { cmd := &cobra.Command{ Use: "certificate SUBCOMMAND", DisableFlagsInUseLine: true, @@ -52,8 +53,8 @@ func NewCmdCertificate(f cmdutil.Factory, ioStreams genericclioptions.IOStreams) }, } - cmd.AddCommand(NewCmdCertificateApprove(f, ioStreams)) - cmd.AddCommand(NewCmdCertificateDeny(f, ioStreams)) + cmd.AddCommand(NewCmdCertificateApprove(restClientGetter, ioStreams)) + cmd.AddCommand(NewCmdCertificateDeny(restClientGetter, ioStreams)) return cmd } @@ -68,8 +69,9 @@ type CertificateOptions struct { csrNames []string outputStyle string - clientSet clientset.Interface - builder *resource.Builder + certificatesV1Client v1.CertificatesV1Interface + certificatesV1Beta1Client v1beta1.CertificatesV1beta1Interface + builder *resource.Builder genericclioptions.IOStreams } @@ -83,7 +85,7 @@ func NewCertificateOptions(ioStreams genericclioptions.IOStreams, operation stri } // Complete loads data from the command environment -func (o *CertificateOptions) Complete(f cmdutil.Factory, cmd *cobra.Command, args []string) error { +func (o *CertificateOptions) Complete(restClientGetter genericclioptions.RESTClientGetter, cmd *cobra.Command, args []string) error { o.csrNames = args o.outputStyle = cmdutil.GetFlagString(cmd, "output") @@ -96,9 +98,19 @@ func (o *CertificateOptions) Complete(f cmdutil.Factory, cmd *cobra.Command, arg return printer.PrintObj(obj, out) } - o.builder = f.NewBuilder() + o.builder = resource.NewBuilder(restClientGetter) - o.clientSet, err = f.KubernetesClientSet() + clientConfig, err := restClientGetter.ToRESTConfig() + if err != nil { + return err + } + + o.certificatesV1Client, err = v1.NewForConfig(clientConfig) + if err != nil { + return err + } + + o.certificatesV1Beta1Client, err = v1beta1.NewForConfig(clientConfig) if err != nil { return err } @@ -115,7 +127,7 @@ func (o *CertificateOptions) Validate() error { } // NewCmdCertificateApprove returns the `certificate approve` Cobra command -func NewCmdCertificateApprove(f cmdutil.Factory, ioStreams genericclioptions.IOStreams) *cobra.Command { +func NewCmdCertificateApprove(restClientGetter genericclioptions.RESTClientGetter, ioStreams genericclioptions.IOStreams) *cobra.Command { o := NewCertificateOptions(ioStreams, "approved") cmd := &cobra.Command{ @@ -139,7 +151,7 @@ func NewCmdCertificateApprove(f cmdutil.Factory, ioStreams genericclioptions.IOS kubectl certificate approve csr-sqgzp `)), Run: func(cmd *cobra.Command, args []string) { - cmdutil.CheckErr(o.Complete(f, cmd, args)) + cmdutil.CheckErr(o.Complete(restClientGetter, cmd, args)) cmdutil.CheckErr(o.Validate()) cmdutil.CheckErr(o.RunCertificateApprove(cmdutil.GetFlagBool(cmd, "force"))) }, @@ -157,14 +169,13 @@ func NewCmdCertificateApprove(f cmdutil.Factory, ioStreams genericclioptions.IOS func (o *CertificateOptions) RunCertificateApprove(force bool) error { return o.modifyCertificateCondition( o.builder, - o.clientSet, force, addConditionIfNeeded(string(certificatesv1.CertificateDenied), string(certificatesv1.CertificateApproved), "KubectlApprove", "This CSR was approved by kubectl certificate approve."), ) } // NewCmdCertificateDeny returns the `certificate deny` Cobra command -func NewCmdCertificateDeny(f cmdutil.Factory, ioStreams genericclioptions.IOStreams) *cobra.Command { +func NewCmdCertificateDeny(restClientGetter genericclioptions.RESTClientGetter, ioStreams genericclioptions.IOStreams) *cobra.Command { o := NewCertificateOptions(ioStreams, "denied") cmd := &cobra.Command{ @@ -183,7 +194,7 @@ func NewCmdCertificateDeny(f cmdutil.Factory, ioStreams genericclioptions.IOStre kubectl certificate deny csr-sqgzp `)), Run: func(cmd *cobra.Command, args []string) { - cmdutil.CheckErr(o.Complete(f, cmd, args)) + cmdutil.CheckErr(o.Complete(restClientGetter, cmd, args)) cmdutil.CheckErr(o.Validate()) cmdutil.CheckErr(o.RunCertificateDeny(cmdutil.GetFlagBool(cmd, "force"))) }, @@ -201,13 +212,12 @@ func NewCmdCertificateDeny(f cmdutil.Factory, ioStreams genericclioptions.IOStre func (o *CertificateOptions) RunCertificateDeny(force bool) error { return o.modifyCertificateCondition( o.builder, - o.clientSet, force, addConditionIfNeeded(string(certificatesv1.CertificateApproved), string(certificatesv1.CertificateDenied), "KubectlDeny", "This CSR was denied by kubectl certificate deny."), ) } -func (o *CertificateOptions) modifyCertificateCondition(builder *resource.Builder, clientSet clientset.Interface, force bool, modify func(csr runtime.Object) (runtime.Object, bool, error)) error { +func (o *CertificateOptions) modifyCertificateCondition(builder *resource.Builder, force bool, modify func(csr runtime.Object) (runtime.Object, bool, error)) error { var found int r := builder. Unstructured(). @@ -233,10 +243,10 @@ func (o *CertificateOptions) modifyCertificateCondition(builder *resource.Builde var csr runtime.Object // get a typed object // first try v1 - csr, err = clientSet.CertificatesV1().CertificateSigningRequests().Get(context.TODO(), obj.GetName(), metav1.GetOptions{}) + csr, err = o.certificatesV1Client.CertificateSigningRequests().Get(context.TODO(), obj.GetName(), metav1.GetOptions{}) if apierrors.IsNotFound(err) { // fall back to v1beta1 - csr, err = clientSet.CertificatesV1beta1().CertificateSigningRequests().Get(context.TODO(), obj.GetName(), metav1.GetOptions{}) + csr, err = o.certificatesV1Beta1Client.CertificateSigningRequests().Get(context.TODO(), obj.GetName(), metav1.GetOptions{}) } if apierrors.IsNotFound(err) { return fmt.Errorf("could not find v1 or v1beta1 version of %s: %v", obj.GetName(), err) @@ -252,9 +262,9 @@ func (o *CertificateOptions) modifyCertificateCondition(builder *resource.Builde if !hasCondition || force { switch modifiedCSR := modifiedCSR.(type) { case *certificatesv1.CertificateSigningRequest: - _, err = clientSet.CertificatesV1().CertificateSigningRequests().UpdateApproval(context.TODO(), modifiedCSR.Name, modifiedCSR, metav1.UpdateOptions{}) + _, err = o.certificatesV1Client.CertificateSigningRequests().UpdateApproval(context.TODO(), modifiedCSR.Name, modifiedCSR, metav1.UpdateOptions{}) case *certificatesv1beta1.CertificateSigningRequest: - _, err = clientSet.CertificatesV1beta1().CertificateSigningRequests().UpdateApproval(context.TODO(), modifiedCSR, metav1.UpdateOptions{}) + _, err = o.certificatesV1Beta1Client.CertificateSigningRequests().UpdateApproval(context.TODO(), modifiedCSR, metav1.UpdateOptions{}) default: return fmt.Errorf("can only handle certificates.k8s.io CertificateSigningRequest objects, got %T", modifiedCSR) } diff --git a/staging/src/k8s.io/kubectl/pkg/cmd/certificates/certificates_test.go b/staging/src/k8s.io/kubectl/pkg/cmd/certificates/certificates_test.go index 847e3c6ba0a..bd0941c5995 100644 --- a/staging/src/k8s.io/kubectl/pkg/cmd/certificates/certificates_test.go +++ b/staging/src/k8s.io/kubectl/pkg/cmd/certificates/certificates_test.go @@ -293,6 +293,7 @@ func TestCertificates(t *testing.T) { Client: fakeClient, } streams, _, buf, errbuf := genericclioptions.NewTestIOStreams() + tf.ClientConfigVal.Transport = fakeClient.Transport defer func() { // Restore cmdutil behavior.