mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-08-09 12:07:47 +00:00
Merge pull request #111687 from ardaguclu/use-restgetter-certificates
(kubectl certificate): Move towards restClientGetter instead cmdutil.Factory
This commit is contained in:
Kubernetes Prow Robot
GitHub
commit
9558faf8a2
@ -33,7 +33,8 @@ import (
|
|||||||
"k8s.io/cli-runtime/pkg/genericclioptions"
|
"k8s.io/cli-runtime/pkg/genericclioptions"
|
||||||
"k8s.io/cli-runtime/pkg/printers"
|
"k8s.io/cli-runtime/pkg/printers"
|
||||||
"k8s.io/cli-runtime/pkg/resource"
|
"k8s.io/cli-runtime/pkg/resource"
|
||||||
clientset "k8s.io/client-go/kubernetes"
|
v1 "k8s.io/client-go/kubernetes/typed/certificates/v1"
|
||||||
|
"k8s.io/client-go/kubernetes/typed/certificates/v1beta1"
|
||||||
cmdutil "k8s.io/kubectl/pkg/cmd/util"
|
cmdutil "k8s.io/kubectl/pkg/cmd/util"
|
||||||
"k8s.io/kubectl/pkg/scheme"
|
"k8s.io/kubectl/pkg/scheme"
|
||||||
"k8s.io/kubectl/pkg/util/i18n"
|
"k8s.io/kubectl/pkg/util/i18n"
|
||||||
@ -41,7 +42,7 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
// NewCmdCertificate returns `certificate` Cobra command
|
// NewCmdCertificate returns `certificate` Cobra command
|
||||||
func NewCmdCertificate(f cmdutil.Factory, ioStreams genericclioptions.IOStreams) *cobra.Command {
|
func NewCmdCertificate(restClientGetter genericclioptions.RESTClientGetter, ioStreams genericclioptions.IOStreams) *cobra.Command {
|
||||||
cmd := &cobra.Command{
|
cmd := &cobra.Command{
|
||||||
Use: "certificate SUBCOMMAND",
|
Use: "certificate SUBCOMMAND",
|
||||||
DisableFlagsInUseLine: true,
|
DisableFlagsInUseLine: true,
|
||||||
@ -52,8 +53,8 @@ func NewCmdCertificate(f cmdutil.Factory, ioStreams genericclioptions.IOStreams)
|
|||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
cmd.AddCommand(NewCmdCertificateApprove(f, ioStreams))
|
cmd.AddCommand(NewCmdCertificateApprove(restClientGetter, ioStreams))
|
||||||
cmd.AddCommand(NewCmdCertificateDeny(f, ioStreams))
|
cmd.AddCommand(NewCmdCertificateDeny(restClientGetter, ioStreams))
|
||||||
|
|
||||||
return cmd
|
return cmd
|
||||||
}
|
}
|
||||||
@ -68,7 +69,8 @@ type CertificateOptions struct {
|
|||||||
csrNames []string
|
csrNames []string
|
||||||
outputStyle string
|
outputStyle string
|
||||||
|
|
||||||
clientSet clientset.Interface
|
certificatesV1Client v1.CertificatesV1Interface
|
||||||
|
certificatesV1Beta1Client v1beta1.CertificatesV1beta1Interface
|
||||||
builder *resource.Builder
|
builder *resource.Builder
|
||||||
|
|
||||||
genericclioptions.IOStreams
|
genericclioptions.IOStreams
|
||||||
@ -83,7 +85,7 @@ func NewCertificateOptions(ioStreams genericclioptions.IOStreams, operation stri
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Complete loads data from the command environment
|
// Complete loads data from the command environment
|
||||||
func (o *CertificateOptions) Complete(f cmdutil.Factory, cmd *cobra.Command, args []string) error {
|
func (o *CertificateOptions) Complete(restClientGetter genericclioptions.RESTClientGetter, cmd *cobra.Command, args []string) error {
|
||||||
o.csrNames = args
|
o.csrNames = args
|
||||||
o.outputStyle = cmdutil.GetFlagString(cmd, "output")
|
o.outputStyle = cmdutil.GetFlagString(cmd, "output")
|
||||||
|
|
||||||
@ -96,9 +98,19 @@ func (o *CertificateOptions) Complete(f cmdutil.Factory, cmd *cobra.Command, arg
|
|||||||
return printer.PrintObj(obj, out)
|
return printer.PrintObj(obj, out)
|
||||||
}
|
}
|
||||||
|
|
||||||
o.builder = f.NewBuilder()
|
o.builder = resource.NewBuilder(restClientGetter)
|
||||||
|
|
||||||
o.clientSet, err = f.KubernetesClientSet()
|
clientConfig, err := restClientGetter.ToRESTConfig()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
o.certificatesV1Client, err = v1.NewForConfig(clientConfig)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
o.certificatesV1Beta1Client, err = v1beta1.NewForConfig(clientConfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@ -115,7 +127,7 @@ func (o *CertificateOptions) Validate() error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// NewCmdCertificateApprove returns the `certificate approve` Cobra command
|
// NewCmdCertificateApprove returns the `certificate approve` Cobra command
|
||||||
func NewCmdCertificateApprove(f cmdutil.Factory, ioStreams genericclioptions.IOStreams) *cobra.Command {
|
func NewCmdCertificateApprove(restClientGetter genericclioptions.RESTClientGetter, ioStreams genericclioptions.IOStreams) *cobra.Command {
|
||||||
o := NewCertificateOptions(ioStreams, "approved")
|
o := NewCertificateOptions(ioStreams, "approved")
|
||||||
|
|
||||||
cmd := &cobra.Command{
|
cmd := &cobra.Command{
|
||||||
@ -139,7 +151,7 @@ func NewCmdCertificateApprove(f cmdutil.Factory, ioStreams genericclioptions.IOS
|
|||||||
kubectl certificate approve csr-sqgzp
|
kubectl certificate approve csr-sqgzp
|
||||||
`)),
|
`)),
|
||||||
Run: func(cmd *cobra.Command, args []string) {
|
Run: func(cmd *cobra.Command, args []string) {
|
||||||
cmdutil.CheckErr(o.Complete(f, cmd, args))
|
cmdutil.CheckErr(o.Complete(restClientGetter, cmd, args))
|
||||||
cmdutil.CheckErr(o.Validate())
|
cmdutil.CheckErr(o.Validate())
|
||||||
cmdutil.CheckErr(o.RunCertificateApprove(cmdutil.GetFlagBool(cmd, "force")))
|
cmdutil.CheckErr(o.RunCertificateApprove(cmdutil.GetFlagBool(cmd, "force")))
|
||||||
},
|
},
|
||||||
@ -157,14 +169,13 @@ func NewCmdCertificateApprove(f cmdutil.Factory, ioStreams genericclioptions.IOS
|
|||||||
func (o *CertificateOptions) RunCertificateApprove(force bool) error {
|
func (o *CertificateOptions) RunCertificateApprove(force bool) error {
|
||||||
return o.modifyCertificateCondition(
|
return o.modifyCertificateCondition(
|
||||||
o.builder,
|
o.builder,
|
||||||
o.clientSet,
|
|
||||||
force,
|
force,
|
||||||
addConditionIfNeeded(string(certificatesv1.CertificateDenied), string(certificatesv1.CertificateApproved), "KubectlApprove", "This CSR was approved by kubectl certificate approve."),
|
addConditionIfNeeded(string(certificatesv1.CertificateDenied), string(certificatesv1.CertificateApproved), "KubectlApprove", "This CSR was approved by kubectl certificate approve."),
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewCmdCertificateDeny returns the `certificate deny` Cobra command
|
// NewCmdCertificateDeny returns the `certificate deny` Cobra command
|
||||||
func NewCmdCertificateDeny(f cmdutil.Factory, ioStreams genericclioptions.IOStreams) *cobra.Command {
|
func NewCmdCertificateDeny(restClientGetter genericclioptions.RESTClientGetter, ioStreams genericclioptions.IOStreams) *cobra.Command {
|
||||||
o := NewCertificateOptions(ioStreams, "denied")
|
o := NewCertificateOptions(ioStreams, "denied")
|
||||||
|
|
||||||
cmd := &cobra.Command{
|
cmd := &cobra.Command{
|
||||||
@ -183,7 +194,7 @@ func NewCmdCertificateDeny(f cmdutil.Factory, ioStreams genericclioptions.IOStre
|
|||||||
kubectl certificate deny csr-sqgzp
|
kubectl certificate deny csr-sqgzp
|
||||||
`)),
|
`)),
|
||||||
Run: func(cmd *cobra.Command, args []string) {
|
Run: func(cmd *cobra.Command, args []string) {
|
||||||
cmdutil.CheckErr(o.Complete(f, cmd, args))
|
cmdutil.CheckErr(o.Complete(restClientGetter, cmd, args))
|
||||||
cmdutil.CheckErr(o.Validate())
|
cmdutil.CheckErr(o.Validate())
|
||||||
cmdutil.CheckErr(o.RunCertificateDeny(cmdutil.GetFlagBool(cmd, "force")))
|
cmdutil.CheckErr(o.RunCertificateDeny(cmdutil.GetFlagBool(cmd, "force")))
|
||||||
},
|
},
|
||||||
@ -201,13 +212,12 @@ func NewCmdCertificateDeny(f cmdutil.Factory, ioStreams genericclioptions.IOStre
|
|||||||
func (o *CertificateOptions) RunCertificateDeny(force bool) error {
|
func (o *CertificateOptions) RunCertificateDeny(force bool) error {
|
||||||
return o.modifyCertificateCondition(
|
return o.modifyCertificateCondition(
|
||||||
o.builder,
|
o.builder,
|
||||||
o.clientSet,
|
|
||||||
force,
|
force,
|
||||||
addConditionIfNeeded(string(certificatesv1.CertificateApproved), string(certificatesv1.CertificateDenied), "KubectlDeny", "This CSR was denied by kubectl certificate deny."),
|
addConditionIfNeeded(string(certificatesv1.CertificateApproved), string(certificatesv1.CertificateDenied), "KubectlDeny", "This CSR was denied by kubectl certificate deny."),
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (o *CertificateOptions) modifyCertificateCondition(builder *resource.Builder, clientSet clientset.Interface, force bool, modify func(csr runtime.Object) (runtime.Object, bool, error)) error {
|
func (o *CertificateOptions) modifyCertificateCondition(builder *resource.Builder, force bool, modify func(csr runtime.Object) (runtime.Object, bool, error)) error {
|
||||||
var found int
|
var found int
|
||||||
r := builder.
|
r := builder.
|
||||||
Unstructured().
|
Unstructured().
|
||||||
@ -233,10 +243,10 @@ func (o *CertificateOptions) modifyCertificateCondition(builder *resource.Builde
|
|||||||
var csr runtime.Object
|
var csr runtime.Object
|
||||||
// get a typed object
|
// get a typed object
|
||||||
// first try v1
|
// first try v1
|
||||||
csr, err = clientSet.CertificatesV1().CertificateSigningRequests().Get(context.TODO(), obj.GetName(), metav1.GetOptions{})
|
csr, err = o.certificatesV1Client.CertificateSigningRequests().Get(context.TODO(), obj.GetName(), metav1.GetOptions{})
|
||||||
if apierrors.IsNotFound(err) {
|
if apierrors.IsNotFound(err) {
|
||||||
// fall back to v1beta1
|
// fall back to v1beta1
|
||||||
csr, err = clientSet.CertificatesV1beta1().CertificateSigningRequests().Get(context.TODO(), obj.GetName(), metav1.GetOptions{})
|
csr, err = o.certificatesV1Beta1Client.CertificateSigningRequests().Get(context.TODO(), obj.GetName(), metav1.GetOptions{})
|
||||||
}
|
}
|
||||||
if apierrors.IsNotFound(err) {
|
if apierrors.IsNotFound(err) {
|
||||||
return fmt.Errorf("could not find v1 or v1beta1 version of %s: %v", obj.GetName(), err)
|
return fmt.Errorf("could not find v1 or v1beta1 version of %s: %v", obj.GetName(), err)
|
||||||
@ -252,9 +262,9 @@ func (o *CertificateOptions) modifyCertificateCondition(builder *resource.Builde
|
|||||||
if !hasCondition || force {
|
if !hasCondition || force {
|
||||||
switch modifiedCSR := modifiedCSR.(type) {
|
switch modifiedCSR := modifiedCSR.(type) {
|
||||||
case *certificatesv1.CertificateSigningRequest:
|
case *certificatesv1.CertificateSigningRequest:
|
||||||
_, err = clientSet.CertificatesV1().CertificateSigningRequests().UpdateApproval(context.TODO(), modifiedCSR.Name, modifiedCSR, metav1.UpdateOptions{})
|
_, err = o.certificatesV1Client.CertificateSigningRequests().UpdateApproval(context.TODO(), modifiedCSR.Name, modifiedCSR, metav1.UpdateOptions{})
|
||||||
case *certificatesv1beta1.CertificateSigningRequest:
|
case *certificatesv1beta1.CertificateSigningRequest:
|
||||||
_, err = clientSet.CertificatesV1beta1().CertificateSigningRequests().UpdateApproval(context.TODO(), modifiedCSR, metav1.UpdateOptions{})
|
_, err = o.certificatesV1Beta1Client.CertificateSigningRequests().UpdateApproval(context.TODO(), modifiedCSR, metav1.UpdateOptions{})
|
||||||
default:
|
default:
|
||||||
return fmt.Errorf("can only handle certificates.k8s.io CertificateSigningRequest objects, got %T", modifiedCSR)
|
return fmt.Errorf("can only handle certificates.k8s.io CertificateSigningRequest objects, got %T", modifiedCSR)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -293,6 +293,7 @@ func TestCertificates(t *testing.T) {
|
|||||||
Client: fakeClient,
|
Client: fakeClient,
|
||||||
}
|
}
|
||||||
streams, _, buf, errbuf := genericclioptions.NewTestIOStreams()
|
streams, _, buf, errbuf := genericclioptions.NewTestIOStreams()
|
||||||
|
tf.ClientConfigVal.Transport = fakeClient.Transport
|
||||||
|
|
||||||
defer func() {
|
defer func() {
|
||||||
// Restore cmdutil behavior.
|
// Restore cmdutil behavior.
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user