kubectl config set-crentials: add arguments for auth providers

This PR adds `--auth-provider` and `--auth-provider-arg` flags to the
`kubectl config set-credentials` sub-command.

pkg/kubectl/cmd/config/create_authinfo.go

@@ -29,6 +29,7 @@ import (
 
 	"k8s.io/kubernetes/pkg/client/unversioned/clientcmd"
 	clientcmdapi "k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api"
+	cmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util"
 	"k8s.io/kubernetes/pkg/util"
 	"k8s.io/kubernetes/pkg/util/flag"
 )
@@ -43,8 +44,17 @@ type createAuthInfoOptions struct {
 	username          util.StringFlag
 	password          util.StringFlag
 	embedCertData     flag.Tristate
+	authProvider      util.StringFlag
+
+	authProviderArgs         map[string]string
+	authProviderArgsToRemove []string
 }
 
+const (
+	flagAuthProvider    = "auth-provider"
+	flagAuthProviderArg = "auth-provider-arg"
+)
+
 var (
 	create_authinfo_long = fmt.Sprintf(`
 Sets a user entry in kubeconfig
@@ -71,19 +81,32 @@ Specifying a name that already exists will merge new fields on top of existing v
 		kubectl config set-credentials cluster-admin --username=admin --password=uXFGweU9l35qcif
 
 		# Embed client certificate data in the "cluster-admin" entry
-		kubectl config set-credentials cluster-admin --client-certificate=~/.kube/admin.crt --embed-certs=true`)
+		kubectl config set-credentials cluster-admin --client-certificate=~/.kube/admin.crt --embed-certs=true
+
+		# Enable the Google Compute Platform auth provider for the "cluster-admin" entry
+		kubectl config set-credentials cluster-admin --auth-provider=gcp
+
+		# Enable the OpenID Connect auth provider for the "cluster-admin" entry with additional args
+		kubectl config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-id=foo --auth-provider-arg=client-secret=bar
+
+		# Remove the "client-secret" config value for the OpenID Connect auth provider for the "cluster-admin" entry
+		kubectl config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-secret-`)
 )
 
 func NewCmdConfigSetAuthInfo(out io.Writer, configAccess clientcmd.ConfigAccess) *cobra.Command {
 	options := &createAuthInfoOptions{configAccess: configAccess}
+	return newCmdConfigSetAuthInfo(out, options)
+}
 
+func newCmdConfigSetAuthInfo(out io.Writer, options *createAuthInfoOptions) *cobra.Command {
 	cmd := &cobra.Command{
-		Use:     fmt.Sprintf("set-credentials NAME [--%v=path/to/certfile] [--%v=path/to/keyfile] [--%v=bearer_token] [--%v=basic_user] [--%v=basic_password]", clientcmd.FlagCertFile, clientcmd.FlagKeyFile, clientcmd.FlagBearerToken, clientcmd.FlagUsername, clientcmd.FlagPassword),
+		Use:     fmt.Sprintf("set-credentials NAME [--%v=path/to/certfile] [--%v=path/to/keyfile] [--%v=bearer_token] [--%v=basic_user] [--%v=basic_password] [--%v=provider_name] [--%v=key=value]", clientcmd.FlagCertFile, clientcmd.FlagKeyFile, clientcmd.FlagBearerToken, clientcmd.FlagUsername, clientcmd.FlagPassword, flagAuthProvider, flagAuthProviderArg),
 		Short:   "Sets a user entry in kubeconfig",
 		Long:    create_authinfo_long,
 		Example: create_authinfo_example,
 		Run: func(cmd *cobra.Command, args []string) {
-			if !options.complete(cmd) {
+			if !options.complete(cmd, out) {
+				cmd.Help()
 				return
 			}
 
@@ -103,6 +126,8 @@ func NewCmdConfigSetAuthInfo(out io.Writer, configAccess clientcmd.ConfigAccess)
 	cmd.Flags().Var(&options.token, clientcmd.FlagBearerToken, clientcmd.FlagBearerToken+" for the user entry in kubeconfig")
 	cmd.Flags().Var(&options.username, clientcmd.FlagUsername, clientcmd.FlagUsername+" for the user entry in kubeconfig")
 	cmd.Flags().Var(&options.password, clientcmd.FlagPassword, clientcmd.FlagPassword+" for the user entry in kubeconfig")
+	cmd.Flags().Var(&options.authProvider, flagAuthProvider, "auth provider for the user entry in kubeconfig")
+	cmd.Flags().StringSlice(flagAuthProviderArg, nil, "'key=value' arugments for the auth provider")
 	f := cmd.Flags().VarPF(&options.embedCertData, clientcmd.FlagEmbedCerts, "", "embed client cert/key for the user entry in kubeconfig")
 	f.NoOptDefVal = "true"
 
@@ -180,6 +205,28 @@ func (o *createAuthInfoOptions) modifyAuthInfo(existingAuthInfo clientcmdapi.Aut
 		modifiedAuthInfo.Password = o.password.Value()
 		setBasic = setBasic || len(modifiedAuthInfo.Password) > 0
 	}
+	if o.authProvider.Provided() {
+		newName := o.authProvider.Value()
+
+		// Only overwrite if the existing auth-provider is nil, or different than the newly specified one.
+		if modifiedAuthInfo.AuthProvider == nil || modifiedAuthInfo.AuthProvider.Name != newName {
+			modifiedAuthInfo.AuthProvider = &clientcmdapi.AuthProviderConfig{
+				Name: newName,
+			}
+		}
+	}
+
+	if modifiedAuthInfo.AuthProvider != nil {
+		if modifiedAuthInfo.AuthProvider.Config == nil {
+			modifiedAuthInfo.AuthProvider.Config = make(map[string]string)
+		}
+		for _, toRemove := range o.authProviderArgsToRemove {
+			delete(modifiedAuthInfo.AuthProvider.Config, toRemove)
+		}
+		for key, value := range o.authProviderArgs {
+			modifiedAuthInfo.AuthProvider.Config[key] = value
+		}
+	}
 
 	// If any auth info was set, make sure any other existing auth types are cleared
 	if setToken || setBasic {
@@ -195,13 +242,28 @@ func (o *createAuthInfoOptions) modifyAuthInfo(existingAuthInfo clientcmdapi.Aut
 	return modifiedAuthInfo
 }
 
-func (o *createAuthInfoOptions) complete(cmd *cobra.Command) bool {
+func (o *createAuthInfoOptions) complete(cmd *cobra.Command, out io.Writer) bool {
 	args := cmd.Flags().Args()
 	if len(args) != 1 {
-		cmd.Help()
 		return false
 	}
 
+	authProviderArgs, err := cmd.Flags().GetStringSlice(flagAuthProviderArg)
+	if err != nil {
+		fmt.Fprintf(out, "Error: %s\n", err)
+		return false
+	}
+
+	if len(authProviderArgs) > 0 {
+		newPairs, removePairs, err := cmdutil.ParsePairs(authProviderArgs, flagAuthProviderArg, true)
+		if err != nil {
+			fmt.Fprintf(out, "Error: %s\n", err)
+			return false
+		}
+		o.authProviderArgs = newPairs
+		o.authProviderArgsToRemove = removePairs
+	}
+
 	o.name = args[0]
 	return true
 }