Merge pull request #56769 from dixudx/forbid_unnamed_context

Automatic merge from submit-queue (batch tested with PRs 57521, 56769). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. forbid unnamed context **What this PR does / why we need it**: forbid unnamed contexts with validation **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes #56747 **Special notes for your reviewer**: /assign @sttts @fabianofranz **Release note**: ```release-note forbid unnamed context ```
2025-07-29 14:37:00 +00:00 · 2018-01-07 11:19:45 -08:00 · 2018-01-07 11:19:45 -08:00 · a2bce0d74e
commit a2bce0d74e
parent 7b4c9f99b9 792a229936
4 changed files with 43 additions and 5 deletions
--- a/pkg/kubectl/cmd/config/use_context.go
+++ b/pkg/kubectl/cmd/config/use_context.go
@ -88,7 +88,7 @@ func (o *useContextOptions) complete(cmd *cobra.Command) error {

 func (o useContextOptions) validate(config *clientcmdapi.Config) error {
 	if len(o.contextName) == 0 {
-		return errors.New("you must specify a current-context")
+		return errors.New("empty context names are not allowed")
 	}

 	for name := range config.Contexts {
--- a/staging/src/k8s.io/apiserver/pkg/util/webhook/webhook_test.go
+++ b/staging/src/k8s.io/apiserver/pkg/util/webhook/webhook_test.go
@ -114,15 +114,15 @@ func TestKubeConfigFile(t *testing.T) {
 			errRegex: errNoConfiguration,
 		},
 		{
-			test:           "missing context (specified context is missing)",
-			cluster:        &namedCluster,
-			currentContext: "missing-context",
-			errRegex:       errNoConfiguration,
+			test:     "missing context (specified context is missing)",
+			cluster:  &namedCluster,
+			errRegex: errNoConfiguration,
 		},
 		{
 			test: "context without cluster",
 			context: &v1.NamedContext{
 				Context: v1.Context{},
+				Name:    "testing-context",
 			},
 			currentContext: "testing-context",
 			errRegex:       errNoConfiguration,
@ -134,6 +134,7 @@ func TestKubeConfigFile(t *testing.T) {
 				Context: v1.Context{
 					Cluster: namedCluster.Name,
 				},
+				Name: "testing-context",
 			},
 			currentContext: "testing-context",
 			errRegex:       "", // Not an error at parse time, only when using the webhook
@ -145,6 +146,7 @@ func TestKubeConfigFile(t *testing.T) {
 				Context: v1.Context{
 					Cluster: "missing-cluster",
 				},
+				Name: "fake",
 			},
 			errRegex: errNoConfiguration,
 		},
@ -156,6 +158,7 @@ func TestKubeConfigFile(t *testing.T) {
 					Cluster:  namedCluster.Name,
 					AuthInfo: "missing-user",
 				},
+				Name: "testing-context",
 			},
 			currentContext: "testing-context",
 			errRegex:       "", // Not an error at parse time, only when using the webhook
@ -267,6 +270,8 @@ func TestKubeConfigFile(t *testing.T) {
 				kubeConfig.AuthInfos = []v1.NamedAuthInfo{*tt.user}
 			}

+			kubeConfig.CurrentContext = tt.currentContext
+
 			kubeConfigFile, err := newKubeConfigFile(kubeConfig)

 			if err == nil {
--- a/staging/src/k8s.io/client-go/tools/clientcmd/validation.go
+++ b/staging/src/k8s.io/client-go/tools/clientcmd/validation.go
@ -253,6 +253,10 @@ func validateAuthInfo(authInfoName string, authInfo clientcmdapi.AuthInfo) []err
 func validateContext(contextName string, context clientcmdapi.Context, config clientcmdapi.Config) []error {
 	validationErrors := make([]error, 0)

+	if len(contextName) == 0 {
+		validationErrors = append(validationErrors, fmt.Errorf("empty context name for %#v is not allowed", context))
+	}
+
 	if len(context.AuthInfo) == 0 {
 		validationErrors = append(validationErrors, fmt.Errorf("user was not specified for context %q", contextName))
 	} else if _, exists := config.AuthInfos[context.AuthInfo]; !exists {
--- a/staging/src/k8s.io/client-go/tools/clientcmd/validation_test.go
+++ b/staging/src/k8s.io/client-go/tools/clientcmd/validation_test.go
@ -62,6 +62,7 @@ func TestConfirmUsableBadInfoButOkConfig(t *testing.T) {
 	okTest.testConfirmUsable("clean", t)
 	badValidation.testConfig(t)
 }
+
 func TestConfirmUsableBadInfoConfig(t *testing.T) {
 	config := clientcmdapi.NewConfig()
 	config.Clusters["missing ca"] = &clientcmdapi.Cluster{
@ -83,6 +84,7 @@ func TestConfirmUsableBadInfoConfig(t *testing.T) {

 	test.testConfirmUsable("first", t)
 }
+
 func TestConfirmUsableEmptyConfig(t *testing.T) {
 	config := clientcmdapi.NewConfig()
 	test := configValidationTest{
@ -92,6 +94,7 @@ func TestConfirmUsableEmptyConfig(t *testing.T) {

 	test.testConfirmUsable("", t)
 }
+
 func TestConfirmUsableMissingConfig(t *testing.T) {
 	config := clientcmdapi.NewConfig()
 	test := configValidationTest{
@ -101,6 +104,7 @@ func TestConfirmUsableMissingConfig(t *testing.T) {

 	test.testConfirmUsable("not-here", t)
 }
+
 func TestValidateEmptyConfig(t *testing.T) {
 	config := clientcmdapi.NewConfig()
 	test := configValidationTest{
@ -110,6 +114,7 @@ func TestValidateEmptyConfig(t *testing.T) {

 	test.testConfig(t)
 }
+
 func TestValidateMissingCurrentContextConfig(t *testing.T) {
 	config := clientcmdapi.NewConfig()
 	config.CurrentContext = "anything"
@ -120,6 +125,7 @@ func TestValidateMissingCurrentContextConfig(t *testing.T) {

 	test.testConfig(t)
 }
+
 func TestIsContextNotFound(t *testing.T) {
 	config := clientcmdapi.NewConfig()
 	config.CurrentContext = "anything"
@ -172,6 +178,7 @@ func TestValidateMissingReferencesConfig(t *testing.T) {
 	test.testContext("anything", t)
 	test.testConfig(t)
 }
+
 func TestValidateEmptyContext(t *testing.T) {
 	config := clientcmdapi.NewConfig()
 	config.CurrentContext = "anything"
@ -185,6 +192,19 @@ func TestValidateEmptyContext(t *testing.T) {
 	test.testConfig(t)
 }

+func TestValidateEmptyContextName(t *testing.T) {
+	config := clientcmdapi.NewConfig()
+	config.CurrentContext = "anything"
+	config.Contexts[""] = &clientcmdapi.Context{Cluster: "missing", AuthInfo: "missing"}
+	test := configValidationTest{
+		config:                 config,
+		expectedErrorSubstring: []string{"empty context name", "is not allowed"},
+	}
+
+	test.testContext("", t)
+	test.testConfig(t)
+}
+
 func TestValidateEmptyClusterInfo(t *testing.T) {
 	config := clientcmdapi.NewConfig()
 	config.Clusters["empty"] = clientcmdapi.NewCluster()
@ -223,6 +243,7 @@ func TestValidateMissingCAFileClusterInfo(t *testing.T) {
 	test.testCluster("missing ca", t)
 	test.testConfig(t)
 }
+
 func TestValidateCleanClusterInfo(t *testing.T) {
 	config := clientcmdapi.NewConfig()
 	config.Clusters["clean"] = &clientcmdapi.Cluster{
@ -235,6 +256,7 @@ func TestValidateCleanClusterInfo(t *testing.T) {
 	test.testCluster("clean", t)
 	test.testConfig(t)
 }
+
 func TestValidateCleanWithCAClusterInfo(t *testing.T) {
 	tempFile, _ := ioutil.TempFile("", "")
 	defer os.Remove(tempFile.Name())
@ -262,6 +284,7 @@ func TestValidateEmptyAuthInfo(t *testing.T) {
 	test.testAuthInfo("error", t)
 	test.testConfig(t)
 }
+
 func TestValidateCertFilesNotFoundAuthInfo(t *testing.T) {
 	config := clientcmdapi.NewConfig()
 	config.AuthInfos["error"] = &clientcmdapi.AuthInfo{
@ -276,6 +299,7 @@ func TestValidateCertFilesNotFoundAuthInfo(t *testing.T) {
 	test.testAuthInfo("error", t)
 	test.testConfig(t)
 }
+
 func TestValidateCertDataOverridesFiles(t *testing.T) {
 	tempFile, _ := ioutil.TempFile("", "")
 	defer os.Remove(tempFile.Name())
@ -295,6 +319,7 @@ func TestValidateCertDataOverridesFiles(t *testing.T) {
 	test.testAuthInfo("clean", t)
 	test.testConfig(t)
 }
+
 func TestValidateCleanCertFilesAuthInfo(t *testing.T) {
 	tempFile, _ := ioutil.TempFile("", "")
 	defer os.Remove(tempFile.Name())
@ -311,6 +336,7 @@ func TestValidateCleanCertFilesAuthInfo(t *testing.T) {
 	test.testAuthInfo("clean", t)
 	test.testConfig(t)
 }
+
 func TestValidateCleanTokenAuthInfo(t *testing.T) {
 	config := clientcmdapi.NewConfig()
 	config.AuthInfos["clean"] = &clientcmdapi.AuthInfo{
@ -363,6 +389,7 @@ func (c configValidationTest) testContext(contextName string, t *testing.T) {
 		}
 	}
 }
+
 func (c configValidationTest) testConfirmUsable(contextName string, t *testing.T) {
 	err := ConfirmUsable(*c.config, contextName)

@ -382,6 +409,7 @@ func (c configValidationTest) testConfirmUsable(contextName string, t *testing.T
 		}
 	}
 }
+
 func (c configValidationTest) testConfig(t *testing.T) {
 	err := Validate(*c.config)

@ -404,6 +432,7 @@ func (c configValidationTest) testConfig(t *testing.T) {
 		}
 	}
 }
+
 func (c configValidationTest) testCluster(clusterName string, t *testing.T) {
 	errs := validateClusterInfo(clusterName, *c.config.Clusters[clusterName])