From 6498fc1fda3fa69a4bdfd84564fc17287c36bb8a Mon Sep 17 00:00:00 2001 From: deads2k Date: Fri, 8 May 2015 16:26:27 -0400 Subject: [PATCH 1/2] remove cmd respect for auth-path --- cmd/kubelet/app/server.go | 1 + docs/kubeconfig-file.md | 34 ++--------------------- docs/kubectl.md | 3 +- docs/kubectl_api-versions.md | 3 +- docs/kubectl_cluster-info.md | 3 +- docs/kubectl_config.md | 3 +- docs/kubectl_config_set-cluster.md | 3 +- docs/kubectl_config_set-context.md | 3 +- docs/kubectl_config_set-credentials.md | 5 ++-- docs/kubectl_config_set.md | 3 +- docs/kubectl_config_unset.md | 3 +- docs/kubectl_config_use-context.md | 3 +- docs/kubectl_config_view.md | 3 +- docs/kubectl_create.md | 3 +- docs/kubectl_delete.md | 3 +- docs/kubectl_describe.md | 3 +- docs/kubectl_exec.md | 3 +- docs/kubectl_expose.md | 3 +- docs/kubectl_get.md | 3 +- docs/kubectl_label.md | 3 +- docs/kubectl_log.md | 3 +- docs/kubectl_namespace.md | 3 +- docs/kubectl_port-forward.md | 3 +- docs/kubectl_proxy.md | 3 +- docs/kubectl_resize.md | 3 +- docs/kubectl_rolling-update.md | 3 +- docs/kubectl_run-container.md | 3 +- docs/kubectl_stop.md | 3 +- docs/kubectl_update.md | 3 +- docs/kubectl_version.md | 3 +- pkg/client/clientcmd/overrides.go | 10 ++++++- pkg/kubectl/cmd/config/config_test.go | 11 ++++---- pkg/kubectl/cmd/config/create_authinfo.go | 5 ++-- 33 files changed, 49 insertions(+), 98 deletions(-) diff --git a/cmd/kubelet/app/server.go b/cmd/kubelet/app/server.go index 0f8abfc1183..90a7342d5e1 100644 --- a/cmd/kubelet/app/server.go +++ b/cmd/kubelet/app/server.go @@ -193,6 +193,7 @@ func (s *KubeletServer) AddFlags(fs *pflag.FlagSet) { fs.IntVar(&s.MaxPerPodContainerCount, "maximum-dead-containers-per-container", s.MaxPerPodContainerCount, "Maximum number of old instances of a container to retain per container. Each container takes up some disk space. Default: 5.") fs.IntVar(&s.MaxContainerCount, "maximum-dead-containers", s.MaxContainerCount, "Maximum number of old instances of a containers to retain globally. Each container takes up some disk space. Default: 100.") fs.StringVar(&s.AuthPath, "auth-path", s.AuthPath, "Path to .kubernetes_auth file, specifying how to authenticate to API server.") + fs.MarkDeprecated("auth-path", "will be removed in a future version") fs.UintVar(&s.CadvisorPort, "cadvisor-port", s.CadvisorPort, "The port of the localhost cAdvisor endpoint") fs.IntVar(&s.HealthzPort, "healthz-port", s.HealthzPort, "The port of the localhost healthz endpoint") fs.Var(&s.HealthzBindAddress, "healthz-bind-address", "The IP address for the healthz server to serve on, defaulting to 127.0.0.1 (set to 0.0.0.0 for all interfaces)") diff --git a/docs/kubeconfig-file.md b/docs/kubeconfig-file.md index c3a5b694fc6..f91ced4e343 100644 --- a/docs/kubeconfig-file.md +++ b/docs/kubeconfig-file.md @@ -49,36 +49,6 @@ users: client-key: path/to/my/client/key ``` -## .kubernetes_auth files - -**WARNING**: merging auth from a mixture of kubernetes_auth file entries and kubeconfig user entries is hard to debug and should be avoided. kubernetes_auth file support exists mostly for tests and is being deprecated. - -The kubernetes_auth file is a legacy config file that can contain a mix of server and client auth info. It is supported in kubeconfig via `auth-path` for a user: -``` -users: -- name: black-user - user: - auth-path: path/to/my/existing/.kubernetes_auth_file -``` - -The entries in a file loaded via auth-path will be applied to both the user and cluster of the current context. - -### Example .kubernetes_auth file -``` -{ - "User": "admin", - "Password": "secret", - "CertFile": "/path/to/my/client/cert", - "KeyFile": "/path/to/my/client/key", - "CAFile": "/path/to/my/server/cafile", - "BearerToken": "secrettoken", - "Insecure": false -} -``` -All entries are optional. `User`, `Password`, `CertFile`, `KeyFile`, and `BearerToken` are applied to the kubectl user. `CAFile` and `Insecure` apply to the cluster. Note that it is invalid to set both `CAFile` and `Insecure`, or both `BearerToken` and `User,Password` (see loading and merging rules below). - -If the contents of the kubernetes_auth file conflict with entries in kubeconfig, they are ignored. E.g, if the kubeconfig cluster specifies a `certificate-authority`, and the user specifies an `auth-path` to a kubernetes_file that contains a `CAFile` entry, the former will be used and the latter ignored. - ## Loading and merging rules The rules for loading and merging the kubeconfig files are straightforward, but there are a lot of them. The final config is built in this order: 1. Get the kubeconfig from disk. This is done with the following hierarchy and merge rules: @@ -108,8 +78,8 @@ The rules for loading and merging the kubeconfig files are straightforward, but 1. If cluster info is present and a value for the attribute is present, use it. 1. If you don't have a server location, error. 1. Determine the actual user info to use. User is built using the same rules as cluster info, EXCEPT that you can only have one authentication technique per user. - 1. Load precedence is 1) command line flag, 2) user fields from kubeconfig, 3) kubernetes_auth file fields (if user has a `auth-path` or the `--auth-path` was provided) - 1. The command line flags are: `auth-path`, `client-certificate`, `client-key`, `username`, `password`, and `token`. + 1. Load precedence is 1) command line flag, 2) user fields from kubeconfig + 1. The command line flags are: `client-certificate`, `client-key`, `username`, `password`, and `token`. 1. If there are two conflicting techniques, fail. 1. For any information still missing, use default values and potentially prompt for authentication information diff --git a/docs/kubectl.md b/docs/kubectl.md index 5ffdc680699..9e96bd9e369 100644 --- a/docs/kubectl.md +++ b/docs/kubectl.md @@ -18,7 +18,6 @@ kubectl ``` --alsologtostderr=false: log to standard error as well as files --api-version="": The API version to use when talking to the server - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --certificate-authority="": Path to a cert. file for the certificate authority. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. @@ -66,4 +65,4 @@ kubectl * [kubectl update](kubectl_update.md) - Update a resource by filename or stdin. * [kubectl version](kubectl_version.md) - Print the client and server version information. -###### Auto generated by spf13/cobra at 2015-05-01 20:16:42.546735249 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.494626806 +0000 UTC diff --git a/docs/kubectl_api-versions.md b/docs/kubectl_api-versions.md index 0693e3deabc..e2608e983df 100644 --- a/docs/kubectl_api-versions.md +++ b/docs/kubectl_api-versions.md @@ -22,7 +22,6 @@ kubectl api-versions ``` --alsologtostderr=false: log to standard error as well as files --api-version="": The API version to use when talking to the server - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --certificate-authority="": Path to a cert. file for the certificate authority. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. @@ -50,4 +49,4 @@ kubectl api-versions ### SEE ALSO * [kubectl](kubectl.md) - kubectl controls the Kubernetes cluster manager -###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.036328233 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.494346454 +0000 UTC diff --git a/docs/kubectl_cluster-info.md b/docs/kubectl_cluster-info.md index c3beff78a15..789ce0f47b6 100644 --- a/docs/kubectl_cluster-info.md +++ b/docs/kubectl_cluster-info.md @@ -22,7 +22,6 @@ kubectl cluster-info ``` --alsologtostderr=false: log to standard error as well as files --api-version="": The API version to use when talking to the server - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --certificate-authority="": Path to a cert. file for the certificate authority. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. @@ -50,4 +49,4 @@ kubectl cluster-info ### SEE ALSO * [kubectl](kubectl.md) - kubectl controls the Kubernetes cluster manager -###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.036176301 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.494226337 +0000 UTC diff --git a/docs/kubectl_config.md b/docs/kubectl_config.md index 11e8856df0e..94e83e42036 100644 --- a/docs/kubectl_config.md +++ b/docs/kubectl_config.md @@ -29,7 +29,6 @@ kubectl config SUBCOMMAND ``` --alsologtostderr=false: log to standard error as well as files --api-version="": The API version to use when talking to the server - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --certificate-authority="": Path to a cert. file for the certificate authority. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. @@ -63,4 +62,4 @@ kubectl config SUBCOMMAND * [kubectl config use-context](kubectl_config_use-context.md) - Sets the current-context in a kubeconfig file * [kubectl config view](kubectl_config_view.md) - displays Merged kubeconfig settings or a specified kubeconfig file. -###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.036002047 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.494113712 +0000 UTC diff --git a/docs/kubectl_config_set-cluster.md b/docs/kubectl_config_set-cluster.md index d422fc3d023..1637f386429 100644 --- a/docs/kubectl_config_set-cluster.md +++ b/docs/kubectl_config_set-cluster.md @@ -40,7 +40,6 @@ $ kubectl config set-cluster e2e --insecure-skip-tls-verify=true ``` --alsologtostderr=false: log to standard error as well as files - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. --cluster="": The name of the kubeconfig cluster to use @@ -65,4 +64,4 @@ $ kubectl config set-cluster e2e --insecure-skip-tls-verify=true ### SEE ALSO * [kubectl config](kubectl_config.md) - config modifies kubeconfig files -###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.034991096 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.493372429 +0000 UTC diff --git a/docs/kubectl_config_set-context.md b/docs/kubectl_config_set-context.md index df4fe0ebba1..0a9776c8201 100644 --- a/docs/kubectl_config_set-context.md +++ b/docs/kubectl_config_set-context.md @@ -33,7 +33,6 @@ $ kubectl config set-context gce --user=cluster-admin ``` --alsologtostderr=false: log to standard error as well as files --api-version="": The API version to use when talking to the server - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --certificate-authority="": Path to a cert. file for the certificate authority. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. @@ -58,4 +57,4 @@ $ kubectl config set-context gce --user=cluster-admin ### SEE ALSO * [kubectl config](kubectl_config.md) - config modifies kubeconfig files -###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.035371239 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.493620985 +0000 UTC diff --git a/docs/kubectl_config_set-credentials.md b/docs/kubectl_config_set-credentials.md index cafc71ced1e..4f5e478df42 100644 --- a/docs/kubectl_config_set-credentials.md +++ b/docs/kubectl_config_set-credentials.md @@ -21,7 +21,7 @@ Specifying a name that already exists will merge new fields on top of existing v ``` -kubectl config set-credentials NAME [--auth-path=/path/to/authfile] [--client-certificate=path/to/certfile] [--client-key=path/to/keyfile] [--token=bearer_token] [--username=basic_user] [--password=basic_password] +kubectl config set-credentials NAME [--client-certificate=path/to/certfile] [--client-key=path/to/keyfile] [--token=bearer_token] [--username=basic_user] [--password=basic_password] ``` ### Examples @@ -41,7 +41,6 @@ $ kubectl set-credentials cluster-admin --client-certificate=~/.kube/admin.crt - ### Options ``` - --auth-path=: auth-path for the user entry in kubeconfig --client-certificate=: path to client-certificate for the user entry in kubeconfig --client-key=: path to client-key for the user entry in kubeconfig --embed-certs=false: embed client cert/key for the user entry in kubeconfig @@ -78,4 +77,4 @@ $ kubectl set-credentials cluster-admin --client-certificate=~/.kube/admin.crt - ### SEE ALSO * [kubectl config](kubectl_config.md) - config modifies kubeconfig files -###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.035167812 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.493498685 +0000 UTC diff --git a/docs/kubectl_config_set.md b/docs/kubectl_config_set.md index 57c9dc8640d..fafb37f5c3f 100644 --- a/docs/kubectl_config_set.md +++ b/docs/kubectl_config_set.md @@ -24,7 +24,6 @@ kubectl config set PROPERTY_NAME PROPERTY_VALUE ``` --alsologtostderr=false: log to standard error as well as files --api-version="": The API version to use when talking to the server - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --certificate-authority="": Path to a cert. file for the certificate authority. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. @@ -52,4 +51,4 @@ kubectl config set PROPERTY_NAME PROPERTY_VALUE ### SEE ALSO * [kubectl config](kubectl_config.md) - config modifies kubeconfig files -###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.035532103 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.49374188 +0000 UTC diff --git a/docs/kubectl_config_unset.md b/docs/kubectl_config_unset.md index cd01819cec0..3e9bc2f6942 100644 --- a/docs/kubectl_config_unset.md +++ b/docs/kubectl_config_unset.md @@ -23,7 +23,6 @@ kubectl config unset PROPERTY_NAME ``` --alsologtostderr=false: log to standard error as well as files --api-version="": The API version to use when talking to the server - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --certificate-authority="": Path to a cert. file for the certificate authority. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. @@ -51,4 +50,4 @@ kubectl config unset PROPERTY_NAME ### SEE ALSO * [kubectl config](kubectl_config.md) - config modifies kubeconfig files -###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.035684858 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.493867298 +0000 UTC diff --git a/docs/kubectl_config_use-context.md b/docs/kubectl_config_use-context.md index 22d52d39b2d..9b3c560a16c 100644 --- a/docs/kubectl_config_use-context.md +++ b/docs/kubectl_config_use-context.md @@ -22,7 +22,6 @@ kubectl config use-context CONTEXT_NAME ``` --alsologtostderr=false: log to standard error as well as files --api-version="": The API version to use when talking to the server - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --certificate-authority="": Path to a cert. file for the certificate authority. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. @@ -50,4 +49,4 @@ kubectl config use-context CONTEXT_NAME ### SEE ALSO * [kubectl config](kubectl_config.md) - config modifies kubeconfig files -###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.035835782 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.493987321 +0000 UTC diff --git a/docs/kubectl_config_view.md b/docs/kubectl_config_view.md index de82f1cec80..b78321ae744 100644 --- a/docs/kubectl_config_view.md +++ b/docs/kubectl_config_view.md @@ -45,7 +45,6 @@ $ kubectl config view -o template --template='{{range .users}}{{ if eq .name "e2 ``` --alsologtostderr=false: log to standard error as well as files --api-version="": The API version to use when talking to the server - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --certificate-authority="": Path to a cert. file for the certificate authority. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. @@ -73,4 +72,4 @@ $ kubectl config view -o template --template='{{range .users}}{{ if eq .name "e2 ### SEE ALSO * [kubectl config](kubectl_config.md) - config modifies kubeconfig files -###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.034809963 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.493241636 +0000 UTC diff --git a/docs/kubectl_create.md b/docs/kubectl_create.md index 6369bbbd605..d5710ba5d4e 100644 --- a/docs/kubectl_create.md +++ b/docs/kubectl_create.md @@ -35,7 +35,6 @@ $ cat pod.json | kubectl create -f - ``` --alsologtostderr=false: log to standard error as well as files --api-version="": The API version to use when talking to the server - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --certificate-authority="": Path to a cert. file for the certificate authority. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. @@ -63,4 +62,4 @@ $ cat pod.json | kubectl create -f - ### SEE ALSO * [kubectl](kubectl.md) - kubectl controls the Kubernetes cluster manager -###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.030664101 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.491140012 +0000 UTC diff --git a/docs/kubectl_delete.md b/docs/kubectl_delete.md index 57c454a878a..8c09010095a 100644 --- a/docs/kubectl_delete.md +++ b/docs/kubectl_delete.md @@ -55,7 +55,6 @@ $ kubectl delete pods --all ``` --alsologtostderr=false: log to standard error as well as files --api-version="": The API version to use when talking to the server - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --certificate-authority="": Path to a cert. file for the certificate authority. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. @@ -83,4 +82,4 @@ $ kubectl delete pods --all ### SEE ALSO * [kubectl](kubectl.md) - kubectl controls the Kubernetes cluster manager -###### Auto generated by spf13/cobra at 2015-04-30 14:53:47.856200003 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.491421364 +0000 UTC diff --git a/docs/kubectl_describe.md b/docs/kubectl_describe.md index 907341b2d65..ae657a87356 100644 --- a/docs/kubectl_describe.md +++ b/docs/kubectl_describe.md @@ -35,7 +35,6 @@ $ kubectl describe pods/nginx ``` --alsologtostderr=false: log to standard error as well as files --api-version="": The API version to use when talking to the server - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --certificate-authority="": Path to a cert. file for the certificate authority. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. @@ -63,4 +62,4 @@ $ kubectl describe pods/nginx ### SEE ALSO * [kubectl](kubectl.md) - kubectl controls the Kubernetes cluster manager -###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.030447061 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.490982332 +0000 UTC diff --git a/docs/kubectl_exec.md b/docs/kubectl_exec.md index eddb9dfb314..118a3a6889d 100644 --- a/docs/kubectl_exec.md +++ b/docs/kubectl_exec.md @@ -36,7 +36,6 @@ $ kubectl exec -p 123456-7890 -c ruby-container -i -t -- bash -il ``` --alsologtostderr=false: log to standard error as well as files --api-version="": The API version to use when talking to the server - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --certificate-authority="": Path to a cert. file for the certificate authority. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. @@ -64,4 +63,4 @@ $ kubectl exec -p 123456-7890 -c ruby-container -i -t -- bash -il ### SEE ALSO * [kubectl](kubectl.md) - kubectl controls the Kubernetes cluster manager -###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.032352238 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.492105038 +0000 UTC diff --git a/docs/kubectl_expose.md b/docs/kubectl_expose.md index 7d0e078a3bf..5afb28e7041 100644 --- a/docs/kubectl_expose.md +++ b/docs/kubectl_expose.md @@ -54,7 +54,6 @@ $ kubectl expose rc streamer --port=4100 --protocol=udp --service-name=video-str ``` --alsologtostderr=false: log to standard error as well as files --api-version="": The API version to use when talking to the server - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --certificate-authority="": Path to a cert. file for the certificate authority. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. @@ -82,4 +81,4 @@ $ kubectl expose rc streamer --port=4100 --protocol=udp --service-name=video-str ### SEE ALSO * [kubectl](kubectl.md) - kubectl controls the Kubernetes cluster manager -###### Auto generated by spf13/cobra at 2015-04-30 06:01:21.51286228 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.49295951 +0000 UTC diff --git a/docs/kubectl_get.md b/docs/kubectl_get.md index 76230f04238..4e24942e570 100644 --- a/docs/kubectl_get.md +++ b/docs/kubectl_get.md @@ -57,7 +57,6 @@ $ kubectl get rc/web service/frontend pods/web-pod-13je7 ``` --alsologtostderr=false: log to standard error as well as files --api-version="": The API version to use when talking to the server - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --certificate-authority="": Path to a cert. file for the certificate authority. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. @@ -85,4 +84,4 @@ $ kubectl get rc/web service/frontend pods/web-pod-13je7 ### SEE ALSO * [kubectl](kubectl.md) - kubectl controls the Kubernetes cluster manager -###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.030165061 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.490776443 +0000 UTC diff --git a/docs/kubectl_label.md b/docs/kubectl_label.md index 81fcad3f4b7..c3d55ee65cf 100644 --- a/docs/kubectl_label.md +++ b/docs/kubectl_label.md @@ -53,7 +53,6 @@ $ kubectl label pods foo bar- ``` --alsologtostderr=false: log to standard error as well as files --api-version="": The API version to use when talking to the server - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --certificate-authority="": Path to a cert. file for the certificate authority. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. @@ -81,4 +80,4 @@ $ kubectl label pods foo bar- ### SEE ALSO * [kubectl](kubectl.md) - kubectl controls the Kubernetes cluster manager -###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.03459192 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.493103008 +0000 UTC diff --git a/docs/kubectl_log.md b/docs/kubectl_log.md index def67609563..e3508db50d3 100644 --- a/docs/kubectl_log.md +++ b/docs/kubectl_log.md @@ -34,7 +34,6 @@ $ kubectl log -f 123456-7890 ruby-container ``` --alsologtostderr=false: log to standard error as well as files --api-version="": The API version to use when talking to the server - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --certificate-authority="": Path to a cert. file for the certificate authority. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. @@ -62,4 +61,4 @@ $ kubectl log -f 123456-7890 ruby-container ### SEE ALSO * [kubectl](kubectl.md) - kubectl controls the Kubernetes cluster manager -###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.031591306 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.491667484 +0000 UTC diff --git a/docs/kubectl_namespace.md b/docs/kubectl_namespace.md index 3800ce3dfd6..b3f642cb25b 100644 --- a/docs/kubectl_namespace.md +++ b/docs/kubectl_namespace.md @@ -25,7 +25,6 @@ kubectl namespace [namespace] ``` --alsologtostderr=false: log to standard error as well as files --api-version="": The API version to use when talking to the server - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --certificate-authority="": Path to a cert. file for the certificate authority. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. @@ -53,4 +52,4 @@ kubectl namespace [namespace] ### SEE ALSO * [kubectl](kubectl.md) - kubectl controls the Kubernetes cluster manager -###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.031378018 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.491542407 +0000 UTC diff --git a/docs/kubectl_port-forward.md b/docs/kubectl_port-forward.md index 93946c39783..dd8477aefa5 100644 --- a/docs/kubectl_port-forward.md +++ b/docs/kubectl_port-forward.md @@ -40,7 +40,6 @@ $ kubectl port-forward -p mypod 0:5000 ``` --alsologtostderr=false: log to standard error as well as files --api-version="": The API version to use when talking to the server - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --certificate-authority="": Path to a cert. file for the certificate authority. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. @@ -68,4 +67,4 @@ $ kubectl port-forward -p mypod 0:5000 ### SEE ALSO * [kubectl](kubectl.md) - kubectl controls the Kubernetes cluster manager -###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.032575511 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.492233845 +0000 UTC diff --git a/docs/kubectl_proxy.md b/docs/kubectl_proxy.md index 7cda4cea0f2..21025317fdf 100644 --- a/docs/kubectl_proxy.md +++ b/docs/kubectl_proxy.md @@ -37,7 +37,6 @@ $ kubectl proxy --api-prefix=k8s-api ``` --alsologtostderr=false: log to standard error as well as files --api-version="": The API version to use when talking to the server - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --certificate-authority="": Path to a cert. file for the certificate authority. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. @@ -65,4 +64,4 @@ $ kubectl proxy --api-prefix=k8s-api ### SEE ALSO * [kubectl](kubectl.md) - kubectl controls the Kubernetes cluster manager -###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.032792489 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.492383202 +0000 UTC diff --git a/docs/kubectl_resize.md b/docs/kubectl_resize.md index d90f8fa3bda..30eefaf40da 100644 --- a/docs/kubectl_resize.md +++ b/docs/kubectl_resize.md @@ -40,7 +40,6 @@ $ kubectl resize --current-replicas=2 --replicas=3 replicationcontrollers foo ``` --alsologtostderr=false: log to standard error as well as files --api-version="": The API version to use when talking to the server - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --certificate-authority="": Path to a cert. file for the certificate authority. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. @@ -68,4 +67,4 @@ $ kubectl resize --current-replicas=2 --replicas=3 replicationcontrollers foo ### SEE ALSO * [kubectl](kubectl.md) - kubectl controls the Kubernetes cluster manager -###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.032100141 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.491965213 +0000 UTC diff --git a/docs/kubectl_rolling-update.md b/docs/kubectl_rolling-update.md index bdbabaac837..73614643d1b 100644 --- a/docs/kubectl_rolling-update.md +++ b/docs/kubectl_rolling-update.md @@ -56,7 +56,6 @@ $ kubectl rolling-update frontend --image=image:v2 ``` --alsologtostderr=false: log to standard error as well as files --api-version="": The API version to use when talking to the server - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --certificate-authority="": Path to a cert. file for the certificate authority. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. @@ -84,4 +83,4 @@ $ kubectl rolling-update frontend --image=image:v2 ### SEE ALSO * [kubectl](kubectl.md) - kubectl controls the Kubernetes cluster manager -###### Auto generated by spf13/cobra at 2015-05-02 00:22:29.503205238 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.491832315 +0000 UTC diff --git a/docs/kubectl_run-container.md b/docs/kubectl_run-container.md index 7188ca5cc31..11bcc326bcd 100644 --- a/docs/kubectl_run-container.md +++ b/docs/kubectl_run-container.md @@ -51,7 +51,6 @@ $ kubectl run-container nginx --image=nginx --overrides='{ "apiVersion": "v1beta ``` --alsologtostderr=false: log to standard error as well as files --api-version="": The API version to use when talking to the server - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --certificate-authority="": Path to a cert. file for the certificate authority. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. @@ -79,4 +78,4 @@ $ kubectl run-container nginx --image=nginx --overrides='{ "apiVersion": "v1beta ### SEE ALSO * [kubectl](kubectl.md) - kubectl controls the Kubernetes cluster manager -###### Auto generated by spf13/cobra at 2015-04-29 23:46:39.503475144 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.492617426 +0000 UTC diff --git a/docs/kubectl_stop.md b/docs/kubectl_stop.md index 92eae9a9875..0836f063ce9 100644 --- a/docs/kubectl_stop.md +++ b/docs/kubectl_stop.md @@ -45,7 +45,6 @@ $ kubectl stop -f path/to/resources ``` --alsologtostderr=false: log to standard error as well as files --api-version="": The API version to use when talking to the server - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --certificate-authority="": Path to a cert. file for the certificate authority. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. @@ -73,4 +72,4 @@ $ kubectl stop -f path/to/resources ### SEE ALSO * [kubectl](kubectl.md) - kubectl controls the Kubernetes cluster manager -###### Auto generated by spf13/cobra at 2015-04-30 14:53:47.85772498 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.492767531 +0000 UTC diff --git a/docs/kubectl_update.md b/docs/kubectl_update.md index 666f2d376b6..6cdfbf730c2 100644 --- a/docs/kubectl_update.md +++ b/docs/kubectl_update.md @@ -39,7 +39,6 @@ $ kubectl update pods my-pod --patch='{ "apiVersion": "v1beta1", "desiredState": ``` --alsologtostderr=false: log to standard error as well as files --api-version="": The API version to use when talking to the server - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --certificate-authority="": Path to a cert. file for the certificate authority. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. @@ -67,4 +66,4 @@ $ kubectl update pods my-pod --patch='{ "apiVersion": "v1beta1", "desiredState": ### SEE ALSO * [kubectl](kubectl.md) - kubectl controls the Kubernetes cluster manager -###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.030922954 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.491280734 +0000 UTC diff --git a/docs/kubectl_version.md b/docs/kubectl_version.md index be1a2946964..2d173013d0d 100644 --- a/docs/kubectl_version.md +++ b/docs/kubectl_version.md @@ -23,7 +23,6 @@ kubectl version ``` --alsologtostderr=false: log to standard error as well as files --api-version="": The API version to use when talking to the server - -a, --auth-path="": Path to the auth info file. If missing, prompt the user. Only used if using https. --certificate-authority="": Path to a cert. file for the certificate authority. --client-certificate="": Path to a client key file for TLS. --client-key="": Path to a client key file for TLS. @@ -51,4 +50,4 @@ kubectl version ### SEE ALSO * [kubectl](kubectl.md) - kubectl controls the Kubernetes cluster manager -###### Auto generated by spf13/cobra at 2015-04-29 15:25:11.036492866 +0000 UTC +###### Auto generated by spf13/cobra at 2015-05-08 20:26:40.49446172 +0000 UTC diff --git a/pkg/client/clientcmd/overrides.go b/pkg/client/clientcmd/overrides.go index 877ef5c9385..32121ba563a 100644 --- a/pkg/client/clientcmd/overrides.go +++ b/pkg/client/clientcmd/overrides.go @@ -135,12 +135,20 @@ func RecommendedContextOverrideFlags(prefix string) ContextOverrideFlags { // BindAuthInfoFlags is a convenience method to bind the specified flags to their associated variables func BindAuthInfoFlags(authInfo *clientcmdapi.AuthInfo, flags *pflag.FlagSet, flagNames AuthOverrideFlags) { - bindStringFlag(flags, &authInfo.AuthPath, flagNames.AuthPath) + deadString := "" + bindStringFlag(flags, &deadString, flagNames.AuthPath) bindStringFlag(flags, &authInfo.ClientCertificate, flagNames.ClientCertificate) bindStringFlag(flags, &authInfo.ClientKey, flagNames.ClientKey) bindStringFlag(flags, &authInfo.Token, flagNames.Token) bindStringFlag(flags, &authInfo.Username, flagNames.Username) bindStringFlag(flags, &authInfo.Password, flagNames.Password) + + if len(flagNames.AuthPath.LongName) > 0 { + flags.MarkDeprecated(flagNames.AuthPath.LongName, flagNames.AuthPath.LongName+" has been removed and is no longer respected") + } + if len(flagNames.AuthPath.ShortName) > 0 { + flags.MarkDeprecated(flagNames.AuthPath.ShortName, flagNames.AuthPath.ShortName+" has been removed and is no longer respected") + } } // BindClusterFlags is a convenience method to bind the specified flags to their associated variables diff --git a/pkg/kubectl/cmd/config/config_test.go b/pkg/kubectl/cmd/config/config_test.go index 5bfd6bf5aa6..e91752132fd 100644 --- a/pkg/kubectl/cmd/config/config_test.go +++ b/pkg/kubectl/cmd/config/config_test.go @@ -97,10 +97,10 @@ func TestSetIntoExistingStruct(t *testing.T) { expectedConfig := newRedFederalCowHammerConfig() a := expectedConfig.AuthInfos["red-user"] authInfo := &a - authInfo.AuthPath = "new-path-value" + authInfo.Password = "new-path-value" expectedConfig.AuthInfos["red-user"] = *authInfo test := configCommandTest{ - args: []string{"set", "users.red-user.auth-path", "new-path-value"}, + args: []string{"set", "users.red-user.password", "new-path-value"}, startingConfig: newRedFederalCowHammerConfig(), expectedConfig: expectedConfig, } @@ -189,11 +189,10 @@ func TestNewEmptyAuth(t *testing.T) { func TestAdditionalAuth(t *testing.T) { expectedConfig := newRedFederalCowHammerConfig() authInfo := clientcmdapi.NewAuthInfo() - authInfo.AuthPath = "auth-path" authInfo.Token = "token" expectedConfig.AuthInfos["another-user"] = *authInfo test := configCommandTest{ - args: []string{"set-credentials", "another-user", "--" + clientcmd.FlagAuthPath + "=auth-path", "--" + clientcmd.FlagBearerToken + "=token"}, + args: []string{"set-credentials", "another-user", "--" + clientcmd.FlagBearerToken + "=token"}, startingConfig: newRedFederalCowHammerConfig(), expectedConfig: expectedConfig, } @@ -512,10 +511,10 @@ func TestCAAndInsecureDisallowed(t *testing.T) { func TestMergeExistingAuth(t *testing.T) { expectedConfig := newRedFederalCowHammerConfig() authInfo := expectedConfig.AuthInfos["red-user"] - authInfo.AuthPath = "auth-path" + authInfo.ClientKey = "key" expectedConfig.AuthInfos["red-user"] = authInfo test := configCommandTest{ - args: []string{"set-credentials", "red-user", "--" + clientcmd.FlagAuthPath + "=auth-path"}, + args: []string{"set-credentials", "red-user", "--" + clientcmd.FlagKeyFile + "=key"}, startingConfig: newRedFederalCowHammerConfig(), expectedConfig: expectedConfig, } diff --git a/pkg/kubectl/cmd/config/create_authinfo.go b/pkg/kubectl/cmd/config/create_authinfo.go index e4ea2de5187..0da40d21515 100644 --- a/pkg/kubectl/cmd/config/create_authinfo.go +++ b/pkg/kubectl/cmd/config/create_authinfo.go @@ -71,7 +71,7 @@ func NewCmdConfigSetAuthInfo(out io.Writer, configAccess ConfigAccess) *cobra.Co options := &createAuthInfoOptions{configAccess: configAccess} cmd := &cobra.Command{ - Use: fmt.Sprintf("set-credentials NAME [--%v=/path/to/authfile] [--%v=path/to/certfile] [--%v=path/to/keyfile] [--%v=bearer_token] [--%v=basic_user] [--%v=basic_password]", clientcmd.FlagAuthPath, clientcmd.FlagCertFile, clientcmd.FlagKeyFile, clientcmd.FlagBearerToken, clientcmd.FlagUsername, clientcmd.FlagPassword), + Use: fmt.Sprintf("set-credentials NAME [--%v=path/to/certfile] [--%v=path/to/keyfile] [--%v=bearer_token] [--%v=basic_user] [--%v=basic_password]", clientcmd.FlagCertFile, clientcmd.FlagKeyFile, clientcmd.FlagBearerToken, clientcmd.FlagUsername, clientcmd.FlagPassword), Short: "Sets a user entry in kubeconfig", Long: create_authinfo_long, Example: create_authinfo_example, @@ -87,7 +87,6 @@ func NewCmdConfigSetAuthInfo(out io.Writer, configAccess ConfigAccess) *cobra.Co }, } - cmd.Flags().Var(&options.authPath, clientcmd.FlagAuthPath, clientcmd.FlagAuthPath+" for the user entry in kubeconfig") cmd.Flags().Var(&options.clientCertificate, clientcmd.FlagCertFile, "path to "+clientcmd.FlagCertFile+" for the user entry in kubeconfig") cmd.Flags().Var(&options.clientKey, clientcmd.FlagKeyFile, "path to "+clientcmd.FlagKeyFile+" for the user entry in kubeconfig") cmd.Flags().Var(&options.token, clientcmd.FlagBearerToken, clientcmd.FlagBearerToken+" for the user entry in kubeconfig") @@ -95,6 +94,8 @@ func NewCmdConfigSetAuthInfo(out io.Writer, configAccess ConfigAccess) *cobra.Co cmd.Flags().Var(&options.password, clientcmd.FlagPassword, clientcmd.FlagPassword+" for the user entry in kubeconfig") cmd.Flags().Var(&options.embedCertData, clientcmd.FlagEmbedCerts, "embed client cert/key for the user entry in kubeconfig") + cmd.Flags().String(clientcmd.FlagAuthPath, "", clientcmd.FlagAuthPath+" for the user entry in kubeconfig") + cmd.Flags().MarkDeprecated(clientcmd.FlagAuthPath, clientcmd.FlagAuthPath+" has been removed and is no longer respected") return cmd } From 19784dbc4fd3932d8cffe68554a1c40356fdce2b Mon Sep 17 00:00:00 2001 From: deads2k Date: Mon, 11 May 2015 09:42:07 -0400 Subject: [PATCH 2/2] remove auth-path from kubeconfig --- contrib/completions/bash/kubectl | 3 - docs/man/man1/kubectl-api-versions.1 | 4 - docs/man/man1/kubectl-cluster-info.1 | 4 - docs/man/man1/kubectl-config-set-cluster.1 | 4 - docs/man/man1/kubectl-config-set-context.1 | 4 - .../man/man1/kubectl-config-set-credentials.1 | 4 - docs/man/man1/kubectl-config-set.1 | 4 - docs/man/man1/kubectl-config-unset.1 | 4 - docs/man/man1/kubectl-config-use-context.1 | 4 - docs/man/man1/kubectl-config-view.1 | 4 - docs/man/man1/kubectl-config.1 | 4 - docs/man/man1/kubectl-create.1 | 4 - docs/man/man1/kubectl-delete.1 | 4 - docs/man/man1/kubectl-describe.1 | 4 - docs/man/man1/kubectl-exec.1 | 4 - docs/man/man1/kubectl-expose.1 | 4 - docs/man/man1/kubectl-get.1 | 4 - docs/man/man1/kubectl-label.1 | 4 - docs/man/man1/kubectl-log.1 | 4 - docs/man/man1/kubectl-namespace.1 | 4 - docs/man/man1/kubectl-port-forward.1 | 4 - docs/man/man1/kubectl-proxy.1 | 4 - docs/man/man1/kubectl-resize.1 | 4 - docs/man/man1/kubectl-rolling-update.1 | 4 - docs/man/man1/kubectl-run-container.1 | 4 - docs/man/man1/kubectl-stop.1 | 4 - docs/man/man1/kubectl-update.1 | 4 - docs/man/man1/kubectl-version.1 | 4 - docs/man/man1/kubectl.1 | 4 - pkg/client/clientcmd/api/helpers.go | 4 - pkg/client/clientcmd/api/types.go | 2 - pkg/client/clientcmd/api/types_test.go | 6 -- pkg/client/clientcmd/api/v1/types.go | 2 - pkg/client/clientcmd/client_config.go | 44 --------- pkg/client/clientcmd/loader.go | 1 - pkg/client/clientcmd/loader_test.go | 12 +-- .../clientcmd/merged_client_builder_test.go | 89 ------------------- pkg/client/clientcmd/overrides.go | 12 --- pkg/client/clientcmd/validation.go | 11 --- pkg/client/clientcmd/validation_test.go | 36 +------- pkg/kubectl/cmd/config/create_authinfo.go | 6 -- pkg/kubectl/cmd/util/factory.go | 1 - test/e2e/util.go | 2 - 43 files changed, 8 insertions(+), 335 deletions(-) delete mode 100644 pkg/client/clientcmd/merged_client_builder_test.go diff --git a/contrib/completions/bash/kubectl b/contrib/completions/bash/kubectl index 4d29416a5c5..192b3434242 100644 --- a/contrib/completions/bash/kubectl +++ b/contrib/completions/bash/kubectl @@ -721,7 +721,6 @@ _kubectl_config_set-credentials() flags_with_completion=() flags_completion=() - flags+=("--auth-path=") flags+=("--client-certificate=") flags+=("--client-key=") flags+=("--embed-certs") @@ -916,8 +915,6 @@ _kubectl() flags+=("--alsologtostderr") flags+=("--api-version=") - flags+=("--auth-path=") - two_word_flags+=("-a") flags+=("--certificate-authority=") flags+=("--client-certificate=") flags+=("--client-key=") diff --git a/docs/man/man1/kubectl-api-versions.1 b/docs/man/man1/kubectl-api-versions.1 index c03601aff08..0c66fdba938 100644 --- a/docs/man/man1/kubectl-api-versions.1 +++ b/docs/man/man1/kubectl-api-versions.1 @@ -31,10 +31,6 @@ Print available API versions. \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-cluster-info.1 b/docs/man/man1/kubectl-cluster-info.1 index 1584b294850..df5e04fd01c 100644 --- a/docs/man/man1/kubectl-cluster-info.1 +++ b/docs/man/man1/kubectl-cluster-info.1 @@ -31,10 +31,6 @@ Display addresses of the master and services with label kubernetes.io/cluster\-s \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-config-set-cluster.1 b/docs/man/man1/kubectl-config-set-cluster.1 index a63c4c3c545..a99b2cee93f 100644 --- a/docs/man/man1/kubectl-config-set-cluster.1 +++ b/docs/man/man1/kubectl-config-set-cluster.1 @@ -48,10 +48,6 @@ Specifying a name that already exists will merge new fields on top of existing v \fB\-\-alsologtostderr\fP=false log to standard error as well as files -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-client\-certificate\fP="" Path to a client key file for TLS. diff --git a/docs/man/man1/kubectl-config-set-context.1 b/docs/man/man1/kubectl-config-set-context.1 index 19043acb03b..987073b8f77 100644 --- a/docs/man/man1/kubectl-config-set-context.1 +++ b/docs/man/man1/kubectl-config-set-context.1 @@ -44,10 +44,6 @@ Specifying a name that already exists will merge new fields on top of existing v \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-config-set-credentials.1 b/docs/man/man1/kubectl-config-set-credentials.1 index 77afc1832df..63e4ad24026 100644 --- a/docs/man/man1/kubectl-config-set-credentials.1 +++ b/docs/man/man1/kubectl-config-set-credentials.1 @@ -33,10 +33,6 @@ Bearer token and basic auth are mutually exclusive. .SH OPTIONS -.PP -\fB\-\-auth\-path\fP="" - auth\-path for the user entry in kubeconfig - .PP \fB\-\-client\-certificate\fP="" path to client\-certificate for the user entry in kubeconfig diff --git a/docs/man/man1/kubectl-config-set.1 b/docs/man/man1/kubectl-config-set.1 index ce977f677e1..25a449dc44f 100644 --- a/docs/man/man1/kubectl-config-set.1 +++ b/docs/man/man1/kubectl-config-set.1 @@ -33,10 +33,6 @@ PROPERTY\_VALUE is the new value you wish to set. \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-config-unset.1 b/docs/man/man1/kubectl-config-unset.1 index 4bfb6f77c6e..ea10fae82a7 100644 --- a/docs/man/man1/kubectl-config-unset.1 +++ b/docs/man/man1/kubectl-config-unset.1 @@ -32,10 +32,6 @@ PROPERTY\_NAME is a dot delimited name where each token represents either a attr \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-config-use-context.1 b/docs/man/man1/kubectl-config-use-context.1 index 12814efc699..cabbdaf8aad 100644 --- a/docs/man/man1/kubectl-config-use-context.1 +++ b/docs/man/man1/kubectl-config-use-context.1 @@ -31,10 +31,6 @@ Sets the current\-context in a kubeconfig file \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-config-view.1 b/docs/man/man1/kubectl-config-view.1 index 0438e65b62f..5036cabcc23 100644 --- a/docs/man/man1/kubectl-config-view.1 +++ b/docs/man/man1/kubectl-config-view.1 @@ -67,10 +67,6 @@ You can use \-\-output=template \-\-template=TEMPLATE to extract specific values \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-config.1 b/docs/man/man1/kubectl-config.1 index e99d2bece1c..fb6687cf2e1 100644 --- a/docs/man/man1/kubectl-config.1 +++ b/docs/man/man1/kubectl-config.1 @@ -41,10 +41,6 @@ The loading order follows these rules: \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-create.1 b/docs/man/man1/kubectl-create.1 index ca9b27364c7..f77d10e17d4 100644 --- a/docs/man/man1/kubectl-create.1 +++ b/docs/man/man1/kubectl-create.1 @@ -38,10 +38,6 @@ JSON and YAML formats are accepted. \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-delete.1 b/docs/man/man1/kubectl-delete.1 index 57df45ecf7e..c28b1d15c32 100644 --- a/docs/man/man1/kubectl-delete.1 +++ b/docs/man/man1/kubectl-delete.1 @@ -63,10 +63,6 @@ will be lost along with the rest of the resource. \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-describe.1 b/docs/man/man1/kubectl-describe.1 index 38b2e3ba9a1..a165eca4d1c 100644 --- a/docs/man/man1/kubectl-describe.1 +++ b/docs/man/man1/kubectl-describe.1 @@ -35,10 +35,6 @@ given resource. \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-exec.1 b/docs/man/man1/kubectl-exec.1 index 5324972cbcb..c22746ab7e3 100644 --- a/docs/man/man1/kubectl-exec.1 +++ b/docs/man/man1/kubectl-exec.1 @@ -47,10 +47,6 @@ Execute a command in a container. \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-expose.1 b/docs/man/man1/kubectl-expose.1 index 99ac27d97f5..3ea4b73ad90 100644 --- a/docs/man/man1/kubectl-expose.1 +++ b/docs/man/man1/kubectl-expose.1 @@ -100,10 +100,6 @@ selector for a new Service on the specified port. \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-get.1 b/docs/man/man1/kubectl-get.1 index 5b87150369c..d9f9cb53509 100644 --- a/docs/man/man1/kubectl-get.1 +++ b/docs/man/man1/kubectl-get.1 @@ -68,10 +68,6 @@ of the \-\-template flag, you can filter the attributes of the fetched resource( \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-label.1 b/docs/man/man1/kubectl-label.1 index 192f087d183..00946e8319b 100644 --- a/docs/man/man1/kubectl-label.1 +++ b/docs/man/man1/kubectl-label.1 @@ -68,10 +68,6 @@ If \-\-resource\-version is specified, then updates will use this resource versi \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-log.1 b/docs/man/man1/kubectl-log.1 index 3cea9c32782..08f7fdce663 100644 --- a/docs/man/man1/kubectl-log.1 +++ b/docs/man/man1/kubectl-log.1 @@ -39,10 +39,6 @@ Print the logs for a container in a pod. If the pod has only one container, the \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-namespace.1 b/docs/man/man1/kubectl-namespace.1 index 6f0a0819c56..95094304347 100644 --- a/docs/man/man1/kubectl-namespace.1 +++ b/docs/man/man1/kubectl-namespace.1 @@ -34,10 +34,6 @@ namespace has been superceded by the context.namespace field of .kubeconfig file \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-port-forward.1 b/docs/man/man1/kubectl-port-forward.1 index 0f99fb29f64..ee535ccd456 100644 --- a/docs/man/man1/kubectl-port-forward.1 +++ b/docs/man/man1/kubectl-port-forward.1 @@ -35,10 +35,6 @@ Forward one or more local ports to a pod. \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-proxy.1 b/docs/man/man1/kubectl-proxy.1 index 5ac2fcd5a1f..ccb42822da0 100644 --- a/docs/man/man1/kubectl-proxy.1 +++ b/docs/man/man1/kubectl-proxy.1 @@ -47,10 +47,6 @@ Run a proxy to the Kubernetes API server. \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-resize.1 b/docs/man/man1/kubectl-resize.1 index 9d2d25ab5c1..86ecbb583b0 100644 --- a/docs/man/man1/kubectl-resize.1 +++ b/docs/man/man1/kubectl-resize.1 @@ -49,10 +49,6 @@ resize is sent to the server. \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-rolling-update.1 b/docs/man/man1/kubectl-rolling-update.1 index 83bb6f08046..c5d28ffe22f 100644 --- a/docs/man/man1/kubectl-rolling-update.1 +++ b/docs/man/man1/kubectl-rolling-update.1 @@ -85,10 +85,6 @@ existing controller and overwrite at least one (common) label in its replicaSele \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-run-container.1 b/docs/man/man1/kubectl-run-container.1 index e59ae88e6fe..2d0c0b7e382 100644 --- a/docs/man/man1/kubectl-run-container.1 +++ b/docs/man/man1/kubectl-run-container.1 @@ -81,10 +81,6 @@ Creates a replication controller to manage the created container(s). \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-stop.1 b/docs/man/man1/kubectl-stop.1 index 060f2eaf211..54de59515af 100644 --- a/docs/man/man1/kubectl-stop.1 +++ b/docs/man/man1/kubectl-stop.1 @@ -51,10 +51,6 @@ If the resource is resizable it will be resized to 0 before deletion. \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-update.1 b/docs/man/man1/kubectl-update.1 index f400c93a6c5..92e8dfac6a7 100644 --- a/docs/man/man1/kubectl-update.1 +++ b/docs/man/man1/kubectl-update.1 @@ -42,10 +42,6 @@ JSON and YAML formats are accepted. \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl-version.1 b/docs/man/man1/kubectl-version.1 index 1640fdd5b75..984fb3810ef 100644 --- a/docs/man/man1/kubectl-version.1 +++ b/docs/man/man1/kubectl-version.1 @@ -35,10 +35,6 @@ Print the client and server version information. \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/docs/man/man1/kubectl.1 b/docs/man/man1/kubectl.1 index 7c62909a0e6..8c0a22ef164 100644 --- a/docs/man/man1/kubectl.1 +++ b/docs/man/man1/kubectl.1 @@ -29,10 +29,6 @@ Find more information at \fB\-\-api\-version\fP="" The API version to use when talking to the server -.PP -\fB\-a\fP, \fB\-\-auth\-path\fP="" - Path to the auth info file. If missing, prompt the user. Only used if using https. - .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority. diff --git a/pkg/client/clientcmd/api/helpers.go b/pkg/client/clientcmd/api/helpers.go index 394a9cfd02f..5ea762a3c57 100644 --- a/pkg/client/clientcmd/api/helpers.go +++ b/pkg/client/clientcmd/api/helpers.go @@ -96,16 +96,12 @@ func ShortenConfig(config *Config) { } // Flatten changes the config object into a self contained config (useful for making secrets) -// AuthPath is not handled. func FlattenConfig(config *Config) error { for key, authInfo := range config.AuthInfos { baseDir, err := MakeAbs(path.Dir(authInfo.LocationOfOrigin), "") if err != nil { return err } - if len(authInfo.AuthPath) != 0 { - return fmt.Errorf("auth path of %v is not empty: %v", key, authInfo.AuthPath) - } if err := FlattenContent(&authInfo.ClientCertificate, &authInfo.ClientCertificateData, baseDir); err != nil { return err diff --git a/pkg/client/clientcmd/api/types.go b/pkg/client/clientcmd/api/types.go index 81daa386e28..2d74a96e674 100644 --- a/pkg/client/clientcmd/api/types.go +++ b/pkg/client/clientcmd/api/types.go @@ -69,8 +69,6 @@ type Cluster struct { type AuthInfo struct { // LocationOfOrigin indicates where this object came from. It is used for round tripping config post-merge, but never serialized. LocationOfOrigin string - // AuthPath is the path to a kubernetes auth file (~/.kubernetes_auth). If you provide an AuthPath, the other options specified are ignored - AuthPath string `json:"auth-path,omitempty"` // ClientCertificate is the path to a client cert file for TLS. ClientCertificate string `json:"client-certificate,omitempty"` // ClientCertificateData contains PEM-encoded data from a client cert file for TLS. Overrides ClientCertificate diff --git a/pkg/client/clientcmd/api/types_test.go b/pkg/client/clientcmd/api/types_test.go index dbb6766af19..3caf18fae62 100644 --- a/pkg/client/clientcmd/api/types_test.go +++ b/pkg/client/clientcmd/api/types_test.go @@ -53,9 +53,6 @@ func ExampleOfOptionsConfig() { APIVersion: "v1beta1", InsecureSkipTLSVerify: false, } - defaultConfig.AuthInfos["black-mage-via-file"] = AuthInfo{ - AuthPath: "path/to/my/.kubernetes_auth", - } defaultConfig.AuthInfos["white-mage-via-cert"] = AuthInfo{ ClientCertificate: "path/to/my/client-cert-filename", ClientKey: "path/to/my/client-key-filename", @@ -116,9 +113,6 @@ func ExampleOfOptionsConfig() { // preferences: // colors: true // users: - // black-mage-via-file: - // LocationOfOrigin: "" - // auth-path: path/to/my/.kubernetes_auth // red-mage-via-token: // LocationOfOrigin: "" // token: my-secret-token diff --git a/pkg/client/clientcmd/api/v1/types.go b/pkg/client/clientcmd/api/v1/types.go index 325d998de30..3f29f435bc7 100644 --- a/pkg/client/clientcmd/api/v1/types.go +++ b/pkg/client/clientcmd/api/v1/types.go @@ -65,8 +65,6 @@ type Cluster struct { // AuthInfo contains information that describes identity information. This is use to tell the kubernetes cluster who you are. type AuthInfo struct { - // AuthPath is the path to a kubernetes auth file (~/.kubernetes_auth). If you provide an AuthPath, the other options specified are ignored - AuthPath string `json:"auth-path,omitempty"` // ClientCertificate is the path to a client cert file for TLS. ClientCertificate string `json:"client-certificate,omitempty"` // ClientCertificateData contains PEM-encoded data from a client cert file for TLS. Overrides ClientCertificate diff --git a/pkg/client/clientcmd/client_config.go b/pkg/client/clientcmd/client_config.go index 38a2e43f5bc..21cae3d25b3 100644 --- a/pkg/client/clientcmd/client_config.go +++ b/pkg/client/clientcmd/client_config.go @@ -117,25 +117,6 @@ func (config DirectClientConfig) ClientConfig() (*client.Config, error) { func getServerIdentificationPartialConfig(configAuthInfo clientcmdapi.AuthInfo, configClusterInfo clientcmdapi.Cluster) (*client.Config, error) { mergedConfig := &client.Config{} - defaultAuthPathInfo, err := NewDefaultAuthLoader().LoadAuth(os.Getenv("HOME") + "/.kubernetes_auth") - // if the error is anything besides a does not exist, then fail. Not existing is ok - if err != nil && !os.IsNotExist(err) { - return nil, err - } - if defaultAuthPathInfo != nil { - defaultAuthPathConfig := makeServerIdentificationConfig(*defaultAuthPathInfo) - mergo.Merge(mergedConfig, defaultAuthPathConfig) - } - - if len(configAuthInfo.AuthPath) > 0 { - authPathInfo, err := NewDefaultAuthLoader().LoadAuth(configAuthInfo.AuthPath) - if err != nil { - return nil, err - } - authPathConfig := makeServerIdentificationConfig(*authPathInfo) - mergo.Merge(mergedConfig, authPathConfig) - } - // configClusterInfo holds the information identify the server provided by .kubeconfig configClientConfig := &client.Config{} configClientConfig.CAFile = configClusterInfo.CertificateAuthority @@ -156,15 +137,6 @@ func getServerIdentificationPartialConfig(configAuthInfo clientcmdapi.AuthInfo, func getUserIdentificationPartialConfig(configAuthInfo clientcmdapi.AuthInfo, fallbackReader io.Reader) (*client.Config, error) { mergedConfig := &client.Config{} - if len(configAuthInfo.AuthPath) > 0 { - authPathInfo, err := NewDefaultAuthLoader().LoadAuth(configAuthInfo.AuthPath) - if err != nil { - return nil, err - } - authPathConfig := makeUserIdentificationConfig(*authPathInfo) - mergo.Merge(mergedConfig, authPathConfig) - } - // blindly overwrite existing values based on precedence if len(configAuthInfo.Token) > 0 { mergedConfig.BearerToken = configAuthInfo.Token @@ -180,22 +152,6 @@ func getUserIdentificationPartialConfig(configAuthInfo clientcmdapi.AuthInfo, fa mergedConfig.Password = configAuthInfo.Password } - // if there isn't sufficient information to authenticate the user to the server, merge in ~/.kubernetes_auth. - if !canIdentifyUser(*mergedConfig) { - defaultAuthPathInfo, err := NewDefaultAuthLoader().LoadAuth(os.Getenv("HOME") + "/.kubernetes_auth") - // if the error is anything besides a does not exist, then fail. Not existing is ok - if err != nil && !os.IsNotExist(err) { - return nil, err - } - if defaultAuthPathInfo != nil { - defaultAuthPathConfig := makeUserIdentificationConfig(*defaultAuthPathInfo) - previouslyMergedConfig := mergedConfig - mergedConfig = &client.Config{} - mergo.Merge(mergedConfig, defaultAuthPathConfig) - mergo.Merge(mergedConfig, previouslyMergedConfig) - } - } - // if there still isn't enough information to authenticate the user, try prompting if !canIdentifyUser(*mergedConfig) && (fallbackReader != nil) { prompter := NewPromptingAuthLoader(fallbackReader) diff --git a/pkg/client/clientcmd/loader.go b/pkg/client/clientcmd/loader.go index 8066fb13d6f..7410e5b82cd 100644 --- a/pkg/client/clientcmd/loader.go +++ b/pkg/client/clientcmd/loader.go @@ -235,7 +235,6 @@ func ResolveLocalPaths(filename string, config *clientcmdapi.Config) error { resolvedAuthInfos := make(map[string]clientcmdapi.AuthInfo) for key, authInfo := range config.AuthInfos { - authInfo.AuthPath = resolveLocalPath(configDir, authInfo.AuthPath) authInfo.ClientCertificate = resolveLocalPath(configDir, authInfo.ClientCertificate) authInfo.ClientKey = resolveLocalPath(configDir, authInfo.ClientKey) resolvedAuthInfos[key] = authInfo diff --git a/pkg/client/clientcmd/loader_test.go b/pkg/client/clientcmd/loader_test.go index a4ea5da8414..27c897d8a77 100644 --- a/pkg/client/clientcmd/loader_test.go +++ b/pkg/client/clientcmd/loader_test.go @@ -177,8 +177,8 @@ func TestConflictingCurrentContext(t *testing.T) { func TestResolveRelativePaths(t *testing.T) { pathResolutionConfig1 := clientcmdapi.Config{ AuthInfos: map[string]clientcmdapi.AuthInfo{ - "relative-user-1": {ClientCertificate: "relative/client/cert", ClientKey: "../relative/client/key", AuthPath: "../../relative/auth/path"}, - "absolute-user-1": {ClientCertificate: "/absolute/client/cert", ClientKey: "/absolute/client/key", AuthPath: "/absolute/auth/path"}, + "relative-user-1": {ClientCertificate: "relative/client/cert", ClientKey: "../relative/client/key"}, + "absolute-user-1": {ClientCertificate: "/absolute/client/cert", ClientKey: "/absolute/client/key"}, }, Clusters: map[string]clientcmdapi.Cluster{ "relative-server-1": {CertificateAuthority: "../relative/ca"}, @@ -187,8 +187,8 @@ func TestResolveRelativePaths(t *testing.T) { } pathResolutionConfig2 := clientcmdapi.Config{ AuthInfos: map[string]clientcmdapi.AuthInfo{ - "relative-user-2": {ClientCertificate: "relative/client/cert2", ClientKey: "../relative/client/key2", AuthPath: "../../relative/auth/path2"}, - "absolute-user-2": {ClientCertificate: "/absolute/client/cert2", ClientKey: "/absolute/client/key2", AuthPath: "/absolute/auth/path2"}, + "relative-user-2": {ClientCertificate: "relative/client/cert2", ClientKey: "../relative/client/key2"}, + "absolute-user-2": {ClientCertificate: "/absolute/client/cert2", ClientKey: "/absolute/client/key2"}, }, Clusters: map[string]clientcmdapi.Cluster{ "relative-server-2": {CertificateAuthority: "../relative/ca2"}, @@ -247,25 +247,21 @@ func TestResolveRelativePaths(t *testing.T) { foundAuthInfoCount++ matchStringArg(path.Join(configDir1, pathResolutionConfig1.AuthInfos["relative-user-1"].ClientCertificate), authInfo.ClientCertificate, t) matchStringArg(path.Join(configDir1, pathResolutionConfig1.AuthInfos["relative-user-1"].ClientKey), authInfo.ClientKey, t) - matchStringArg(path.Join(configDir1, pathResolutionConfig1.AuthInfos["relative-user-1"].AuthPath), authInfo.AuthPath, t) } if key == "relative-user-2" { foundAuthInfoCount++ matchStringArg(path.Join(configDir2, pathResolutionConfig2.AuthInfos["relative-user-2"].ClientCertificate), authInfo.ClientCertificate, t) matchStringArg(path.Join(configDir2, pathResolutionConfig2.AuthInfos["relative-user-2"].ClientKey), authInfo.ClientKey, t) - matchStringArg(path.Join(configDir2, pathResolutionConfig2.AuthInfos["relative-user-2"].AuthPath), authInfo.AuthPath, t) } if key == "absolute-user-1" { foundAuthInfoCount++ matchStringArg(pathResolutionConfig1.AuthInfos["absolute-user-1"].ClientCertificate, authInfo.ClientCertificate, t) matchStringArg(pathResolutionConfig1.AuthInfos["absolute-user-1"].ClientKey, authInfo.ClientKey, t) - matchStringArg(pathResolutionConfig1.AuthInfos["absolute-user-1"].AuthPath, authInfo.AuthPath, t) } if key == "absolute-user-2" { foundAuthInfoCount++ matchStringArg(pathResolutionConfig2.AuthInfos["absolute-user-2"].ClientCertificate, authInfo.ClientCertificate, t) matchStringArg(pathResolutionConfig2.AuthInfos["absolute-user-2"].ClientKey, authInfo.ClientKey, t) - matchStringArg(pathResolutionConfig2.AuthInfos["absolute-user-2"].AuthPath, authInfo.AuthPath, t) } } if foundAuthInfoCount != 4 { diff --git a/pkg/client/clientcmd/merged_client_builder_test.go b/pkg/client/clientcmd/merged_client_builder_test.go deleted file mode 100644 index 4beeb0ac228..00000000000 --- a/pkg/client/clientcmd/merged_client_builder_test.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors All rights reserved. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package clientcmd - -import ( - "encoding/json" - "io/ioutil" - "os" - "testing" - - "github.com/spf13/cobra" - - "github.com/GoogleCloudPlatform/kubernetes/pkg/clientauth" -) - -// Verifies that referencing an old .kubernetes_auth file respects all fields -func TestAuthPathUpdatesBothClusterAndUser(t *testing.T) { - authFile, _ := ioutil.TempFile("", "") - defer os.Remove(authFile.Name()) - - insecure := true - auth := &clientauth.Info{ - User: "user", - Password: "password", - CAFile: "ca-file", - CertFile: "cert-file", - KeyFile: "key-file", - BearerToken: "bearer-token", - Insecure: &insecure, - } - err := testWriteAuthInfoFile(*auth, authFile.Name()) - if err != nil { - t.Errorf("Unexpected error %v", err) - } - - cmd := &cobra.Command{ - Run: func(cmd *cobra.Command, args []string) { - }, - } - clientConfig := testBindClientConfig(cmd) - cmd.ParseFlags([]string{"--server=https://localhost", "--auth-path=" + authFile.Name()}) - - config, err := clientConfig.ClientConfig() - if err != nil { - t.Errorf("Unexpected error %v", err) - } - - matchStringArg(auth.User, config.Username, t) - matchStringArg(auth.Password, config.Password, t) - matchStringArg(auth.CAFile, config.CAFile, t) - matchStringArg(auth.CertFile, config.CertFile, t) - matchStringArg(auth.KeyFile, config.KeyFile, t) - matchStringArg(auth.BearerToken, config.BearerToken, t) - matchBoolArg(*auth.Insecure, config.Insecure, t) -} - -func testWriteAuthInfoFile(auth clientauth.Info, filename string) error { - data, err := json.Marshal(auth) - if err != nil { - return err - } - err = ioutil.WriteFile(filename, data, 0600) - return err -} - -func testBindClientConfig(cmd *cobra.Command) ClientConfig { - loadingRules := &ClientConfigLoadingRules{} - cmd.PersistentFlags().StringVar(&loadingRules.ExplicitPath, "kubeconfig", "", "Path to the kubeconfig file to use for CLI requests.") - - overrides := &ConfigOverrides{} - BindOverrideFlags(overrides, cmd.PersistentFlags(), RecommendedConfigOverrideFlags("")) - clientConfig := NewInteractiveDeferredLoadingClientConfig(loadingRules, overrides, os.Stdin) - - return clientConfig -} diff --git a/pkg/client/clientcmd/overrides.go b/pkg/client/clientcmd/overrides.go index 32121ba563a..1d98cbdf55b 100644 --- a/pkg/client/clientcmd/overrides.go +++ b/pkg/client/clientcmd/overrides.go @@ -44,7 +44,6 @@ type ConfigOverrideFlags struct { // AuthOverrideFlags holds the flag names to be used for binding command line flags for AuthInfo objects type AuthOverrideFlags struct { - AuthPath FlagInfo ClientCertificate FlagInfo ClientKey FlagInfo Token FlagInfo @@ -81,7 +80,6 @@ const ( FlagNamespace = "namespace" FlagAPIServer = "server" FlagAPIVersion = "api-version" - FlagAuthPath = "auth-path" FlagInsecure = "insecure-skip-tls-verify" FlagCertFile = "client-certificate" FlagKeyFile = "client-key" @@ -95,7 +93,6 @@ const ( // RecommendedAuthOverrideFlags is a convenience method to return recommended flag names prefixed with a string of your choosing func RecommendedAuthOverrideFlags(prefix string) AuthOverrideFlags { return AuthOverrideFlags{ - AuthPath: FlagInfo{prefix + FlagAuthPath, "", "", "Path to the auth info file. If missing, prompt the user. Only used if using https."}, ClientCertificate: FlagInfo{prefix + FlagCertFile, "", "", "Path to a client key file for TLS."}, ClientKey: FlagInfo{prefix + FlagKeyFile, "", "", "Path to a client key file for TLS."}, Token: FlagInfo{prefix + FlagBearerToken, "", "", "Bearer token for authentication to the API server."}, @@ -135,20 +132,11 @@ func RecommendedContextOverrideFlags(prefix string) ContextOverrideFlags { // BindAuthInfoFlags is a convenience method to bind the specified flags to their associated variables func BindAuthInfoFlags(authInfo *clientcmdapi.AuthInfo, flags *pflag.FlagSet, flagNames AuthOverrideFlags) { - deadString := "" - bindStringFlag(flags, &deadString, flagNames.AuthPath) bindStringFlag(flags, &authInfo.ClientCertificate, flagNames.ClientCertificate) bindStringFlag(flags, &authInfo.ClientKey, flagNames.ClientKey) bindStringFlag(flags, &authInfo.Token, flagNames.Token) bindStringFlag(flags, &authInfo.Username, flagNames.Username) bindStringFlag(flags, &authInfo.Password, flagNames.Password) - - if len(flagNames.AuthPath.LongName) > 0 { - flags.MarkDeprecated(flagNames.AuthPath.LongName, flagNames.AuthPath.LongName+" has been removed and is no longer respected") - } - if len(flagNames.AuthPath.ShortName) > 0 { - flags.MarkDeprecated(flagNames.AuthPath.ShortName, flagNames.AuthPath.ShortName+" has been removed and is no longer respected") - } } // BindClusterFlags is a convenience method to bind the specified flags to their associated variables diff --git a/pkg/client/clientcmd/validation.go b/pkg/client/clientcmd/validation.go index 2c76e50bc45..31e927ccbf2 100644 --- a/pkg/client/clientcmd/validation.go +++ b/pkg/client/clientcmd/validation.go @@ -177,17 +177,6 @@ func validateAuthInfo(authInfoName string, authInfo clientcmdapi.AuthInfo) []err if len(authInfo.Username) != 0 || len(authInfo.Password) != 0 { methods = append(methods, "basicAuth") } - if len(authInfo.AuthPath) != 0 { - usingAuthPath = true - methods = append(methods, "authFile") - - file, err := os.Open(authInfo.AuthPath) - os.IsNotExist(err) - defer file.Close() - if err != nil { - validationErrors = append(validationErrors, fmt.Errorf("unable to read auth-path %v for %v due to %v", authInfo.AuthPath, authInfoName, err)) - } - } if len(authInfo.ClientCertificate) != 0 || len(authInfo.ClientCertificateData) != 0 { // Make sure cert data and file aren't both specified diff --git a/pkg/client/clientcmd/validation_test.go b/pkg/client/clientcmd/validation_test.go index fb43e2021ee..f93aa03d737 100644 --- a/pkg/client/clientcmd/validation_test.go +++ b/pkg/client/clientcmd/validation_test.go @@ -33,7 +33,7 @@ func TestConfirmUsableBadInfoButOkConfig(t *testing.T) { CertificateAuthority: "missing", } config.AuthInfos["error"] = clientcmdapi.AuthInfo{ - AuthPath: "anything", + Username: "anything", Token: "here", } config.Contexts["dirty"] = clientcmdapi.Context{ @@ -53,7 +53,7 @@ func TestConfirmUsableBadInfoButOkConfig(t *testing.T) { badValidation := configValidationTest{ config: config, - expectedErrorSubstring: []string{"unable to read auth-path", "unable to read certificate-authority"}, + expectedErrorSubstring: []string{"unable to read certificate-authority"}, } okTest := configValidationTest{ config: config, @@ -69,7 +69,7 @@ func TestConfirmUsableBadInfoConfig(t *testing.T) { CertificateAuthority: "missing", } config.AuthInfos["error"] = clientcmdapi.AuthInfo{ - AuthPath: "anything", + Username: "anything", Token: "here", } config.Contexts["first"] = clientcmdapi.Context{ @@ -78,7 +78,7 @@ func TestConfirmUsableBadInfoConfig(t *testing.T) { } test := configValidationTest{ config: config, - expectedErrorSubstring: []string{"unable to read auth-path", "unable to read certificate-authority"}, + expectedErrorSubstring: []string{"unable to read certificate-authority"}, } test.testConfirmUsable("first", t) @@ -236,19 +236,6 @@ func TestValidateEmptyAuthInfo(t *testing.T) { test.testAuthInfo("error", t) test.testConfig(t) } -func TestValidatePathNotFoundAuthInfo(t *testing.T) { - config := clientcmdapi.NewConfig() - config.AuthInfos["error"] = clientcmdapi.AuthInfo{ - AuthPath: "missing", - } - test := configValidationTest{ - config: config, - expectedErrorSubstring: []string{"unable to read auth-path"}, - } - - test.testAuthInfo("error", t) - test.testConfig(t) -} func TestValidateCertFilesNotFoundAuthInfo(t *testing.T) { config := clientcmdapi.NewConfig() config.AuthInfos["error"] = clientcmdapi.AuthInfo{ @@ -298,21 +285,6 @@ func TestValidateCleanCertFilesAuthInfo(t *testing.T) { test.testAuthInfo("clean", t) test.testConfig(t) } -func TestValidateCleanPathAuthInfo(t *testing.T) { - tempFile, _ := ioutil.TempFile("", "") - defer os.Remove(tempFile.Name()) - - config := clientcmdapi.NewConfig() - config.AuthInfos["clean"] = clientcmdapi.AuthInfo{ - AuthPath: tempFile.Name(), - } - test := configValidationTest{ - config: config, - } - - test.testAuthInfo("clean", t) - test.testConfig(t) -} func TestValidateCleanTokenAuthInfo(t *testing.T) { config := clientcmdapi.NewConfig() config.AuthInfos["clean"] = clientcmdapi.AuthInfo{ diff --git a/pkg/kubectl/cmd/config/create_authinfo.go b/pkg/kubectl/cmd/config/create_authinfo.go index 0da40d21515..ecc96e6ffb8 100644 --- a/pkg/kubectl/cmd/config/create_authinfo.go +++ b/pkg/kubectl/cmd/config/create_authinfo.go @@ -94,8 +94,6 @@ func NewCmdConfigSetAuthInfo(out io.Writer, configAccess ConfigAccess) *cobra.Co cmd.Flags().Var(&options.password, clientcmd.FlagPassword, clientcmd.FlagPassword+" for the user entry in kubeconfig") cmd.Flags().Var(&options.embedCertData, clientcmd.FlagEmbedCerts, "embed client cert/key for the user entry in kubeconfig") - cmd.Flags().String(clientcmd.FlagAuthPath, "", clientcmd.FlagAuthPath+" for the user entry in kubeconfig") - cmd.Flags().MarkDeprecated(clientcmd.FlagAuthPath, clientcmd.FlagAuthPath+" has been removed and is no longer respected") return cmd } @@ -126,10 +124,6 @@ func (o *createAuthInfoOptions) modifyAuthInfo(existingAuthInfo clientcmdapi.Aut var setToken, setBasic bool - if o.authPath.Provided() { - modifiedAuthInfo.AuthPath = o.authPath.Value() - } - if o.clientCertificate.Provided() { certPath := o.clientCertificate.Value() if o.embedCertData.Value() { diff --git a/pkg/kubectl/cmd/util/factory.go b/pkg/kubectl/cmd/util/factory.go index fb0760e16d2..2282553a4da 100644 --- a/pkg/kubectl/cmd/util/factory.go +++ b/pkg/kubectl/cmd/util/factory.go @@ -338,7 +338,6 @@ func DefaultClientConfig(flags *pflag.FlagSet) clientcmd.ClientConfig { overrides := &clientcmd.ConfigOverrides{} flagNames := clientcmd.RecommendedConfigOverrideFlags("") // short flagnames are disabled by default. These are here for compatibility with existing scripts - flagNames.AuthOverrideFlags.AuthPath.ShortName = "a" flagNames.ClusterOverrideFlags.APIServer.ShortName = "s" clientcmd.BindOverrideFlags(overrides, flags, flagNames) diff --git a/test/e2e/util.go b/test/e2e/util.go index 8f039dca516..d6c7bda21d3 100644 --- a/test/e2e/util.go +++ b/test/e2e/util.go @@ -306,7 +306,6 @@ func validateController(c *client.Client, containerImage string, replicas int, c Failf("Timed out after %v seconds waiting for %s pods to reach valid state", podStartTimeout.Seconds(), testname) } -// kubectlCmd runs the kubectl executable. // kubectlCmd runs the kubectl executable. func kubectlCmd(args ...string) *exec.Cmd { defaultArgs := []string{} @@ -324,7 +323,6 @@ func kubectlCmd(args ...string) *exec.Cmd { } } else { - defaultArgs = append(defaultArgs, "--"+clientcmd.FlagAuthPath+"="+testContext.AuthConfig) if testContext.CertDir != "" { defaultArgs = append(defaultArgs, fmt.Sprintf("--certificate-authority=%s", filepath.Join(testContext.CertDir, "ca.crt")),