add flattening and minifying options to config view

2025-09-17 15:13:08 +00:00 · 2015-04-10 14:30:08 -04:00
parent d02139d2b4
commit bac5cbbe82
34 changed files with 464 additions and 73 deletions
--- a/pkg/client/clientcmd/api/helpers.go
+++ b/pkg/client/clientcmd/api/helpers.go
@@ -0,0 +1,149 @@
+/*
+Copyright 2015 Google Inc. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package api
+
+import (
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path"
+	"path/filepath"
+)
+
+// MinifyConfig read the current context and uses that to keep only the relevant pieces of config
+// This is useful for making secrets based on kubeconfig files
+func MinifyConfig(config *Config) error {
+	if len(config.CurrentContext) == 0 {
+		return errors.New("current-context must exist in order to minify")
+	}
+
+	currContext, exists := config.Contexts[config.CurrentContext]
+	if !exists {
+		return fmt.Errorf("cannot locate context %v", config.CurrentContext)
+	}
+
+	newContexts := map[string]Context{}
+	newContexts[config.CurrentContext] = currContext
+
+	newClusters := map[string]Cluster{}
+	if len(currContext.Cluster) > 0 {
+		if _, exists := config.Clusters[currContext.Cluster]; !exists {
+			return fmt.Errorf("cannot locate cluster %v", currContext.Cluster)
+		}
+
+		newClusters[currContext.Cluster] = config.Clusters[currContext.Cluster]
+	}
+
+	newAuthInfos := map[string]AuthInfo{}
+	if len(currContext.AuthInfo) > 0 {
+		if _, exists := config.AuthInfos[currContext.AuthInfo]; !exists {
+			return fmt.Errorf("cannot locate user %v", currContext.AuthInfo)
+		}
+
+		newAuthInfos[currContext.AuthInfo] = config.AuthInfos[currContext.AuthInfo]
+	}
+
+	config.AuthInfos = newAuthInfos
+	config.Clusters = newClusters
+	config.Contexts = newContexts
+
+	return nil
+}
+
+// Flatten changes the config object into a self contained config (useful for making secrets)
+// AuthPath is not handled.
+func FlattenConfig(config *Config) error {
+	for key, authInfo := range config.AuthInfos {
+		baseDir, err := MakeAbs(path.Dir(authInfo.LocationOfOrigin), "")
+		if err != nil {
+			return err
+		}
+		if len(authInfo.AuthPath) != 0 {
+			return fmt.Errorf("auth path of %v is not empty: %v", key, authInfo.AuthPath)
+		}
+
+		if err := FlattenContent(&authInfo.ClientCertificate, &authInfo.ClientCertificateData, baseDir); err != nil {
+			return err
+		}
+		if err := FlattenContent(&authInfo.ClientKey, &authInfo.ClientKeyData, baseDir); err != nil {
+			return err
+		}
+
+		config.AuthInfos[key] = authInfo
+	}
+	for key, cluster := range config.Clusters {
+		baseDir, err := MakeAbs(path.Dir(cluster.LocationOfOrigin), "")
+		if err != nil {
+			return err
+		}
+
+		if err := FlattenContent(&cluster.CertificateAuthority, &cluster.CertificateAuthorityData, baseDir); err != nil {
+			return err
+		}
+
+		config.Clusters[key] = cluster
+	}
+
+	return nil
+}
+
+func FlattenContent(path *string, contents *[]byte, baseDir string) error {
+	if len(*path) != 0 {
+		if len(*contents) > 0 {
+			return errors.New("cannot have values for both path and contents")
+		}
+
+		var err error
+		absPath := ResolvePath(*path, baseDir)
+		*contents, err = ioutil.ReadFile(absPath)
+		if err != nil {
+			return err
+		}
+
+		*path = ""
+	}
+
+	return nil
+}
+
+// ResolvePath returns the path as an absolute paths, relative to the given base directory
+func ResolvePath(path string, base string) string {
+	// Don't resolve empty paths
+	if len(path) > 0 {
+		// Don't resolve absolute paths
+		if !filepath.IsAbs(path) {
+			return filepath.Join(base, path)
+		}
+	}
+
+	return path
+}
+
+func MakeAbs(path, base string) (string, error) {
+	if filepath.IsAbs(path) {
+		return path, nil
+	}
+	if len(base) == 0 {
+		cwd, err := os.Getwd()
+		if err != nil {
+			return "", err
+		}
+		base = cwd
+	}
+	return filepath.Join(base, path), nil
+}
--- a/pkg/client/clientcmd/api/helpers_test.go
+++ b/pkg/client/clientcmd/api/helpers_test.go
@@ -0,0 +1,204 @@
+/*
+Copyright 2015 Google Inc. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package api
+
+import (
+	"io/ioutil"
+	"os"
+	"reflect"
+	"testing"
+)
+
+func newMergedConfig(certFile, certContent, keyFile, keyContent, caFile, caContent string, t *testing.T) Config {
+	if err := ioutil.WriteFile(certFile, []byte(certContent), 0644); err != nil {
+		t.Errorf("unexpected error: %v", err)
+	}
+	if err := ioutil.WriteFile(keyFile, []byte(keyContent), 0600); err != nil {
+		t.Errorf("unexpected error: %v", err)
+	}
+	if err := ioutil.WriteFile(caFile, []byte(caContent), 0644); err != nil {
+		t.Errorf("unexpected error: %v", err)
+	}
+
+	return Config{
+		AuthInfos: map[string]AuthInfo{
+			"red-user":  {Token: "red-token"},
+			"blue-user": {Token: "blue-token", ClientCertificate: certFile, ClientKey: keyFile}},
+		Clusters: map[string]Cluster{
+			"cow-cluster":     {Server: "http://cow.org:8080"},
+			"chicken-cluster": {Server: "http://chicken.org:8080", CertificateAuthority: caFile}},
+		Contexts: map[string]Context{
+			"federal-context": {AuthInfo: "red-user", Cluster: "cow-cluster"},
+			"shaker-context":  {AuthInfo: "blue-user", Cluster: "chicken-cluster"}},
+		CurrentContext: "federal-context",
+	}
+}
+
+func TestMinifySuccess(t *testing.T) {
+	certFile, _ := ioutil.TempFile("", "")
+	defer os.Remove(certFile.Name())
+	keyFile, _ := ioutil.TempFile("", "")
+	defer os.Remove(keyFile.Name())
+	caFile, _ := ioutil.TempFile("", "")
+	defer os.Remove(caFile.Name())
+
+	mutatingConfig := newMergedConfig(certFile.Name(), "cert", keyFile.Name(), "key", caFile.Name(), "ca", t)
+
+	if err := MinifyConfig(&mutatingConfig); err != nil {
+		t.Errorf("unexpected error: %v", err)
+	}
+
+	if len(mutatingConfig.Contexts) > 1 {
+		t.Errorf("unexpected contexts: %v", mutatingConfig.Contexts)
+	}
+	if _, exists := mutatingConfig.Contexts["federal-context"]; !exists {
+		t.Errorf("missing context")
+	}
+
+	if len(mutatingConfig.Clusters) > 1 {
+		t.Errorf("unexpected clusters: %v", mutatingConfig.Clusters)
+	}
+	if _, exists := mutatingConfig.Clusters["cow-cluster"]; !exists {
+		t.Errorf("missing cluster")
+	}
+
+	if len(mutatingConfig.AuthInfos) > 1 {
+		t.Errorf("unexpected users: %v", mutatingConfig.AuthInfos)
+	}
+	if _, exists := mutatingConfig.AuthInfos["red-user"]; !exists {
+		t.Errorf("missing user")
+	}
+}
+
+func TestMinifyMissingContext(t *testing.T) {
+	certFile, _ := ioutil.TempFile("", "")
+	defer os.Remove(certFile.Name())
+	keyFile, _ := ioutil.TempFile("", "")
+	defer os.Remove(keyFile.Name())
+	caFile, _ := ioutil.TempFile("", "")
+	defer os.Remove(caFile.Name())
+
+	mutatingConfig := newMergedConfig(certFile.Name(), "cert", keyFile.Name(), "key", caFile.Name(), "ca", t)
+	mutatingConfig.CurrentContext = "missing"
+
+	errMsg := "cannot locate context missing"
+
+	if err := MinifyConfig(&mutatingConfig); err == nil || err.Error() != errMsg {
+		t.Errorf("expected %v, got %v", errMsg, err)
+	}
+}
+
+func TestMinifyMissingCluster(t *testing.T) {
+	certFile, _ := ioutil.TempFile("", "")
+	defer os.Remove(certFile.Name())
+	keyFile, _ := ioutil.TempFile("", "")
+	defer os.Remove(keyFile.Name())
+	caFile, _ := ioutil.TempFile("", "")
+	defer os.Remove(caFile.Name())
+
+	mutatingConfig := newMergedConfig(certFile.Name(), "cert", keyFile.Name(), "key", caFile.Name(), "ca", t)
+	delete(mutatingConfig.Clusters, mutatingConfig.Contexts[mutatingConfig.CurrentContext].Cluster)
+
+	errMsg := "cannot locate cluster cow-cluster"
+
+	if err := MinifyConfig(&mutatingConfig); err == nil || err.Error() != errMsg {
+		t.Errorf("expected %v, got %v", errMsg, err)
+	}
+}
+
+func TestMinifyMissingAuthInfo(t *testing.T) {
+	certFile, _ := ioutil.TempFile("", "")
+	defer os.Remove(certFile.Name())
+	keyFile, _ := ioutil.TempFile("", "")
+	defer os.Remove(keyFile.Name())
+	caFile, _ := ioutil.TempFile("", "")
+	defer os.Remove(caFile.Name())
+
+	mutatingConfig := newMergedConfig(certFile.Name(), "cert", keyFile.Name(), "key", caFile.Name(), "ca", t)
+	delete(mutatingConfig.AuthInfos, mutatingConfig.Contexts[mutatingConfig.CurrentContext].AuthInfo)
+
+	errMsg := "cannot locate user red-user"
+
+	if err := MinifyConfig(&mutatingConfig); err == nil || err.Error() != errMsg {
+		t.Errorf("expected %v, got %v", errMsg, err)
+	}
+}
+
+func TestFlattenSuccess(t *testing.T) {
+	certFile, _ := ioutil.TempFile("", "")
+	defer os.Remove(certFile.Name())
+	keyFile, _ := ioutil.TempFile("", "")
+	defer os.Remove(keyFile.Name())
+	caFile, _ := ioutil.TempFile("", "")
+	defer os.Remove(caFile.Name())
+
+	certData := "cert"
+	keyData := "key"
+	caData := "ca"
+
+	unchangingCluster := "cow-cluster"
+	unchangingAuthInfo := "red-user"
+	changingCluster := "chicken-cluster"
+	changingAuthInfo := "blue-user"
+
+	startingConfig := newMergedConfig(certFile.Name(), certData, keyFile.Name(), keyData, caFile.Name(), caData, t)
+	mutatingConfig := startingConfig
+
+	if err := FlattenConfig(&mutatingConfig); err != nil {
+		t.Errorf("unexpected error: %v", err)
+	}
+
+	if len(mutatingConfig.Contexts) != 2 {
+		t.Errorf("unexpected contexts: %v", mutatingConfig.Contexts)
+	}
+	if !reflect.DeepEqual(startingConfig.Contexts, mutatingConfig.Contexts) {
+		t.Errorf("expected %v, got %v", startingConfig.Contexts, mutatingConfig.Contexts)
+	}
+
+	if len(mutatingConfig.Clusters) != 2 {
+		t.Errorf("unexpected clusters: %v", mutatingConfig.Clusters)
+	}
+	if !reflect.DeepEqual(startingConfig.Clusters[unchangingCluster], mutatingConfig.Clusters[unchangingCluster]) {
+		t.Errorf("expected %v, got %v", startingConfig.Clusters[unchangingCluster], mutatingConfig.Clusters[unchangingCluster])
+	}
+	if len(mutatingConfig.Clusters[changingCluster].CertificateAuthority) != 0 {
+		t.Errorf("unexpected caFile")
+	}
+	if string(mutatingConfig.Clusters[changingCluster].CertificateAuthorityData) != caData {
+		t.Errorf("expected %v, got %v", caData, string(mutatingConfig.Clusters[changingCluster].CertificateAuthorityData))
+	}
+
+	if len(mutatingConfig.AuthInfos) != 2 {
+		t.Errorf("unexpected users: %v", mutatingConfig.AuthInfos)
+	}
+	if !reflect.DeepEqual(startingConfig.AuthInfos[unchangingAuthInfo], mutatingConfig.AuthInfos[unchangingAuthInfo]) {
+		t.Errorf("expected %v, got %v", startingConfig.AuthInfos[unchangingAuthInfo], mutatingConfig.AuthInfos[unchangingAuthInfo])
+	}
+	if len(mutatingConfig.AuthInfos[changingAuthInfo].ClientCertificate) != 0 {
+		t.Errorf("unexpected caFile")
+	}
+	if string(mutatingConfig.AuthInfos[changingAuthInfo].ClientCertificateData) != certData {
+		t.Errorf("expected %v, got %v", certData, string(mutatingConfig.AuthInfos[changingAuthInfo].ClientCertificateData))
+	}
+	if len(mutatingConfig.AuthInfos[changingAuthInfo].ClientKey) != 0 {
+		t.Errorf("unexpected caFile")
+	}
+	if string(mutatingConfig.AuthInfos[changingAuthInfo].ClientKeyData) != keyData {
+		t.Errorf("expected %v, got %v", keyData, string(mutatingConfig.AuthInfos[changingAuthInfo].ClientKeyData))
+	}
+
+}