fix-file-discovery

2025-09-15 22:20:51 +00:00 · 2019-07-27 19:19:29 +02:00
parent ada6b0ddf1
commit d63e778f6f
4 changed files with 271 additions and 55 deletions
--- a/cmd/kubeadm/app/util/kubeconfig/kubeconfig.go
+++ b/cmd/kubeadm/app/util/kubeconfig/kubeconfig.go
@@ -18,6 +18,7 @@ package kubeconfig

 import (
 	"fmt"
+	"io/ioutil"

 	clientset "k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/clientcmd"
@@ -112,3 +113,76 @@ func GetClusterFromKubeConfig(config *clientcmdapi.Config) *clientcmdapi.Cluster
 	}
 	return nil
 }
+
+// HasAuthenticationCredentials returns true if the current user has valid authentication credentials for
+// token authentication, basic authentication or X509 authentication
+func HasAuthenticationCredentials(config *clientcmdapi.Config) bool {
+	authInfo := getCurrentAuthInfo(config)
+	if authInfo == nil {
+		return false
+	}
+
+	// token authentication
+	if len(authInfo.Token) != 0 {
+		return true
+	}
+
+	// basic authentication
+	if len(authInfo.Username) != 0 && len(authInfo.Password) != 0 {
+		return true
+	}
+
+	// X509 authentication
+	if (len(authInfo.ClientCertificate) != 0 || len(authInfo.ClientCertificateData) != 0) &&
+		(len(authInfo.ClientKey) != 0 || len(authInfo.ClientKeyData) != 0) {
+		return true
+	}
+
+	return false
+}
+
+// EnsureAuthenticationInfoAreEmbedded check if some authentication info are provided as external key/certificate
+// files, and eventually embeds such files into the kubeconfig file
+func EnsureAuthenticationInfoAreEmbedded(config *clientcmdapi.Config) error {
+	authInfo := getCurrentAuthInfo(config)
+	if authInfo == nil {
+		return errors.New("invalid kubeconfig file. AuthInfo is not defined for the current user")
+	}
+
+	if len(authInfo.ClientCertificateData) == 0 && len(authInfo.ClientCertificate) != 0 {
+		clientCert, err := ioutil.ReadFile(authInfo.ClientCertificate)
+		if err != nil {
+			return err
+		}
+		authInfo.ClientCertificateData = clientCert
+		authInfo.ClientCertificate = ""
+	}
+	if len(authInfo.ClientKeyData) == 0 && len(authInfo.ClientKey) != 0 {
+		clientKey, err := ioutil.ReadFile(authInfo.ClientKey)
+		if err != nil {
+			return err
+		}
+		authInfo.ClientKeyData = clientKey
+		authInfo.ClientKey = ""
+	}
+
+	return nil
+}
+
+// getCurrentAuthInfo returns current authInfo, if defined
+func getCurrentAuthInfo(config *clientcmdapi.Config) *clientcmdapi.AuthInfo {
+	if config == nil || config.CurrentContext == "" {
+		return nil
+	}
+
+	if len(config.Contexts) == 0 || config.Contexts[config.CurrentContext] == nil {
+		return nil
+	}
+	user := config.Contexts[config.CurrentContext].AuthInfo
+
+	if user == "" || len(config.AuthInfos) == 0 || config.AuthInfos[user] == nil {
+		return nil
+	}
+
+	return config.AuthInfos[user]
+}
--- a/cmd/kubeadm/app/util/kubeconfig/kubeconfig_test.go
+++ b/cmd/kubeadm/app/util/kubeconfig/kubeconfig_test.go
@@ -22,6 +22,8 @@ import (
 	"io/ioutil"
 	"os"
 	"testing"
+
+	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
 )

 const (
@@ -186,3 +188,143 @@ func TestWriteKubeconfigToDisk(t *testing.T) {
 		})
 	}
 }
+
+func TestGetCurrentAuthInfo(t *testing.T) {
+	var testCases = []struct {
+		name     string
+		config   *clientcmdapi.Config
+		expected bool
+	}{
+		{
+			name:     "nil context",
+			config:   nil,
+			expected: false,
+		},
+		{
+			name:     "no CurrentContext value",
+			config:   &clientcmdapi.Config{},
+			expected: false,
+		},
+		{
+			name:     "no CurrentContext object 1",
+			config:   &clientcmdapi.Config{CurrentContext: "kubernetes"},
+			expected: false,
+		},
+		{
+			name: "no CurrentContext object ",
+			config: &clientcmdapi.Config{
+				CurrentContext: "kubernetes",
+				Contexts:       map[string]*clientcmdapi.Context{"NOTkubernetes": {}},
+			},
+			expected: false,
+		},
+		{
+			name: "no AuthInfo value",
+			config: &clientcmdapi.Config{
+				CurrentContext: "kubernetes",
+				Contexts:       map[string]*clientcmdapi.Context{"kubernetes": {}},
+			},
+			expected: false,
+		},
+		{
+			name: "no AuthInfo object 1",
+			config: &clientcmdapi.Config{
+				CurrentContext: "kubernetes",
+				Contexts:       map[string]*clientcmdapi.Context{"kubernetes": {AuthInfo: "kubernetes"}},
+			},
+			expected: false,
+		},
+		{
+			name: "no AuthInfo object 2",
+			config: &clientcmdapi.Config{
+				CurrentContext: "kubernetes",
+				Contexts:       map[string]*clientcmdapi.Context{"kubernetes": {AuthInfo: "kubernetes"}},
+				AuthInfos:      map[string]*clientcmdapi.AuthInfo{"NOTkubernetes": {}},
+			},
+			expected: false,
+		},
+		{
+			name: "authInfo",
+			config: &clientcmdapi.Config{
+				CurrentContext: "kubernetes",
+				Contexts:       map[string]*clientcmdapi.Context{"kubernetes": {AuthInfo: "kubernetes"}},
+				AuthInfos:      map[string]*clientcmdapi.AuthInfo{"kubernetes": {}},
+			},
+			expected: true,
+		},
+	}
+	for _, rt := range testCases {
+		t.Run(rt.name, func(t *testing.T) {
+			r := getCurrentAuthInfo(rt.config)
+			if rt.expected != (r != nil) {
+				t.Errorf(
+					"failed TestHasCredentials:\n\texpected: %v\n\t  actual: %v",
+					rt.expected,
+					r,
+				)
+			}
+		})
+	}
+}
+
+func TestHasCredentials(t *testing.T) {
+	var testCases = []struct {
+		name     string
+		config   *clientcmdapi.Config
+		expected bool
+	}{
+		{
+			name:     "no authInfo",
+			config:   nil,
+			expected: false,
+		},
+		{
+			name: "no credentials",
+			config: &clientcmdapi.Config{
+				CurrentContext: "kubernetes",
+				Contexts:       map[string]*clientcmdapi.Context{"kubernetes": {AuthInfo: "kubernetes"}},
+				AuthInfos:      map[string]*clientcmdapi.AuthInfo{"kubernetes": {}},
+			},
+			expected: false,
+		},
+		{
+			name: "token authentication credentials",
+			config: &clientcmdapi.Config{
+				CurrentContext: "kubernetes",
+				Contexts:       map[string]*clientcmdapi.Context{"kubernetes": {AuthInfo: "kubernetes"}},
+				AuthInfos:      map[string]*clientcmdapi.AuthInfo{"kubernetes": {Token: "123"}},
+			},
+			expected: true,
+		},
+		{
+			name: "basic authentication credentials",
+			config: &clientcmdapi.Config{
+				CurrentContext: "kubernetes",
+				Contexts:       map[string]*clientcmdapi.Context{"kubernetes": {AuthInfo: "kubernetes"}},
+				AuthInfos:      map[string]*clientcmdapi.AuthInfo{"kubernetes": {Username: "A", Password: "B"}},
+			},
+			expected: true,
+		},
+		{
+			name: "X509 authentication credentials",
+			config: &clientcmdapi.Config{
+				CurrentContext: "kubernetes",
+				Contexts:       map[string]*clientcmdapi.Context{"kubernetes": {AuthInfo: "kubernetes"}},
+				AuthInfos:      map[string]*clientcmdapi.AuthInfo{"kubernetes": {ClientKey: "A", ClientCertificate: "B"}},
+			},
+			expected: true,
+		},
+	}
+	for _, rt := range testCases {
+		t.Run(rt.name, func(t *testing.T) {
+			r := HasAuthenticationCredentials(rt.config)
+			if rt.expected != r {
+				t.Errorf(
+					"failed TestHasCredentials:\n\texpected: %v\n\t  actual: %v",
+					rt.expected,
+					r,
+				)
+			}
+		})
+	}
+}