summaryrefslogtreecommitdiff
path: root/vendor/k8s.io/client-go/tools/clientcmd
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/k8s.io/client-go/tools/clientcmd')
-rw-r--r--vendor/k8s.io/client-go/tools/clientcmd/api/helpers.go183
-rw-r--r--vendor/k8s.io/client-go/tools/clientcmd/api/register.go46
-rw-r--r--vendor/k8s.io/client-go/tools/clientcmd/api/types.go185
3 files changed, 414 insertions, 0 deletions
diff --git a/vendor/k8s.io/client-go/tools/clientcmd/api/helpers.go b/vendor/k8s.io/client-go/tools/clientcmd/api/helpers.go
new file mode 100644
index 000000000..43e26487c
--- /dev/null
+++ b/vendor/k8s.io/client-go/tools/clientcmd/api/helpers.go
@@ -0,0 +1,183 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package api
+
+import (
+ "encoding/base64"
+ "errors"
+ "fmt"
+ "io/ioutil"
+ "os"
+ "path"
+ "path/filepath"
+)
+
+func init() {
+ sDec, _ := base64.StdEncoding.DecodeString("REDACTED+")
+ redactedBytes = []byte(string(sDec))
+}
+
+// IsConfigEmpty returns true if the config is empty.
+func IsConfigEmpty(config *Config) bool {
+ return len(config.AuthInfos) == 0 && len(config.Clusters) == 0 && len(config.Contexts) == 0 &&
+ len(config.CurrentContext) == 0 &&
+ len(config.Preferences.Extensions) == 0 && !config.Preferences.Colors &&
+ len(config.Extensions) == 0
+}
+
+// MinifyConfig read the current context and uses that to keep only the relevant pieces of config
+// This is useful for making secrets based on kubeconfig files
+func MinifyConfig(config *Config) error {
+ if len(config.CurrentContext) == 0 {
+ return errors.New("current-context must exist in order to minify")
+ }
+
+ currContext, exists := config.Contexts[config.CurrentContext]
+ if !exists {
+ return fmt.Errorf("cannot locate context %v", config.CurrentContext)
+ }
+
+ newContexts := map[string]*Context{}
+ newContexts[config.CurrentContext] = currContext
+
+ newClusters := map[string]*Cluster{}
+ if len(currContext.Cluster) > 0 {
+ if _, exists := config.Clusters[currContext.Cluster]; !exists {
+ return fmt.Errorf("cannot locate cluster %v", currContext.Cluster)
+ }
+
+ newClusters[currContext.Cluster] = config.Clusters[currContext.Cluster]
+ }
+
+ newAuthInfos := map[string]*AuthInfo{}
+ if len(currContext.AuthInfo) > 0 {
+ if _, exists := config.AuthInfos[currContext.AuthInfo]; !exists {
+ return fmt.Errorf("cannot locate user %v", currContext.AuthInfo)
+ }
+
+ newAuthInfos[currContext.AuthInfo] = config.AuthInfos[currContext.AuthInfo]
+ }
+
+ config.AuthInfos = newAuthInfos
+ config.Clusters = newClusters
+ config.Contexts = newContexts
+
+ return nil
+}
+
+var redactedBytes []byte
+
+// Flatten redacts raw data entries from the config object for a human-readable view.
+func ShortenConfig(config *Config) {
+ // trick json encoder into printing a human readable string in the raw data
+ // by base64 decoding what we want to print. Relies on implementation of
+ // http://golang.org/pkg/encoding/json/#Marshal using base64 to encode []byte
+ for key, authInfo := range config.AuthInfos {
+ if len(authInfo.ClientKeyData) > 0 {
+ authInfo.ClientKeyData = redactedBytes
+ }
+ if len(authInfo.ClientCertificateData) > 0 {
+ authInfo.ClientCertificateData = redactedBytes
+ }
+ config.AuthInfos[key] = authInfo
+ }
+ for key, cluster := range config.Clusters {
+ if len(cluster.CertificateAuthorityData) > 0 {
+ cluster.CertificateAuthorityData = redactedBytes
+ }
+ config.Clusters[key] = cluster
+ }
+}
+
+// Flatten changes the config object into a self contained config (useful for making secrets)
+func FlattenConfig(config *Config) error {
+ for key, authInfo := range config.AuthInfos {
+ baseDir, err := MakeAbs(path.Dir(authInfo.LocationOfOrigin), "")
+ if err != nil {
+ return err
+ }
+
+ if err := FlattenContent(&authInfo.ClientCertificate, &authInfo.ClientCertificateData, baseDir); err != nil {
+ return err
+ }
+ if err := FlattenContent(&authInfo.ClientKey, &authInfo.ClientKeyData, baseDir); err != nil {
+ return err
+ }
+
+ config.AuthInfos[key] = authInfo
+ }
+ for key, cluster := range config.Clusters {
+ baseDir, err := MakeAbs(path.Dir(cluster.LocationOfOrigin), "")
+ if err != nil {
+ return err
+ }
+
+ if err := FlattenContent(&cluster.CertificateAuthority, &cluster.CertificateAuthorityData, baseDir); err != nil {
+ return err
+ }
+
+ config.Clusters[key] = cluster
+ }
+
+ return nil
+}
+
+func FlattenContent(path *string, contents *[]byte, baseDir string) error {
+ if len(*path) != 0 {
+ if len(*contents) > 0 {
+ return errors.New("cannot have values for both path and contents")
+ }
+
+ var err error
+ absPath := ResolvePath(*path, baseDir)
+ *contents, err = ioutil.ReadFile(absPath)
+ if err != nil {
+ return err
+ }
+
+ *path = ""
+ }
+
+ return nil
+}
+
+// ResolvePath returns the path as an absolute paths, relative to the given base directory
+func ResolvePath(path string, base string) string {
+ // Don't resolve empty paths
+ if len(path) > 0 {
+ // Don't resolve absolute paths
+ if !filepath.IsAbs(path) {
+ return filepath.Join(base, path)
+ }
+ }
+
+ return path
+}
+
+func MakeAbs(path, base string) (string, error) {
+ if filepath.IsAbs(path) {
+ return path, nil
+ }
+ if len(base) == 0 {
+ cwd, err := os.Getwd()
+ if err != nil {
+ return "", err
+ }
+ base = cwd
+ }
+ return filepath.Join(base, path), nil
+}
diff --git a/vendor/k8s.io/client-go/tools/clientcmd/api/register.go b/vendor/k8s.io/client-go/tools/clientcmd/api/register.go
new file mode 100644
index 000000000..2eec3881c
--- /dev/null
+++ b/vendor/k8s.io/client-go/tools/clientcmd/api/register.go
@@ -0,0 +1,46 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package api
+
+import (
+ "k8s.io/apimachinery/pkg/runtime"
+ "k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+// SchemeGroupVersion is group version used to register these objects
+// TODO this should be in the "kubeconfig" group
+var SchemeGroupVersion = schema.GroupVersion{Group: "", Version: runtime.APIVersionInternal}
+
+var (
+ SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
+ AddToScheme = SchemeBuilder.AddToScheme
+)
+
+func addKnownTypes(scheme *runtime.Scheme) error {
+ scheme.AddKnownTypes(SchemeGroupVersion,
+ &Config{},
+ )
+ return nil
+}
+
+func (obj *Config) GetObjectKind() schema.ObjectKind { return obj }
+func (obj *Config) SetGroupVersionKind(gvk schema.GroupVersionKind) {
+ obj.APIVersion, obj.Kind = gvk.ToAPIVersionAndKind()
+}
+func (obj *Config) GroupVersionKind() schema.GroupVersionKind {
+ return schema.FromAPIVersionAndKind(obj.APIVersion, obj.Kind)
+}
diff --git a/vendor/k8s.io/client-go/tools/clientcmd/api/types.go b/vendor/k8s.io/client-go/tools/clientcmd/api/types.go
new file mode 100644
index 000000000..76090c6f5
--- /dev/null
+++ b/vendor/k8s.io/client-go/tools/clientcmd/api/types.go
@@ -0,0 +1,185 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package api
+
+import (
+ "k8s.io/apimachinery/pkg/runtime"
+)
+
+// Where possible, json tags match the cli argument names.
+// Top level config objects and all values required for proper functioning are not "omitempty". Any truly optional piece of config is allowed to be omitted.
+
+// Config holds the information needed to build connect to remote kubernetes clusters as a given user
+// IMPORTANT if you add fields to this struct, please update IsConfigEmpty()
+type Config struct {
+ // Legacy field from pkg/api/types.go TypeMeta.
+ // TODO(jlowdermilk): remove this after eliminating downstream dependencies.
+ // +optional
+ Kind string `json:"kind,omitempty"`
+ // Legacy field from pkg/api/types.go TypeMeta.
+ // TODO(jlowdermilk): remove this after eliminating downstream dependencies.
+ // +optional
+ APIVersion string `json:"apiVersion,omitempty"`
+ // Preferences holds general information to be use for cli interactions
+ Preferences Preferences `json:"preferences"`
+ // Clusters is a map of referencable names to cluster configs
+ Clusters map[string]*Cluster `json:"clusters"`
+ // AuthInfos is a map of referencable names to user configs
+ AuthInfos map[string]*AuthInfo `json:"users"`
+ // Contexts is a map of referencable names to context configs
+ Contexts map[string]*Context `json:"contexts"`
+ // CurrentContext is the name of the context that you would like to use by default
+ CurrentContext string `json:"current-context"`
+ // Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
+ // +optional
+ Extensions map[string]runtime.Object `json:"extensions,omitempty"`
+}
+
+// IMPORTANT if you add fields to this struct, please update IsConfigEmpty()
+type Preferences struct {
+ // +optional
+ Colors bool `json:"colors,omitempty"`
+ // Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
+ // +optional
+ Extensions map[string]runtime.Object `json:"extensions,omitempty"`
+}
+
+// Cluster contains information about how to communicate with a kubernetes cluster
+type Cluster struct {
+ // LocationOfOrigin indicates where this object came from. It is used for round tripping config post-merge, but never serialized.
+ LocationOfOrigin string
+ // Server is the address of the kubernetes cluster (https://hostname:port).
+ Server string `json:"server"`
+ // InsecureSkipTLSVerify skips the validity check for the server's certificate. This will make your HTTPS connections insecure.
+ // +optional
+ InsecureSkipTLSVerify bool `json:"insecure-skip-tls-verify,omitempty"`
+ // CertificateAuthority is the path to a cert file for the certificate authority.
+ // +optional
+ CertificateAuthority string `json:"certificate-authority,omitempty"`
+ // CertificateAuthorityData contains PEM-encoded certificate authority certificates. Overrides CertificateAuthority
+ // +optional
+ CertificateAuthorityData []byte `json:"certificate-authority-data,omitempty"`
+ // Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
+ // +optional
+ Extensions map[string]runtime.Object `json:"extensions,omitempty"`
+}
+
+// AuthInfo contains information that describes identity information. This is use to tell the kubernetes cluster who you are.
+type AuthInfo struct {
+ // LocationOfOrigin indicates where this object came from. It is used for round tripping config post-merge, but never serialized.
+ LocationOfOrigin string
+ // ClientCertificate is the path to a client cert file for TLS.
+ // +optional
+ ClientCertificate string `json:"client-certificate,omitempty"`
+ // ClientCertificateData contains PEM-encoded data from a client cert file for TLS. Overrides ClientCertificate
+ // +optional
+ ClientCertificateData []byte `json:"client-certificate-data,omitempty"`
+ // ClientKey is the path to a client key file for TLS.
+ // +optional
+ ClientKey string `json:"client-key,omitempty"`
+ // ClientKeyData contains PEM-encoded data from a client key file for TLS. Overrides ClientKey
+ // +optional
+ ClientKeyData []byte `json:"client-key-data,omitempty"`
+ // Token is the bearer token for authentication to the kubernetes cluster.
+ // +optional
+ Token string `json:"token,omitempty"`
+ // TokenFile is a pointer to a file that contains a bearer token (as described above). If both Token and TokenFile are present, Token takes precedence.
+ // +optional
+ TokenFile string `json:"tokenFile,omitempty"`
+ // Impersonate is the username to act-as.
+ // +optional
+ Impersonate string `json:"act-as,omitempty"`
+ // ImpersonateGroups is the groups to imperonate.
+ // +optional
+ ImpersonateGroups []string `json:"act-as-groups,omitempty"`
+ // ImpersonateUserExtra contains additional information for impersonated user.
+ // +optional
+ ImpersonateUserExtra map[string][]string `json:"act-as-user-extra,omitempty"`
+ // Username is the username for basic authentication to the kubernetes cluster.
+ // +optional
+ Username string `json:"username,omitempty"`
+ // Password is the password for basic authentication to the kubernetes cluster.
+ // +optional
+ Password string `json:"password,omitempty"`
+ // AuthProvider specifies a custom authentication plugin for the kubernetes cluster.
+ // +optional
+ AuthProvider *AuthProviderConfig `json:"auth-provider,omitempty"`
+ // Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
+ // +optional
+ Extensions map[string]runtime.Object `json:"extensions,omitempty"`
+}
+
+// Context is a tuple of references to a cluster (how do I communicate with a kubernetes cluster), a user (how do I identify myself), and a namespace (what subset of resources do I want to work with)
+type Context struct {
+ // LocationOfOrigin indicates where this object came from. It is used for round tripping config post-merge, but never serialized.
+ LocationOfOrigin string
+ // Cluster is the name of the cluster for this context
+ Cluster string `json:"cluster"`
+ // AuthInfo is the name of the authInfo for this context
+ AuthInfo string `json:"user"`
+ // Namespace is the default namespace to use on unspecified requests
+ // +optional
+ Namespace string `json:"namespace,omitempty"`
+ // Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
+ // +optional
+ Extensions map[string]runtime.Object `json:"extensions,omitempty"`
+}
+
+// AuthProviderConfig holds the configuration for a specified auth provider.
+type AuthProviderConfig struct {
+ Name string `json:"name"`
+ // +optional
+ Config map[string]string `json:"config,omitempty"`
+}
+
+// NewConfig is a convenience function that returns a new Config object with non-nil maps
+func NewConfig() *Config {
+ return &Config{
+ Preferences: *NewPreferences(),
+ Clusters: make(map[string]*Cluster),
+ AuthInfos: make(map[string]*AuthInfo),
+ Contexts: make(map[string]*Context),
+ Extensions: make(map[string]runtime.Object),
+ }
+}
+
+// NewContext is a convenience function that returns a new Context
+// object with non-nil maps
+func NewContext() *Context {
+ return &Context{Extensions: make(map[string]runtime.Object)}
+}
+
+// NewCluster is a convenience function that returns a new Cluster
+// object with non-nil maps
+func NewCluster() *Cluster {
+ return &Cluster{Extensions: make(map[string]runtime.Object)}
+}
+
+// NewAuthInfo is a convenience function that returns a new AuthInfo
+// object with non-nil maps
+func NewAuthInfo() *AuthInfo {
+ return &AuthInfo{
+ Extensions: make(map[string]runtime.Object),
+ ImpersonateUserExtra: make(map[string][]string),
+ }
+}
+
+// NewPreferences is a convenience function that returns a new
+// Preferences object with non-nil maps
+func NewPreferences() *Preferences {
+ return &Preferences{Extensions: make(map[string]runtime.Object)}
+}