Add support for loading namespaces from pod configuration. (#640)

src/KubernetesClient/CertUtils.cs

@@ -19,15 +19,18 @@ namespace k8s
         /// <returns>List of x509 instances.</returns>
         public static X509Certificate2Collection LoadPemFileCert(string file)
         {
-            var certs = new X509CertificateParser().ReadCertificates(File.OpenRead(file));
             var certCollection = new X509Certificate2Collection();
-
+            using (var stream = FileUtils.FileSystem().File.OpenRead(file))
-            // Convert BouncyCastle X509Certificates to the .NET cryptography implementation and add
-            // it to the certificate collection
-            //
-            foreach (Org.BouncyCastle.X509.X509Certificate cert in certs)
             {
-                certCollection.Add(new X509Certificate2(cert.GetEncoded()));
+                var certs = new X509CertificateParser().ReadCertificates(stream);
+
+                // Convert BouncyCastle X509Certificates to the .NET cryptography implementation and add
+                // it to the certificate collection
+                //
+                foreach (Org.BouncyCastle.X509.X509Certificate cert in certs)
+                {
+                    certCollection.Add(new X509Certificate2(cert.GetEncoded()));
+                }
             }
 
             return certCollection;

src/KubernetesClient/FileUtils.cs

@@ -0,0 +1,34 @@
+using System;
+using System.IO.Abstractions;
+
+namespace k8s
+{
+    public static class FileUtils
+    {
+        private static IFileSystem realFileSystem = new FileSystem();
+        private static IFileSystem currentFileSystem = null;
+
+        public static void InjectFilesystem(IFileSystem fs)
+        {
+            currentFileSystem = fs;
+        }
+
+        public static IFileSystem FileSystem()
+        {
+            return currentFileSystem != null ? currentFileSystem : realFileSystem;
+        }
+
+        public sealed class InjectedFileSystem : IDisposable
+        {
+            public InjectedFileSystem(IFileSystem fs)
+            {
+                InjectFilesystem(fs);
+            }
+
+            public void Dispose()
+            {
+                InjectFilesystem(null);
+            }
+        }
+    }
+}

src/KubernetesClient/KubernetesClient.csproj

@@ -37,6 +37,7 @@
     <PackageReference Include="Microsoft.Rest.ClientRuntime" Version="2.3.10" />
     <PackageReference Include="prometheus-net" Version="4.1.1" />
     <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.11.1" />
+    <PackageReference Include="System.IO.Abstractions" Version="13.2.33" />
     <PackageReference Include="YamlDotNet" Version="8.1.2" />
     <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.0.0" PrivateAssets="All" />
     <PackageReference Include="System.Buffers" Version="4.5.1" />

src/KubernetesClient/KubernetesClientConfiguration.InCluster.cs

@@ -7,32 +7,32 @@ namespace k8s
 {
     public partial class KubernetesClientConfiguration
     {
-        private static string serviceAccountPath =
+#pragma warning disable SA1401
+        // internal for testing
+        internal static string ServiceAccountPath =
             Path.Combine(new string[]
             {
                 $"{Path.DirectorySeparatorChar}var", "run", "secrets", "kubernetes.io", "serviceaccount",
             });
+#pragma warning restore SA1401
 
-        private const string ServiceAccountTokenKeyFileName = "token";
+        internal const string ServiceAccountTokenKeyFileName = "token";
-        private const string ServiceAccountRootCAKeyFileName = "ca.crt";
+        internal const string ServiceAccountRootCAKeyFileName = "ca.crt";
+        internal const string ServiceAccountNamespaceFileName = "namespace";
 
         public static bool IsInCluster()
         {
             var host = Environment.GetEnvironmentVariable("KUBERNETES_SERVICE_HOST");
             var port = Environment.GetEnvironmentVariable("KUBERNETES_SERVICE_PORT");
-            if (string.IsNullOrWhiteSpace(host) || string.IsNullOrWhiteSpace(port))
+
+            var tokenPath = Path.Combine(ServiceAccountPath, ServiceAccountTokenKeyFileName);
+            if (!FileUtils.FileSystem().File.Exists(tokenPath))
             {
                 return false;
             }
 
-            var tokenPath = Path.Combine(serviceAccountPath, ServiceAccountTokenKeyFileName);
+            var certPath = Path.Combine(ServiceAccountPath, ServiceAccountRootCAKeyFileName);
-            if (!File.Exists(tokenPath))
+            return FileUtils.FileSystem().File.Exists(certPath);
-            {
-                return false;
-            }
-
-            var certPath = Path.Combine(serviceAccountPath, ServiceAccountRootCAKeyFileName);
-            return File.Exists(certPath);
         }
 
         public static KubernetesClientConfiguration InClusterConfig()
@@ -43,16 +43,33 @@ namespace k8s
                     "unable to load in-cluster configuration, KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined");
             }
 
-            var rootCAFile = Path.Combine(serviceAccountPath, ServiceAccountRootCAKeyFileName);
+            var rootCAFile = Path.Combine(ServiceAccountPath, ServiceAccountRootCAKeyFileName);
             var host = Environment.GetEnvironmentVariable("KUBERNETES_SERVICE_HOST");
             var port = Environment.GetEnvironmentVariable("KUBERNETES_SERVICE_PORT");
+            if (string.IsNullOrEmpty(host))
+            {
+                host = "kubernetes.default.svc";
+            }
 
-            return new KubernetesClientConfiguration
+            if (string.IsNullOrEmpty(port))
+            {
+                port = "443";
+            }
+
+            var result = new KubernetesClientConfiguration
             {
                 Host = new UriBuilder("https", host, Convert.ToInt32(port)).ToString(),
-                TokenProvider = new TokenFileAuth(Path.Combine(serviceAccountPath, ServiceAccountTokenKeyFileName)),
+                TokenProvider = new TokenFileAuth(Path.Combine(ServiceAccountPath, ServiceAccountTokenKeyFileName)),
                 SslCaCerts = CertUtils.LoadPemFileCert(rootCAFile),
             };
+
+            var namespaceFile = Path.Combine(ServiceAccountPath, ServiceAccountNamespaceFileName);
+            if (FileUtils.FileSystem().File.Exists(namespaceFile))
+            {
+                result.Namespace = FileUtils.FileSystem().File.ReadAllText(namespaceFile);
+            }
+
+            return result;
         }
     }
 }

tests/KubernetesClient.Tests/KubernetesClient.Tests.csproj

@@ -10,6 +10,7 @@
   <ItemGroup>
       <PackageReference Include="FluentAssertions" Version="5.10.3" />
       <PackageReference Include="Microsoft.Extensions.Logging" Version="2.2.0" />
+      <PackageReference Include="System.IO.Abstractions.TestingHelpers" Version="13.2.33" />
       <PackageReference Include="System.Reactive" Version="4.3.2" />
       <PackageReference Include="Nito.AsyncEx" Version="5.1.0" />
   </ItemGroup>

tests/KubernetesClient.Tests/KubernetesClientConfigurationTests.cs

@@ -2,7 +2,9 @@ using k8s.Authentication;
 using k8s.Exceptions;
 using k8s.KubeConfigModels;
 using System;
+using System.Collections.Generic;
 using System.IO;
+using System.IO.Abstractions.TestingHelpers;
 using System.Linq;
 using System.Runtime.InteropServices;
 using System.Threading;
@@ -672,5 +674,74 @@ namespace k8s.Tests
                 Assert.True(expectedCreds.AuthProvider.Config.All(x => actualCreds.AuthProvider.Config.Contains(x)));
             }
         }
+
+        /// <summary>
+        ///    Test in cluster configuration.
+        /// </summary>
+        [Fact]
+        public void IsInCluster()
+        {
+            Assert.False(KubernetesClientConfiguration.IsInCluster());
+
+            var tokenPath = Path.Combine(KubernetesClientConfiguration.ServiceAccountPath, KubernetesClientConfiguration.ServiceAccountTokenKeyFileName);
+            var certPath = Path.Combine(KubernetesClientConfiguration.ServiceAccountPath, KubernetesClientConfiguration.ServiceAccountRootCAKeyFileName);
+
+            var fileSystem = new MockFileSystem(new Dictionary<string, MockFileData>
+            {
+                { tokenPath, new MockFileData("foo") },
+                { certPath, new MockFileData("bar") },
+            });
+            using (new FileUtils.InjectedFileSystem(fileSystem))
+            {
+                Assert.True(KubernetesClientConfiguration.IsInCluster());
+            }
+        }
+
+        /// <summary>
+        ///    Test in cluster configuration loading.
+        /// </summary>
+        [Fact]
+        public void LoadInCluster()
+        {
+            var tokenPath = Path.Combine(KubernetesClientConfiguration.ServiceAccountPath, KubernetesClientConfiguration.ServiceAccountTokenKeyFileName);
+            var certPath = Path.Combine(KubernetesClientConfiguration.ServiceAccountPath, KubernetesClientConfiguration.ServiceAccountRootCAKeyFileName);
+
+            var fileSystem = new MockFileSystem(new Dictionary<string, MockFileData>
+            {
+                { tokenPath, new MockFileData("foo") },
+                { certPath, new MockFileData("bar") },
+            });
+
+            using (new FileUtils.InjectedFileSystem(fileSystem))
+            {
+                var config = KubernetesClientConfiguration.InClusterConfig();
+                Assert.Equal("https://kubernetes.default.svc:443/", config.Host);
+                Assert.Null(config.Namespace);
+            }
+        }
+
+        /// <summary>
+        ///    Test in cluster configuration loading of namespaces.
+        /// </summary>
+        [Fact]
+        public void LoadInClusterNamespace()
+        {
+            var tokenPath = Path.Combine(KubernetesClientConfiguration.ServiceAccountPath, KubernetesClientConfiguration.ServiceAccountTokenKeyFileName);
+            var certPath = Path.Combine(KubernetesClientConfiguration.ServiceAccountPath, KubernetesClientConfiguration.ServiceAccountRootCAKeyFileName);
+            var namespacePath = Path.Combine(KubernetesClientConfiguration.ServiceAccountPath, KubernetesClientConfiguration.ServiceAccountNamespaceFileName);
+            var fileSystem = new MockFileSystem(new Dictionary<string, MockFileData>
+            {
+                { tokenPath, new MockFileData("foo") },
+                { certPath, new MockFileData("bar") },
+                { namespacePath, new MockFileData("some namespace") },
+            });
+
+            using (new FileUtils.InjectedFileSystem(fileSystem))
+            {
+                var config = KubernetesClientConfiguration.InClusterConfig();
+                Assert.Equal("https://kubernetes.default.svc:443/", config.Host);
+                Assert.Equal("some namespace", config.Namespace);
+            }
+        }
     }
 }