kubernetes-client/csharp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove requirement for certificate authority and certificate authority data in kubeconfig. (#222)

Browse Source 
* Remove requirement for certificate authority data in kubeconfig.

* Update src/KubernetesClient/KubernetesClientConfiguration.ConfigFile.cs

Update casing of `URL` at @itowlson suggestion.

Co-Authored-By: twitchax <twitchax@gmail.com>
This commit is contained in:
Aaron Roney
2018-12-11 21:08:55 -08:00
committed by Kubernetes Prow Robot
parent 6bc54a68c4
commit b7f79c924f
3 changed files with 16 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
src/KubernetesClient/KubernetesClientConfiguration.ConfigFile.cs
View File

@@ -155,31 +155,23 @@ namespace k8s
if (clusterDetails?.ClusterEndpoint == null)
{
throw new KubeConfigException($"Cluster not found for context {activeContext} in kubeconfig");
throw new KubeConfigException($"Cluster not found for context `{activeContext}` in kubeconfig");
}
if (string.IsNullOrWhiteSpace(clusterDetails.ClusterEndpoint.Server))
{
throw new KubeConfigException($"Server not found for current-context {activeContext} in kubeconfig");
throw new KubeConfigException($"Server not found for current-context `{activeContext}` in kubeconfig");
}
Host = clusterDetails.ClusterEndpoint.Server;
Host = clusterDetails.ClusterEndpoint.Server;
SkipTlsVerify = clusterDetails.ClusterEndpoint.SkipTlsVerify;
try
if(!Uri.TryCreate(Host, UriKind.Absolute, out Uri uri))
{
var uri = new Uri(Host);
if (uri.Scheme == "https")
{
// check certificate for https
if (!clusterDetails.ClusterEndpoint.SkipTlsVerify &&
string.IsNullOrWhiteSpace(clusterDetails.ClusterEndpoint.CertificateAuthorityData) &&
string.IsNullOrWhiteSpace(clusterDetails.ClusterEndpoint.CertificateAuthority))
{
throw new KubeConfigException(
$"neither certificate-authority-data nor certificate-authority not found for current-context :{activeContext} in kubeconfig");
throw new KubeConfigException($"Bad server host URL `{Host}` (cannot be parsed)");
}
if (uri.Scheme == "https")
{
if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthorityData))
{
var data = clusterDetails.ClusterEndpoint.CertificateAuthorityData;
@@ -191,11 +183,6 @@ namespace k8s
}
}
}
catch (UriFormatException e)
{
throw new KubeConfigException("Bad Server host url", e);
}
}
private void SetUserDetails(K8SConfiguration k8SConfig, Context activeContext)
{

11
tests/KubernetesClient.Tests/KubernetesClientConfigurationTests.cs
View File

@@ -70,17 +70,6 @@ namespace k8s.Tests
Assert.Equal(File.ReadAllText("assets/client-key-data.txt"), cfg.ClientCertificateKeyData);
}
/// <summary>
/// Checks that a KubeConfigException is thrown when no certificate-authority-data is set and user do not require tls
/// skip
/// </summary>
[Fact]
public void CheckClusterTlsCorrectness()
{
var fi = new FileInfo("assets/kubeconfig.tls-no-skip-error.yml");
Assert.Throws<KubeConfigException>(() => KubernetesClientConfiguration.BuildConfigFromConfigFile(fi));
}
/// <summary>
/// Checks that a KubeConfigException is thrown when no certificate-authority-data is set and user do not require tls
/// skip

25
tests/KubernetesClient.Tests/assets/kubeconfig.tls-no-skip-error.yml
View File

@@ -1,25 +0,0 @@
# Sample file based on https://kubernetes.io/docs/tasks/access-application-cluster/authenticate-across-clusters-kubeconfig/
# WARNING: File includes minor fixes
---
current-context: federal-context
apiVersion: v1
clusters:
- cluster:
server: http://cow.org:8080
name: cow-cluster
- cluster:
# certificate-authority: path/to/my/cafile
server: https://horse.org:4443
name: horse-cluster
contexts:
- context:
cluster: horse-cluster
namespace: chisel-ns
user: green-user
name: federal-context
kind: Config
users:
- name: green-user
user:
client-certificate: assets/client.crt
client-key: assets/client.key