Remove requirement for certificate authority and certificate authority data in kubeconfig. (#222)

* Remove requirement for certificate authority data in kubeconfig. * Update src/KubernetesClient/KubernetesClientConfiguration.ConfigFile.cs Update casing of `URL` at @itowlson suggestion. Co-Authored-By: twitchax <twitchax@gmail.com>
2018-12-11 21:08:55 -08:00
parent 6bc54a68c4
commit b7f79c924f
3 changed files with 16 additions and 65 deletions
--- a/src/KubernetesClient/KubernetesClientConfiguration.ConfigFile.cs
+++ b/src/KubernetesClient/KubernetesClientConfiguration.ConfigFile.cs
@@ -155,45 +155,32 @@ namespace k8s

            if (clusterDetails?.ClusterEndpoint == null)
            {
-                throw new KubeConfigException($"Cluster not found for context {activeContext} in kubeconfig");
+                throw new KubeConfigException($"Cluster not found for context `{activeContext}` in kubeconfig");
            }
-
            if (string.IsNullOrWhiteSpace(clusterDetails.ClusterEndpoint.Server))
            {
-                throw new KubeConfigException($"Server not found for current-context {activeContext} in kubeconfig");
+                throw new KubeConfigException($"Server not found for current-context `{activeContext}` in kubeconfig");
            }
-            Host = clusterDetails.ClusterEndpoint.Server;

+            Host = clusterDetails.ClusterEndpoint.Server;
            SkipTlsVerify = clusterDetails.ClusterEndpoint.SkipTlsVerify;

-            try
+            if(!Uri.TryCreate(Host, UriKind.Absolute, out Uri uri))
            {
-                var uri = new Uri(Host);
-                if (uri.Scheme == "https")
-                {
-                    // check certificate for https
-                    if (!clusterDetails.ClusterEndpoint.SkipTlsVerify &&
-                        string.IsNullOrWhiteSpace(clusterDetails.ClusterEndpoint.CertificateAuthorityData) &&
-                        string.IsNullOrWhiteSpace(clusterDetails.ClusterEndpoint.CertificateAuthority))
-                    {
-                        throw new KubeConfigException(
-                            $"neither certificate-authority-data nor certificate-authority not found for current-context :{activeContext} in kubeconfig");
-                    }
-
-                    if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthorityData))
-                    {
-                        var data = clusterDetails.ClusterEndpoint.CertificateAuthorityData;
-                        SslCaCert = new X509Certificate2(Convert.FromBase64String(data));
-                    }
-                    else if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthority))
-                    {
-                        SslCaCert = new X509Certificate2(GetFullPath(k8SConfig, clusterDetails.ClusterEndpoint.CertificateAuthority));
-                    }
-                }
+                throw new KubeConfigException($"Bad server host URL `{Host}` (cannot be parsed)");
            }
-            catch (UriFormatException e)
+            
+            if (uri.Scheme == "https")
            {
-                throw new KubeConfigException("Bad Server host url", e);
+                if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthorityData))
+                {
+                    var data = clusterDetails.ClusterEndpoint.CertificateAuthorityData;
+                    SslCaCert = new X509Certificate2(Convert.FromBase64String(data));
+                }
+                else if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthority))
+                {
+                    SslCaCert = new X509Certificate2(GetFullPath(k8SConfig, clusterDetails.ClusterEndpoint.CertificateAuthority));
+                }
            }
        }

--- a/tests/KubernetesClient.Tests/KubernetesClientConfigurationTests.cs
+++ b/tests/KubernetesClient.Tests/KubernetesClientConfigurationTests.cs
@@ -70,17 +70,6 @@ namespace k8s.Tests
            Assert.Equal(File.ReadAllText("assets/client-key-data.txt"), cfg.ClientCertificateKeyData);
        }

-        /// <summary>
-        ///     Checks that a KubeConfigException is thrown when no certificate-authority-data is set and user do not require tls
-        ///     skip
-        /// </summary>
-        [Fact]
-        public void CheckClusterTlsCorrectness()
-        {
-            var fi = new FileInfo("assets/kubeconfig.tls-no-skip-error.yml");
-            Assert.Throws<KubeConfigException>(() => KubernetesClientConfiguration.BuildConfigFromConfigFile(fi));
-        }
-
        /// <summary>
        ///     Checks that a KubeConfigException is thrown when no certificate-authority-data is set and user do not require tls
        ///     skip
--- a/tests/KubernetesClient.Tests/assets/kubeconfig.tls-no-skip-error.yml
+++ b/tests/KubernetesClient.Tests/assets/kubeconfig.tls-no-skip-error.yml
@@ -1,25 +0,0 @@
-# Sample file based on https://kubernetes.io/docs/tasks/access-application-cluster/authenticate-across-clusters-kubeconfig/
-# WARNING: File includes minor fixes
---
-current-context: federal-context
-apiVersion: v1
-clusters:
- cluster:
-    server: http://cow.org:8080
-  name: cow-cluster
- cluster:
-    # certificate-authority: path/to/my/cafile
-    server: https://horse.org:4443
-  name: horse-cluster
-contexts:
- context:
-    cluster: horse-cluster
-    namespace: chisel-ns
-    user: green-user
-  name: federal-context
-kind: Config
-users:
- name: green-user
-  user:
-    client-certificate: assets/client.crt
-    client-key: assets/client.key