Add support for Kubernetes username/password auth#2308
Add support for Kubernetes username/password auth#2308silvin-lubecki merged 1 commit intodocker:masterfrom
Conversation
This is required for supporting some Kubernetes distributions such as rancher/k3s. It comes with a test case validating correct parsing of a k3s kubeconfig file Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
simonferquel
force-pushed
the
support-username-password
branch
from
a316640 to
17e651d
Compare
thaJeztah
left a comment
thaJeztah
left a comment
There was a problem hiding this comment.
SGTM
not a big fan of the plain username/password storing, but I guess that's something on the kubernetes side (and I can see it come in handy for simple setups / local development)
| } | ||
| } | ||
| var usernamePassword *UsernamePassword | ||
| if clientcfg.Username != "" || clientcfg.Password != "" { |
There was a problem hiding this comment.
Do we need the check here? Of both are empty, we'll just set an empty string (which is the default for strings)
oh, nevermind; you created a pointer so that we don't set the UsernamePassword field if we don't use it
| @@ -21,6 +21,13 @@ type EndpointMeta struct { | |||
| DefaultNamespace string `json:",omitempty"` | |||
| AuthProvider *clientcmdapi.AuthProviderConfig `json:",omitempty"` | |||
There was a problem hiding this comment.
Curious; what's AuthProvider used for; is username/password not some form of that? (looking at https://github.com/kubernetes/client-go/blob/master/tools/clientcmd/api/types.go#L153-L177 it also has some sanitisation built in, so was wondering)
There was a problem hiding this comment.
AuthProvider is for authentication plugins (such as GKE authentication plugin). They allow to put arbitrary json in the kubeconfig file and feed the plugin with that so that it can setup the rest.Client accordingly. It is not related to the basic auth scheme.
thaJeztah
added
area/context
area/kubernetes
impact/changelog
kind/enhancement
status/2-code-review
and removed
status/0-triage
labels
|
@silvin-lubecki would probably want to have a look as well. |
silvin-lubecki
left a comment
silvin-lubecki
left a comment
There was a problem hiding this comment.
LGTM, thank you @simonferquel !
4 participants
- What I did
Added support for username/password Kubernetes authentication. The main motivation being to support k3s Kubernetes distributions.
- How I did it
Don't discard username/password fields when loading a kubeconfig file
- How to verify it
The PR comes with a unit test (same style as gke and eks test cases)
- Description for the changelog