diff --git a/.changes/next-release/bugfix-eks-27483.json b/.changes/next-release/bugfix-eks-27483.json new file mode 100644 index 000000000000..0d7b2c4c4f8d --- /dev/null +++ b/.changes/next-release/bugfix-eks-27483.json @@ -0,0 +1,5 @@ +{ + "type": "bugfix", + "category": "``eks get-token``", + "description": "Correctly fallback to client.authentication.k8s.io/v1beta1 API if KUBERNETES_EXEC_INFO is undefined" +} diff --git a/.changes/next-release/feature-eksgettoken-97938.json b/.changes/next-release/feature-eksgettoken-97938.json new file mode 100644 index 000000000000..618d5cdb96bd --- /dev/null +++ b/.changes/next-release/feature-eksgettoken-97938.json @@ -0,0 +1,5 @@ +{ + "type": "feature", + "category": "``eks get-token``", + "description": "All eks get-token commands default to api version v1beta1." +} diff --git a/awscli/customizations/eks/get_token.py b/awscli/customizations/eks/get_token.py index bc2b0ac00d35..3b30d3039713 100644 --- a/awscli/customizations/eks/get_token.py +++ b/awscli/customizations/eks/get_token.py @@ -126,8 +126,8 @@ def _run_main(self, parsed_args, parsed_globals): def discover_api_version(self): """ Parses the KUBERNETES_EXEC_INFO environment variable and returns the - API version. If the environment variable is empty, malformed, or - invalid, return the v1alpha1 response and print a message to stderr. + API version. If the environment variable is malformed or invalid, + return the v1beta1 response and print a message to stderr. If the v1alpha1 API is specified explicitly, a message is printed to stderr with instructions to update. @@ -139,7 +139,7 @@ def discover_api_version(self): # "v1beta1" will be removed. At or around that time, EKS will likely # support v1.22 through v1.28, in which client API version "v1beta1" # will be supported by all EKS versions. - fallback_api_version = ALPHA_API + fallback_api_version = BETA_API error_prefixes = { "error": "Error parsing", @@ -148,16 +148,12 @@ def discover_api_version(self): exec_info_raw = os.environ.get("KUBERNETES_EXEC_INFO", "") if not exec_info_raw: - # All kube clients should be setting this. Otherewise, we'll return - # the fallback and write an error. - uni_print( - ERROR_MSG_TPL.format( - error_prefixes["empty"], - fallback_api_version, - ), - sys.stderr, - ) - uni_print("\n", sys.stderr) + # All kube clients should be setting this, but client-go clients + # (kubectl, kubelet, etc) < 1.20 were not setting this if the API + # version defined in the kubeconfig was not v1alpha1. + # + # This was changed in kubernetes/kubernetes#95489 so that + # KUBERNETES_EXEC_INFO is always provided return fallback_api_version try: exec_info = json.loads(exec_info_raw) @@ -177,7 +173,7 @@ def discover_api_version(self): if api_version_raw in FULLY_SUPPORTED_API_VERSIONS: return api_version_raw elif api_version_raw in DEPRECATED_API_VERSIONS: - uni_print(DEPRECATION_MSG_TPL.format(ALPHA_API), sys.stderr) + uni_print(DEPRECATION_MSG_TPL.format(api_version_raw), sys.stderr) uni_print("\n", sys.stderr) return api_version_raw else: diff --git a/tests/functional/eks/test_get_token.py b/tests/functional/eks/test_get_token.py index ecf64bed5e5c..bf2165899e96 100644 --- a/tests/functional/eks/test_get_token.py +++ b/tests/functional/eks/test_get_token.py @@ -86,7 +86,7 @@ def test_get_token(self, mock_datetime): response, { "kind": "ExecCredential", - "apiVersion": "client.authentication.k8s.io/v1alpha1", + "apiVersion": "client.authentication.k8s.io/v1beta1", "spec": {}, "status": { "expirationTimestamp": "2019-10-23T23:14:00Z", @@ -185,13 +185,13 @@ def test_api_version_discovery_malformed(self): self.assertEqual( response["apiVersion"], - "client.authentication.k8s.io/v1alpha1", + "client.authentication.k8s.io/v1beta1", ) self.assertEqual( stderr, ( - "Error parsing KUBERNETES_EXEC_INFO, defaulting to client.authentication.k8s.io/v1alpha1. " + "Error parsing KUBERNETES_EXEC_INFO, defaulting to client.authentication.k8s.io/v1beta1. " "This is likely a bug in your Kubernetes client. Please update your Kubernetes client.\n" ), ) @@ -203,16 +203,10 @@ def test_api_version_discovery_empty(self): self.assertEqual( response["apiVersion"], - "client.authentication.k8s.io/v1alpha1", + "client.authentication.k8s.io/v1beta1", ) - self.assertEqual( - stderr, - ( - "Empty KUBERNETES_EXEC_INFO, defaulting to client.authentication.k8s.io/v1alpha1. " - "This is likely a bug in your Kubernetes client. Please update your Kubernetes client.\n" - ), - ) + self.assertEqual(stderr, "",) def test_api_version_discovery_v1(self): self.set_kubernetes_exec_info('v1') @@ -248,13 +242,13 @@ def test_api_version_discovery_unknown(self): self.assertEqual( response["apiVersion"], - "client.authentication.k8s.io/v1alpha1", + "client.authentication.k8s.io/v1beta1", ) self.assertEqual( stderr, ( - "Unrecognized API version in KUBERNETES_EXEC_INFO, defaulting to client.authentication.k8s.io/v1alpha1. " + "Unrecognized API version in KUBERNETES_EXEC_INFO, defaulting to client.authentication.k8s.io/v1beta1. " "This is likely due to an outdated AWS CLI. Please update your AWS CLI.\n" ), )