From 71d63e3e6de050ef26e323d38a58ee0fe75c90ee Mon Sep 17 00:00:00 2001 From: Andre Dietisheim Date: Tue, 27 Aug 2024 11:14:45 +0200 Subject: [PATCH] using Utils to check parameters Signed-off-by: Andre Dietisheim --- .../io/fabric8/kubernetes/client/Config.java | 109 ++++++------ .../kubernetes/client/ConfigBuilder.java | 3 +- .../kubernetes/client/ConfigFluent.java | 2 +- .../kubernetes/client/SundrioConfig.java | 5 +- .../client/internal/KubeConfigUtils.java | 8 +- .../client/utils/OpenIDConnectionUtils.java | 8 +- .../kubernetes/client/utils/Utils.java | 23 ++- .../client/ConfigConstructorTest.java | 24 +-- .../fabric8/kubernetes/client/ConfigTest.java | 167 +++++++++++++----- .../OpenIDConnectionUtilsBehaviorTest.java | 28 ++- .../utils/OpenIDConnectionUtilsTest.java | 9 +- .../test/resources/test-ec-kubeconfig-mangled | 19 ++ ...ctxt.yml => test-kubeconfig-nocurrentctxt} | 0 ...context => test-kubeconfig-onlycurrentctx} | 0 14 files changed, 270 insertions(+), 135 deletions(-) create mode 100644 kubernetes-client-api/src/test/resources/test-ec-kubeconfig-mangled rename kubernetes-client-api/src/test/resources/{test-kubeconfig-nocurrentctxt.yml => test-kubeconfig-nocurrentctxt} (100%) rename kubernetes-client-api/src/test/resources/{test-kubeconfig-onlycurrentcontext => test-kubeconfig-onlycurrentctx} (100%) diff --git a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/Config.java b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/Config.java index 6462c54fdce..bfb225cdcac 100644 --- a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/Config.java +++ b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/Config.java @@ -56,6 +56,7 @@ import java.util.List; import java.util.Locale; import java.util.Map; +import java.util.Objects; import java.util.Optional; import java.util.function.Predicate; import java.util.function.UnaryOperator; @@ -236,7 +237,6 @@ public class Config { private Boolean autoConfigure; - @Deprecated private List files = new ArrayList<>(); @JsonIgnore @@ -268,7 +268,7 @@ private Config(boolean autoConfigure) { null, null, null, null, null, null, null, null, null, null, - null, autoConfigure, true); + null, autoConfigure, true, null); } /** @@ -376,7 +376,7 @@ public Config(String masterUrl, String apiVersion, String namespace, Boolean tru httpProxy, httpsProxy, noProxy, userAgent, tlsVersions, websocketPingInterval, proxyUsername, proxyPassword, trustStoreFile, trustStorePassphrase, keyStoreFile, keyStorePassphrase, impersonateUsername, impersonateGroups, impersonateExtras, oauthTokenProvider, customHeaders, requestRetryBackoffLimit, requestRetryBackoffInterval, - uploadRequestTimeout, onlyHttpWatches, currentContext, contexts, false, true); + uploadRequestTimeout, onlyHttpWatches, currentContext, contexts, false, true, null); } public Config(String masterUrl, String apiVersion, String namespace, Boolean trustCerts, Boolean disableHostnameVerification, @@ -400,7 +400,7 @@ public Config(String masterUrl, String apiVersion, String namespace, Boolean tru httpProxy, httpsProxy, noProxy, userAgent, tlsVersions, websocketPingInterval, proxyUsername, proxyPassword, trustStoreFile, trustStorePassphrase, keyStoreFile, keyStorePassphrase, impersonateUsername, impersonateGroups, impersonateExtras, oauthTokenProvider, customHeaders, requestRetryBackoffLimit, requestRetryBackoffInterval, - uploadRequestTimeout, onlyHttpWatches, currentContext, contexts, autoConfigure, true); + uploadRequestTimeout, onlyHttpWatches, currentContext, contexts, autoConfigure, true, null); } /* @@ -419,7 +419,7 @@ public Config(String masterUrl, String apiVersion, String namespace, Boolean tru String impersonateUsername, String[] impersonateGroups, Map> impersonateExtras, OAuthTokenProvider oauthTokenProvider, Map customHeaders, Integer requestRetryBackoffLimit, Integer requestRetryBackoffInterval, Integer uploadRequestTimeout, Boolean onlyHttpWatches, NamedContext currentContext, - List contexts, Boolean autoConfigure, Boolean shouldSetDefaultValues) { + List contexts, Boolean autoConfigure, Boolean shouldSetDefaultValues, List files) { if (Boolean.TRUE.equals(shouldSetDefaultValues)) { this.masterUrl = DEFAULT_MASTER_URL; this.apiVersion = "v1"; @@ -587,7 +587,7 @@ public Config(String masterUrl, String apiVersion, String namespace, Boolean tru if (Utils.isNotNullOrEmpty(autoOAuthToken)) { this.autoOAuthToken = autoOAuthToken; } - if (contexts != null && !contexts.isEmpty()) { + if (Utils.isNotNullOrEmpty(contexts)) { this.contexts = contexts; } if (Utils.isNotNull(currentContext)) { @@ -601,6 +601,10 @@ public Config(String masterUrl, String apiVersion, String namespace, Boolean tru this.oauthTokenProvider = oauthTokenProvider; this.customHeaders = customHeaders; this.onlyHttpWatches = onlyHttpWatches; + if (!Utils.isNullOrEmpty(files)) { + this.files = files; + } + } public static void configFromSysPropsOrEnvVars(Config config) { @@ -723,7 +727,7 @@ public static void configFromSysPropsOrEnvVars(Config config) { } String tlsVersionsVar = Utils.getSystemPropertyOrEnvVar(KUBERNETES_TLS_VERSIONS); - if (tlsVersionsVar != null && !tlsVersionsVar.isEmpty()) { + if (Utils.isNotNullOrEmpty(tlsVersionsVar)) { String[] tlsVersionsSplit = tlsVersionsVar.split(","); TlsVersion[] tlsVersions = new TlsVersion[tlsVersionsSplit.length]; for (int i = 0; i < tlsVersionsSplit.length; i++) { @@ -839,7 +843,7 @@ public static Config fromKubeconfig(String context, String kubeconfigContents, S */ public Config refresh() { final String currentContextName = this.getCurrentContext() != null ? this.getCurrentContext().getName() : null; - if (this.oauthToken != null && !this.oauthToken.isEmpty()) { + if (Utils.isNotNullOrEmpty(this.oauthToken)) { return this; } if (this.autoConfigure) { @@ -863,8 +867,7 @@ private static boolean tryKubeConfig(Config config, String context) { return false; } String[] kubeConfigFilenames = getKubeconfigFilenames(); - if (kubeConfigFilenames == null - || kubeConfigFilenames.length == 0) { + if (Utils.isNullOrEmpty(kubeConfigFilenames)) { return false; } List allFiles = Arrays.stream(kubeConfigFilenames) @@ -876,19 +879,18 @@ private static boolean tryKubeConfig(Config config, String context) { } private static io.fabric8.kubernetes.api.model.Config mergeKubeConfigs(List files) { - if (files == null - || files.isEmpty()) { + if (Utils.isNullOrEmpty(files)) { return null; } return files.stream() - .map(Config::createKubeconfig) - .reduce(null, (merged, additionalConfig) -> { - if (additionalConfig != null) { - return KubeConfigUtils.merge(additionalConfig, merged); - } else { - return merged; - } - }); + .map(Config::createKubeconfig) + .reduce(null, (merged, additionalConfig) -> { + if (additionalConfig != null) { + return KubeConfigUtils.merge(additionalConfig, merged); + } else { + return merged; + } + }); } private static io.fabric8.kubernetes.api.model.Config createKubeconfig(File file) { @@ -896,8 +898,7 @@ private static io.fabric8.kubernetes.api.model.Config createKubeconfig(File file LOGGER.debug("Found for Kubernetes config at: [{}].", file.getPath()); try { String content = getKubeconfigContents(file); - if (content != null - && !content.isEmpty()) { + if (Utils.isNotNullOrEmpty(content)) { kubeConfig = KubeConfigUtils.parseConfigFromString(content); } } catch (KubernetesClientException e) { @@ -915,7 +916,6 @@ public static String getKubeconfigFilename() { String fileName = null; String[] fileNames = getKubeconfigFilenames(); // if system property/env var contains multiple files take the first one based on the environment - // we are running in (eg. : for Linux, ; for Windows) if (fileNames.length >= 1) { fileName = fileNames[0]; if (fileNames.length > 1) { @@ -929,17 +929,13 @@ public static String getKubeconfigFilename() { public static String[] getKubeconfigFilenames() { String[] fileNames = null; String fileName = Utils.getSystemPropertyOrEnvVar(KUBERNETES_KUBECONFIG_FILES); - if (fileName != null - && !fileName.isEmpty()) { + if (Utils.isNotNullOrEmpty(fileName)) { fileNames = fileName.split(File.pathSeparator); } - if (fileNames == null - || fileNames.length == 0) { + if (Utils.isNullOrEmpty(fileNames)) { fileNames = new String[] { DEFAULT_KUBECONFIG_FILE.toString() }; } - return Arrays.stream(fileNames) - .filter(filename -> isReadableKubeconfFile(new File(filename))) - .toArray(String[]::new); + return fileNames; } private static boolean isReadableKubeconfFile(File file) { @@ -971,7 +967,7 @@ private static String getKubeconfigContents(File kubeConfigFile) { // It is only used to rewrite relative tls asset paths inside kubeconfig when a file is passed, and in the case that // the kubeconfig references some assets via relative paths. private static boolean loadFromKubeconfig(Config config, String context, String kubeconfigContents) { - if (kubeconfigContents != null && !kubeconfigContents.isEmpty()) { + if (Utils.isNotNullOrEmpty(kubeconfigContents)) { return loadFromKubeconfig(config, context, KubeConfigUtils.parseConfigFromString(kubeconfigContents)); } else { return false; @@ -1135,7 +1131,7 @@ protected static List getAuthenticatorCommandFromExecConfig(ExecConfig e command = shellQuote(command); List args = exec.getArgs(); - if (args != null && !args.isEmpty()) { + if (Utils.isNotNullOrEmpty(args)) { command += " " + args .stream() .map(Config::shellQuote) @@ -1236,7 +1232,7 @@ private static String getSystemEnvVariable(String envVariableName) { protected static String getHomeDir(Predicate directoryExists, UnaryOperator getEnvVar) { String home = getEnvVar.apply("HOME"); - if (home != null && !home.isEmpty() && directoryExists.test(home)) { + if (Utils.isNotNullOrEmpty(home) && directoryExists.test(home)) { return home; } String osName = System.getProperty("os.name").toLowerCase(Locale.ROOT); @@ -1250,7 +1246,7 @@ protected static String getHomeDir(Predicate directoryExists, UnaryOpera } } String userProfile = getEnvVar.apply("USERPROFILE"); - if (userProfile != null && !userProfile.isEmpty() && directoryExists.test(userProfile)) { + if (Utils.isNotNullOrEmpty(userProfile) && directoryExists.test(userProfile)) { return userProfile; } } @@ -1770,8 +1766,7 @@ public void setCurrentContext(NamedContext context) { */ @Deprecated public File getFile() { - if (files != null - && !files.isEmpty()) { + if (Utils.isNotNullOrEmpty(files)) { return files.get(0); } else { return null; @@ -1789,30 +1784,34 @@ public List getFiles() { return files; } - public KubeConfigFile getFile(String username) { - if (username == null - || username.isEmpty()) { + public KubeConfigFile getFileWithAuthInfo(String name) { + if (Utils.isNullOrEmpty(name) + || Utils.isNullOrEmpty(getFiles())) { return null; } - return Arrays.stream(getKubeconfigFilenames()) - .map(File::new) - .map(file -> { - try { - return new KubeConfigFile(file, KubeConfigUtils.parseConfig(file)); - } catch (IOException e) { - return null; - } - }) - .filter(entry -> entry != null - && entry.getConfig() != null - && hasAuthInfo(username, entry.getConfig())) - .findFirst() - .orElse(null); + return getFiles().stream() + .filter(Config::isReadableKubeconfFile) + .map(file -> { + try { + return new KubeConfigFile(file, KubeConfigUtils.parseConfig(file)); + } catch (IOException e) { + return null; + } + }) + .filter(Objects::nonNull) + .filter(entry -> hasAuthInfoNamed(name, entry.getConfig())) + .findFirst() + .orElse(null); } - private boolean hasAuthInfo(String username, io.fabric8.kubernetes.api.model.Config kubeConfig) { + private boolean hasAuthInfoNamed(String username, io.fabric8.kubernetes.api.model.Config kubeConfig) { + if (Utils.isNullOrEmpty(username) + || kubeConfig == null + || kubeConfig.getUsers() == null) { + return false; + } return kubeConfig.getUsers().stream() - .anyMatch(namedAuthInfo -> username.equals(namedAuthInfo.getUser().getUsername())); + .anyMatch(namedAuthInfo -> username.equals(namedAuthInfo.getName())); } public static class KubeConfigFile { diff --git a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/ConfigBuilder.java b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/ConfigBuilder.java index a829b7ac6ed..3c3c6ae30fb 100644 --- a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/ConfigBuilder.java +++ b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/ConfigBuilder.java @@ -57,9 +57,8 @@ public Config build() { fluent.getOauthTokenProvider(), fluent.getCustomHeaders(), fluent.getRequestRetryBackoffLimit(), fluent.getRequestRetryBackoffInterval(), fluent.getUploadRequestTimeout(), fluent.getOnlyHttpWatches(), fluent.getCurrentContext(), fluent.getContexts(), - Optional.ofNullable(fluent.getAutoConfigure()).orElse(!disableAutoConfig()), true); + Optional.ofNullable(fluent.getAutoConfigure()).orElse(!disableAutoConfig()), true, fluent.getFiles()); buildable.setAuthProvider(fluent.getAuthProvider()); - buildable.setFile(fluent.getFile()); return buildable; } } diff --git a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/ConfigFluent.java b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/ConfigFluent.java index b2d81528893..91458b3a684 100644 --- a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/ConfigFluent.java +++ b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/ConfigFluent.java @@ -78,7 +78,7 @@ public void copyInstance(Config instance) { this.withContexts(instance.getContexts()); this.withAutoConfigure(instance.getAutoConfigure()); this.withAuthProvider(instance.getAuthProvider()); - this.withFile(instance.getFile()); + this.withFiles(instance.getFiles()); } } diff --git a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/SundrioConfig.java b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/SundrioConfig.java index d6c027f3b3a..c4e789b110b 100644 --- a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/SundrioConfig.java +++ b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/SundrioConfig.java @@ -19,6 +19,7 @@ import io.fabric8.kubernetes.client.http.TlsVersion; import io.sundr.builder.annotations.Buildable; +import java.io.File; import java.util.List; import java.util.Map; @@ -50,7 +51,7 @@ public SundrioConfig(String masterUrl, String apiVersion, String namespace, Bool String impersonateUsername, String[] impersonateGroups, Map> impersonateExtras, OAuthTokenProvider oauthTokenProvider, Map customHeaders, Integer requestRetryBackoffLimit, Integer requestRetryBackoffInterval, Integer uploadRequestTimeout, Boolean onlyHttpWatches, NamedContext currentContext, - List contexts, Boolean autoConfigure) { + List contexts, Boolean autoConfigure, List files) { super(masterUrl, apiVersion, namespace, trustCerts, disableHostnameVerification, caCertFile, caCertData, clientCertFile, clientCertData, clientKeyFile, clientKeyData, clientKeyAlgo, clientKeyPassphrase, username, password, oauthToken, autoOAuthToken, watchReconnectInterval, watchReconnectLimit, connectionTimeout, requestTimeout, @@ -58,6 +59,6 @@ public SundrioConfig(String masterUrl, String apiVersion, String namespace, Bool httpProxy, httpsProxy, noProxy, userAgent, tlsVersions, websocketPingInterval, proxyUsername, proxyPassword, trustStoreFile, trustStorePassphrase, keyStoreFile, keyStorePassphrase, impersonateUsername, impersonateGroups, impersonateExtras, oauthTokenProvider, customHeaders, requestRetryBackoffLimit, requestRetryBackoffInterval, - uploadRequestTimeout, onlyHttpWatches, currentContext, contexts, autoConfigure, true); + uploadRequestTimeout, onlyHttpWatches, currentContext, contexts, autoConfigure, true, files); } } diff --git a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/internal/KubeConfigUtils.java b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/internal/KubeConfigUtils.java index 8f293d4f8e3..81f344df975 100644 --- a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/internal/KubeConfigUtils.java +++ b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/internal/KubeConfigUtils.java @@ -26,6 +26,7 @@ import io.fabric8.kubernetes.api.model.NamedExtension; import io.fabric8.kubernetes.api.model.PreferencesBuilder; import io.fabric8.kubernetes.client.utils.Serialization; +import io.fabric8.kubernetes.client.utils.Utils; import java.io.File; import java.io.FileInputStream; @@ -183,17 +184,16 @@ public static Config merge(Config thisConfig, Config thatConfig) { builder.addAllToExtensions(thisConfig.getExtensions()); } if (!builder.hasCurrentContext() - && thisConfig.getCurrentContext() != null - && !thisConfig.getCurrentContext().isEmpty()) { + && Utils.isNotNullOrEmpty(thisConfig.getCurrentContext())) { builder.withCurrentContext(thisConfig.getCurrentContext()); } Config merged = builder.build(); mergePreferences(thisConfig, merged); return merged; - } - public static void mergePreferences(io.fabric8.kubernetes.api.model.Config source, io.fabric8.kubernetes.api.model.Config destination) { + public static void mergePreferences(io.fabric8.kubernetes.api.model.Config source, + io.fabric8.kubernetes.api.model.Config destination) { if (source.getPreferences() != null) { PreferencesBuilder builder = new PreferencesBuilder(destination.getPreferences()); if (source.getPreferences() != null) { diff --git a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/utils/OpenIDConnectionUtils.java b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/utils/OpenIDConnectionUtils.java index 60915905c31..ed9530e5f0a 100644 --- a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/utils/OpenIDConnectionUtils.java +++ b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/utils/OpenIDConnectionUtils.java @@ -198,10 +198,11 @@ public static OAuthToken persistOAuthToken(Config currentConfig, OAuthToken oAut } private static void persistOAuthTokenToFile(Config currentConfig, String token, Map authProviderConfig) { - if (currentConfig.getFile() != null && currentConfig.getCurrentContext() != null) { + if (currentConfig.getCurrentContext() != null + && currentConfig.getCurrentContext().getContext() != null) { try { final String userName = currentConfig.getCurrentContext().getContext().getUser(); - Config.KubeConfigFile kubeConfigFile = currentConfig.getFile(userName); + Config.KubeConfigFile kubeConfigFile = currentConfig.getFileWithAuthInfo(userName); if (kubeConfigFile == null) { LOGGER.warn("oidc: failure while persisting new tokens into KUBECONFIG: file for user {} not found", userName); return; @@ -242,6 +243,9 @@ private static NamedAuthInfo getOrCreateNamedAuthInfo(String userName, io.fabric } private static void persistOAuthTokenToFile(AuthProviderConfig config, Map authProviderConfig) { + if (config == null) { + return; + } Optional.of(config) .map(AuthProviderConfig::getConfig) .ifPresent(c -> c.putAll(authProviderConfig)); diff --git a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/utils/Utils.java b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/utils/Utils.java index 8c491c1158e..8db382b5c66 100644 --- a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/utils/Utils.java +++ b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/utils/Utils.java @@ -36,6 +36,7 @@ import java.util.AbstractMap; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collection; import java.util.Collections; import java.util.List; import java.util.Locale; @@ -291,8 +292,20 @@ public static boolean isNullOrEmpty(String str) { return str == null || str.isEmpty(); } - public static boolean isNotNullOrEmpty(Map map) { - return !(map == null || map.isEmpty()); + public static boolean isNotNullOrEmpty(Map map) { + return !isNullOrEmpty(map); + } + + public static boolean isNullOrEmpty(Map map) { + return map == null || map.isEmpty(); + } + + public static boolean isNotNullOrEmpty(Collection collection) { + return !isNullOrEmpty(collection); + } + + public static boolean isNullOrEmpty(Collection collection) { + return collection == null || collection.isEmpty(); } public static boolean isNotNullOrEmpty(String str) { @@ -300,7 +313,11 @@ public static boolean isNotNullOrEmpty(String str) { } public static boolean isNotNullOrEmpty(String[] array) { - return !(array == null || array.length == 0); + return !isNullOrEmpty(array); + } + + public static boolean isNullOrEmpty(String[] array) { + return array == null || array.length == 0; } public static boolean isNotNull(T... refList) { diff --git a/kubernetes-client-api/src/test/java/io/fabric8/kubernetes/client/ConfigConstructorTest.java b/kubernetes-client-api/src/test/java/io/fabric8/kubernetes/client/ConfigConstructorTest.java index 9caaafed939..29bef94ff5f 100644 --- a/kubernetes-client-api/src/test/java/io/fabric8/kubernetes/client/ConfigConstructorTest.java +++ b/kubernetes-client-api/src/test/java/io/fabric8/kubernetes/client/ConfigConstructorTest.java @@ -25,6 +25,7 @@ import org.junit.jupiter.api.Test; import java.io.File; +import java.util.Collections; import static org.assertj.core.api.AssertionsForClassTypes.assertThat; import static org.assertj.core.api.AssertionsForClassTypes.assertThatExceptionOfType; @@ -47,7 +48,7 @@ void emptyConfiguration() { null, null, null, null, null, null, null, null, null, null, - null, null, false); + null, null, false, null); // Then assertThat(config) @@ -190,7 +191,7 @@ void whenAutoConfigureEnabled_thenUseBothDefaultAndAutoConfiguredValues() { null, null, null, null, null, null, null, null, null, null, - null, true, true); + null, true, true, null); // Then assertThat(config) @@ -237,7 +238,8 @@ void whenAutoConfigureEnabled_thenUseBothDefaultAndAutoConfiguredValues() { .hasFieldOrPropertyWithValue("proxyPassword", "autoconfigured-proxyPassword") .hasFieldOrPropertyWithValue("noProxy", new String[] { "autoconfigured-no-proxy-url1.io", "autoconfigured-no-proxy-url2.io" }) - .hasFieldOrPropertyWithValue("autoOAuthToken", "autoconfigured-token"); + .hasFieldOrPropertyWithValue("autoOAuthToken", "autoconfigured-token") + .hasFieldOrPropertyWithValue("files", Collections.singletonList(Config.DEFAULT_KUBECONFIG_FILE)); } @Test @@ -256,7 +258,7 @@ void whenAutoConfigureDisabled_thenOnlyUseDefaultValues() { null, null, null, null, null, null, null, null, null, null, - null, false, true); + null, false, true, null); assertThat(config) .isNotNull() @@ -299,7 +301,8 @@ void whenAutoConfigureDisabled_thenOnlyUseDefaultValues() { .hasFieldOrPropertyWithValue("proxyUsername", null) .hasFieldOrPropertyWithValue("proxyPassword", null) .hasFieldOrPropertyWithValue("noProxy", null) - .hasFieldOrPropertyWithValue("autoOAuthToken", null); + .hasFieldOrPropertyWithValue("autoOAuthToken", null) + .hasFieldOrPropertyWithValue("files", Collections.emptyList()); } } @@ -364,7 +367,7 @@ void configLoadedViaSystemProperties() { null, null, null, null, null, null, null, null, null, null, - null, true, true); + null, true, true, null); // Then assertThat(config) @@ -411,7 +414,8 @@ void configLoadedViaSystemProperties() { .hasFieldOrPropertyWithValue("proxyPassword", "autoconfigured-proxyPassword") .hasFieldOrPropertyWithValue("noProxy", new String[] { "autoconfigured-no-proxy-url1.io", "autoconfigured-no-proxy-url2.io" }) - .hasFieldOrPropertyWithValue("autoOAuthToken", "autoconfigured-token"); + .hasFieldOrPropertyWithValue("autoOAuthToken", "autoconfigured-token") + .hasFieldOrPropertyWithValue("files", Collections.singletonList(new File("/Users/adietish/.kube/config"))); } finally { System.clearProperty("kubernetes.master"); System.clearProperty("kubernetes.namespace"); @@ -472,7 +476,7 @@ void configLoadedViaKubeConfig() { null, null, null, null, null, null, null, null, null, null, - null, true, true); + null, true, true, null); // Then assertThat(config) @@ -513,7 +517,7 @@ void configLoadedViaServiceAccount() { null, null, null, null, null, null, null, null, null, null, - null, true, true); + null, true, true, null); // Then assertThat(config) @@ -563,7 +567,7 @@ void throwsException() { null, null, null, null, null, null, null, null, null, null, - null, true, false)); + null, true, false, null)); } finally { System.clearProperty("kubeconfig"); } diff --git a/kubernetes-client-api/src/test/java/io/fabric8/kubernetes/client/ConfigTest.java b/kubernetes-client-api/src/test/java/io/fabric8/kubernetes/client/ConfigTest.java index 50733cbb2b8..23e31470043 100644 --- a/kubernetes-client-api/src/test/java/io/fabric8/kubernetes/client/ConfigTest.java +++ b/kubernetes-client-api/src/test/java/io/fabric8/kubernetes/client/ConfigTest.java @@ -17,8 +17,12 @@ import io.fabric8.kubernetes.api.model.ExecConfig; import io.fabric8.kubernetes.api.model.ExecConfigBuilder; +import io.fabric8.kubernetes.api.model.NamedAuthInfo; +import io.fabric8.kubernetes.api.model.NamedCluster; import io.fabric8.kubernetes.api.model.NamedContext; +import io.fabric8.kubernetes.client.Config.KubeConfigFile; import io.fabric8.kubernetes.client.http.TlsVersion; +import io.fabric8.kubernetes.client.internal.KubeConfigUtils; import io.fabric8.kubernetes.client.lib.FileSystem; import io.fabric8.kubernetes.client.utils.Utils; import org.assertj.core.api.InstanceOfAssertFactories; @@ -79,7 +83,7 @@ class ConfigTest { .filePath(ConfigTest.class.getResource("/test-kubeconfig-exec-args-with-spaces")); private static final String TEST_KUBECONFIG_NO_CURRENT_CONTEXT_FILE = Utils - .filePath(ConfigTest.class.getResource("/test-kubeconfig-nocurrentctxt.yml")); + .filePath(ConfigTest.class.getResource("/test-kubeconfig-nocurrentctxt")); private static final String TEST_KUBECONFIG_EXEC_FILE_CERT_AUTH = Utils .filePath(ConfigTest.class.getResource("/test-kubeconfig-exec-cert-auth")); @@ -426,7 +430,7 @@ void autoConfigure_whenKubernetesServiceEnvironmentVariablesPresent_thenComputeM // Then assertThat(config) .hasFieldOrPropertyWithValue("masterUrl", "https://10.0.0.1:443/") - .hasFieldOrPropertyWithValue("file", null); + .hasFieldOrPropertyWithValue("files", new String[] { "/dev/null" }); } finally { System.clearProperty("KUBERNETES_SERVICE_HOST"); System.clearProperty("KUBERNETES_SERVICE_PORT"); @@ -438,7 +442,7 @@ void autoConfigure_whenKubernetesServiceEnvironmentVariablesPresent_thenComputeM void refresh_whenInvoked_shouldCreateNewInstance() { Config config = Config.autoConfigure(null); assertThat(config) - .hasFieldOrPropertyWithValue("file", null) + .hasFieldOrPropertyWithValue("files", new String[] { "/dev/null" }) .hasFieldOrPropertyWithValue("autoConfigure", true); // ensure that refresh creates a new instance @@ -461,7 +465,7 @@ void autoConfigure_whenKubernetesServiceEnvironmentVariablesPresentWithIPv6_then // Then assertThat(config) .hasFieldOrPropertyWithValue("masterUrl", "https://[2001:db8:1f70::999:de8:7648:6e8]:443/") - .hasFieldOrPropertyWithValue("file", null); + .hasFieldOrPropertyWithValue("files", new String[] { "/dev/null" }); } finally { System.clearProperty("KUBERNETES_SERVICE_HOST"); System.clearProperty("KUBERNETES_SERVICE_PORT"); @@ -1215,7 +1219,7 @@ void refresh_whenOAuthTokenSourceSetToUser_thenConfigUnchanged() { } @Test - void build_givenEmptyKubeConfig_whenConfigCreated_thenShouldNotProduceNPE() throws URISyntaxException { + void build_given_emptyKubeConfig_then_shouldNotProduceNPE() throws URISyntaxException { try { // Given System.setProperty("kubeconfig", @@ -1232,16 +1236,13 @@ void build_givenEmptyKubeConfig_whenConfigCreated_thenShouldNotProduceNPE() thro } @Test - void build_givenSeveralKubeConfigs_whenAutoconfigured_and_currentContextInFirstFile_then_shouldUseCurrentContextInFirstFile() - throws URISyntaxException { + void builder_given_severalKubeConfigsAndCurrentContextInFirstFile_then_shouldUseCurrentContextInFirstFile() + throws URISyntaxException { try { // Given System.setProperty(Config.KUBERNETES_KUBECONFIG_FILES, - // only has current-context - getResourceAbsolutePath("/test-kubeconfig-onlycurrentcontext") + File.pathSeparator + - // has all contexts, clusters, users - getResourceAbsolutePath("/test-kubeconfig") - ); + getResourceAbsolutePath("/test-kubeconfig-onlycurrentctx") + File.pathSeparator + + getResourceAbsolutePath("/test-kubeconfig")); // When Config config = new ConfigBuilder().build(); @@ -1256,15 +1257,13 @@ void build_givenSeveralKubeConfigs_whenAutoconfigured_and_currentContextInFirstF } @Test - void build_givenSeveralKubeConfigs_whenAutoconfigured_and_currentContextInSecondFile_then_shouldUseCurrentContextInSecondFile() - throws URISyntaxException { + void builder_given_severalKubeConfigsAndCurrentContextInSecondFile_then_shouldUseCurrentContextInSecondFile() + throws URISyntaxException { try { // Given System.setProperty(Config.KUBERNETES_KUBECONFIG_FILES, - // only has current-context - getResourceAbsolutePath("/test-kubeconfig-empty") + File.pathSeparator + - // has all contexts, clusters, users - getResourceAbsolutePath("/test-kubeconfig")); + getResourceAbsolutePath("/test-kubeconfig-empty") + File.pathSeparator + + getResourceAbsolutePath("/test-kubeconfig")); // When Config config = new ConfigBuilder().build(); @@ -1279,69 +1278,145 @@ void build_givenSeveralKubeConfigs_whenAutoconfigured_and_currentContextInSecond } @Test - void getKubeconfigFilenames_given_filenames_defined_in_KUBECONFIG_then_returns_all_filenames() throws URISyntaxException { + void builder_given_severalKubeConfigsWithSameCluster_then_shouldUseFirstCluster() + throws URISyntaxException, IOException { try { // Given - // only has current-context - String file1 = getResourceAbsolutePath("/test-kubeconfig-empty"); - // has all contexts, clusters, users - String file2 = getResourceAbsolutePath("/test-kubeconfig"); - System.setProperty(Config.KUBERNETES_KUBECONFIG_FILES, file1 + File.pathSeparator + file2); + String clusterName = "172-28-128-4:8443"; + + String withSecureCluster = getResourceAbsolutePath("/test-ec-kubeconfig-mangled"); + NamedCluster secureCluster = getCluster(withSecureCluster, clusterName); + assertThat(secureCluster).isNotNull(); + assertThat(secureCluster.getCluster().getServer()).isEqualTo("https://bogus.com"); + + String withInsecureCluster = getResourceAbsolutePath("/test-ec-kubeconfig"); + NamedCluster insecureCluster = getCluster(withInsecureCluster, clusterName); + assertThat(insecureCluster).isNotNull(); + assertThat(insecureCluster.getCluster().getServer()).isEqualTo("https://172.28.128.4:8443"); + + System.setProperty(Config.KUBERNETES_KUBECONFIG_FILES, + withSecureCluster + File.pathSeparator + + withInsecureCluster); // When - String[] filenames = Config.getKubeconfigFilenames(); + Config config = new ConfigBuilder().build(); // Then - assertThat(filenames) - .isNotNull() - .hasSize(2) - .containsExactly(file1, file2); + // cluster in 1st file is not overriden by identically named cluster in 2nd file + assertThat(config.getMasterUrl()).startsWith("https://bogus.com"); } finally { System.clearProperty(Config.KUBERNETES_KUBECONFIG_FILES); } } + private static NamedCluster getCluster(String filePath, String clusterName) throws IOException { + io.fabric8.kubernetes.api.model.Config config = KubeConfigUtils.parseConfig(new File(filePath)); + return config.getClusters().stream() + .filter(cluster -> clusterName.equals(cluster.getName())) + .findFirst() + .orElse(null); + } + @Test - void getKubeconfigFilenames_given_directory_defined_in_KUBECONFIG_then_does_not_return_it() throws URISyntaxException { + void builder_given_severalKubeConfigsWithSameUser_then_shouldUseFirstUser() + throws URISyntaxException, IOException { try { // Given - // only has current-context - String file1 = new File("/dev/null").getAbsolutePath(); - // has all contexts, clusters, users - String file2 = getResourceAbsolutePath("/test-kubeconfig"); - System.setProperty(Config.KUBERNETES_KUBECONFIG_FILES, file1 + File.pathSeparator + file2); + String userName = "user/172-28-128-4:8443"; + + String withUserWithToken = getResourceAbsolutePath("/test-ec-kubeconfig-mangled"); + NamedAuthInfo userWithToken = getUser(withUserWithToken, userName); + assertThat(userWithToken).isNotNull(); + assertThat(userWithToken.getUser().getToken()).isEqualTo("token"); + + String withUserWithoutToken = getResourceAbsolutePath("/test-ec-kubeconfig"); + NamedAuthInfo userWithoutToken = getUser(withUserWithoutToken, userName); + assertThat(userWithoutToken).isNotNull(); + assertThat(userWithoutToken.getUser().getToken()).isNull(); + + System.setProperty(Config.KUBERNETES_KUBECONFIG_FILES, + withUserWithToken + File.pathSeparator + + withUserWithoutToken); // When - String[] filenames = Config.getKubeconfigFilenames(); + Config config = new ConfigBuilder().build(); // Then - assertThat(filenames) - .isNotNull() - .hasSize(1) - .containsExactly(file2); + // user in 1st file is not overriden by identically named user in 2nd file + assertThat(config.getAutoOAuthToken()).isEqualTo("token"); } finally { System.clearProperty(Config.KUBERNETES_KUBECONFIG_FILES); } } + private static NamedAuthInfo getUser(String filePath, String userName) throws IOException { + io.fabric8.kubernetes.api.model.Config config = KubeConfigUtils.parseConfig(new File(filePath)); + return config.getUsers().stream() + .filter(user -> userName.equals(user.getName())) + .findFirst() + .orElse(null); + } + @Test - void getKubeconfigFilenames_given_KUBECONF_not_set_then_returns_default() { + void getKubeconfigFilenames_given_severalFilenamesDefinedInKUBECONFIG_then_returnsAllFilenames() throws URISyntaxException { + try { // Given - // only has current-context - System.clearProperty(Config.KUBERNETES_KUBECONFIG_FILES); + String file1 = getResourceAbsolutePath("/test-kubeconfig-empty"); + // has all contexts, clusters, users + String file2 = getResourceAbsolutePath("/test-kubeconfig"); + System.setProperty(Config.KUBERNETES_KUBECONFIG_FILES, file1 + File.pathSeparator + file2); // When String[] filenames = Config.getKubeconfigFilenames(); // Then assertThat(filenames) - .isNotNull() - .hasSize(1) - .containsExactly(Config.DEFAULT_KUBECONFIG_FILE.getAbsolutePath()); + .isNotNull() + .hasSize(2) + .containsExactly(file1, file2); + } finally { + System.clearProperty(Config.KUBERNETES_KUBECONFIG_FILES); + } } private String getResourceAbsolutePath(String filename) throws URISyntaxException { return new File(Objects.requireNonNull(getClass().getResource(filename)).toURI()).getAbsolutePath(); } + @Test + void getKubeconfigFilenames_given_KUBECONFNotSet_then_returnsDefault() { + // Given + System.clearProperty(Config.KUBERNETES_KUBECONFIG_FILES); + + // When + String[] filenames = Config.getKubeconfigFilenames(); + + // Then + assertThat(filenames) + .isNotNull() + .containsExactly(Config.DEFAULT_KUBECONFIG_FILE.getAbsolutePath()); + } + + @Test + void getFilenames_given_KUBECONFNotSet_then_returnsDefault() throws URISyntaxException { + try { + // Given + String fileWithToken = getResourceAbsolutePath("/test-kubeconfig-oidc"); + System.setProperty(Config.KUBERNETES_KUBECONFIG_FILES, + fileWithToken + File.pathSeparator + + Config.DEFAULT_KUBECONFIG_FILE.getAbsolutePath()); + Config config = new ConfigBuilder().build(); + + // When + KubeConfigFile found = config.getFileWithAuthInfo("mmosley"); + + // Then + assertThat(found) + .isNotNull() + .returns(fileWithToken, kubeConfigFile -> kubeConfigFile.getFile().getAbsolutePath()); + } finally { + System.clearProperty(Config.KUBERNETES_KUBECONFIG_FILES); + } + } + } diff --git a/kubernetes-client-api/src/test/java/io/fabric8/kubernetes/client/utils/OpenIDConnectionUtilsBehaviorTest.java b/kubernetes-client-api/src/test/java/io/fabric8/kubernetes/client/utils/OpenIDConnectionUtilsBehaviorTest.java index 1870b8dd910..5ab97fe52d1 100644 --- a/kubernetes-client-api/src/test/java/io/fabric8/kubernetes/client/utils/OpenIDConnectionUtilsBehaviorTest.java +++ b/kubernetes-client-api/src/test/java/io/fabric8/kubernetes/client/utils/OpenIDConnectionUtilsBehaviorTest.java @@ -19,6 +19,7 @@ import io.fabric8.kubernetes.api.model.NamedAuthInfo; import io.fabric8.kubernetes.api.model.NamedAuthInfoBuilder; import io.fabric8.kubernetes.api.model.NamedClusterBuilder; +import io.fabric8.kubernetes.api.model.NamedContext; import io.fabric8.kubernetes.api.model.NamedContextBuilder; import io.fabric8.kubernetes.client.Config; import io.fabric8.kubernetes.client.ConfigBuilder; @@ -112,7 +113,7 @@ void setUp() throws Exception { .build(); Files.write(kubeConfigFile, Serialization.asYaml(kubeConfig).getBytes(StandardCharsets.UTF_8)); originalConfig = new ConfigBuilder(Config.empty()) - .withFile(tempDir.resolve("kube-config").toFile()) + .withFiles(tempDir.resolve("kube-config").toFile()) .build() .refresh(); // Auth provider configuration (minimal) @@ -493,11 +494,12 @@ void skipsInFileWhenOriginalConfigHasNoCurrentContext() { void logsWarningIfReferencedFileIsMissing() { originalConfig.setFile(kubeConfig); originalConfig = new ConfigBuilder(originalConfig) - .withCurrentContext(new NamedContextBuilder().withName("context").build()).build(); + .withCurrentContext(createNamedContext("context", "default-user")) + .build(); persistOAuthToken(originalConfig, oAuthTokenResponse, "fake.token"); assertThat(systemErr.toString()) .contains("oidc: failure while persisting new tokens into KUBECONFIG") - .contains("FileNotFoundException"); + .contains("file for user default-user not found"); } @Nested @@ -505,18 +507,19 @@ void logsWarningIfReferencedFileIsMissing() { class WithValidKubeConfig { @BeforeEach void setUp() throws IOException { - Files.write(kubeConfig.toPath(), ("---" + + Files.write(kubeConfig.toPath(), ("---\n" + "users:\n" + - "- name: user\n").getBytes(StandardCharsets.UTF_8)); + "- name: user\n" + + "contexts:\n" + + "- context:\n" + + " name: context\n").getBytes(StandardCharsets.UTF_8)); } @Test void persistsTokenInFile() throws IOException { originalConfig.setFile(kubeConfig); originalConfig = new ConfigBuilder(originalConfig) - .withCurrentContext(new NamedContextBuilder() - .withName("context") - .withNewContext().withUser("user").endContext().build()) + .withCurrentContext(createNamedContext("context", "user")) .build(); persistOAuthToken(originalConfig, oAuthTokenResponse, "fake.token"); assertThat(KubeConfigUtils.parseConfig(kubeConfig)) @@ -555,4 +558,13 @@ void persistsOAuthTokenInFile() throws IOException { } } + + private static NamedContext createNamedContext(String name, String user) { + return new NamedContextBuilder() + .withName(name) + .withNewContext() + .withUser(user) + .endContext() + .build(); + } } diff --git a/kubernetes-client-api/src/test/java/io/fabric8/kubernetes/client/utils/OpenIDConnectionUtilsTest.java b/kubernetes-client-api/src/test/java/io/fabric8/kubernetes/client/utils/OpenIDConnectionUtilsTest.java index e5a7886a061..ce61dedfe40 100644 --- a/kubernetes-client-api/src/test/java/io/fabric8/kubernetes/client/utils/OpenIDConnectionUtilsTest.java +++ b/kubernetes-client-api/src/test/java/io/fabric8/kubernetes/client/utils/OpenIDConnectionUtilsTest.java @@ -40,6 +40,7 @@ import java.util.Base64; import java.util.HashMap; import java.util.Map; +import java.util.Objects; import static io.fabric8.kubernetes.client.http.TestStandardHttpClientFactory.Mode.SINGLETON; import static io.fabric8.kubernetes.client.utils.OpenIDConnectionUtils.CLIENT_ID_KUBECONFIG; @@ -77,9 +78,13 @@ void persistOAuthTokenWithUpdatedToken(@TempDir Path tempDir) throws IOException oAuthTokenResponse.setIdToken("id-token-updated"); oAuthTokenResponse.setRefreshToken("refresh-token-updated"); Path kubeConfig = Files.createTempFile(tempDir, "test", "kubeconfig"); - Files.copy(OpenIDConnectionUtilsTest.class.getResourceAsStream("/test-kubeconfig-oidc"), kubeConfig, + Files.copy( + Objects.requireNonNull(OpenIDConnectionUtilsTest.class.getResourceAsStream("/test-kubeconfig-oidc")), + kubeConfig, StandardCopyOption.REPLACE_EXISTING); - Config originalConfig = Config.fromKubeconfig(null, new String(Files.readAllBytes(kubeConfig), StandardCharsets.UTF_8), + Config originalConfig = Config.fromKubeconfig( + null, + new String(Files.readAllBytes(kubeConfig), StandardCharsets.UTF_8), kubeConfig.toFile().getAbsolutePath()); // When diff --git a/kubernetes-client-api/src/test/resources/test-ec-kubeconfig-mangled b/kubernetes-client-api/src/test/resources/test-ec-kubeconfig-mangled new file mode 100644 index 00000000000..d0b63ee8bd2 --- /dev/null +++ b/kubernetes-client-api/src/test/resources/test-ec-kubeconfig-mangled @@ -0,0 +1,19 @@ +apiVersion: v1 +clusters: +- cluster: + certificate-authority: testns/ca.pem + server: https://bogus.com + name: 172-28-128-4:8443 +contexts: +- context: + cluster: 172-28-128-4:8443 + namespace: default + user: user/172-28-128-4:8443 + name: default/172-28-128-4:8443/user +current-context: default/172-28-128-4:8443/user +kind: Config +preferences: {} +users: +- name: user/172-28-128-4:8443 + user: + token: token diff --git a/kubernetes-client-api/src/test/resources/test-kubeconfig-nocurrentctxt.yml b/kubernetes-client-api/src/test/resources/test-kubeconfig-nocurrentctxt similarity index 100% rename from kubernetes-client-api/src/test/resources/test-kubeconfig-nocurrentctxt.yml rename to kubernetes-client-api/src/test/resources/test-kubeconfig-nocurrentctxt diff --git a/kubernetes-client-api/src/test/resources/test-kubeconfig-onlycurrentcontext b/kubernetes-client-api/src/test/resources/test-kubeconfig-onlycurrentctx similarity index 100% rename from kubernetes-client-api/src/test/resources/test-kubeconfig-onlycurrentcontext rename to kubernetes-client-api/src/test/resources/test-kubeconfig-onlycurrentctx