Fix #5608 Support authentication with certificate in exec-credentials

CHANGELOG.md

@@ -14,7 +14,7 @@
 #### Dependency Upgrade
 
 #### New Features
-* Fix #5608 support authentication with certificate
+* Fix #5608 Support authentication with certificate in exec-credentials
 
 #### _**Note**_: Breaking changes
 

README.md

@@ -467,7 +467,6 @@ All the resource objects used here will be according to OpenShift 3.9.0  and Kub
   Platforms:
   - [Apache Openwhisk](https://github.com/apache/incubator-openwhisk)
   - [Eclipse che](https://www.eclipse.org/che/)
-  - [EnMasse](https://enmasse.io)
   - [Openshift.io (Launcher service)](https://github.com/fabric8-launcher)
   - [Spotify Styx](https://github.com/spotify/styx)
   - [Strimzi](https://github.com/strimzi/)

crd-generator/test/pom.xml

@@ -30,7 +30,7 @@
   <name>Fabric8 :: CRD generator :: Tests</name>
 
   <properties>
-    <keycloak-version>22.0.5</keycloak-version>
+    <keycloak-version>23.0.0</keycloak-version>
   </properties>
 
   <dependencies>

kubernetes-client-api/src/test/java/io/fabric8/kubernetes/client/ConfigTest.java

@@ -84,6 +84,12 @@ class ConfigTest {
   private static final String TEST_KUBECONFIG_NO_CURRENT_CONTEXT_FILE = Utils
       .filePath(ConfigTest.class.getResource("/test-kubeconfig-nocurrentctxt.yml"));
 
+  private static final String TEST_KUBECONFIG_EXEC_FILE_CERT_AUTH = Utils
+      .filePath(ConfigTest.class.getResource("/test-kubeconfig-exec-cert-auth"));
+  private static final String TEST_KUBECONFIG_EXEC_WIN_FILE_CERT_AUTH = Utils
+      .filePath(ConfigTest.class.getResource("/test-kubeconfig-exec-win-cert-auth"));
+  private static final String TEST_CERT_GENERATOR_FILE = Utils.filePath(ConfigTest.class.getResource("/cert-generator"));
+
   @BeforeEach
   public void setUp() {
     System.getProperties().remove(Config.KUBERNETES_MASTER_SYSTEM_PROPERTY);
@@ -504,6 +510,25 @@ void should_accept_client_authentication_commands_with_null_args() throws Except
     }
   }
 
+  @Test
+  void testClientAuthenticationWithCert() throws Exception {
+    try {
+      if (FileSystem.getCurrent() == FileSystem.WINDOWS) {
+        System.setProperty(Config.KUBERNETES_KUBECONFIG_FILE, TEST_KUBECONFIG_EXEC_WIN_FILE_CERT_AUTH);
+      } else {
+        Files.setPosixFilePermissions(Paths.get(TEST_CERT_GENERATOR_FILE), PosixFilePermissions.fromString("rwxrwxr-x"));
+        System.setProperty(Config.KUBERNETES_KUBECONFIG_FILE, TEST_KUBECONFIG_EXEC_FILE_CERT_AUTH);
+      }
+
+      Config config = Config.autoConfigure(null);
+      assertNotNull(config);
+      assertEquals("CERT DATA", config.getClientCertData());
+      assertEquals("KEY DATA", config.getClientKeyData());
+    } finally {
+      System.clearProperty(Config.KUBERNETES_KUBECONFIG_FILE);
+    }
+  }
+
   @Test
   void should_accept_client_authentication_commands_args_with_spaces() throws Exception {
     try {

kubernetes-client-api/src/test/resources/cert-generator

@@ -0,0 +1,14 @@
+#!/bin/sh
+certData=`echo $PART1 $1 | tr '[a-z]' '[A-Z]'`
+keyData=`echo $PART2 $1 | tr '[a-z]' '[A-Z]'`
+cat <<EOF
+{
+  "kind": "ExecCredential",
+  "apiVersion": "client.authentication.k8s.io/v1",
+  "spec": {},
+  "status": {
+    "clientCertificateData": "$certData",
+    "clientKeyData": "$keyData"
+  }
+}
+EOF

kubernetes-client-api/src/test/resources/cert-generator-win.bat

@@ -0,0 +1,41 @@
+@REM
+@REM Copyright (C) 2015 Red Hat, Inc.
+@REM
+@REM Licensed under the Apache License, Version 2.0 (the "License");
+@REM you may not use this file except in compliance with the License.
+@REM You may obtain a copy of the License at
+@REM
+@REM         http://www.apache.org/licenses/LICENSE-2.0
+@REM
+@REM Unless required by applicable law or agreed to in writing, software
+@REM distributed under the License is distributed on an "AS IS" BASIS,
+@REM WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+@REM See the License for the specific language governing permissions and
+@REM limitations under the License.
+@REM
+
+@echo off
+IF [%1]==[] (
+    SET certData=%PART1%
+    SET keyData=%PART2%
+) ELSE (
+    SET certData=%PART1% %~1
+    SET keyData=%PART2% %~1
+)
+
+CALL :upper certData
+CALL :upper keyData
+
+echo {
+echo   "kind": "ExecCredential",
+echo   "apiVersion": "client.authentication.k8s.io/v1",
+echo   "spec": {},
+echo   "status": {
+echo     "clientCertificateData": "%certData%",
+echo     "clientKeyData": "%keyData%"
+echo   }
+echo }
+GOTO :EOF
+
+:upper
+FOR %%a IN (A B C D E F G H I J K L M N O P Q R S T U V W X Y Z) DO CALL SET "%1=%%%1:%%a=%%a%%%"

kubernetes-client-api/src/test/resources/test-kubeconfig-exec-cert-auth

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Config
+clusters:
+- cluster:
+    server: https://wherever
+  name: test
+contexts:
+- context:
+    cluster: test
+    user: test
+  name: test
+current-context: test
+users:
+- name: test
+  user:
+    exec:
+      apiVersion: client.authentication.k8s.io/v1
+      args:
+      - data
+      command: ./cert-generator
+      env:
+      - name: PART1
+        value: cert
+      - name: PART2
+        value: key

kubernetes-client-api/src/test/resources/test-kubeconfig-exec-win-cert-auth

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Config
+clusters:
+- cluster:
+    server: https://wherever
+  name: test
+contexts:
+- context:
+    cluster: test
+    user: test
+  name: test
+current-context: test
+users:
+- name: test
+  user:
+    exec:
+      apiVersion: client.authentication.k8s.io/v1
+      args:
+      - data
+      command: ".\\cert-generator-win.bat"
+      env:
+      - name: PART1
+        value: cert
+      - name: PART2
+        value: key