Merge pull request negz#25 from negz/currentcontext

Support a default context in the kubecfg template

README.md

@@ -45,6 +45,7 @@ echo $OIDC_CLIENT_SECRET >/tmp/cfg/secret
 cat <<EOF >/tmp/cfg/template
 apiVersion: v1
 kind: Config
+current-context: kuberos  # Optional - must be the name of one of the template's clusters.
 clusters:
 - name: kuberos
   cluster:
@@ -80,12 +81,14 @@ Args:
                           user and contexts.
 ```
 
-The partial `kubeconfig` template should contain only cluster entries. For
-example:
+The partial `kubeconfig` template should contain only cluster entries and
+optionally a current (i.e. default) context, which must be the name of one of
+the clusters. For example:
 
 ```yaml
 apiVersion: v1
 kind: Config
+current-context: staging
 clusters:
 - name: production
   cluster:
@@ -105,6 +108,10 @@ the clusters, thus a user could interact with the production cluster by running:
 kubectl --context production cluster-info
 ```
 
+If the `current-context` is set to the name of one of the clusters then the
+`--context` argument may be omitted, and the cluster named by `current-context`
+will be used.
+
 ## Alternatives
 OIDC helpers that run locally to setup `kubectl`:
 * https://github.com/micahhausler/k8s-oidc-helper

kuberos.go

@@ -338,6 +338,7 @@ func populateUser(cfg *api.Config, p *extractor.OIDCAuthenticationParams) api.Co
 	c.AuthInfos = make(map[string]*api.AuthInfo)
 	c.Clusters = make(map[string]*api.Cluster)
 	c.Contexts = make(map[string]*api.Context)
+	c.CurrentContext = cfg.CurrentContext
 	c.AuthInfos[p.Username] = &api.AuthInfo{
 		AuthProvider: &api.AuthProviderConfig{
 			Name: templateAuthProvider,

kuberos_test.go

@@ -127,6 +127,49 @@ func TestPopulateUser(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "MultiClusterWithContext",
+			cfg: &api.Config{
+				Clusters: map[string]*api.Cluster{
+					"a": &api.Cluster{Server: "https://example.org", CertificateAuthorityData: []byte("PAM")},
+					"b": &api.Cluster{Server: "https://example.net", CertificateAuthorityData: []byte("PAM")},
+				},
+				CurrentContext: "a",
+			},
+			params: &extractor.OIDCAuthenticationParams{
+				Username:     "[email protected]",
+				ClientID:     "id",
+				ClientSecret: "secret",
+				IDToken:      "token",
+				RefreshToken: "refresh",
+				IssuerURL:    "https://example.org",
+			},
+			want: api.Config{
+				Clusters: map[string]*api.Cluster{
+					"a": &api.Cluster{Server: "https://example.org", CertificateAuthorityData: []byte("PAM")},
+					"b": &api.Cluster{Server: "https://example.net", CertificateAuthorityData: []byte("PAM")},
+				},
+				Contexts: map[string]*api.Context{
+					"a": &api.Context{AuthInfo: "[email protected]", Cluster: "a"},
+					"b": &api.Context{AuthInfo: "[email protected]", Cluster: "b"},
+				},
+				AuthInfos: map[string]*api.AuthInfo{
+					"[email protected]": &api.AuthInfo{
+						AuthProvider: &api.AuthProviderConfig{
+							Name: templateAuthProvider,
+							Config: map[string]string{
+								templateOIDCClientID:     "id",
+								templateOIDCClientSecret: "secret",
+								templateOIDCIDToken:      "token",
+								templateOIDCRefreshToken: "refresh",
+								templateOIDCIssuer:       "https://example.org",
+							},
+						},
+					},
+				},
+				CurrentContext: "a",
+			},
+		},
 	}
 
 	for _, tt := range cases {