Split out get, describe, and delete keypairs commands

cmd/kops/BUILD.bazel

@@ -19,9 +19,10 @@ go_library(
         "delete_cluster.go",
         "delete_instance.go",
         "delete_instancegroup.go",
+        "delete_keypair.go",
         "delete_secret.go",
         "describe.go",
-        "describe_secrets.go",
+        "describe_keypairs.go",
         "edit.go",
         "edit_cluster.go",
         "edit_instancegroup.go",
@@ -34,6 +35,7 @@ go_library(
         "get_cluster.go",
         "get_instancegroups.go",
         "get_instances.go",
+        "get_keypairs.go",
         "get_secrets.go",
         "import.go",
         "import_cluster.go",

cmd/kops/delete.go

@@ -42,7 +42,7 @@ type DeleteOptions struct {
 
 var (
 	deleteLong = templates.LongDesc(i18n.T(`
-	Delete Kubernetes clusters, instancegroups, instances, and secrets, or a combination of the before mentioned.
+	Delete Kubernetes clusters, instancegroups, instances, keypairs, and secrets, or a combination of the before mentioned.
 	`))
 
 	deleteExample = templates.Examples(i18n.T(`
@@ -63,7 +63,7 @@ var (
 		kops delete ig --name=k8s-cluster.example.com node-example --yes
 	`))
 
-	deleteShort = i18n.T("Delete clusters,instancegroups, instances, or secrets.")
+	deleteShort = i18n.T("Delete clusters, instancegroups, instances, keypairs, or secrets.")
 )
 
 func NewCmdDelete(f *util.Factory, out io.Writer) *cobra.Command {
@@ -92,6 +92,7 @@ func NewCmdDelete(f *util.Factory, out io.Writer) *cobra.Command {
 	// create subcommands
 	cmd.AddCommand(NewCmdDeleteCluster(f, out))
 	cmd.AddCommand(NewCmdDeleteInstanceGroup(f, out))
+	cmd.AddCommand(NewCmdDeleteKeypair(f, out))
 	cmd.AddCommand(NewCmdDeleteSecret(f, out))
 	cmd.AddCommand(NewCmdDeleteInstance(f, out))
 

cmd/kops/delete_keypair.go

@@ -0,0 +1,140 @@
+/*
+Copyright 2019 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"io"
+
+	"github.com/spf13/cobra"
+	"k8s.io/kops/cmd/kops/util"
+	"k8s.io/kops/pkg/apis/kops"
+	"k8s.io/kops/upup/pkg/fi"
+	"k8s.io/kubectl/pkg/util/i18n"
+	"k8s.io/kubectl/pkg/util/templates"
+)
+
+var (
+	deleteKeypairLong = templates.LongDesc(i18n.T(`
+		Delete a keypair.`))
+
+	deleteKeypairExample = templates.Examples(i18n.T(`
+	# Syntax: kops delete keypair KEYSET ID
+	kops delete keypair ca 5938372002934847
+
+	`))
+
+	deleteKeypairShort = i18n.T(`Delete a keypair.`)
+)
+
+type DeleteKeypairOptions struct {
+	ClusterName string
+	Keyset      string
+	KeypairID   string
+}
+
+func NewCmdDeleteKeypair(f *util.Factory, out io.Writer) *cobra.Command {
+	options := &DeleteKeypairOptions{}
+
+	cmd := &cobra.Command{
+		Use:     "keypair",
+		Short:   deleteKeypairShort,
+		Long:    deleteKeypairLong,
+		Example: deleteKeypairExample,
+		Run: func(cmd *cobra.Command, args []string) {
+			ctx := context.TODO()
+
+			if len(args) != 2 && len(args) != 3 {
+				exitWithError(fmt.Errorf("Syntax: <keyset> <id>"))
+			}
+
+			options.Keyset = args[0]
+			options.KeypairID = args[1]
+
+			options.ClusterName = rootCommand.ClusterName()
+
+			err := RunDeleteKeypair(ctx, f, out, options)
+			if err != nil {
+				exitWithError(err)
+			}
+		},
+	}
+
+	return cmd
+}
+
+func RunDeleteKeypair(ctx context.Context, f *util.Factory, out io.Writer, options *DeleteKeypairOptions) error {
+	if options.ClusterName == "" {
+		return fmt.Errorf("ClusterName is required")
+	}
+	if options.Keyset == "" {
+		return fmt.Errorf("Keyset is required")
+	}
+	if options.KeypairID == "" {
+		return fmt.Errorf("KeypairID is required")
+	}
+
+	clientset, err := f.Clientset()
+	if err != nil {
+		return err
+	}
+
+	cluster, err := GetCluster(ctx, f, options.ClusterName)
+	if err != nil {
+		return err
+	}
+
+	keyStore, err := clientset.KeyStore(cluster)
+	if err != nil {
+		return err
+	}
+
+	keypairs, err := listKeypairs(keyStore, []string{options.Keyset})
+	if err != nil {
+		return err
+	}
+
+	{
+		var matches []*fi.KeystoreItem
+		for _, s := range keypairs {
+			if s.ID == options.KeypairID {
+				matches = append(matches, s)
+			}
+		}
+		keypairs = matches
+	}
+
+	if len(keypairs) == 0 {
+		return fmt.Errorf("keypair not found")
+	}
+
+	if len(keypairs) != 1 {
+		// TODO: it would be friendly to print the matching keys
+		return fmt.Errorf("found multiple matching keypairs; specify the id of the key")
+	}
+
+	keyset := &kops.Keyset{}
+	keyset.Name = keypairs[0].Name
+	keyset.Spec.Type = keypairs[0].Type
+	err = keyStore.DeleteKeysetItem(keyset, keypairs[0].ID)
+	if err != nil {
+		return fmt.Errorf("error deleting keypair: %v", err)
+	}
+
+	return nil
+}

cmd/kops/delete_secret.go

@@ -104,11 +104,6 @@ func RunDeleteSecret(ctx context.Context, f *util.Factory, out io.Writer, option
 		return err
 	}
 
-	keyStore, err := clientset.KeyStore(cluster)
-	if err != nil {
-		return err
-	}
-
 	secretStore, err := clientset.SecretStore(cluster)
 	if err != nil {
 		return err
@@ -119,7 +114,7 @@ func RunDeleteSecret(ctx context.Context, f *util.Factory, out io.Writer, option
 		return err
 	}
 
-	secrets, err := listSecrets(keyStore, secretStore, sshCredentialStore, options.SecretType, []string{options.SecretName})
+	secrets, err := listSecrets(secretStore, sshCredentialStore, options.SecretType, []string{options.SecretName})
 	if err != nil {
 		return err
 	}
@@ -153,11 +148,6 @@ func RunDeleteSecret(ctx context.Context, f *util.Factory, out io.Writer, option
 			sshCredential.Spec.PublicKey = string(secrets[0].Data)
 		}
 		err = sshCredentialStore.DeleteSSHCredential(sshCredential)
-	default:
-		keyset := &kops.Keyset{}
-		keyset.Name = secrets[0].Name
-		keyset.Spec.Type = secrets[0].Type
-		err = keyStore.DeleteKeysetItem(keyset, secrets[0].ID)
 	}
 	if err != nil {
 		return fmt.Errorf("error deleting secret: %v", err)

cmd/kops/describe_keypairs.go

@@ -27,7 +27,6 @@ import (
 	"text/tabwriter"
 
 	"github.com/spf13/cobra"
-	"k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/pkg/pki"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kubectl/pkg/util/i18n"
@@ -35,33 +34,32 @@ import (
 )
 
 var (
-	describeSecretLong = templates.LongDesc(i18n.T(`
+	describeKeypairLong = templates.LongDesc(i18n.T(`
-	Get additional information about cluster secrets.
+	Get additional information about keypairs.
 	`))
 
-	describeSecretExample = templates.Examples(i18n.T(`
+	describeKeypairExample = templates.Examples(i18n.T(`
-	# Describe a secret
+	# Describe a keypair
-	kops describe secrets admin
+	kops describe keypairs ca
 	`))
-	describeSecretShort = i18n.T(`Describe a cluster secret`)
+	describeKeypairShort = i18n.T(`Describe a cluster keypair`)
 )
 
-type DescribeSecretsCommand struct {
+type DescribeKeypairsCommand struct {
-	Type string
 }
 
-var describeSecretsCommand DescribeSecretsCommand
+var describeKeypairsCommand DescribeKeypairsCommand
 
 func init() {
 	cmd := &cobra.Command{
-		Use:     "secrets",
+		Use:     "keypairs",
-		Aliases: []string{"secret"},
+		Aliases: []string{"keypair"},
-		Short:   describeSecretShort,
+		Short:   describeKeypairShort,
-		Long:    describeSecretLong,
+		Long:    describeKeypairLong,
-		Example: describeSecretExample,
+		Example: describeKeypairExample,
 		Run: func(cmd *cobra.Command, args []string) {
 			ctx := context.TODO()
-			err := describeSecretsCommand.Run(ctx, args)
+			err := describeKeypairsCommand.Run(ctx, args)
 			if err != nil {
 				exitWithError(err)
 			}
@@ -69,11 +67,9 @@ func init() {
 	}
 
 	describeCmd.cobraCommand.AddCommand(cmd)
-
-	cmd.Flags().StringVarP(&describeSecretsCommand.Type, "type", "", "", "Filter by secret type")
 }
 
-func (c *DescribeSecretsCommand) Run(ctx context.Context, args []string) error {
+func (c *DescribeKeypairsCommand) Run(ctx context.Context, args []string) error {
 	cluster, err := rootCommand.Cluster(ctx)
 	if err != nil {
 		return err
@@ -89,23 +85,13 @@ func (c *DescribeSecretsCommand) Run(ctx context.Context, args []string) error {
 		return err
 	}
 
-	secretStore, err := clientset.SecretStore(cluster)
+	items, err := listKeypairs(keyStore, args)
-	if err != nil {
-		return err
-	}
-
-	sshCredentialStore, err := clientset.SSHCredentialStore(cluster)
-	if err != nil {
-		return err
-	}
-
-	items, err := listSecrets(keyStore, secretStore, sshCredentialStore, c.Type, args)
 	if err != nil {
 		return err
 	}
 
 	if len(items) == 0 {
-		fmt.Fprintf(os.Stderr, "No secrets found\n")
+		fmt.Fprintf(os.Stderr, "No keypairs found\n")
 
 		return nil
 	}
@@ -121,26 +107,11 @@ func (c *DescribeSecretsCommand) Run(ctx context.Context, args []string) error {
 		fmt.Fprintf(w, "Type:\t%s\n", i.Type)
 		fmt.Fprintf(w, "Id:\t%s\n", i.ID)
 
-		switch i.Type {
-		case kops.SecretTypeKeypair:
 		err = describeKeypair(keyStore, i, &b)
 		if err != nil {
 			return err
 		}
 
-		case SecretTypeSSHPublicKey:
-			err = describeSSHPublicKey(i, &b)
-			if err != nil {
-				return err
-			}
-
-		case kops.SecretTypeSecret:
-			err = describeSecret(i, &b)
-			if err != nil {
-				return err
-			}
-		}
-
 		b.WriteString("\n")
 		_, err = w.Write(b.Bytes())
 		if err != nil {
@@ -200,11 +171,3 @@ func describeKeypair(keyStore fi.CAStore, item *fi.KeystoreItem, w *bytes.Buffer
 
 	return nil
 }
-
-func describeSecret(item *fi.KeystoreItem, w *bytes.Buffer) error {
-	return nil
-}
-
-func describeSSHPublicKey(item *fi.KeystoreItem, w *bytes.Buffer) error {
-	return nil
-}

cmd/kops/get.go

@@ -109,6 +109,7 @@ func NewCmdGet(f *util.Factory, out io.Writer) *cobra.Command {
 	cmd.AddCommand(NewCmdGetAssets(f, out, options))
 	cmd.AddCommand(NewCmdGetCluster(f, out, options))
 	cmd.AddCommand(NewCmdGetInstanceGroups(f, out, options))
+	cmd.AddCommand(NewCmdGetKeypairs(f, out, options))
 	cmd.AddCommand(NewCmdGetSecrets(f, out, options))
 	cmd.AddCommand(NewCmdGetInstances(f, out, options))
 

cmd/kops/get_keypairs.go

@@ -0,0 +1,160 @@
+/*
+Copyright 2021 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"os"
+
+	"github.com/spf13/cobra"
+	"k8s.io/kops/cmd/kops/util"
+	"k8s.io/kops/upup/pkg/fi"
+	"k8s.io/kops/util/pkg/tables"
+	"k8s.io/kubectl/pkg/util/i18n"
+	"k8s.io/kubectl/pkg/util/templates"
+)
+
+var (
+	getKeypairLong = templates.LongDesc(i18n.T(`
+	Display one or many keypairs.`))
+
+	getKeypairExample = templates.Examples(i18n.T(`
+	# List the cluster CA keypairs.
+	kops get keypairs ca
+
+	# List the service-account keypairs.
+	kops get keypairs service-account`))
+
+	getKeypairShort = i18n.T(`Get one or many keypairs.`)
+)
+
+type GetKeypairsOptions struct {
+	*GetOptions
+}
+
+func NewCmdGetKeypairs(f *util.Factory, out io.Writer, getOptions *GetOptions) *cobra.Command {
+	options := GetKeypairsOptions{
+		GetOptions: getOptions,
+	}
+	cmd := &cobra.Command{
+		Use:     "keypairs",
+		Aliases: []string{"keypair"},
+		Short:   getKeypairShort,
+		Long:    getKeypairLong,
+		Example: getKeypairExample,
+		Run: func(cmd *cobra.Command, args []string) {
+			ctx := context.TODO()
+			err := RunGetKeypairs(ctx, &options, args)
+			if err != nil {
+				exitWithError(err)
+			}
+		},
+	}
+
+	return cmd
+}
+
+func listKeypairs(keyStore fi.CAStore, names []string) ([]*fi.KeystoreItem, error) {
+	var items []*fi.KeystoreItem
+
+	{
+		l, err := keyStore.ListKeysets()
+		if err != nil {
+			return nil, fmt.Errorf("error listing Keysets: %v", err)
+		}
+
+		for _, keyset := range l {
+			for _, key := range keyset.Spec.Keys {
+				item := &fi.KeystoreItem{
+					Name: keyset.Name,
+					Type: keyset.Spec.Type,
+					ID:   key.Id,
+				}
+				items = append(items, item)
+			}
+		}
+	}
+
+	if len(names) != 0 {
+		var matches []*fi.KeystoreItem
+		for _, arg := range names {
+			var found []*fi.KeystoreItem
+			for _, i := range items {
+				if i.Name == arg {
+					found = append(found, i)
+				}
+			}
+
+			matches = append(matches, found...)
+		}
+		items = matches
+	}
+
+	return items, nil
+}
+
+func RunGetKeypairs(ctx context.Context, options *GetKeypairsOptions, args []string) error {
+	cluster, err := rootCommand.Cluster(ctx)
+	if err != nil {
+		return err
+	}
+
+	clientset, err := rootCommand.Clientset()
+	if err != nil {
+		return err
+	}
+
+	keyStore, err := clientset.KeyStore(cluster)
+	if err != nil {
+		return err
+	}
+
+	items, err := listKeypairs(keyStore, args)
+	if err != nil {
+		return err
+	}
+
+	if len(items) == 0 {
+		return fmt.Errorf("no keypairs found")
+	}
+	switch options.output {
+
+	case OutputTable:
+
+		t := &tables.Table{}
+		t.AddColumn("NAME", func(i *fi.KeystoreItem) string {
+			return i.Name
+		})
+		t.AddColumn("ID", func(i *fi.KeystoreItem) string {
+			return i.ID
+		})
+		t.AddColumn("TYPE", func(i *fi.KeystoreItem) string {
+			return string(i.Type)
+		})
+		return t.Render(items, os.Stdout, "TYPE", "NAME", "ID")
+
+	case OutputYaml:
+		return fmt.Errorf("yaml output format is not (currently) supported for keypairs")
+	case OutputJSON:
+		return fmt.Errorf("json output format is not (currently) supported for keypairs")
+
+	default:
+		return fmt.Errorf("Unknown output format: %q", options.output)
+	}
+}

cmd/kops/get_secrets.go

@@ -80,40 +80,21 @@ func NewCmdGetSecrets(f *util.Factory, out io.Writer, getOptions *GetOptions) *c
 	return cmd
 }
 
-func listSecrets(keyStore fi.CAStore, secretStore fi.SecretStore, sshCredentialStore fi.SSHCredentialStore, secretType string, names []string) ([]*fi.KeystoreItem, error) {
+func listSecrets(secretStore fi.SecretStore, sshCredentialStore fi.SSHCredentialStore, secretType string, names []string) ([]*fi.KeystoreItem, error) {
 	var items []*fi.KeystoreItem
 
 	findType := strings.ToLower(secretType)
 	switch findType {
 	case "":
 	// OK
-	case "sshpublickey", "keypair", "secret":
+	case "sshpublickey", "secret":
 	// OK
+	case "keypair":
+		return nil, fmt.Errorf("use 'kops get keypairs %s' instead", secretType)
 	default:
 		return nil, fmt.Errorf("unknown secret type %q", secretType)
 	}
 
-	{
-		l, err := keyStore.ListKeysets()
-		if err != nil {
-			return nil, fmt.Errorf("error listing Keysets: %v", err)
-		}
-
-		for _, keyset := range l {
-			if findType != "" && findType != strings.ToLower(string(keyset.Spec.Type)) {
-				continue
-			}
-			for _, key := range keyset.Spec.Keys {
-				item := &fi.KeystoreItem{
-					Name: keyset.Name,
-					Type: keyset.Spec.Type,
-					ID:   key.Id,
-				}
-				items = append(items, item)
-			}
-		}
-	}
-
 	if findType == "" || findType == strings.ToLower(string(kops.SecretTypeSecret)) {
 		names, err := secretStore.ListSecrets()
 		if err != nil {
@@ -194,11 +175,6 @@ func RunGetSecrets(ctx context.Context, options *GetSecretsOptions, args []strin
 		return err
 	}
 
-	keyStore, err := clientset.KeyStore(cluster)
-	if err != nil {
-		return err
-	}
-
 	secretStore, err := clientset.SecretStore(cluster)
 	if err != nil {
 		return err
@@ -209,7 +185,7 @@ func RunGetSecrets(ctx context.Context, options *GetSecretsOptions, args []strin
 		return err
 	}
 
-	items, err := listSecrets(keyStore, secretStore, sshCredentialStore, options.Type, args)
+	items, err := listSecrets(secretStore, sshCredentialStore, options.Type, args)
 	if err != nil {
 		return err
 	}

docs/cli/kops.md

@@ -39,7 +39,7 @@ kOps is Kubernetes Operations.
 
 * [kops completion](kops_completion.md)	 - Output shell completion code for the given shell (bash or zsh).
 * [kops create](kops_create.md)	 - Create a resource by command line, filename or stdin.
-* [kops delete](kops_delete.md)	 - Delete clusters,instancegroups, instances, or secrets.
+* [kops delete](kops_delete.md)	 - Delete clusters, instancegroups, instances, keypairs, or secrets.
 * [kops describe](kops_describe.md)	 - Describe a resource.
 * [kops edit](kops_edit.md)	 - Edit clusters and other resources.
 * [kops export](kops_export.md)	 - Export configuration.

docs/cli/kops_delete.md

@@ -3,11 +3,11 @@
 
 ## kops delete
 
-Delete clusters,instancegroups, instances, or secrets.
+Delete clusters, instancegroups, instances, keypairs, or secrets.
 
 ### Synopsis
 
-Delete Kubernetes clusters, instancegroups, instances, and secrets, or a combination of the before mentioned.
+Delete Kubernetes clusters, instancegroups, instances, keypairs, and secrets, or a combination of the before mentioned.
 
 ```
 kops delete -f FILENAME [--yes] [flags]
@@ -68,5 +68,6 @@ kops delete -f FILENAME [--yes] [flags]
 * [kops delete cluster](kops_delete_cluster.md)	 - Delete a cluster.
 * [kops delete instance](kops_delete_instance.md)	 - Delete an instance
 * [kops delete instancegroup](kops_delete_instancegroup.md)	 - Delete instancegroup
+* [kops delete keypair](kops_delete_keypair.md)	 - Delete a keypair.
 * [kops delete secret](kops_delete_secret.md)	 - Delete a secret
 

docs/cli/kops_delete_cluster.md

@@ -54,5 +54,5 @@ kops delete cluster CLUSTERNAME [--yes] [flags]
 
 ### SEE ALSO
 
-* [kops delete](kops_delete.md)	 - Delete clusters,instancegroups, instances, or secrets.
+* [kops delete](kops_delete.md)	 - Delete clusters, instancegroups, instances, keypairs, or secrets.
 

docs/cli/kops_delete_instance.md

@@ -64,5 +64,5 @@ kops delete instance [flags]
 
 ### SEE ALSO
 
-* [kops delete](kops_delete.md)	 - Delete clusters,instancegroups, instances, or secrets.
+* [kops delete](kops_delete.md)	 - Delete clusters, instancegroups, instances, keypairs, or secrets.
 

docs/cli/kops_delete_instancegroup.md

@@ -52,5 +52,5 @@ kops delete instancegroup [flags]
 
 ### SEE ALSO
 
-* [kops delete](kops_delete.md)	 - Delete clusters,instancegroups, instances, or secrets.
+* [kops delete](kops_delete.md)	 - Delete clusters, instancegroups, instances, keypairs, or secrets.
 

docs/cli/kops_delete_keypair.md

@@ -0,0 +1,53 @@
+
+<!--- This file is automatically generated by make gen-cli-docs; changes should be made in the go CLI command code (under cmd/kops) -->
+
+## kops delete keypair
+
+Delete a keypair.
+
+### Synopsis
+
+Delete a keypair.
+
+```
+kops delete keypair [flags]
+```
+
+### Examples
+
+```
+  # Syntax: kops delete keypair KEYSET ID
+  kops delete keypair ca 5938372002934847
+```
+
+### Options
+
+```
+  -h, --help   help for keypair
+```
+
+### Options inherited from parent commands
+
+```
+      --add_dir_header                   If true, adds the file directory to the header of the log messages
+      --alsologtostderr                  log to standard error as well as files
+      --config string                    yaml config file (default is $HOME/.kops.yaml)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --log_file string                  If non-empty, use this log file
+      --log_file_max_size uint           Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
+      --logtostderr                      log to standard error instead of files (default true)
+      --name string                      Name of cluster. Overrides KOPS_CLUSTER_NAME environment variable
+      --one_output                       If true, only write logs to their native severity level (vs also writing to each lower severity level)
+      --skip_headers                     If true, avoid header prefixes in the log messages
+      --skip_log_headers                 If true, avoid headers when opening log files
+      --state string                     Location of state storage (kops 'config' file). Overrides KOPS_STATE_STORE environment variable
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          number for the log level verbosity
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+
+* [kops delete](kops_delete.md)	 - Delete clusters, instancegroups, instances, keypairs, or secrets.
+

docs/cli/kops_delete_secret.md

@@ -50,5 +50,5 @@ kops delete secret [flags]
 
 ### SEE ALSO
 
-* [kops delete](kops_delete.md)	 - Delete clusters,instancegroups, instances, or secrets.
+* [kops delete](kops_delete.md)	 - Delete clusters, instancegroups, instances, keypairs, or secrets.
 

docs/cli/kops_describe.md

@@ -45,5 +45,5 @@ Get additional information about cloud and cluster resources.
 ### SEE ALSO
 
 * [kops](kops.md)	 - kOps is Kubernetes Operations.
-* [kops describe secrets](kops_describe_secrets.md)	 - Describe a cluster secret
+* [kops describe keypairs](kops_describe_keypairs.md)	 - Describe a cluster keypair
 

docs/cli/kops_describe_keypairs.md

@@ -1,30 +1,29 @@
 
 <!--- This file is automatically generated by make gen-cli-docs; changes should be made in the go CLI command code (under cmd/kops) -->
 
-## kops describe secrets
+## kops describe keypairs
 
-Describe a cluster secret
+Describe a cluster keypair
 
 ### Synopsis
 
-Get additional information about cluster secrets.
+Get additional information about keypairs.
 
 ```
-kops describe secrets [flags]
+kops describe keypairs [flags]
 ```
 
 ### Examples
 
 ```
-  # Describe a secret
+  # Describe a keypair
-  kops describe secrets admin
+  kops describe keypairs ca
 ```
 
 ### Options
 
 ```
-  -h, --help          help for secrets
+  -h, --help   help for keypairs
-      --type string   Filter by secret type
 ```
 
 ### Options inherited from parent commands

docs/cli/kops_get.md

@@ -74,5 +74,6 @@ kops get [flags]
 * [kops get clusters](kops_get_clusters.md)	 - Get one or many clusters.
 * [kops get instancegroups](kops_get_instancegroups.md)	 - Get one or many instancegroups
 * [kops get instances](kops_get_instances.md)	 - Display cluster instances.
+* [kops get keypairs](kops_get_keypairs.md)	 - Get one or many keypairs.
 * [kops get secrets](kops_get_secrets.md)	 - Get one or many secrets.
 

docs/cli/kops_get_keypairs.md

@@ -0,0 +1,57 @@
+
+<!--- This file is automatically generated by make gen-cli-docs; changes should be made in the go CLI command code (under cmd/kops) -->
+
+## kops get keypairs
+
+Get one or many keypairs.
+
+### Synopsis
+
+Display one or many keypairs.
+
+```
+kops get keypairs [flags]
+```
+
+### Examples
+
+```
+  # List the cluster CA keypairs.
+  kops get keypairs ca
+  
+  # List the service-account keypairs.
+  kops get keypairs service-account
+```
+
+### Options
+
+```
+  -h, --help   help for keypairs
+```
+
+### Options inherited from parent commands
+
+```
+      --add_dir_header                   If true, adds the file directory to the header of the log messages
+      --alsologtostderr                  log to standard error as well as files
+      --config string                    yaml config file (default is $HOME/.kops.yaml)
+      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
+      --log_dir string                   If non-empty, write log files in this directory
+      --log_file string                  If non-empty, use this log file
+      --log_file_max_size uint           Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
+      --logtostderr                      log to standard error instead of files (default true)
+      --name string                      Name of cluster. Overrides KOPS_CLUSTER_NAME environment variable
+      --one_output                       If true, only write logs to their native severity level (vs also writing to each lower severity level)
+  -o, --output string                    output format.  One of: table, yaml, json (default "table")
+      --skip_headers                     If true, avoid header prefixes in the log messages
+      --skip_log_headers                 If true, avoid headers when opening log files
+      --state string                     Location of state storage (kops 'config' file). Overrides KOPS_STATE_STORE environment variable
+      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
+  -v, --v Level                          number for the log level verbosity
+      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+
+* [kops get](kops_get.md)	 - Get one or many resources.
+