kubernetes
/
kubectl
mirror of https://github.com/kubernetes/kubectl.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #111687 from ardaguclu/use-restgetter-certificates 

(kubectl certificate): Move towards restClientGetter instead cmdutil.Factory

Kubernetes-commit: 9558faf8a22165974cd8f012ee3495e1ac222997
This commit is contained in:
Kubernetes Publisher 2022-08-23 17:17:11 -07:00
parent c6098527ce b2cb2f2c6d
commit 1ee9a055fc
4 changed files with 39 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
go.mod
View File

@ -29,10 +29,10 @@ require (
github.com/stretchr/testify v1.7.0 github.com/stretchr/testify v1.7.0
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f
gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v2 v2.4.0
k8s.io/api v0.0.0-20220809235342-2e7b66171c20 k8s.io/api v0.0.0-20220824023210-64f80bd511ba
k8s.io/apimachinery v0.0.0-20220805001719-117bd9b56ec3 k8s.io/apimachinery v0.0.0-20220805001719-117bd9b56ec3
k8s.io/cli-runtime v0.0.0-20220804203856-b48c51ece852 k8s.io/cli-runtime v0.0.0-20220804203856-b48c51ece852
k8s.io/client-go v0.0.0-20220824023526-4faffa86446a k8s.io/client-go v0.0.0-20220824023529-0fdc4f348a5d
k8s.io/component-base v0.0.0-20220804202306-bd3841ae5bd6 k8s.io/component-base v0.0.0-20220804202306-bd3841ae5bd6
k8s.io/component-helpers v0.0.0-20220824024213-43a709e0c466 k8s.io/component-helpers v0.0.0-20220824024213-43a709e0c466
k8s.io/klog/v2 v2.70.1 k8s.io/klog/v2 v2.70.1
@ -94,10 +94,10 @@ require (
) )
replace ( replace (
k8s.io/api => k8s.io/api v0.0.0-20220809235342-2e7b66171c20 k8s.io/api => k8s.io/api v0.0.0-20220824023210-64f80bd511ba
k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20220805001719-117bd9b56ec3 k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20220805001719-117bd9b56ec3
k8s.io/cli-runtime => k8s.io/cli-runtime v0.0.0-20220804203856-b48c51ece852 k8s.io/cli-runtime => k8s.io/cli-runtime v0.0.0-20220804203856-b48c51ece852
k8s.io/client-go => k8s.io/client-go v0.0.0-20220824023526-4faffa86446a k8s.io/client-go => k8s.io/client-go v0.0.0-20220824023529-0fdc4f348a5d
k8s.io/code-generator => k8s.io/code-generator v0.0.0-20220824022809-a4e23d1b7f08 k8s.io/code-generator => k8s.io/code-generator v0.0.0-20220824022809-a4e23d1b7f08
k8s.io/component-base => k8s.io/component-base v0.0.0-20220804202306-bd3841ae5bd6 k8s.io/component-base => k8s.io/component-base v0.0.0-20220804202306-bd3841ae5bd6
k8s.io/component-helpers => k8s.io/component-helpers v0.0.0-20220824024213-43a709e0c466 k8s.io/component-helpers => k8s.io/component-helpers v0.0.0-20220824024213-43a709e0c466

8
go.sum
View File

@ -541,14 +541,14 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
k8s.io/api v0.0.0-20220809235342-2e7b66171c20 h1:+1HZkTrpGkV9qYo5f80o5y+Jj7Czh6KcXW8ZjV4Did0= k8s.io/api v0.0.0-20220824023210-64f80bd511ba h1:aTNI+/FBnYaKBP5X6joGb/l0aZEcI7dv7G4d0sDHZWQ=
k8s.io/api v0.0.0-20220809235342-2e7b66171c20/go.mod h1:cuE2+aKfcxEMeHx/NuUKIL3aRJhth7/K9wlCf+3Q3+s= k8s.io/api v0.0.0-20220824023210-64f80bd511ba/go.mod h1:cuE2+aKfcxEMeHx/NuUKIL3aRJhth7/K9wlCf+3Q3+s=
k8s.io/apimachinery v0.0.0-20220805001719-117bd9b56ec3 h1:Ru2oqar5qMV68dM0G6OEZs2C7qtydpReZ2dHsXpu/Kw= k8s.io/apimachinery v0.0.0-20220805001719-117bd9b56ec3 h1:Ru2oqar5qMV68dM0G6OEZs2C7qtydpReZ2dHsXpu/Kw=
k8s.io/apimachinery v0.0.0-20220805001719-117bd9b56ec3/go.mod h1:qMx9eAk0sZQGsXGu86fab8tZdffHbwUfsvzqKn4mfB0= k8s.io/apimachinery v0.0.0-20220805001719-117bd9b56ec3/go.mod h1:qMx9eAk0sZQGsXGu86fab8tZdffHbwUfsvzqKn4mfB0=
k8s.io/cli-runtime v0.0.0-20220804203856-b48c51ece852 h1:jIB0rKV6fdXuN/fttQa5T0JCTHuOaT/1rWhiMccorL4= k8s.io/cli-runtime v0.0.0-20220804203856-b48c51ece852 h1:jIB0rKV6fdXuN/fttQa5T0JCTHuOaT/1rWhiMccorL4=
k8s.io/cli-runtime v0.0.0-20220804203856-b48c51ece852/go.mod h1:Tvpth9pLpTuGtIJRXkHyiRV1aySWB4fkzO/eISsDbk4= k8s.io/cli-runtime v0.0.0-20220804203856-b48c51ece852/go.mod h1:Tvpth9pLpTuGtIJRXkHyiRV1aySWB4fkzO/eISsDbk4=
k8s.io/client-go v0.0.0-20220824023526-4faffa86446a h1:C8dz3ImCQOEcZ0MdLA7dHejsaBhlRSIDitrSKrxImQk= k8s.io/client-go v0.0.0-20220824023529-0fdc4f348a5d h1:3kW3ZtpGCo40AYVi6zA1aXjxb1SSW8jxmyKcbjyvVZU=
k8s.io/client-go v0.0.0-20220824023526-4faffa86446a/go.mod h1:2Rm3fcCGUvolAtl5MenH/hIpxsJu2HbofGvmGzIvE8w= k8s.io/client-go v0.0.0-20220824023529-0fdc4f348a5d/go.mod h1:g/NYL15K7s+CdNnWuFAbZvlVKCrToqESWFAhB6hi1bE=
k8s.io/component-base v0.0.0-20220804202306-bd3841ae5bd6 h1:FHz479e22/WLD6+Tr3G+YWh5IVaJYocmPjizCb7chDU= k8s.io/component-base v0.0.0-20220804202306-bd3841ae5bd6 h1:FHz479e22/WLD6+Tr3G+YWh5IVaJYocmPjizCb7chDU=
k8s.io/component-base v0.0.0-20220804202306-bd3841ae5bd6/go.mod h1:ij1d8OKrbGbeL3b7tnrEKOuN2itnGAl4CSinffjTRko= k8s.io/component-base v0.0.0-20220804202306-bd3841ae5bd6/go.mod h1:ij1d8OKrbGbeL3b7tnrEKOuN2itnGAl4CSinffjTRko=
k8s.io/component-helpers v0.0.0-20220824024213-43a709e0c466 h1:TlIUI+Yqw0352K1qADGFNHZvgMqCdZIdIQfihAI1bCc= k8s.io/component-helpers v0.0.0-20220824024213-43a709e0c466 h1:TlIUI+Yqw0352K1qADGFNHZvgMqCdZIdIQfihAI1bCc=

50
pkg/cmd/certificates/certificates.go
View File

@ -33,7 +33,8 @@ import (
"k8s.io/cli-runtime/pkg/genericclioptions" "k8s.io/cli-runtime/pkg/genericclioptions"
"k8s.io/cli-runtime/pkg/printers" "k8s.io/cli-runtime/pkg/printers"
"k8s.io/cli-runtime/pkg/resource" "k8s.io/cli-runtime/pkg/resource"
clientset "k8s.io/client-go/kubernetes" v1 "k8s.io/client-go/kubernetes/typed/certificates/v1"
"k8s.io/client-go/kubernetes/typed/certificates/v1beta1"
cmdutil "k8s.io/kubectl/pkg/cmd/util" cmdutil "k8s.io/kubectl/pkg/cmd/util"
"k8s.io/kubectl/pkg/scheme" "k8s.io/kubectl/pkg/scheme"
"k8s.io/kubectl/pkg/util/i18n" "k8s.io/kubectl/pkg/util/i18n"
@ -41,7 +42,7 @@ import (
) )
// NewCmdCertificate returns `certificate` Cobra command // NewCmdCertificate returns `certificate` Cobra command
func NewCmdCertificate(f cmdutil.Factory, ioStreams genericclioptions.IOStreams) *cobra.Command { func NewCmdCertificate(restClientGetter genericclioptions.RESTClientGetter, ioStreams genericclioptions.IOStreams) *cobra.Command {
cmd := &cobra.Command{ cmd := &cobra.Command{
Use: "certificate SUBCOMMAND", Use: "certificate SUBCOMMAND",
DisableFlagsInUseLine: true, DisableFlagsInUseLine: true,
@ -52,8 +53,8 @@ func NewCmdCertificate(f cmdutil.Factory, ioStreams genericclioptions.IOStreams)
}, },
} }
cmd.AddCommand(NewCmdCertificateApprove(f, ioStreams)) cmd.AddCommand(NewCmdCertificateApprove(restClientGetter, ioStreams))
cmd.AddCommand(NewCmdCertificateDeny(f, ioStreams)) cmd.AddCommand(NewCmdCertificateDeny(restClientGetter, ioStreams))
return cmd return cmd
} }
@ -68,8 +69,9 @@ type CertificateOptions struct {
csrNames []string csrNames []string
outputStyle string outputStyle string
clientSet clientset.Interface certificatesV1Client v1.CertificatesV1Interface
builder *resource.Builder certificatesV1Beta1Client v1beta1.CertificatesV1beta1Interface
builder *resource.Builder
genericclioptions.IOStreams genericclioptions.IOStreams
} }
@ -83,7 +85,7 @@ func NewCertificateOptions(ioStreams genericclioptions.IOStreams, operation stri
} }
// Complete loads data from the command environment // Complete loads data from the command environment
func (o *CertificateOptions) Complete(f cmdutil.Factory, cmd *cobra.Command, args []string) error { func (o *CertificateOptions) Complete(restClientGetter genericclioptions.RESTClientGetter, cmd *cobra.Command, args []string) error {
o.csrNames = args o.csrNames = args
o.outputStyle = cmdutil.GetFlagString(cmd, "output") o.outputStyle = cmdutil.GetFlagString(cmd, "output")
@ -96,9 +98,19 @@ func (o *CertificateOptions) Complete(f cmdutil.Factory, cmd *cobra.Command, arg
return printer.PrintObj(obj, out) return printer.PrintObj(obj, out)
} }
o.builder = f.NewBuilder() o.builder = resource.NewBuilder(restClientGetter)
o.clientSet, err = f.KubernetesClientSet() clientConfig, err := restClientGetter.ToRESTConfig()
if err != nil {
return err
}
o.certificatesV1Client, err = v1.NewForConfig(clientConfig)
if err != nil {
return err
}
o.certificatesV1Beta1Client, err = v1beta1.NewForConfig(clientConfig)
if err != nil { if err != nil {
return err return err
} }
@ -115,7 +127,7 @@ func (o *CertificateOptions) Validate() error {
} }
// NewCmdCertificateApprove returns the `certificate approve` Cobra command // NewCmdCertificateApprove returns the `certificate approve` Cobra command
func NewCmdCertificateApprove(f cmdutil.Factory, ioStreams genericclioptions.IOStreams) *cobra.Command { func NewCmdCertificateApprove(restClientGetter genericclioptions.RESTClientGetter, ioStreams genericclioptions.IOStreams) *cobra.Command {
o := NewCertificateOptions(ioStreams, "approved") o := NewCertificateOptions(ioStreams, "approved")
cmd := &cobra.Command{ cmd := &cobra.Command{
@ -139,7 +151,7 @@ func NewCmdCertificateApprove(f cmdutil.Factory, ioStreams genericclioptions.IOS
kubectl certificate approve csr-sqgzp kubectl certificate approve csr-sqgzp
`)), `)),
Run: func(cmd *cobra.Command, args []string) { Run: func(cmd *cobra.Command, args []string) {
cmdutil.CheckErr(o.Complete(f, cmd, args)) cmdutil.CheckErr(o.Complete(restClientGetter, cmd, args))
cmdutil.CheckErr(o.Validate()) cmdutil.CheckErr(o.Validate())
cmdutil.CheckErr(o.RunCertificateApprove(cmdutil.GetFlagBool(cmd, "force"))) cmdutil.CheckErr(o.RunCertificateApprove(cmdutil.GetFlagBool(cmd, "force")))
}, },
@ -157,14 +169,13 @@ func NewCmdCertificateApprove(f cmdutil.Factory, ioStreams genericclioptions.IOS
func (o *CertificateOptions) RunCertificateApprove(force bool) error { func (o *CertificateOptions) RunCertificateApprove(force bool) error {
return o.modifyCertificateCondition( return o.modifyCertificateCondition(
o.builder, o.builder,
o.clientSet,
force, force,
addConditionIfNeeded(string(certificatesv1.CertificateDenied), string(certificatesv1.CertificateApproved), "KubectlApprove", "This CSR was approved by kubectl certificate approve."), addConditionIfNeeded(string(certificatesv1.CertificateDenied), string(certificatesv1.CertificateApproved), "KubectlApprove", "This CSR was approved by kubectl certificate approve."),
) )
} }
// NewCmdCertificateDeny returns the `certificate deny` Cobra command // NewCmdCertificateDeny returns the `certificate deny` Cobra command
func NewCmdCertificateDeny(f cmdutil.Factory, ioStreams genericclioptions.IOStreams) *cobra.Command { func NewCmdCertificateDeny(restClientGetter genericclioptions.RESTClientGetter, ioStreams genericclioptions.IOStreams) *cobra.Command {
o := NewCertificateOptions(ioStreams, "denied") o := NewCertificateOptions(ioStreams, "denied")
cmd := &cobra.Command{ cmd := &cobra.Command{
@ -183,7 +194,7 @@ func NewCmdCertificateDeny(f cmdutil.Factory, ioStreams genericclioptions.IOStre
kubectl certificate deny csr-sqgzp kubectl certificate deny csr-sqgzp
`)), `)),
Run: func(cmd *cobra.Command, args []string) { Run: func(cmd *cobra.Command, args []string) {
cmdutil.CheckErr(o.Complete(f, cmd, args)) cmdutil.CheckErr(o.Complete(restClientGetter, cmd, args))
cmdutil.CheckErr(o.Validate()) cmdutil.CheckErr(o.Validate())
cmdutil.CheckErr(o.RunCertificateDeny(cmdutil.GetFlagBool(cmd, "force"))) cmdutil.CheckErr(o.RunCertificateDeny(cmdutil.GetFlagBool(cmd, "force")))
}, },
@ -201,13 +212,12 @@ func NewCmdCertificateDeny(f cmdutil.Factory, ioStreams genericclioptions.IOStre
func (o *CertificateOptions) RunCertificateDeny(force bool) error { func (o *CertificateOptions) RunCertificateDeny(force bool) error {
return o.modifyCertificateCondition( return o.modifyCertificateCondition(
o.builder, o.builder,
o.clientSet,
force, force,
addConditionIfNeeded(string(certificatesv1.CertificateApproved), string(certificatesv1.CertificateDenied), "KubectlDeny", "This CSR was denied by kubectl certificate deny."), addConditionIfNeeded(string(certificatesv1.CertificateApproved), string(certificatesv1.CertificateDenied), "KubectlDeny", "This CSR was denied by kubectl certificate deny."),
) )
} }
func (o *CertificateOptions) modifyCertificateCondition(builder *resource.Builder, clientSet clientset.Interface, force bool, modify func(csr runtime.Object) (runtime.Object, bool, error)) error { func (o *CertificateOptions) modifyCertificateCondition(builder *resource.Builder, force bool, modify func(csr runtime.Object) (runtime.Object, bool, error)) error {
var found int var found int
r := builder. r := builder.
Unstructured(). Unstructured().
@ -233,10 +243,10 @@ func (o *CertificateOptions) modifyCertificateCondition(builder *resource.Builde
var csr runtime.Object var csr runtime.Object
// get a typed object // get a typed object
// first try v1 // first try v1
csr, err = clientSet.CertificatesV1().CertificateSigningRequests().Get(context.TODO(), obj.GetName(), metav1.GetOptions{}) csr, err = o.certificatesV1Client.CertificateSigningRequests().Get(context.TODO(), obj.GetName(), metav1.GetOptions{})
if apierrors.IsNotFound(err) { if apierrors.IsNotFound(err) {
// fall back to v1beta1 // fall back to v1beta1
csr, err = clientSet.CertificatesV1beta1().CertificateSigningRequests().Get(context.TODO(), obj.GetName(), metav1.GetOptions{}) csr, err = o.certificatesV1Beta1Client.CertificateSigningRequests().Get(context.TODO(), obj.GetName(), metav1.GetOptions{})
} }
if apierrors.IsNotFound(err) { if apierrors.IsNotFound(err) {
return fmt.Errorf("could not find v1 or v1beta1 version of %s: %v", obj.GetName(), err) return fmt.Errorf("could not find v1 or v1beta1 version of %s: %v", obj.GetName(), err)
@ -252,9 +262,9 @@ func (o *CertificateOptions) modifyCertificateCondition(builder *resource.Builde
if !hasCondition || force { if !hasCondition || force {
switch modifiedCSR := modifiedCSR.(type) { switch modifiedCSR := modifiedCSR.(type) {
case *certificatesv1.CertificateSigningRequest: case *certificatesv1.CertificateSigningRequest:
_, err = clientSet.CertificatesV1().CertificateSigningRequests().UpdateApproval(context.TODO(), modifiedCSR.Name, modifiedCSR, metav1.UpdateOptions{}) _, err = o.certificatesV1Client.CertificateSigningRequests().UpdateApproval(context.TODO(), modifiedCSR.Name, modifiedCSR, metav1.UpdateOptions{})
case *certificatesv1beta1.CertificateSigningRequest: case *certificatesv1beta1.CertificateSigningRequest:
_, err = clientSet.CertificatesV1beta1().CertificateSigningRequests().UpdateApproval(context.TODO(), modifiedCSR, metav1.UpdateOptions{}) _, err = o.certificatesV1Beta1Client.CertificateSigningRequests().UpdateApproval(context.TODO(), modifiedCSR, metav1.UpdateOptions{})
default: default:
return fmt.Errorf("can only handle certificates.k8s.io CertificateSigningRequest objects, got %T", modifiedCSR) return fmt.Errorf("can only handle certificates.k8s.io CertificateSigningRequest objects, got %T", modifiedCSR)
} }

1
pkg/cmd/certificates/certificates_test.go
View File

@ -293,6 +293,7 @@ func TestCertificates(t *testing.T) {
Client: fakeClient, Client: fakeClient,
} }
streams, _, buf, errbuf := genericclioptions.NewTestIOStreams() streams, _, buf, errbuf := genericclioptions.NewTestIOStreams()
tf.ClientConfigVal.Transport = fakeClient.Transport
defer func() { defer func() {
// Restore cmdutil behavior. // Restore cmdutil behavior.