Skip to content

Add support for exec based auth. #158

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 6, 2018
Merged

Add support for exec based auth. #158

merged 1 commit into from
Dec 6, 2018

Conversation

@brendandburns
Copy link
Contributor

@brendandburns brendandburns commented Dec 5, 2018

Closes #34

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Dec 5, 2018
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Dec 5, 2018

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: brendandburns

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot requested a review from mbohlool December 5, 2018 07:11
@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Dec 5, 2018
@brendandburns brendandburns requested review from itowlson and removed request for mbohlool December 5, 2018 07:11
drubin
drubin reviewed Dec 5, 2018
View reviewed changes
src/config.ts
import { Authenticator } from './auth';
import { Cluster, Context, newClusters, newContexts, newUsers, User } from './config_types';
import { CloudAuth } from './cloud_auth';
import { ExecAuth } from './exec_auth';
Copy link
Contributor

@drubin drubin Dec 5, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@brendanburns Where do these files come from?

Copy link
Contributor Author

@brendandburns brendandburns Dec 5, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They're right there on my ....
checks notes
... my local file system.

sigh

Fixed.

Copy link
Contributor

@drubin drubin Dec 10, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! and thanks again for adding this @brendanburns

@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Dec 5, 2018
@brendandburns
Copy link
Contributor Author

brendandburns commented Dec 6, 2018

Fixed lint errors....

@itowlson
Copy link
Contributor

itowlson commented Dec 6, 2018

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 6, 2018
@k8s-ci-robot k8s-ci-robot merged commit d9987e4 into kubernetes-client:master Dec 6, 2018
@SawyerHopkins
Copy link

SawyerHopkins commented Dec 21, 2018

I am using aws-iam-authenticator and the response body has the shape

{ 
  "kind": "ExecCredential",
  "apiVersion": "client.authentication.k8s.io/v1alpha1",
  "spec": {},
  "status": { 
    "expirationTimestamp": "2018-12-21T23:29:01Z",
    "token": "<REDACTED>"
  }
}

Which appears correct according to https://kubernetes.io/docs/reference/access-authn-authz/authentication/

This however causes this line to return an undefined value for the bearer token. https://github.com/kubernetes-client/javascript/pull/158/files#diff-d03480d634d6f56466d9e8bf3e1b00d0R32

I have a locally linked build which returns return Bearer ${obj.status.token} which appears to work correctly.

Is this an issue with aws-iam-authenticator, is this because the auth api version is still v1alpha1, or have I setup something incorrectly in my kubectl?

users:
  - name: <REDACTED>
    user:
      auth-provider:
        name: exec
        config:
          exec:
            apiVersion: client.authentication.k8s.io/v1alpha1
            command: aws-iam-authenticator
            args:
              - token
              - -i
              - <REDACTED>
      exec:
        apiVersion: client.authentication.k8s.io/v1alpha1
        command: aws-iam-authenticator
        args:
          - token
          - -i
          - <REDACTED>

@brendandburns
Copy link
Contributor Author

brendandburns commented Dec 22, 2018

@SawyerHopkins I think this is just a straight-up bug, I didn't have a working kubeconfig to test against and I messed up....

I'll send a fix asap.

@ndeloof
Copy link
Contributor

ndeloof commented Jun 19, 2019

afaict this change broke the fix introduced by #132 to support electron.
shelljs isn't compatible with Electron without known possible fix yet https://github.com/shelljs/shelljs/wiki/Electron-compatibility

@ndeloof ndeloof mentioned this pull request Jun 19, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@drubin drubin drubin left review comments

@itowlson itowlson itowlson approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@itowlson itowlson

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Port exec-based client auth provider to Javascript client

6 participants

@brendandburns @k8s-ci-robot @itowlson @SawyerHopkins @ndeloof @drubin