Unverified Commit 484ab143 authored by Kubernetes Prow Robot's avatar Kubernetes Prow Robot Committed by GitHub

Merge pull request #77897 from mikedanese/automated-cherry-pick-of-#77613-upstream-release-1.14

Automated cherry pick of #77613 upstream release 1.14
parents 88996f82 63bad1d8
...@@ -171,6 +171,7 @@ func restConfigFromKubeconfig(configAuthInfo *clientcmdapi.AuthInfo) (*rest.Conf ...@@ -171,6 +171,7 @@ func restConfigFromKubeconfig(configAuthInfo *clientcmdapi.AuthInfo) (*rest.Conf
// blindly overwrite existing values based on precedence // blindly overwrite existing values based on precedence
if len(configAuthInfo.Token) > 0 { if len(configAuthInfo.Token) > 0 {
config.BearerToken = configAuthInfo.Token config.BearerToken = configAuthInfo.Token
config.BearerTokenFile = configAuthInfo.TokenFile
} else if len(configAuthInfo.TokenFile) > 0 { } else if len(configAuthInfo.TokenFile) > 0 {
tokenBytes, err := ioutil.ReadFile(configAuthInfo.TokenFile) tokenBytes, err := ioutil.ReadFile(configAuthInfo.TokenFile)
if err != nil { if err != nil {
......
...@@ -74,9 +74,10 @@ func (c *Config) TransportConfig() (*transport.Config, error) { ...@@ -74,9 +74,10 @@ func (c *Config) TransportConfig() (*transport.Config, error) {
KeyFile: c.KeyFile, KeyFile: c.KeyFile,
KeyData: c.KeyData, KeyData: c.KeyData,
}, },
Username: c.Username, Username: c.Username,
Password: c.Password, Password: c.Password,
BearerToken: c.BearerToken, BearerToken: c.BearerToken,
BearerTokenFile: c.BearerTokenFile,
Impersonate: transport.ImpersonationConfig{ Impersonate: transport.ImpersonationConfig{
UserName: c.Impersonate.UserName, UserName: c.Impersonate.UserName,
Groups: c.Impersonate.Groups, Groups: c.Impersonate.Groups,
......
...@@ -228,6 +228,7 @@ func (config *DirectClientConfig) getUserIdentificationPartialConfig(configAuthI ...@@ -228,6 +228,7 @@ func (config *DirectClientConfig) getUserIdentificationPartialConfig(configAuthI
// blindly overwrite existing values based on precedence // blindly overwrite existing values based on precedence
if len(configAuthInfo.Token) > 0 { if len(configAuthInfo.Token) > 0 {
mergedConfig.BearerToken = configAuthInfo.Token mergedConfig.BearerToken = configAuthInfo.Token
mergedConfig.BearerTokenFile = configAuthInfo.TokenFile
} else if len(configAuthInfo.TokenFile) > 0 { } else if len(configAuthInfo.TokenFile) > 0 {
tokenBytes, err := ioutil.ReadFile(configAuthInfo.TokenFile) tokenBytes, err := ioutil.ReadFile(configAuthInfo.TokenFile)
if err != nil { if err != nil {
...@@ -499,8 +500,9 @@ func (config *inClusterClientConfig) ClientConfig() (*restclient.Config, error) ...@@ -499,8 +500,9 @@ func (config *inClusterClientConfig) ClientConfig() (*restclient.Config, error)
if server := config.overrides.ClusterInfo.Server; len(server) > 0 { if server := config.overrides.ClusterInfo.Server; len(server) > 0 {
icc.Host = server icc.Host = server
} }
if token := config.overrides.AuthInfo.Token; len(token) > 0 { if len(config.overrides.AuthInfo.Token) > 0 || len(config.overrides.AuthInfo.TokenFile) > 0 {
icc.BearerToken = token icc.BearerToken = config.overrides.AuthInfo.Token
icc.BearerTokenFile = config.overrides.AuthInfo.TokenFile
} }
if certificateAuthorityFile := config.overrides.ClusterInfo.CertificateAuthority; len(certificateAuthorityFile) > 0 { if certificateAuthorityFile := config.overrides.ClusterInfo.CertificateAuthority; len(certificateAuthorityFile) > 0 {
icc.TLSClientConfig.CAFile = certificateAuthorityFile icc.TLSClientConfig.CAFile = certificateAuthorityFile
......
...@@ -549,6 +549,30 @@ func TestInClusterClientConfigPrecedence(t *testing.T) { ...@@ -549,6 +549,30 @@ func TestInClusterClientConfigPrecedence(t *testing.T) {
}, },
}, },
{ {
overrides: &ConfigOverrides{
ClusterInfo: clientcmdapi.Cluster{
Server: "https://host-from-overrides.com",
CertificateAuthority: "/path/to/ca-from-overrides.crt",
},
AuthInfo: clientcmdapi.AuthInfo{
Token: "token-from-override",
TokenFile: "tokenfile-from-override",
},
},
},
{
overrides: &ConfigOverrides{
ClusterInfo: clientcmdapi.Cluster{
Server: "https://host-from-overrides.com",
CertificateAuthority: "/path/to/ca-from-overrides.crt",
},
AuthInfo: clientcmdapi.AuthInfo{
Token: "",
TokenFile: "tokenfile-from-override",
},
},
},
{
overrides: &ConfigOverrides{}, overrides: &ConfigOverrides{},
}, },
} }
...@@ -556,13 +580,15 @@ func TestInClusterClientConfigPrecedence(t *testing.T) { ...@@ -556,13 +580,15 @@ func TestInClusterClientConfigPrecedence(t *testing.T) {
for _, tc := range tt { for _, tc := range tt {
expectedServer := "https://host-from-cluster.com" expectedServer := "https://host-from-cluster.com"
expectedToken := "token-from-cluster" expectedToken := "token-from-cluster"
expectedTokenFile := "tokenfile-from-cluster"
expectedCAFile := "/path/to/ca-from-cluster.crt" expectedCAFile := "/path/to/ca-from-cluster.crt"
icc := &inClusterClientConfig{ icc := &inClusterClientConfig{
inClusterConfigProvider: func() (*restclient.Config, error) { inClusterConfigProvider: func() (*restclient.Config, error) {
return &restclient.Config{ return &restclient.Config{
Host: expectedServer, Host: expectedServer,
BearerToken: expectedToken, BearerToken: expectedToken,
BearerTokenFile: expectedTokenFile,
TLSClientConfig: restclient.TLSClientConfig{ TLSClientConfig: restclient.TLSClientConfig{
CAFile: expectedCAFile, CAFile: expectedCAFile,
}, },
...@@ -579,8 +605,9 @@ func TestInClusterClientConfigPrecedence(t *testing.T) { ...@@ -579,8 +605,9 @@ func TestInClusterClientConfigPrecedence(t *testing.T) {
if overridenServer := tc.overrides.ClusterInfo.Server; len(overridenServer) > 0 { if overridenServer := tc.overrides.ClusterInfo.Server; len(overridenServer) > 0 {
expectedServer = overridenServer expectedServer = overridenServer
} }
if overridenToken := tc.overrides.AuthInfo.Token; len(overridenToken) > 0 { if len(tc.overrides.AuthInfo.Token) > 0 || len(tc.overrides.AuthInfo.TokenFile) > 0 {
expectedToken = overridenToken expectedToken = tc.overrides.AuthInfo.Token
expectedTokenFile = tc.overrides.AuthInfo.TokenFile
} }
if overridenCAFile := tc.overrides.ClusterInfo.CertificateAuthority; len(overridenCAFile) > 0 { if overridenCAFile := tc.overrides.ClusterInfo.CertificateAuthority; len(overridenCAFile) > 0 {
expectedCAFile = overridenCAFile expectedCAFile = overridenCAFile
...@@ -592,6 +619,9 @@ func TestInClusterClientConfigPrecedence(t *testing.T) { ...@@ -592,6 +619,9 @@ func TestInClusterClientConfigPrecedence(t *testing.T) {
if clientConfig.BearerToken != expectedToken { if clientConfig.BearerToken != expectedToken {
t.Errorf("Expected token %v, got %v", expectedToken, clientConfig.BearerToken) t.Errorf("Expected token %v, got %v", expectedToken, clientConfig.BearerToken)
} }
if clientConfig.BearerTokenFile != expectedTokenFile {
t.Errorf("Expected tokenfile %v, got %v", expectedTokenFile, clientConfig.BearerTokenFile)
}
if clientConfig.TLSClientConfig.CAFile != expectedCAFile { if clientConfig.TLSClientConfig.CAFile != expectedCAFile {
t.Errorf("Expected Certificate Authority %v, got %v", expectedCAFile, clientConfig.TLSClientConfig.CAFile) t.Errorf("Expected Certificate Authority %v, got %v", expectedCAFile, clientConfig.TLSClientConfig.CAFile)
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment