blob: bfca032847beec8fbc9bb801f178041e348d500a [file] [log] [blame]
Scott Bakere7144bc2019-10-01 14:16:47 -07001/*
2Copyright 2014 The Kubernetes Authors.
3
4Licensed under the Apache License, Version 2.0 (the "License");
5you may not use this file except in compliance with the License.
6You may obtain a copy of the License at
7
8 http://www.apache.org/licenses/LICENSE-2.0
9
10Unless required by applicable law or agreed to in writing, software
11distributed under the License is distributed on an "AS IS" BASIS,
12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13See the License for the specific language governing permissions and
14limitations under the License.
15*/
16
17package clientcmd
18
19import (
20 "strconv"
21 "strings"
22
23 "github.com/spf13/pflag"
24
25 clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
26)
27
28// ConfigOverrides holds values that should override whatever information is pulled from the actual Config object. You can't
29// simply use an actual Config object, because Configs hold maps, but overrides are restricted to "at most one"
30type ConfigOverrides struct {
31 AuthInfo clientcmdapi.AuthInfo
32 // ClusterDefaults are applied before the configured cluster info is loaded.
33 ClusterDefaults clientcmdapi.Cluster
34 ClusterInfo clientcmdapi.Cluster
35 Context clientcmdapi.Context
36 CurrentContext string
37 Timeout string
38}
39
40// ConfigOverrideFlags holds the flag names to be used for binding command line flags. Notice that this structure tightly
41// corresponds to ConfigOverrides
42type ConfigOverrideFlags struct {
43 AuthOverrideFlags AuthOverrideFlags
44 ClusterOverrideFlags ClusterOverrideFlags
45 ContextOverrideFlags ContextOverrideFlags
46 CurrentContext FlagInfo
47 Timeout FlagInfo
48}
49
50// AuthOverrideFlags holds the flag names to be used for binding command line flags for AuthInfo objects
51type AuthOverrideFlags struct {
52 ClientCertificate FlagInfo
53 ClientKey FlagInfo
54 Token FlagInfo
55 Impersonate FlagInfo
56 ImpersonateGroups FlagInfo
57 Username FlagInfo
58 Password FlagInfo
59}
60
61// ContextOverrideFlags holds the flag names to be used for binding command line flags for Cluster objects
62type ContextOverrideFlags struct {
63 ClusterName FlagInfo
64 AuthInfoName FlagInfo
65 Namespace FlagInfo
66}
67
68// ClusterOverride holds the flag names to be used for binding command line flags for Cluster objects
69type ClusterOverrideFlags struct {
70 APIServer FlagInfo
71 APIVersion FlagInfo
72 CertificateAuthority FlagInfo
73 InsecureSkipTLSVerify FlagInfo
74}
75
76// FlagInfo contains information about how to register a flag. This struct is useful if you want to provide a way for an extender to
77// get back a set of recommended flag names, descriptions, and defaults, but allow for customization by an extender. This makes for
78// coherent extension, without full prescription
79type FlagInfo struct {
80 // LongName is the long string for a flag. If this is empty, then the flag will not be bound
81 LongName string
82 // ShortName is the single character for a flag. If this is empty, then there will be no short flag
83 ShortName string
84 // Default is the default value for the flag
85 Default string
86 // Description is the description for the flag
87 Description string
88}
89
90// AddSecretAnnotation add secret flag to Annotation.
91func (f FlagInfo) AddSecretAnnotation(flags *pflag.FlagSet) FlagInfo {
92 flags.SetAnnotation(f.LongName, "classified", []string{"true"})
93 return f
94}
95
96// BindStringFlag binds the flag based on the provided info. If LongName == "", nothing is registered
97func (f FlagInfo) BindStringFlag(flags *pflag.FlagSet, target *string) FlagInfo {
98 // you can't register a flag without a long name
99 if len(f.LongName) > 0 {
100 flags.StringVarP(target, f.LongName, f.ShortName, f.Default, f.Description)
101 }
102 return f
103}
104
105// BindTransformingStringFlag binds the flag based on the provided info. If LongName == "", nothing is registered
106func (f FlagInfo) BindTransformingStringFlag(flags *pflag.FlagSet, target *string, transformer func(string) (string, error)) FlagInfo {
107 // you can't register a flag without a long name
108 if len(f.LongName) > 0 {
109 flags.VarP(newTransformingStringValue(f.Default, target, transformer), f.LongName, f.ShortName, f.Description)
110 }
111 return f
112}
113
114// BindStringSliceFlag binds the flag based on the provided info. If LongName == "", nothing is registered
115func (f FlagInfo) BindStringArrayFlag(flags *pflag.FlagSet, target *[]string) FlagInfo {
116 // you can't register a flag without a long name
117 if len(f.LongName) > 0 {
118 sliceVal := []string{}
119 if len(f.Default) > 0 {
120 sliceVal = []string{f.Default}
121 }
122 flags.StringArrayVarP(target, f.LongName, f.ShortName, sliceVal, f.Description)
123 }
124 return f
125}
126
127// BindBoolFlag binds the flag based on the provided info. If LongName == "", nothing is registered
128func (f FlagInfo) BindBoolFlag(flags *pflag.FlagSet, target *bool) FlagInfo {
129 // you can't register a flag without a long name
130 if len(f.LongName) > 0 {
131 // try to parse Default as a bool. If it fails, assume false
132 boolVal, err := strconv.ParseBool(f.Default)
133 if err != nil {
134 boolVal = false
135 }
136
137 flags.BoolVarP(target, f.LongName, f.ShortName, boolVal, f.Description)
138 }
139 return f
140}
141
142const (
143 FlagClusterName = "cluster"
144 FlagAuthInfoName = "user"
145 FlagContext = "context"
146 FlagNamespace = "namespace"
147 FlagAPIServer = "server"
148 FlagInsecure = "insecure-skip-tls-verify"
149 FlagCertFile = "client-certificate"
150 FlagKeyFile = "client-key"
151 FlagCAFile = "certificate-authority"
152 FlagEmbedCerts = "embed-certs"
153 FlagBearerToken = "token"
154 FlagImpersonate = "as"
155 FlagImpersonateGroup = "as-group"
156 FlagUsername = "username"
157 FlagPassword = "password"
158 FlagTimeout = "request-timeout"
159)
160
161// RecommendedConfigOverrideFlags is a convenience method to return recommended flag names prefixed with a string of your choosing
162func RecommendedConfigOverrideFlags(prefix string) ConfigOverrideFlags {
163 return ConfigOverrideFlags{
164 AuthOverrideFlags: RecommendedAuthOverrideFlags(prefix),
165 ClusterOverrideFlags: RecommendedClusterOverrideFlags(prefix),
166 ContextOverrideFlags: RecommendedContextOverrideFlags(prefix),
167
168 CurrentContext: FlagInfo{prefix + FlagContext, "", "", "The name of the kubeconfig context to use"},
169 Timeout: FlagInfo{prefix + FlagTimeout, "", "0", "The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests."},
170 }
171}
172
173// RecommendedAuthOverrideFlags is a convenience method to return recommended flag names prefixed with a string of your choosing
174func RecommendedAuthOverrideFlags(prefix string) AuthOverrideFlags {
175 return AuthOverrideFlags{
176 ClientCertificate: FlagInfo{prefix + FlagCertFile, "", "", "Path to a client certificate file for TLS"},
177 ClientKey: FlagInfo{prefix + FlagKeyFile, "", "", "Path to a client key file for TLS"},
178 Token: FlagInfo{prefix + FlagBearerToken, "", "", "Bearer token for authentication to the API server"},
179 Impersonate: FlagInfo{prefix + FlagImpersonate, "", "", "Username to impersonate for the operation"},
180 ImpersonateGroups: FlagInfo{prefix + FlagImpersonateGroup, "", "", "Group to impersonate for the operation, this flag can be repeated to specify multiple groups."},
181 Username: FlagInfo{prefix + FlagUsername, "", "", "Username for basic authentication to the API server"},
182 Password: FlagInfo{prefix + FlagPassword, "", "", "Password for basic authentication to the API server"},
183 }
184}
185
186// RecommendedClusterOverrideFlags is a convenience method to return recommended flag names prefixed with a string of your choosing
187func RecommendedClusterOverrideFlags(prefix string) ClusterOverrideFlags {
188 return ClusterOverrideFlags{
189 APIServer: FlagInfo{prefix + FlagAPIServer, "", "", "The address and port of the Kubernetes API server"},
190 CertificateAuthority: FlagInfo{prefix + FlagCAFile, "", "", "Path to a cert file for the certificate authority"},
191 InsecureSkipTLSVerify: FlagInfo{prefix + FlagInsecure, "", "false", "If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure"},
192 }
193}
194
195// RecommendedContextOverrideFlags is a convenience method to return recommended flag names prefixed with a string of your choosing
196func RecommendedContextOverrideFlags(prefix string) ContextOverrideFlags {
197 return ContextOverrideFlags{
198 ClusterName: FlagInfo{prefix + FlagClusterName, "", "", "The name of the kubeconfig cluster to use"},
199 AuthInfoName: FlagInfo{prefix + FlagAuthInfoName, "", "", "The name of the kubeconfig user to use"},
200 Namespace: FlagInfo{prefix + FlagNamespace, "n", "", "If present, the namespace scope for this CLI request"},
201 }
202}
203
204// BindOverrideFlags is a convenience method to bind the specified flags to their associated variables
205func BindOverrideFlags(overrides *ConfigOverrides, flags *pflag.FlagSet, flagNames ConfigOverrideFlags) {
206 BindAuthInfoFlags(&overrides.AuthInfo, flags, flagNames.AuthOverrideFlags)
207 BindClusterFlags(&overrides.ClusterInfo, flags, flagNames.ClusterOverrideFlags)
208 BindContextFlags(&overrides.Context, flags, flagNames.ContextOverrideFlags)
209 flagNames.CurrentContext.BindStringFlag(flags, &overrides.CurrentContext)
210 flagNames.Timeout.BindStringFlag(flags, &overrides.Timeout)
211}
212
213// BindAuthInfoFlags is a convenience method to bind the specified flags to their associated variables
214func BindAuthInfoFlags(authInfo *clientcmdapi.AuthInfo, flags *pflag.FlagSet, flagNames AuthOverrideFlags) {
215 flagNames.ClientCertificate.BindStringFlag(flags, &authInfo.ClientCertificate).AddSecretAnnotation(flags)
216 flagNames.ClientKey.BindStringFlag(flags, &authInfo.ClientKey).AddSecretAnnotation(flags)
217 flagNames.Token.BindStringFlag(flags, &authInfo.Token).AddSecretAnnotation(flags)
218 flagNames.Impersonate.BindStringFlag(flags, &authInfo.Impersonate).AddSecretAnnotation(flags)
219 flagNames.ImpersonateGroups.BindStringArrayFlag(flags, &authInfo.ImpersonateGroups).AddSecretAnnotation(flags)
220 flagNames.Username.BindStringFlag(flags, &authInfo.Username).AddSecretAnnotation(flags)
221 flagNames.Password.BindStringFlag(flags, &authInfo.Password).AddSecretAnnotation(flags)
222}
223
224// BindClusterFlags is a convenience method to bind the specified flags to their associated variables
225func BindClusterFlags(clusterInfo *clientcmdapi.Cluster, flags *pflag.FlagSet, flagNames ClusterOverrideFlags) {
226 flagNames.APIServer.BindStringFlag(flags, &clusterInfo.Server)
227 flagNames.CertificateAuthority.BindStringFlag(flags, &clusterInfo.CertificateAuthority)
228 flagNames.InsecureSkipTLSVerify.BindBoolFlag(flags, &clusterInfo.InsecureSkipTLSVerify)
229}
230
231// BindFlags is a convenience method to bind the specified flags to their associated variables
232func BindContextFlags(contextInfo *clientcmdapi.Context, flags *pflag.FlagSet, flagNames ContextOverrideFlags) {
233 flagNames.ClusterName.BindStringFlag(flags, &contextInfo.Cluster)
234 flagNames.AuthInfoName.BindStringFlag(flags, &contextInfo.AuthInfo)
235 flagNames.Namespace.BindTransformingStringFlag(flags, &contextInfo.Namespace, RemoveNamespacesPrefix)
236}
237
238// RemoveNamespacesPrefix is a transformer that strips "ns/", "namespace/" and "namespaces/" prefixes case-insensitively
239func RemoveNamespacesPrefix(value string) (string, error) {
240 for _, prefix := range []string{"namespaces/", "namespace/", "ns/"} {
241 if len(value) > len(prefix) && strings.EqualFold(value[0:len(prefix)], prefix) {
242 value = value[len(prefix):]
243 break
244 }
245 }
246 return value, nil
247}