98 lines
4.1 KiB
Python
98 lines
4.1 KiB
Python
# Copyright 2020 AT&T Intellectual Property. All other rights reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
from kubeconfig import KubeConfig
|
|
|
|
class KubeCfg(KubeConfig):
|
|
"""This class inherits from the KubeConfig module. It overides the
|
|
|
|
set_credentials method to add the user exec parameters to the kube config
|
|
file that is generated.
|
|
"""
|
|
|
|
def set_credentials(
|
|
self,
|
|
name,
|
|
auth_provider=None,
|
|
auth_provider_args=None,
|
|
client_certificate=None,
|
|
client_key=None,
|
|
embed_certs=None,
|
|
password=None,
|
|
token=None,
|
|
username=None,
|
|
exec_command=None,
|
|
exec_api_version=None,
|
|
exec_arg=None,
|
|
exec_env=None):
|
|
"""Creates or updates a ``user`` entry under the ``users`` entry.
|
|
|
|
In the case where you are updating an existing user, only the optional
|
|
keyword args that you pass in will be updated on the entry.
|
|
|
|
:param str name: The name of the user to add or update.
|
|
:param str auth_provider: The auth provider name to use. For example,
|
|
``oidc``, ``gcp``, etc.
|
|
:param dict auth_provider_args: Some providers support extra config
|
|
params, which can be passed in as a flat dict.
|
|
:param str client_certificate: Path to your X.509 client cert (if
|
|
using cert auth).
|
|
:param str client_key: Path to your cert's private key (if using
|
|
cert auth).
|
|
:param bool embed_certs: Combined with ``client_certificate``,
|
|
|
|
setting this to ``True`` will cause the cert to be embedded
|
|
directly in the written config. If ``False`` or unspecified,
|
|
the path to the cert will be used instead.
|
|
:param str username: Your username (if using basic auth).
|
|
:param str password: Your user's password (if using basic auth).
|
|
:param str token: Your private token (if using token auth).
|
|
:param str exec_command: The command executable name to use. For
|
|
example, ``client-keystone-auth``
|
|
:param str exec_api_version: The api version to use. For example,
|
|
``client.authentication.k8s.io/v1beta1``
|
|
"""
|
|
flags = []
|
|
if auth_provider is not None:
|
|
flags += ['--auth-provider=%s' % auth_provider]
|
|
if auth_provider_args is not None:
|
|
arg_pairs = [
|
|
"%s=%s" % (k, v) for k, v in auth_provider_args.items()
|
|
]
|
|
for arg_pair in arg_pairs:
|
|
flags += ['--auth-provider-arg=%s' % arg_pair]
|
|
if client_certificate is not None:
|
|
flags += ['--client-certificate=%s' % client_certificate]
|
|
if client_key is not None:
|
|
flags += ['--client-key=%s' % client_key]
|
|
if embed_certs is not None:
|
|
flags += ['--embed-certs=%s' % self._bool_to_cli_str(embed_certs)]
|
|
if password is not None:
|
|
flags += ['--password=%s' % password]
|
|
if token is not None:
|
|
flags += ['--token=%s' % token]
|
|
if username is not None:
|
|
flags += ['--username=%s' % username]
|
|
if exec_command is not None:
|
|
flags += ['--exec-command=%s' % exec_command]
|
|
if exec_api_version is not None:
|
|
flags += ['--exec-api-version=%s' % exec_api_version]
|
|
if exec_arg is not None:
|
|
flags += ['--exec-arg=%s' % exec_arg]
|
|
if exec_env is not None:
|
|
arg_pairs = ["%s=%s" % (k, v) for k, v in exec_env.items()]
|
|
for arg_pair in arg_pairs:
|
|
flags += ['--exec-env=%s' % arg_pair]
|
|
self._run_kubectl_config('set-credentials', name, *flags)
|