From 5253fd193e9250c2be1e623f467b85cae4fc972b Mon Sep 17 00:00:00 2001 From: armandpicard Date: Thu, 17 Nov 2022 12:18:03 +0100 Subject: [PATCH 1/3] Fix interactivity in auth exec Signed-off-by: armandpicard --- kube-client/src/client/auth/mod.rs | 31 +++++++++++++++++++++++++-- kube-client/src/config/file_config.rs | 16 ++++++++++++++ kube-client/src/config/mod.rs | 4 ++-- 3 files changed, 47 insertions(+), 4 deletions(-) diff --git a/kube-client/src/client/auth/mod.rs b/kube-client/src/client/auth/mod.rs index 76cf97ef1..f226be874 100644 --- a/kube-client/src/client/auth/mod.rs +++ b/kube-client/src/client/auth/mod.rs @@ -17,7 +17,7 @@ use thiserror::Error; use tokio::sync::{Mutex, RwLock}; use tower::{filter::AsyncPredicate, BoxError}; -use crate::config::{AuthInfo, AuthProviderConfig, ExecConfig}; +use crate::config::{AuthInfo, AuthProviderConfig, ExecConfig, ExecInteractiveMode}; #[cfg(feature = "oauth")] mod oauth; #[cfg(feature = "oauth")] pub use oauth::Error as OAuthError; @@ -64,6 +64,10 @@ pub enum Error { #[error("failed to parse auth exec output: {0}")] AuthExecParse(#[source] serde_json::Error), + /// Fail to serialize input + #[error("fail to serialize input: {0}")] + AuthExecSerialize(#[source] serde_json::Error), + /// Failed to exec auth #[error("failed exec auth: {0}")] AuthExec(String), @@ -440,13 +444,17 @@ pub struct ExecCredential { #[serde(rename = "apiVersion")] pub api_version: Option, pub spec: Option, + #[serde(skip_serializing_if = "Option::is_none")] pub status: Option, } /// ExecCredenitalSpec holds request and runtime specific information provided /// by transport. #[derive(Clone, Debug, Serialize, Deserialize)] -pub struct ExecCredentialSpec {} +pub struct ExecCredentialSpec { + #[serde(skip_serializing_if = "Option::is_none")] + interactive: Option, +} /// ExecCredentialStatus holds credentials for the transport to use. #[derive(Clone, Debug, Serialize, Deserialize)] @@ -475,6 +483,25 @@ fn auth_exec(auth: &ExecConfig) -> Result { cmd.envs(envs); } + let interactive = auth.interactive_mode != Some(ExecInteractiveMode::Never); + if interactive { + cmd.stdin(std::process::Stdio::inherit()); + } else { + cmd.stdin(std::process::Stdio::piped()); + } + + // Provide exec info to child process + let exec_info = serde_json::to_string(&ExecCredential { + api_version: auth.api_version.clone(), + kind: None, + spec: Some(ExecCredentialSpec { + interactive: Some(interactive), + }), + status: None, + }) + .map_err(Error::AuthExecSerialize)?; + cmd.env("KUBERNETES_EXEC_INFO", exec_info); + if let Some(envs) = &auth.drop_env { for env in envs { cmd.env_remove(env); diff --git a/kube-client/src/config/file_config.rs b/kube-client/src/config/file_config.rs index 71e96ddbc..0d8da37b8 100644 --- a/kube-client/src/config/file_config.rs +++ b/kube-client/src/config/file_config.rs @@ -249,6 +249,22 @@ pub struct ExecConfig { /// It has been suggested in client-go via https://github.com/kubernetes/client-go/issues/1177 #[serde(skip)] pub drop_env: Option>, + + /// Interative mode of the auth plugins + #[serde(rename = "interactiveMode")] + #[serde(skip_serializing_if = "Option::is_none")] + pub interactive_mode: Option, +} + +/// ExecInteractiveMode define the interactity of the child process +#[derive(Clone, Debug, Serialize, Deserialize, PartialEq)] +pub enum ExecInteractiveMode { + /// Never get interactive + Never, + /// If available et interactive + IfAvailable, + /// Alwayes get interactive + Always, } /// NamedContext associates name with context. diff --git a/kube-client/src/config/mod.rs b/kube-client/src/config/mod.rs index 77ccf4def..ce8b0ada2 100644 --- a/kube-client/src/config/mod.rs +++ b/kube-client/src/config/mod.rs @@ -395,8 +395,8 @@ const DEFAULT_READ_TIMEOUT: Duration = Duration::from_secs(295); // Expose raw config structs pub use file_config::{ - AuthInfo, AuthProviderConfig, Cluster, Context, ExecConfig, Kubeconfig, NamedAuthInfo, NamedCluster, - NamedContext, NamedExtension, Preferences, + AuthInfo, AuthProviderConfig, Cluster, Context, ExecConfig, ExecInteractiveMode, Kubeconfig, + NamedAuthInfo, NamedCluster, NamedContext, NamedExtension, Preferences, }; #[cfg(test)] From c8bc84996409b63d0053d36b19f5b9b0e96c9a8c Mon Sep 17 00:00:00 2001 From: armandpicard Date: Thu, 17 Nov 2022 14:04:35 +0100 Subject: [PATCH 2/3] Add derive Eq for test Signed-off-by: armandpicard --- kube-client/src/config/file_config.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/kube-client/src/config/file_config.rs b/kube-client/src/config/file_config.rs index 0d8da37b8..daf090507 100644 --- a/kube-client/src/config/file_config.rs +++ b/kube-client/src/config/file_config.rs @@ -258,6 +258,7 @@ pub struct ExecConfig { /// ExecInteractiveMode define the interactity of the child process #[derive(Clone, Debug, Serialize, Deserialize, PartialEq)] +#[cfg_attr(test, derive(Eq))] pub enum ExecInteractiveMode { /// Never get interactive Never, From ee502bb0ba4c203e39692f4ac58351c740a0805f Mon Sep 17 00:00:00 2001 From: Eirik A Date: Tue, 29 Nov 2022 14:48:14 +0000 Subject: [PATCH 3/3] Update kube-client/src/client/auth/mod.rs Co-authored-by: kazk Signed-off-by: Eirik A --- kube-client/src/client/auth/mod.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kube-client/src/client/auth/mod.rs b/kube-client/src/client/auth/mod.rs index f226be874..30f6603b5 100644 --- a/kube-client/src/client/auth/mod.rs +++ b/kube-client/src/client/auth/mod.rs @@ -65,7 +65,7 @@ pub enum Error { AuthExecParse(#[source] serde_json::Error), /// Fail to serialize input - #[error("fail to serialize input: {0}")] + #[error("failed to serialize input: {0}")] AuthExecSerialize(#[source] serde_json::Error), /// Failed to exec auth