From 00598df45aec683beca41e794b70a3578ce051e3 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Mon, 4 Jun 2018 14:53:28 -0600 Subject: [PATCH 1/3] [AKS] rename admin k8s context so it won't overwite user context --- .../azure/cli/command_modules/acs/custom.py | 10 ++ .../acs/tests/latest/test_custom.py | 101 ++++++++++++++++++ 2 files changed, 111 insertions(+) diff --git a/src/command_modules/azure-cli-acs/azure/cli/command_modules/acs/custom.py b/src/command_modules/azure-cli-acs/azure/cli/command_modules/acs/custom.py index b27004a06c6..77a7107d5cb 100644 --- a/src/command_modules/azure-cli-acs/azure/cli/command_modules/acs/custom.py +++ b/src/command_modules/azure-cli-acs/azure/cli/command_modules/acs/custom.py @@ -996,6 +996,16 @@ def merge_kubernetes_configurations(existing_file, addition_file): existing = load_kubernetes_configuration(existing_file) addition = load_kubernetes_configuration(addition_file) + # rename the admin context so it doesn't overwrite the user context + try: + for ctx in addition['contexts']: + if ctx['context']['user'].startswith('clusterAdmin'): + admin_name = ctx['name'] + '-admin' + addition['current-context'] = ctx['name'] = admin_name + break + except (KeyError, TypeError): + pass + if addition is None: raise CLIError('failed to load additional configuration from {}'.format(addition_file)) diff --git a/src/command_modules/azure-cli-acs/azure/cli/command_modules/acs/tests/latest/test_custom.py b/src/command_modules/azure-cli-acs/azure/cli/command_modules/acs/tests/latest/test_custom.py index 12499726fe2..6668d5cdfbc 100644 --- a/src/command_modules/azure-cli-acs/azure/cli/command_modules/acs/tests/latest/test_custom.py +++ b/src/command_modules/azure-cli-acs/azure/cli/command_modules/acs/tests/latest/test_custom.py @@ -200,6 +200,107 @@ def test_merge_credentials(self): self.assertEqual(merged['users'], ['user1', 'user2']) self.assertEqual(merged['current-context'], obj2['current-context']) + def test_merge_admin_credentials(self): + existing = tempfile.NamedTemporaryFile(delete=False) + existing.close() + addition = tempfile.NamedTemporaryFile(delete=False) + addition.close() + obj1 = { + 'apiVersion': 'v1', + 'clusters': [ + { + 'cluster': { + 'certificate-authority-data': 'certificateauthoritydata1', + 'server': 'https://aztest-aztest-abc123-abcd1234.hcp.eastus.azmk8s.io:443' + }, + 'name': 'aztest' + } + ], + 'contexts': [ + { + 'context': { + 'cluster': 'aztest', + 'user': 'clusterUser_aztest_aztest' + }, + 'name': 'aztest' + } + ], + 'current-context': 'aztest', + 'kind': 'Config', + 'preferences': {}, + 'users': [ + { + 'name': 'clusterUser_aztest_aztest', + 'user': { + 'client-certificate-data': 'clientcertificatedata1', + 'client-key-data': 'clientkeydata1', + 'token': 'token1' + } + } + ] + } + with open(existing.name, 'w+') as stream: + yaml.dump(obj1, stream) + self.addCleanup(os.remove, existing.name) + obj2 = { + 'apiVersion': 'v1', + 'clusters': [ + { + 'cluster': { + 'certificate-authority-data': 'certificateauthoritydata2', + 'server': 'https://aztest-aztest-abc123-abcd1234.hcp.eastus.azmk8s.io:443' + }, + 'name': 'aztest' + } + ], + 'contexts': [ + { + 'context': { + 'cluster': 'aztest', + 'user': 'clusterAdmin_aztest_aztest' + }, + 'name': 'aztest' + } + ], + 'current-context': 'aztest', + 'kind': 'Config', + 'preferences': {}, + 'users': [ + { + 'name': 'clusterAdmin_aztest_aztest', + 'user': { + 'client-certificate-data': 'someclientcertificatedata2', + 'client-key-data': 'someclientkeydata2', + 'token': 'token2' + } + } + ] + } + with open(addition.name, 'w+') as stream: + yaml.dump(obj2, stream) + self.addCleanup(os.remove, addition.name) + + merge_kubernetes_configurations(existing.name, addition.name) + + with open(existing.name, 'r') as stream: + merged = yaml.load(stream) + self.assertEqual(len(merged['clusters']), 2) + self.assertEqual([c['cluster'] for c in merged['clusters']], + [{'certificate-authority-data': 'certificateauthoritydata1', + 'server': 'https://aztest-aztest-abc123-abcd1234.hcp.eastus.azmk8s.io:443'}, + {'certificate-authority-data': 'certificateauthoritydata2', + 'server': 'https://aztest-aztest-abc123-abcd1234.hcp.eastus.azmk8s.io:443'}]) + self.assertEqual(len(merged['contexts']), 2) + self.assertEqual(merged['contexts'], + [{'context': {'cluster': 'aztest', 'user': 'clusterUser_aztest_aztest'}, + 'name': 'aztest'}, + {'context': {'cluster': 'aztest', 'user': 'clusterAdmin_aztest_aztest'}, + 'name': 'aztest-admin'}]) + self.assertEqual(len(merged['users']), 2) + self.assertEqual([u['name'] for u in merged['users']], + ['clusterUser_aztest_aztest', 'clusterAdmin_aztest_aztest']) + self.assertEqual(merged['current-context'], 'aztest-admin') + def test_merge_credentials_missing(self): existing = tempfile.NamedTemporaryFile(delete=False) existing.close() From eca16267335fdde9f455a904e3910c2621874806 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Thu, 7 Jun 2018 14:25:31 -0600 Subject: [PATCH 2/3] Update HISTORY.rst --- src/command_modules/azure-cli-acs/HISTORY.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/src/command_modules/azure-cli-acs/HISTORY.rst b/src/command_modules/azure-cli-acs/HISTORY.rst index 7745a8265fc..63a8a317c40 100644 --- a/src/command_modules/azure-cli-acs/HISTORY.rst +++ b/src/command_modules/azure-cli-acs/HISTORY.rst @@ -6,6 +6,7 @@ Release History 2.0.35 ++++++ * Updated options of `az aks use-dev-spaces` command. Added `--update` support. +* `az aks get-credentials --admin` won't replace the user context in $HOME/.kube/config 2.0.34 ++++++ From a463c37cda2dd816db8ac0fd66d6e70935ca669c Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Mon, 11 Jun 2018 11:00:54 -0600 Subject: [PATCH 3/3] Move try/except handling inside loop --- .../azure-cli-acs/azure/cli/command_modules/acs/custom.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/command_modules/azure-cli-acs/azure/cli/command_modules/acs/custom.py b/src/command_modules/azure-cli-acs/azure/cli/command_modules/acs/custom.py index 77a7107d5cb..4ec3be4dc1a 100644 --- a/src/command_modules/azure-cli-acs/azure/cli/command_modules/acs/custom.py +++ b/src/command_modules/azure-cli-acs/azure/cli/command_modules/acs/custom.py @@ -997,14 +997,14 @@ def merge_kubernetes_configurations(existing_file, addition_file): addition = load_kubernetes_configuration(addition_file) # rename the admin context so it doesn't overwrite the user context - try: - for ctx in addition['contexts']: + for ctx in addition.get('contexts', []): + try: if ctx['context']['user'].startswith('clusterAdmin'): admin_name = ctx['name'] + '-admin' addition['current-context'] = ctx['name'] = admin_name break - except (KeyError, TypeError): - pass + except (KeyError, TypeError): + continue if addition is None: raise CLIError('failed to load additional configuration from {}'.format(addition_file))