Fix interactivity in auth exec (#1083)

* Fix interactivity in auth exec

Signed-off-by: armandpicard <[email protected]>

* Add derive Eq for test

Signed-off-by: armandpicard <[email protected]>

* Update kube-client/src/client/auth/mod.rs

Co-authored-by: kazk <[email protected]>
Signed-off-by: Eirik A <[email protected]>

Signed-off-by: armandpicard <[email protected]>
Signed-off-by: Eirik A <[email protected]>
Co-authored-by: Eirik A <[email protected]>
Co-authored-by: kazk <[email protected]>

Author: 3 people

kube-client/src/client/auth/mod.rs

@@ -18,7 +18,7 @@ use thiserror::Error;
 use tokio::sync::{Mutex, RwLock};
 use tower::{filter::AsyncPredicate, BoxError};
 
-use crate::config::{AuthInfo, AuthProviderConfig, ExecConfig};
+use crate::config::{AuthInfo, AuthProviderConfig, ExecConfig, ExecInteractiveMode};
 
 #[cfg(feature = "oauth")] mod oauth;
 #[cfg(feature = "oauth")] pub use oauth::Error as OAuthError;
@@ -66,6 +66,10 @@ pub enum Error {
     #[error("failed to parse auth exec output: {0}")]
     AuthExecParse(#[source] serde_json::Error),
 
+    /// Fail to serialize input
+    #[error("failed to serialize input: {0}")]
+    AuthExecSerialize(#[source] serde_json::Error),
+
     /// Failed to exec auth
     #[error("failed exec auth: {0}")]
     AuthExec(String),
@@ -461,13 +465,17 @@ pub struct ExecCredential {
     #[serde(rename = "apiVersion")]
     pub api_version: Option<String>,
     pub spec: Option<ExecCredentialSpec>,
+    #[serde(skip_serializing_if = "Option::is_none")]
     pub status: Option<ExecCredentialStatus>,
 }
 
 /// ExecCredenitalSpec holds request and runtime specific information provided
 /// by transport.
 #[derive(Clone, Debug, Serialize, Deserialize)]
-pub struct ExecCredentialSpec {}
+pub struct ExecCredentialSpec {
+    #[serde(skip_serializing_if = "Option::is_none")]
+    interactive: Option<bool>,
+}
 
 /// ExecCredentialStatus holds credentials for the transport to use.
 #[derive(Clone, Debug, Serialize, Deserialize)]
@@ -500,6 +508,25 @@ fn auth_exec(auth: &ExecConfig) -> Result<ExecCredential, Error> {
         cmd.envs(envs);
     }
 
+    let interactive = auth.interactive_mode != Some(ExecInteractiveMode::Never);
+    if interactive {
+        cmd.stdin(std::process::Stdio::inherit());
+    } else {
+        cmd.stdin(std::process::Stdio::piped());
+    }
+
+    // Provide exec info to child process
+    let exec_info = serde_json::to_string(&ExecCredential {
+        api_version: auth.api_version.clone(),
+        kind: None,
+        spec: Some(ExecCredentialSpec {
+            interactive: Some(interactive),
+        }),
+        status: None,
+    })
+    .map_err(Error::AuthExecSerialize)?;
+    cmd.env("KUBERNETES_EXEC_INFO", exec_info);
+
     if let Some(envs) = &auth.drop_env {
         for env in envs {
             cmd.env_remove(env);

kube-client/src/config/file_config.rs

@@ -255,6 +255,23 @@ pub struct ExecConfig {
     /// It has been suggested in client-go via https://github.com/kubernetes/client-go/issues/1177
     #[serde(skip)]
     pub drop_env: Option<Vec<String>>,
+
+    /// Interative mode of the auth plugins
+    #[serde(rename = "interactiveMode")]
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub interactive_mode: Option<ExecInteractiveMode>,
+}
+
+/// ExecInteractiveMode define the interactity of the child process
+#[derive(Clone, Debug, Serialize, Deserialize, PartialEq)]
+#[cfg_attr(test, derive(Eq))]
+pub enum ExecInteractiveMode {
+    /// Never get interactive
+    Never,
+    /// If available et interactive
+    IfAvailable,
+    /// Alwayes get interactive
+    Always,
 }
 
 /// NamedContext associates name with context.

kube-client/src/config/mod.rs

@@ -401,8 +401,8 @@ const DEFAULT_READ_TIMEOUT: Duration = Duration::from_secs(295);
 
 // Expose raw config structs
 pub use file_config::{
-    AuthInfo, AuthProviderConfig, Cluster, Context, ExecConfig, Kubeconfig, NamedAuthInfo, NamedCluster,
-    NamedContext, NamedExtension, Preferences,
+    AuthInfo, AuthProviderConfig, Cluster, Context, ExecConfig, ExecInteractiveMode, Kubeconfig,
+    NamedAuthInfo, NamedCluster, NamedContext, NamedExtension, Preferences,
 };
 
 #[cfg(test)]