Bug 1944581: Preserve AuthInfo when switching projects

[feichashao]

This is a possible fix for #647

Before this patch, if the openshift cluster is behind a cluster proxy (eg. kubectl proxy), and the authentication method is not token, oc project <project-name> will create a new user in kubeconfig, with blank info. This will lead to further oc commands return authentication error.

- name: system:serviceaccount:openshift-xxxx-xxxx:xxxxx
  user: {}

With this patch, when oc project <project-name> creating a new kubeconfig, it will preserve all the AuthInfo from RESTConfig, so that it won't break the customized settings.

- name: system:serviceaccount:openshift-xxxxx-xxxx/xxx-xxx-xxxx-xxxxx-xxxx-xx-xxxx-com:443
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      args:
      - /home/xxx/.kube/xxx-token
      command: bash
      env:
      - name: OCM_CONFIG
        value: /home/xxx/.xxxx.xxxx.stg
      provideClusterInfo: false

clientcmdapi will handle the null pointer and null strings, so it won't break the existing oc login or oc project mechanism.

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: feichashao
To complete the pull request process, please assign soltysh after the PR has been reviewed.
You can assign the PR to them by writing /assign @soltysh in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[soltysh]

/retest

[wanghaoran1988]

/retest

[wanghaoran1988]

/retest

[feichashao]

/retest

[feichashao]

The ci/prow/e2e-agnostic-cmd failure is pretty common accross other PRs, so i think it is not related to this PR change.

The first commit preserves Impersonate + Exec + tokenfile to kubeconfig when swithing projects.
f826dc2

The second commit remove the presevation of Impersonate, because users/automated-scripts might use oc --as=<someone> to switch project. If we put the Impersonate info into kubeconfig when switch projects, it is possible to break existing scripts.
d7fd77c

The oc command does not have options for Exec, tokenfile and AuthProvider, so it should be fine to preseve those info when swithing project, without breaking the existing behavior.

[feichashao]

/retest

[feichashao]

Testes passed. @soltysh could you take a look?

[openshift-ci]

@feichashao: This pull request references Bugzilla bug 1944581, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.8.0) matches configured target release for branch (4.8.0)
• bug is in the state NEW, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @zhouying7780

Details

In response to this:

Bug 1944581: Preserve AuthInfo when switching projects

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[soltysh]

This looks good, please squash changes and I'll tag

[cblecker]

/retest

[feichashao]

/retest

[openshift-ci]

@feichashao: The following test failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
ci/prow/e2e-metal-ipi-ovn-ipv6	8062b92	link	/test e2e-metal-ipi-ovn-ipv6

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[feichashao]

/retest

[soltysh]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: feichashao, soltysh

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [soltysh]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@feichashao: All pull requests linked via external trackers have merged:

• openshift/oc#692

Bugzilla bug 1944581 has been moved to the MODIFIED state.

Details

In response to this:

Bug 1944581: Preserve AuthInfo when switching projects

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[wanghaoran1988]

/cherry-pick release-4.7

[openshift-cherrypick-robot]

@wanghaoran1988: new pull request created: #832

Details

In response to this:

/cherry-pick release-4.7

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.