Merge pull request kubernetes#5454 from jlowdermilk/get-password

Make get-password robust against invalid kubeconfig entries
duda · Mar 13, 2015 · 0948cb7 · 0948cb7
2 parents 22f3062 + 8fef6fb
commit 0948cb7
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 7 deletions.
diff --git a/cluster/common.sh b/cluster/common.sh
@@ -73,3 +73,31 @@ function clear-kubeconfig() {
 
   echo "Cleared config for ${CONTEXT} from ${KUBECONFIG}"
 }
+
+# Gets username, password for the current-context in kubeconfig, if they exist.
+# Assumed vars:
+#   KUBECONFIG  # if unset, defaults to global
+#
+# Vars set:
+#   KUBE_USER
+#   KUBE_PASSWORD
+#
+# KUBE_USER,KUBE_PASSWORD will be empty if no current-context is set, or
+# the current-context user does not exist or contain basicauth entries.
+function get-kubeconfig-basicauth() {
+  # Templates to safely extract the username,password for the current-context
+  # user.  The long chain of 'with' commands avoids indexing nil if any of the
+  # entries ("current-context", "contexts"."current-context", "users", etc)
+  # is missing.
+  # Note: we save dot ('.') to $root because the 'with' action overrides it.
+  # See http://golang.org/pkg/text/template/.
+  local username='{{$root := .}}{{with index $root "current-context"}}{{with index $root "contexts" .}}{{with index . "user"}}{{with index $root "users" .}}{{index . "username"}}{{end}}{{end}}{{end}}{{end}}'
+  local password='{{$root := .}}{{with index $root "current-context"}}{{with index $root "contexts" .}}{{with index . "user"}}{{with index $root "users" .}}{{index . "password"}}{{end}}{{end}}{{end}}{{end}}'
+  KUBE_USER=$("${KUBE_ROOT}/cluster/kubectl.sh" config view -o template --template="${username}")
+  KUBE_PASSWORD=$("${KUBE_ROOT}/cluster/kubectl.sh" config view -o template --template="${password}")
+  # Handle empty/missing username|password
+  if [[ "${KUBE_USER}" == '<no value>' || "$KUBE_PASSWORD" == '<no value>' ]]; then
+    KUBE_USER=''
+    KUBE_PASSWORD=''
+  fi
+}
diff --git a/cluster/gce/util.sh b/cluster/gce/util.sh
@@ -226,7 +226,7 @@ function detect-master () {
 }
 
 # Ensure that we have a password created for validating to the master.  Will
-# read from the kubernetes auth-file for the current context if available.
+# read from kubeconfig for the current context if available.
 #
 # Assumed vars
 #   KUBE_ROOT
@@ -235,12 +235,7 @@ function detect-master () {
 #   KUBE_USER
 #   KUBE_PASSWORD
 function get-password {
-  # templates to extract the username,password for the current-context user
-  # Note: we save dot ('.') to $dot because the 'with' action overrides dot
-  local username='{{$dot := .}}{{with $ctx := index $dot "current-context"}}{{$user := index $dot "contexts" $ctx "user"}}{{index $dot "users" $user "username"}}{{end}}'
-  local password='{{$dot := .}}{{with $ctx := index $dot "current-context"}}{{$user := index $dot "contexts" $ctx "user"}}{{index $dot "users" $user "password"}}{{end}}'
-  KUBE_USER=$("${KUBE_ROOT}/cluster/kubectl.sh" config view -o template --template="${username}")
-  KUBE_PASSWORD=$("${KUBE_ROOT}/cluster/kubectl.sh" config view -o template --template="${password}")
+  get-kubeconfig-basicauth
   if [[ -z "${KUBE_USER}" || -z "${KUBE_PASSWORD}" ]]; then
     KUBE_USER=admin
     KUBE_PASSWORD=$(python -c 'import string,random; print "".join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(16))')