Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expose all auth-provider config keys #1093

Open
tewe opened this issue Aug 5, 2021 · 21 comments
Open

Expose all auth-provider config keys #1093

tewe opened this issue Aug 5, 2021 · 21 comments
Assignees
@mpuckett159
Labels
kind/feature Categorizes issue or PR as related to a new feature. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. priority/backlog Higher priority than priority/awaiting-more-evidence.

Comments

@tewe
Copy link

tewe commented Aug 5, 2021

kubectl config unset users.foo.auth-provider.azure.refresh-token dies with "error: unable to parse one or more field values" because pkg/cmd/config/navigation_step_parser.go cannot deal with pointers and *AuthProviderConfig is one.

What would you like to be added:

Allow kubectl config to un/set any field in the YAML, particularly auth-provider settings.

Why is this needed:

When giving people access to a cluster it is often necessary to deal with authentication issues, and sending them command lines is easier for everybody than instructions on how to edit the kubeconfig by hand.
@tewe tewe added the kind/feature Categorizes issue or PR as related to a new feature. label Aug 5, 2021
@k8s-ci-robot k8s-ci-robot added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label Aug 5, 2021
@tewe
Copy link
Author

tewe commented Aug 5, 2021

#396

@eddiezane
Copy link
Member

/triage accepted
/help

We need to take a look if these types are pulled in by config as a start.

@k8s-ci-robot
Copy link
Contributor

@eddiezane:
This request has been marked as needing help from a contributor.

Please ensure the request meets the requirements listed here.

If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help command.

In response to this:

/triage accepted
/help

We need to take a look if these types are pulled in by config as a start.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Aug 18, 2021
@eddiezane eddiezane mentioned this issue Aug 18, 2021
Closed
@calvin0327
Copy link

calvin0327 commented Sep 26, 2021
edited
Loading

@eddiezane I tried to resolve this issue, the AuthProviderConfig is a Ptr type of struct that define field of Name and Config. there is not a case to corresponding to the type in the switch. can you give me some advice?

@mpuckett159
Copy link
Contributor

mpuckett159 commented Dec 20, 2021
edited
Loading

After some review, this appears (I think) to be an issue with the client-go API rather than kubectl itself. The way that the paths are walked from the config key assumes that the AuthProvider field will be a map[string]*AuthProviderConfig. This is how we get from users.foo to auth-provider even though there is no valid field name in AuthInfo named foo.

Unsure if there should be a workaround for this specific struct in kubectl or if we should be open an issue with client-go repo to update the Config.AuthInfo.AuthProvider field to be a map to a pointer instead of just a raw pointer.

@mpuckett159 mpuckett159 mentioned this issue Jan 4, 2022
Closed
@mpuckett159
Copy link
Contributor

Also of note it looks like ExecConfig (e.g. users.foo.exec.command and similar) suffers the same issue.

@mpuckett159
Copy link
Contributor

mpuckett159 commented Jan 11, 2022
edited
Loading

@tewe Does kubectl config set-credential solve your use case? I think this may be a bit of a confusion in the docs (and maybe just update the error messages to point to the proper commands) here rather than a feature request.

Example:

❯ kubectl config set-credentials test --auth-provider=test --auth-provider-arg=refresh-token=test
User "test" set.

Resulting config:

❯ kubectl config view                                                                            
apiVersion: v1
<OMITTED>
- name: test
  user:
    auth-provider:
      config:
        refresh-token: test
      name: test

@tewe
Copy link
Author

tewe commented Jan 12, 2022

(My solution has been kubelogin)

Can --auth-provider-arg remove a key? Then it should be equivalent.

(In the case of the refresh token, setting it to a bogus value probably has the same effect)

@mpuckett159
Copy link
Contributor

It looks like if you were to use kubectl config set-credentials test --auth-provider=test --auth-provider-arg=refresh-token- (notice the - at the end) it will remove the specified arg key.

@tewe
Copy link
Author

tewe commented Jan 12, 2022

Thanks! I'll leave this open due to the confusing error message.

@mpuckett159 mpuckett159 mentioned this issue Jan 17, 2022
Closed
@eddiezane eddiezane added priority/backlog Higher priority than priority/awaiting-more-evidence. and removed help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. labels Feb 2, 2022
@drop-nicholas
Copy link

I noticed today that kubectl config set-credentials did not permit setting of the interactiveMode field, and kubectl config set users.my-user.exec.interactiveMode "IfAvailable" wouldn't patch it up afterwards.

It would be great to be able to set this field from the CLI.

Are there lists of what can and cannot be set easily available? That would be a nice quality of life improvement to have documented, perhaps in the --help. If this ticket accomplishes all fields, it won't be necessary to do that.

@mpuckett159 mpuckett159 mentioned this issue Jun 5, 2022
Closed
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 23, 2022
@mpuckett159
Copy link
Contributor

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 23, 2022
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Sep 21, 2022
@mpuckett159
Copy link
Contributor

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Sep 21, 2022
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 20, 2022
@mpuckett159
Copy link
Contributor

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 20, 2022
@gswallow
Copy link

Is this still broken? The last pull request seems to have been closed.

@mpuckett159
Copy link
Contributor

Yes, unfortunately this became a rather monumental task. I had something working but it was decided that the sig did not wish to extend the existing dot delimited syntax (which makes sense) and instead we would look to moving to using jsonpath instead. Unfortunately I have not had time to do this and I don't think anyone else has tried to pick it up.

@k8s-triage-robot
Copy link

This issue has not been updated in over 1 year, and should be re-triaged.

You can:

  • Confirm that this issue is still relevant with /triage accepted (org members only)
  • Close this issue with /close

For more details on the triage process, see https://www.kubernetes.dev/docs/guide/issue-triage/

/remove-triage accepted

@k8s-ci-robot k8s-ci-robot added needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. and removed triage/accepted Indicates an issue or PR is ready to be actively worked on. labels Sep 27, 2024
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mpuckett159 mpuckett159

Labels
kind/feature Categorizes issue or PR as related to a new feature. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. priority/backlog Higher priority than priority/awaiting-more-evidence.
Projects
None yet
Milestone
No milestone
8 participants
@tewe @eddiezane @gswallow @mpuckett159 @k8s-ci-robot @calvin0327 @k8s-triage-robot @drop-nicholas