From 1ffe70bbeabf6abb8c0e73b35f057ba709f215ac Mon Sep 17 00:00:00 2001 From: Andrew Keesler Date: Tue, 9 Feb 2021 11:17:11 -0500 Subject: [PATCH] cmd/pinniped: delete get-kubeconfig + exchange-token These were deprecated in v0.3.0. Signed-off-by: Andrew Keesler --- cmd/pinniped/cmd/deprecated.go | 140 --------------------------------- cmd/pinniped/cmd/root.go | 10 ++- test/integration/cli_test.go | 12 --- 3 files changed, 9 insertions(+), 153 deletions(-) delete mode 100644 cmd/pinniped/cmd/deprecated.go diff --git a/cmd/pinniped/cmd/deprecated.go b/cmd/pinniped/cmd/deprecated.go deleted file mode 100644 index eeca0d1a..00000000 --- a/cmd/pinniped/cmd/deprecated.go +++ /dev/null @@ -1,140 +0,0 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package cmd - -import ( - "encoding/base64" - "fmt" - "os" - - "github.com/spf13/cobra" - - "go.pinniped.dev/internal/here" - "go.pinniped.dev/internal/plog" -) - -//nolint: gochecknoinits -func init() { - rootCmd.AddCommand(legacyGetKubeconfigCommand(kubeconfigRealDeps())) - rootCmd.AddCommand(legacyExchangeTokenCommand(staticLoginRealDeps())) -} - -func legacyGetKubeconfigCommand(deps kubeconfigDeps) *cobra.Command { - var ( - cmd = &cobra.Command{ - Hidden: true, - Deprecated: "Please use `pinniped get kubeconfig` instead.", - - Args: cobra.NoArgs, // do not accept positional arguments for this command - Use: "get-kubeconfig", - Short: "Print a kubeconfig for authenticating into a cluster via Pinniped", - Long: here.Doc(` - Print a kubeconfig for authenticating into a cluster via Pinniped. - Requires admin-like access to the cluster using the current - kubeconfig context in order to access Pinniped's metadata. - The current kubeconfig is found similar to how kubectl finds it: - using the value of the --kubeconfig option, or if that is not - specified then from the value of the KUBECONFIG environment - variable, or if that is not specified then it defaults to - .kube/config in your home directory. - Prints a kubeconfig which is suitable to access the cluster using - Pinniped as the authentication mechanism. This kubeconfig output - can be saved to a file and used with future kubectl commands, e.g.: - pinniped get-kubeconfig --token $MY_TOKEN > $HOME/mycluster-kubeconfig - kubectl --kubeconfig $HOME/mycluster-kubeconfig get pods - `), - } - token string - kubeconfig string - contextOverride string - namespace string - authenticatorType string - authenticatorName string - apiGroupSuffix string - ) - - cmd.Flags().StringVar(&token, "token", "", "Credential to include in the resulting kubeconfig output (Required)") - cmd.Flags().StringVar(&kubeconfig, "kubeconfig", "", "Path to the kubeconfig file") - cmd.Flags().StringVar(&contextOverride, "kubeconfig-context", "", "Kubeconfig context override") - cmd.Flags().StringVar(&namespace, "pinniped-namespace", "pinniped-concierge", "Namespace in which Pinniped was installed") - cmd.Flags().StringVar(&authenticatorType, "authenticator-type", "", "Authenticator type (e.g., 'webhook', 'jwt')") - cmd.Flags().StringVar(&authenticatorName, "authenticator-name", "", "Authenticator name") - cmd.Flags().StringVar(&apiGroupSuffix, "api-group-suffix", "pinniped.dev", "Concierge API group suffix") - - mustMarkRequired(cmd, "token") - plog.RemoveKlogGlobalFlags() - cmd.RunE = func(cmd *cobra.Command, args []string) error { - return runGetKubeconfig(cmd.OutOrStdout(), deps, getKubeconfigParams{ - kubeconfigPath: kubeconfig, - kubeconfigContextOverride: contextOverride, - staticToken: token, - concierge: getKubeconfigConciergeParams{ - namespace: namespace, - authenticatorName: authenticatorName, - authenticatorType: authenticatorType, - apiGroupSuffix: apiGroupSuffix, - }, - }) - } - return cmd -} - -func legacyExchangeTokenCommand(deps staticLoginDeps) *cobra.Command { - cmd := &cobra.Command{ - Hidden: true, - Deprecated: "Please use `pinniped login static` instead.", - - Args: cobra.NoArgs, // do not accept positional arguments for this command - Use: "exchange-credential", - Short: "Exchange a credential for a cluster-specific access credential", - Long: here.Doc(` - Exchange a credential which proves your identity for a time-limited, - cluster-specific access credential. - Designed to be conveniently used as an credential plugin for kubectl. - See the help message for 'pinniped get-kubeconfig' for more - information about setting up a kubeconfig file using Pinniped. - Requires all of the following environment variables, which are - typically set in the kubeconfig: - - PINNIPED_TOKEN: the token to send to Pinniped for exchange - - PINNIPED_NAMESPACE: the namespace of the authenticator to authenticate - against - - PINNIPED_AUTHENTICATOR_TYPE: the type of authenticator to authenticate - against (e.g., "webhook", "jwt") - - PINNIPED_AUTHENTICATOR_NAME: the name of the authenticator to authenticate - against - - PINNIPED_CA_BUNDLE: the CA bundle to trust when calling - Pinniped's HTTPS endpoint - - PINNIPED_K8S_API_ENDPOINT: the URL for the Pinniped credential - exchange API - For more information about credential plugins in general, see - https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins - `), - } - plog.RemoveKlogGlobalFlags() - cmd.RunE = func(cmd *cobra.Command, args []string) error { - // Make a little helper to grab OS environment variables and keep a list that were missing. - var missing []string - getEnv := func(name string) string { - value, ok := os.LookupEnv(name) - if !ok { - missing = append(missing, name) - } - return value - } - flags := staticLoginParams{ - staticToken: getEnv("PINNIPED_TOKEN"), - conciergeEnabled: true, - conciergeNamespace: getEnv("PINNIPED_NAMESPACE"), - conciergeAuthenticatorType: getEnv("PINNIPED_AUTHENTICATOR_TYPE"), - conciergeAuthenticatorName: getEnv("PINNIPED_AUTHENTICATOR_NAME"), - conciergeEndpoint: getEnv("PINNIPED_K8S_API_ENDPOINT"), - conciergeCABundle: base64.StdEncoding.EncodeToString([]byte(getEnv("PINNIPED_CA_BUNDLE"))), - } - if len(missing) > 0 { - return fmt.Errorf("failed to get credential: required environment variable(s) not set: %v", missing) - } - return runStaticLogin(cmd.OutOrStdout(), deps, flags) - } - return cmd -} diff --git a/cmd/pinniped/cmd/root.go b/cmd/pinniped/cmd/root.go index 8b5d01ae..2b6eb0dc 100644 --- a/cmd/pinniped/cmd/root.go +++ b/cmd/pinniped/cmd/root.go @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package cmd @@ -7,6 +7,8 @@ import ( "os" "github.com/spf13/cobra" + + "go.pinniped.dev/internal/plog" ) //nolint: gochecknoglobals @@ -17,6 +19,12 @@ var rootCmd = &cobra.Command{ SilenceUsage: true, // do not print usage message when commands fail } +//nolint: gochecknoinits +func init() { + // We don't want klog flags showing up in our CLI. + plog.RemoveKlogGlobalFlags() +} + // Execute adds all child commands to the root command and sets flags appropriately. // This is called by main.main(). It only needs to happen once to the rootCmd. func Execute() { diff --git a/test/integration/cli_test.go b/test/integration/cli_test.go index 887c264e..7b33ca37 100644 --- a/test/integration/cli_test.go +++ b/test/integration/cli_test.go @@ -51,18 +51,6 @@ func TestCLIGetKubeconfigStaticToken(t *testing.T) { args []string expectStderr string }{ - { - name: "deprecated command", - args: []string{ - "get-kubeconfig", - "--token", env.TestUser.Token, - "--pinniped-namespace", env.ConciergeNamespace, - "--authenticator-type", "webhook", - "--authenticator-name", authenticator.Name, - "--api-group-suffix", env.APIGroupSuffix, - }, - expectStderr: "Command \"get-kubeconfig\" is deprecated, Please use `pinniped get kubeconfig` instead.\n", - }, { name: "newer command, but still using static parameters", args: []string{