auth: revamp to not use kubectl

mplsgrant · mplsgrant · commit 7ccb072fa98a · 2024-09-18T23:22:01.000-05:00
Also, provide some logic around overwriting existing entries and also provide a warning when the
namepsace is not set.
diff --git a/src/warnet/users.py b/src/warnet/users.py
@@ -1,70 +1,85 @@
-import os
-import subprocess
 import sys
 
 import click
 import yaml
 
+from warnet.constants import KUBECONFIG
+
 
 @click.command()
-@click.argument("kube_config", type=str)
-def auth(kube_config: str) -> None:
-    """
-    Authenticate with a warnet cluster using a kube config file
-    """
-    try:
-        current_kubeconfig = os.environ.get("KUBECONFIG", os.path.expanduser("~/.kube/config"))
-        combined_kubeconfig = (
-            f"{current_kubeconfig}:{kube_config}" if current_kubeconfig else kube_config
-        )
-        os.environ["KUBECONFIG"] = combined_kubeconfig
-        with open(kube_config) as file:
-            content = yaml.safe_load(file)
-            user = content["users"][0]
-            user_name = user["name"]
-            user_token = user["user"]["token"]
-            current_context = content["current-context"]
-        flatten_cmd = "kubectl config view --flatten"
-        result_flatten = subprocess.run(
-            flatten_cmd, shell=True, check=True, capture_output=True, text=True
+@click.argument("auth_config", type=str)
+def auth(auth_config):
+    """Authenticate with a Warnet cluster using a kubernetes config file"""
+    base_config = yaml_try_with_open(KUBECONFIG)
+    auth_config = yaml_try_with_open(auth_config)
+
+    clusters = "clusters"
+    if clusters in auth_config:
+        merge_entries(
+            base_config.setdefault(clusters, []), auth_config[clusters], "name", "cluster"
         )
-    except subprocess.CalledProcessError as e:
-        click.secho("Error occurred while executing kubectl config view --flatten:", fg="red")
-        click.secho(e.stderr, fg="red")
-        sys.exit(1)
 
-    if result_flatten.returncode == 0:
-        with open(current_kubeconfig, "w") as file:
-            file.write(result_flatten.stdout)
-            click.secho(f"Authorization file written to: {current_kubeconfig}", fg="green")
-    else:
-        click.secho("Could not create authorization file", fg="red")
-        click.secho(result_flatten.stderr, fg="red")
-        sys.exit(result_flatten.returncode)
+    users = "users"
+    if users in auth_config:
+        merge_entries(base_config.setdefault(users, []), auth_config[users], "name", "user")
 
-    try:
-        update_cmd = f"kubectl config set-credentials {user_name} --token {user_token}"
-        result_update = subprocess.run(
-            update_cmd, shell=True, check=True, capture_output=True, text=True
+    contexts = "contexts"
+    if contexts in auth_config:
+        merge_entries(
+            base_config.setdefault(contexts, []), auth_config[contexts], "name", "context"
         )
-        if result_update.returncode != 0:
-            click.secho("Could not update authorization file", fg="red")
-            click.secho(result_flatten.stderr, fg="red")
-            sys.exit(result_flatten.returncode)
-    except subprocess.CalledProcessError as e:
-        click.secho("Error occurred while executing kubectl config view --flatten:", fg="red")
-        click.secho(e.stderr, fg="red")
-        sys.exit(1)
 
-    with open(current_kubeconfig) as file:
-        contents = yaml.safe_load(file)
+    new_current_context = auth_config.get("current-context")
+    base_config["current-context"] = new_current_context
 
-    with open(current_kubeconfig, "w") as file:
-        contents["current-context"] = current_context
-        yaml.safe_dump(contents, file)
+    # Check if the new current context has an explicit namespace
+    context_entry = next(
+        (ctx for ctx in base_config["contexts"] if ctx["name"] == new_current_context), None
+    )
+    if context_entry and "namespace" not in context_entry["context"]:
+        click.secho(
+            f"Warning: The context '{new_current_context}' does not have an explicit namespace.",
+            fg="yellow",
+        )
 
-    with open(current_kubeconfig) as file:
+    with open(KUBECONFIG, "w") as file:
+        yaml.safe_dump(base_config, file)
+        click.secho(f"Updated kubeconfig with authorization data: {KUBECONFIG}", fg="green")
+
+    with open(KUBECONFIG) as file:
         contents = yaml.safe_load(file)
         click.secho(
-            f"\nwarnet's current context is now set to: {contents['current-context']}", fg="green"
+            f"Warnet's current context is now set to: {contents['current-context']}", fg="green"
         )
+
+
+def merge_entries(base_list, auth_list, key, entry_type):
+    base_entry_names = {entry[key] for entry in base_list}  # Extract existing names
+    for entry in auth_list:
+        if entry[key] in base_entry_names:
+            if click.confirm(
+                f"The {entry_type} '{entry[key]}' already exists. Overwrite?", default=False
+            ):
+                # Find and replace the existing entry
+                base_list[:] = [e if e[key] != entry[key] else entry for e in base_list]
+                click.secho(f"Overwrote {entry_type} '{entry[key]}'", fg="yellow")
+            else:
+                click.secho(f"Skipped {entry_type} '{entry[key]}'", fg="yellow")
+        else:
+            base_list.append(entry)
+            click.secho(f"Added new {entry_type} '{entry[key]}'", fg="green")
+
+
+def yaml_try_with_open(filename: str):
+    try:
+        with open(filename) as f:
+            return yaml.safe_load(f)
+    except FileNotFoundError:
+        click.secho(f"Could not find: {KUBECONFIG}", fg="red")
+        sys.exit(1)
+    except OSError as e:
+        click.secho(f"An I/O error occurred: {e}", fg="red")
+        sys.exit(1)
+    except Exception as e:
+        click.secho(f"An unexpected error occurred: {e}", fg="red")
+        sys.exit(1)
