Merge pull request #13 from brendandburns/creds

Update credentials for more valid values.

Author: brendandburns

examples/simple/PodList.cs

@@ -10,11 +10,15 @@ static void Main(string[] args)
         {
             var k8sClientConfig = new KubernetesClientConfiguration();
             IKubernetes client = new Kubernetes(k8sClientConfig);
+            Console.WriteLine("Starting Request!");
             var listTask = client.ListNamespacedPodWithHttpMessagesAsync("default").Result;
             var list = listTask.Body;
             foreach (var item in list.Items) {
                 Console.WriteLine(item.Metadata.Name);
             }
+            if (list.Items.Count == 0) {
+                Console.WriteLine("Empty!");
+            }
         }
     }
 }

examples/simple/simple.csproj

@@ -8,7 +8,7 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>netcoreapp1.1</TargetFramework>
+    <TargetFramework>netcoreapp2.0</TargetFramework>
   </PropertyGroup>
 
 </Project>

src/KubeConfigModels/ClusterEndpoint.cs

@@ -4,6 +4,9 @@
 
     public class ClusterEndpoint
     {
+        [YamlMember(Alias = "certificate-authority")]
+        public string CertificateAuthority {get; set; }
+
         [YamlMember(Alias = "certificate-authority-data")]
         public string CertificateAuthorityData { get; set; }
 

src/KubeConfigModels/K8SConfiguration.cs

@@ -8,6 +8,9 @@
     /// </summary>
     public class K8SConfiguration
     {
+        [YamlMember(Alias = "preferences")]
+        public IDictionary<string, object> preferences{ get; set; }
+
         [YamlMember(Alias = "apiVersion")]
         public string ApiVersion { get; set; }
 

src/KubeConfigModels/UserCredentials.cs

@@ -1,5 +1,6 @@
 namespace k8s.KubeConfigModels
 {
+    using System.Collections.Generic;
     using YamlDotNet.RepresentationModel;
     using YamlDotNet.Serialization;
 
@@ -8,9 +9,15 @@ public class UserCredentials
         [YamlMember(Alias = "client-certificate-data")]
         public string ClientCertificateData { get; set; }
 
+        [YamlMember(Alias = "client-certificate")]
+        public string ClientCertificate { get; set; }
+
         [YamlMember(Alias = "client-key-data")]
         public string ClientKeyData { get; set; }
 
+        [YamlMember(Alias = "client-key")]
+        public string ClientKey { get; set; }
+
         [YamlMember(Alias = "token")]
         public string Token { get; set; }
 
@@ -19,5 +26,8 @@ public class UserCredentials
 
         [YamlMember(Alias = "password")]
         public string Password { get; set; }
+
+        [YamlMember(Alias = "auth-provider")]
+        public Dictionary<string, dynamic> AuthProvider { get; set; }
     }
 }

src/Kubernetes.Auth.cs

@@ -21,7 +21,7 @@ public Kubernetes(KubernetesClientConfiguration config)
         {
             this.Initialize();
 
-            this.CaCert = Utils.Base64Decode(config.SslCaCert);
+            this.CaCert = config.SslCaCert;
             this.BaseUri = new Uri(config.Host);
 
             // ssl cert validation
@@ -45,7 +45,7 @@ public Kubernetes(KubernetesClientConfiguration config)
             this.InitializeHttpClient(handler);
         }
 
-        private string CaCert { get; set; }
+        private X509Certificate2 CaCert { get; set; }
 
         /// <summary>
         /// Set credentials for the Client
@@ -65,7 +65,10 @@ private async Task SetCredentialsAsync(KubernetesClientConfiguration config, Htt
                 this.Credentials = new KubernetesClientCredentials(config.Username, config.Password);
             }
             // othwerwise set handler for clinet cert based auth
-            else if (!string.IsNullOrWhiteSpace(config.ClientCertificateData) && !string.IsNullOrWhiteSpace(config.ClientCertificateKey))
+            else if ((!string.IsNullOrWhiteSpace(config.ClientCertificateData) ||
+                      !string.IsNullOrWhiteSpace(config.ClientCertificate)) &&
+                     (!string.IsNullOrWhiteSpace(config.ClientCertificateKey) ||
+                      !string.IsNullOrWhiteSpace(config.ClientKey)))
             {
                 var pfxFilePath = await Utils.GeneratePfxAsync(config).ConfigureAwait(false);
                 if (string.IsNullOrWhiteSpace(pfxFilePath))
@@ -110,7 +113,7 @@ private bool CertificateValidationCallBack(
                 chain0.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
 
                 // add all your extra certificate chain
-                chain0.ChainPolicy.ExtraStore.Add(new X509Certificate2(System.Text.Encoding.UTF8.GetBytes(this.CaCert)));
+                chain0.ChainPolicy.ExtraStore.Add(this.CaCert);
                 chain0.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;
                 var isValid = chain0.Build((X509Certificate2)certificate);
                 return isValid;

src/KubernetesClientConfiguration.cs

@@ -3,6 +3,7 @@ namespace k8s
     using System;
     using System.IO;
     using System.Linq;
+    using System.Security.Cryptography.X509Certificates;
     using k8s.Exceptions;
     using k8s.KubeConfigModels;
     using YamlDotNet.Serialization;
@@ -49,7 +50,7 @@ public KubernetesClientConfiguration(FileInfo kubeconfig = null, string currentC
         /// <summary>
         /// Gets SslCaCert
         /// </summary>
-        public string SslCaCert { get; private set; }
+        public X509Certificate2 SslCaCert { get; private set; }
 
         /// <summary>
         /// Gets ClientCertificateData
@@ -61,6 +62,16 @@ public KubernetesClientConfiguration(FileInfo kubeconfig = null, string currentC
         /// </summary>
         public string ClientCertificateKey { get; private set; }
 
+        /// <summary>
+        /// Gets ClientCertificate filename
+        /// </summary>
+        public string ClientCertificate { get; private set; }
+
+        /// <summary>
+        /// Gets ClientCertificate Key filename
+        /// </summary>
+        public string ClientKey { get; private set; }
+
         /// <summary>
         /// Gets a value indicating whether to skip ssl server cert validation
         /// </summary>
@@ -145,13 +156,20 @@ private void Initialize(K8SConfiguration k8SConfig, string currentContext = null
                 }
 
                 if (!clusterDetails.ClusterEndpoint.SkipTlsVerify &&
-                    string.IsNullOrWhiteSpace(clusterDetails.ClusterEndpoint.CertificateAuthorityData))
+                    string.IsNullOrWhiteSpace(clusterDetails.ClusterEndpoint.CertificateAuthorityData) &&
+                    string.IsNullOrWhiteSpace(clusterDetails.ClusterEndpoint.CertificateAuthority))
                 {
-                    throw new KubeConfigException($"certificate-authority-data not found for current-context :{activeContext} in kubeconfig");
+                    throw new KubeConfigException($"neither certificate-authority-data nor certificate-authority not found for current-context :{activeContext} in kubeconfig");
                 }
 
                 this.Host = clusterDetails.ClusterEndpoint.Server;
-                this.SslCaCert = clusterDetails.ClusterEndpoint.CertificateAuthorityData;
+                if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthorityData)) {
+                    string data = clusterDetails.ClusterEndpoint.CertificateAuthorityData;
+                    this.SslCaCert = new X509Certificate2(System.Text.Encoding.UTF8.GetBytes(Utils.Base64Decode(data)));
+                }
+                else if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthority)) {
+                    this.SslCaCert = new X509Certificate2(clusterDetails.ClusterEndpoint.CertificateAuthority, null);
+                }
                 this.SkipTlsVerify = clusterDetails.ClusterEndpoint.SkipTlsVerify;
             }
             else
@@ -202,6 +220,13 @@ private void SetUserDetails(User userDetails)
                 userCredentialsFound = true;
             }
 
+            if (!string.IsNullOrWhiteSpace(userDetails.UserCredentials.ClientCertificate) &&
+                !string.IsNullOrWhiteSpace(userDetails.UserCredentials.ClientKey)) {
+                this.ClientCertificate = userDetails.UserCredentials.ClientCertificate;
+                this.ClientKey = userDetails.UserCredentials.ClientKey;
+                userCredentialsFound = true;
+            }
+
             if (!userCredentialsFound)
             {
                 throw new KubeConfigException($"User: {userDetails.Name} does not have appropriate auth credentials in kube config");

src/Utils.cs

@@ -45,23 +45,35 @@ public static async Task<string> GeneratePfxAsync(KubernetesClientConfiguration
             var certDirPath = Path.Combine(userHomeDir, ".k8scerts");
             Directory.CreateDirectory(certDirPath);
 
+            var keyFilePath = "";
+            var certFilePath = "";
+
             var filePrefix = config.CurrentContext;
-            var keyFilePath = Path.Combine(certDirPath, filePrefix + "key");
-            var certFilePath = Path.Combine(certDirPath, filePrefix + "cert");
             var pfxFilePath = Path.Combine(certDirPath, filePrefix + "pfx");
-
-            using (FileStream fs = File.Create(keyFilePath))
-            {
-                byte[] info = Convert.FromBase64String(config.ClientCertificateKey);
-                await fs.WriteAsync(info, 0, info.Length).ConfigureAwait(false);
+            if (!string.IsNullOrWhiteSpace(config.ClientCertificateKey)) {
+                keyFilePath = Path.Combine(certDirPath, filePrefix + "key");
+                using (FileStream fs = File.Create(keyFilePath))
+                {
+                    byte[] info = Convert.FromBase64String(config.ClientCertificateKey);
+                    await fs.WriteAsync(info, 0, info.Length).ConfigureAwait(false);
+                }
             }
-
-            using (FileStream fs = File.Create(certFilePath))
-            {
-                byte[] info = Convert.FromBase64String(config.ClientCertificateData);
-                await fs.WriteAsync(info, 0, info.Length).ConfigureAwait(false);
+            if (!string.IsNullOrWhiteSpace(config.ClientKey)) {
+                keyFilePath = config.ClientKey;
             }
 
+            if (!string.IsNullOrWhiteSpace(config.ClientCertificateData)) {
+                certFilePath = Path.Combine(certDirPath, filePrefix + "cert");
+    
+                using (FileStream fs = File.Create(certFilePath))
+                {
+                    byte[] info = Convert.FromBase64String(config.ClientCertificateData);
+                    await fs.WriteAsync(info, 0, info.Length).ConfigureAwait(false);
+                }
+            }
+            if (!string.IsNullOrWhiteSpace(config.ClientCertificate)) {
+                certFilePath = config.ClientCertificate;
+            }
             var process = new Process();
             process.StartInfo = new ProcessStartInfo()
             {

tests/KubernetesClientConfigurationTests.cs

@@ -8,6 +8,11 @@ namespace k8s.Tests
     public class KubernetesClientConfigurationTests
     {
 
+        public static string readLine(string fileName) {
+            StreamReader reader = new StreamReader(new FileStream(fileName,  FileMode.Open, FileAccess.Read));
+            return reader.ReadLine();
+        }
+
         /// <summary>
         /// This file contains a sample kubeconfig file
         /// </summary>
@@ -110,16 +115,33 @@ public void ContextUserTokenTest(string context, string token)
         /// <param name="clientCertData">'client-certificate-data' node content</param>
         /// <param name="clientCertKey">'client-key-data' content</param>
         [Theory]
-        [InlineData("federal-context", "path/to/my/client/cert" ,"path/to/my/client/key")]
-        public void ContextCertificateTest(string context, string clientCertData, string clientCertKey)
+        [InlineData("federal-context", "assets/client.crt" ,"assets/client.key")]
+        public void ContextCertificateTest(string context, string clientCert, string clientCertKey)
+        {
+            var fi = new FileInfo(kubeConfigFileName);
+            var cfg = new KubernetesClientConfiguration(fi, context);
+            Assert.Equal(context, cfg.CurrentContext);
+            Assert.Equal(cfg.ClientCertificate, clientCert);
+            Assert.Equal(cfg.ClientKey, clientCertKey);
+        }
+
+        /// <summary>
+        /// Checks if certificate-based authentication is loaded properly from the config file, per context
+        /// </summary>
+        /// <param name="context">Context to retreive the configuration</param>
+        [Theory]
+        [InlineData("victorian-context")]
+        public void ClientDataTest(string context)
         {
             var fi = new FileInfo(kubeConfigFileName);
             var cfg = new KubernetesClientConfiguration(fi, context);
             Assert.Equal(context, cfg.CurrentContext);
-            Assert.Equal(cfg.ClientCertificateData, clientCertData);
-            Assert.Equal(cfg.ClientCertificateKey, clientCertKey);
+            Assert.NotNull(cfg.SslCaCert);
+            Assert.Equal(readLine("assets/client-certificate-data.txt"), cfg.ClientCertificateData);
+            Assert.Equal(readLine("assets/client-key-data.txt"), cfg.ClientCertificateKey);
         }
 
+
         /// <summary>
         /// Test that an Exception is thrown when initializating a KubernetClientConfiguration whose config file Context is not present
         /// </summary>

tests/assets/ca-data.txt

@@ -0,0 +1 @@
+LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURERENDQWZTZ0F3SUJBZ0lSQUo5ZCtLeThkTDJVSzRjdXplMmo2WnN3RFFZSktvWklodmNOQVFFTEJRQXcKTHpFdE1Dc0dBMVVFQXhNa1lXRTBZVFV3T0RZdE0yVm1aaTAwWWpCa0xUbGxORGt0WmpNeVpXWXpabUpqWWpNNApNQjRYRFRFM01ESXlOakExTURRek5Gb1hEVEl5TURJeU5UQTFNRFF6TkZvd0x6RXRNQ3NHQTFVRUF4TWtZV0UwCllUVXdPRFl0TTJWbVppMDBZakJrTFRsbE5Ea3Raak15WldZelptSmpZak00TUlJQklqQU5CZ2txaGtpRzl3MEIKQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBM2dkandhdHNsdCsvQVpqV3hmbkNQeGZqMzNHUUxlOU00VU42VmEwRQpKd0FYL2R3L1ZVa0dvVjlDc3NKRUZMdEdTUnM2K2h0RTEvOUN3ak1USDh2WExKcURHTE9KdFQ5dW9sR2c2Q2k1ClBKNDNKelVLWmJlYVE4Z3hhZndzQjdQU05vTTJOYzROVm9lZzBVTUw0bndGeEhXeTNYWHlFZ0QxTWxTUnVrb3oKTTNoRUVxUjJNVFdrNm9KK3VJNFF4WVZWMnZuWXdXaEJwUDlDR3RWUTlyUW9MVFowcmFpOCtDYURBMVltTWRhbQpRYUVPdURlSFRqU2FYM2dyR0FBVVFWNWl6MC9qVVBuK3lJNm1iV0trbzFzNytPY1dZR2F1aDFaMzFYSjJsc0RTCnU4a3F0d215UEcyUVl2aUQ4YjNOWFAyY0dRK2EwZlpRZnBrbTF0U3IxQnhhaXdJREFRQUJveU13SVRBT0JnTlYKSFE4QkFmOEVCQU1DQWdRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQQpuVzFXVXlLbVJ0TlNzU1VzVFBSUnhFRzhhek9kdjdYeUhRL0R5VWNqWm9rUEJVVHY4VjdvNG96RHgyVHV6UEdYCmZ2YlMvT2g0VDd6ZlYxdjJadmU3dTBxelNiRTl5OGpsaDNxYXJEcEd5ZmlTamwycmhIOFBmay9sZGR0VFpVL04KSkVtYW5ReGl6R20xV2pCSklRSE5LZENneVIwN3A1c0MwNnR3K25YUytla1MxMlBUTG45WjBuRDBKVDdQSzRXQgpQc3ZXeDVXN0w5dnJIdVN5SGRSTkt5eEEvbWI1WHdXMDBkZUpmaHZub0p3ZWRYNDVKZVRiME5MczUzaURqVEU1CnRpdU03Z1RVSjlCcGZTL0gvYSt2SmovVWQ2bHM0QndrWmpUNHNhOTA1bnNzdnRqamlwZ1N5a0QzVkxCQ3VueTkKd1NnbE1vSnZNWmg0bC9FVFJPeFE3Zz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K