Add more test. Rename CredentialProvider to Authentication

Author: lewisheadden

util/src/main/java/io/kubernetes/client/util/ClientBuilder.java

@@ -12,21 +12,19 @@
  */
 package io.kubernetes.client.util;
 
-import io.kubernetes.client.util.credentials.AccessTokenCredentialProvider;
-import io.kubernetes.client.util.credentials.CredentialProvider;
-import io.kubernetes.client.util.credentials.KubeconfigCredentialProvider;
+import io.kubernetes.client.util.credentials.AccessTokenAuthentication;
+import io.kubernetes.client.util.credentials.Authentication;
+import io.kubernetes.client.util.credentials.KubeconfigAuthentication;
 import java.io.ByteArrayInputStream;
 import java.io.File;
-import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.FileReader;
 import java.io.IOException;
 
-import java.io.InputStream;
+import java.io.Reader;
 import java.nio.charset.Charset;
 import java.nio.file.Files;
 import java.nio.file.Paths;
-import org.apache.commons.codec.binary.Base64;
 import org.apache.log4j.Logger;
 
 import io.kubernetes.client.ApiClient;
@@ -38,45 +36,73 @@
 import static io.kubernetes.client.util.Config.SERVICEACCOUNT_TOKEN_PATH;
 import static io.kubernetes.client.util.KubeConfig.*;
 
+/**
+ * A Builder which allows the construction of {@link ApiClient}s in a fluent fashion.
+ */
 public class ClientBuilder {
 
   private static final Logger log = Logger.getLogger(ClientBuilder.class);
 
   private String basePath = Config.DEFAULT_FALLBACK_HOST;
   private byte[] caCertBytes = null;
   private boolean verifyingSsl = true;
-  private CredentialProvider credentialProvider;
+  private Authentication authentication;
+
+  /**
+   * Creates an {@link ApiClient} by calling {@link #standard()} and {@link #build()}.
+   *
+   * @return An <tt>ApiClient</tt> configured using the precedence specified for {@link #standard()}.
+   * @throws IOException
+   *  if the configuration file or a file specified in a configuration file cannot be read.
+   */
+  public static ApiClient defaultClient() throws IOException {
+    return ClientBuilder.standard().build();
+  }
 
-  public static ClientBuilder defaults() throws IOException {
+  /**
+   * Creates a builder which is pre-configured in the following way
+   *
+   * <ul>
+   *   <li>If $KUBECONFIG is defined, use that config file.</li>
+   *   <li>If $HOME/.kube/config can be found, use that.</li>
+   *   <li>If the in-cluster service account can be found, assume in cluster config.</li>
+   *   <li>Default to localhost:8080 as a last resort.</li>
+   * </ul>
+   *
+   * @return <tt>ClientBuilder</tt> pre-configured using the above precedence
+   * @throws IOException
+   *  if the configuration file or a file specified in a configuration file cannot be read.
+   */
+  public static ClientBuilder standard() throws IOException {
     final FileReader kubeConfigReader = findConfigFromEnv();
     if(kubeConfigReader != null) {
-      return fromKubeConfig(loadKubeConfig(kubeConfigReader));
+      return kubeconfig(loadKubeConfig(kubeConfigReader));
     }
     final FileReader configReader = findConfigInHomeDir();
     if(configReader != null) {
-      return fromKubeConfig(loadKubeConfig(configReader));
+      return kubeconfig(loadKubeConfig(configReader));
     }
     final File clusterCa = new File(SERVICEACCOUNT_CA_PATH);
     if (clusterCa.exists()) {
-      return fromCluster();
+      return cluster();
     }
     return new ClientBuilder();
   }
 
-  private static FileReader findConfigFromEnv() throws FileNotFoundException {
+  private static FileReader findConfigFromEnv() {
     try {
       String kubeConfig = System.getenv(ENV_KUBECONFIG);
       if(kubeConfig == null) {
         return null;
       }
       return new FileReader(kubeConfig);
     } catch (FileNotFoundException e) {
-      log.info("Could not find KUBECONFIG in environment");
+      log.info("Could not find file specified in $KUBECONFIG");
       return null;
     }
   }
 
-  private static FileReader findConfigInHomeDir() throws FileNotFoundException {
+  private static FileReader findConfigInHomeDir() {
     try {
       File config = new File(new File(System.getenv(ENV_HOME), KUBEDIR), KUBECONFIG);
       return new FileReader(config);
@@ -86,7 +112,14 @@ private static FileReader findConfigInHomeDir() throws FileNotFoundException {
     }
   }
 
-  public static ClientBuilder fromCluster() throws IOException {
+  /**
+   * Creates a builder which is pre-configured from the cluster configuration.
+   *
+   * @return <tt>ClientBuilder</tt> configured from the cluster configuration.
+   * @throws IOException
+   *  if the Service Account Token Path or CA Path is not readable.
+   */
+  public static ClientBuilder cluster() throws IOException {
     final ClientBuilder builder = new ClientBuilder();
 
     final String host = System.getenv(ENV_SERVICE_HOST);
@@ -96,12 +129,23 @@ public static ClientBuilder fromCluster() throws IOException {
     final String token = new String(Files.readAllBytes(Paths.get(SERVICEACCOUNT_TOKEN_PATH)),
         Charset.defaultCharset());
     builder.setCertificateAuthority(Files.readAllBytes(Paths.get(SERVICEACCOUNT_CA_PATH)));
-    builder.setCredentialProvider(new AccessTokenCredentialProvider(token));
+    builder.setAuthentication(new AccessTokenAuthentication(token));
 
     return builder;
   }
 
-  public static ClientBuilder fromKubeConfig(KubeConfig config) throws IOException {
+  /**
+   * Creates a builder which is pre-configured from a {@link KubeConfig}.
+   *
+   * To load a <tt>KubeConfig</tt>, see {@link KubeConfig#loadKubeConfig(Reader)}.
+   *
+   * @param config
+   *  The {@link KubeConfig} to configure the builder from.
+   * @return <tt>ClientBuilder</tt> configured from the provided <tt>KubeConfig</tt>
+   * @throws IOException
+   *  if the files specified in the provided <tt>KubeConfig</tt> are not readable
+   */
+  public static ClientBuilder kubeconfig(KubeConfig config) throws IOException {
     final ClientBuilder builder = new ClientBuilder();
 
     String server = config.getServer();
@@ -122,7 +166,7 @@ public static ClientBuilder fromKubeConfig(KubeConfig config) throws IOException
     }
 
     builder.setBasePath(server);
-    builder.setCredentialProvider(new KubeconfigCredentialProvider(config));
+    builder.setAuthentication(new KubeconfigAuthentication(config));
     return builder;
   }
 
@@ -135,12 +179,12 @@ public ClientBuilder setBasePath(String basePath) {
     return this;
   }
 
-  public CredentialProvider getCredentialProvider() {
-    return credentialProvider;
+  public Authentication getAuthentication() {
+    return authentication;
   }
 
-  public ClientBuilder setCredentialProvider(final CredentialProvider credentialProvider) {
-    this.credentialProvider = credentialProvider;
+  public ClientBuilder setAuthentication(final Authentication authentication) {
+    this.authentication = authentication;
     return this;
   }
 
@@ -175,8 +219,8 @@ public ApiClient build() {
       client.setSslCaCert(new ByteArrayInputStream(caCertBytes));
     }
 
-    if (credentialProvider != null) {
-      credentialProvider.provide(client);
+    if (authentication != null) {
+      authentication.provide(client);
     }
 
     return client;

util/src/main/java/io/kubernetes/client/util/Config.java

@@ -13,23 +13,15 @@
 package io.kubernetes.client.util;
 
 import io.kubernetes.client.ApiClient;
-import io.kubernetes.client.util.credentials.AccessTokenCredentialProvider;
-import io.kubernetes.client.util.credentials.UsernamePasswordCredentialProvider;
-import java.io.ByteArrayInputStream;
-import okio.ByteString;
+import io.kubernetes.client.util.credentials.AccessTokenAuthentication;
+import io.kubernetes.client.util.credentials.UsernamePasswordAuthentication;
 import org.apache.log4j.Logger;
 
-import javax.net.ssl.KeyManager;
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
 import java.io.FileReader;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.io.Reader;
-import java.nio.charset.Charset;
 
 public class Config {
     public static final String SERVICEACCOUNT_ROOT =
@@ -47,7 +39,7 @@ public class Config {
     private static final Logger log = Logger.getLogger(Config.class);
 
     public static ApiClient fromCluster() throws IOException {
-        return ClientBuilder.fromCluster().build();
+        return ClientBuilder.cluster().build();
     }
 
     public static ApiClient fromUrl(String url) {
@@ -67,7 +59,7 @@ public static ApiClient fromUserPassword(String url, String user, String passwor
     public static ApiClient fromUserPassword(String url, String user, String password, boolean validateSSL) {
         return new ClientBuilder()
             .setBasePath(url)
-            .setCredentialProvider(new UsernamePasswordCredentialProvider(user, password))
+            .setAuthentication(new UsernamePasswordAuthentication(user, password))
             .setVerifyingSsl(validateSSL)
             .build();
     }
@@ -79,7 +71,7 @@ public static ApiClient fromToken(String url, String token) {
     public static ApiClient fromToken(String url, String token, boolean validateSSL) {
         return new ClientBuilder()
             .setBasePath(url)
-            .setCredentialProvider(new AccessTokenCredentialProvider(token))
+            .setAuthentication(new AccessTokenAuthentication(token))
             .setVerifyingSsl(validateSSL)
             .build();
     }
@@ -98,7 +90,7 @@ public static ApiClient fromConfig(Reader input) throws IOException {
 
     public static ApiClient fromConfig(KubeConfig config) throws IOException {
         return ClientBuilder
-            .fromKubeConfig(config)
+            .kubeconfig(config)
             .build();
     }
 
@@ -114,6 +106,6 @@ public static ApiClient fromConfig(KubeConfig config) throws IOException {
      * @return The best APIClient given the previously described rules
      */
     public static ApiClient defaultClient() throws IOException {
-        return ClientBuilder.defaults().build();
+        return ClientBuilder.standard().build();
     }
 }

util/src/main/java/io/kubernetes/client/util/credentials/AccessTokenCredentialProvider.java renamed to util/src/main/java/io/kubernetes/client/util/credentials/AccessTokenAuthentication.java

@@ -2,10 +2,13 @@
 
 import io.kubernetes.client.ApiClient;
 
-public class AccessTokenCredentialProvider implements CredentialProvider {
+/**
+ * Uses a Bearer Token to configure {@link ApiClient} authentication to the Kubernetes API.
+ */
+public class AccessTokenAuthentication implements Authentication {
   private String token;
 
-  public AccessTokenCredentialProvider(final String token) {
+  public AccessTokenAuthentication(final String token) {
     this.token = token;
   }
 

util/src/main/java/io/kubernetes/client/util/credentials/Authentication.java

@@ -0,0 +1,15 @@
+package io.kubernetes.client.util.credentials;
+
+import io.kubernetes.client.ApiClient;
+import io.kubernetes.client.util.ClientBuilder;
+
+/**
+ * Allows the implementation of different authentication mechanisms for the Kubernetes API.
+ *
+ * @see ClientBuilder#setAuthentication(Authentication)
+ */
+public interface Authentication {
+
+  void provide(ApiClient client);
+
+}

util/src/main/java/io/kubernetes/client/util/credentials/ClientCertificateCredentialProvider.java renamed to util/src/main/java/io/kubernetes/client/util/credentials/ClientCertificateAuthentication.java

@@ -3,7 +3,6 @@
 import io.kubernetes.client.ApiClient;
 import io.kubernetes.client.util.SSLUtils;
 import java.io.IOException;
-import java.io.InputStream;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.UnrecoverableKeyException;
@@ -12,12 +11,15 @@
 import javax.net.ssl.KeyManager;
 import org.apache.log4j.Logger;
 
-public class ClientCertificateCredentialProvider implements CredentialProvider {
-  private static final Logger log = Logger.getLogger(ClientCertificateCredentialProvider.class);
+/**
+ * Uses Client Certificates to configure {@link ApiClient} authentication to the Kubernetes API.
+ */
+public class ClientCertificateAuthentication implements Authentication {
+  private static final Logger log = Logger.getLogger(ClientCertificateAuthentication.class);
   private final byte[] certificate;
   private final byte[] key;
 
-  public ClientCertificateCredentialProvider(final byte[] certificate, final byte[] key) {
+  public ClientCertificateAuthentication(final byte[] certificate, final byte[] key) {
     this.certificate = certificate;
     this.key = key;
   }

util/src/main/java/io/kubernetes/client/util/credentials/CredentialProvider.java

@@ -4,15 +4,25 @@
 import io.kubernetes.client.util.KubeConfig;
 import java.io.IOException;
 
-public class KubeconfigCredentialProvider implements CredentialProvider {
+/**
+ * Uses a {@link KubeConfig} to configure {@link ApiClient} authentication to the Kubernetes API.
+ *
+ * Tries to configure the following authentication mechanisms in this order.
+ * <ul>
+ *   <li>{@link ClientCertificateAuthentication} (using client certificate files or data)</li>
+ *   <li>{@link UsernamePasswordAuthentication}</li>
+ *   <li>{@link AccessTokenAuthentication}</li>
+ * </ul>
+ */
+public class KubeconfigAuthentication implements Authentication {
 
   private final String username;
   private final String password;
   private final String token;
   private final byte[] clientCert;
   private final byte[] clientKey;
 
-  public KubeconfigCredentialProvider(final KubeConfig config) throws IOException {
+  public KubeconfigAuthentication(final KubeConfig config) throws IOException {
     this.clientCert = KubeConfig.getDataOrFile(config.getClientCertificateData(), config.getClientCertificateFile());
     this.clientKey = KubeConfig.getDataOrFile(config.getClientKeyData(), config.getClientKeyFile());
     this.username = config.getUsername();
@@ -22,15 +32,15 @@ public KubeconfigCredentialProvider(final KubeConfig config) throws IOException
 
   @Override public void provide(ApiClient client) {
     if(clientCert != null && clientKey != null) {
-      new ClientCertificateCredentialProvider(clientCert, clientKey);
+      new ClientCertificateAuthentication(clientCert, clientKey);
     }
 
     if(username != null && password != null) {
-      new UsernamePasswordCredentialProvider(username, password).provide(client);
+      new UsernamePasswordAuthentication(username, password).provide(client);
     }
 
     if(token != null) {
-      new AccessTokenCredentialProvider(token).provide(client);
+      new AccessTokenAuthentication(token).provide(client);
     }
   }
 }

util/src/main/java/io/kubernetes/client/util/credentials/KubeconfigCredentialProvider.java renamed to util/src/main/java/io/kubernetes/client/util/credentials/KubeconfigAuthentication.java

@@ -4,11 +4,14 @@
 import java.nio.charset.Charset;
 import okio.ByteString;
 
-public class UsernamePasswordCredentialProvider implements CredentialProvider {
+/**
+ * Uses Username and Password to configure {@link ApiClient} authentication to the Kubernetes API.
+ */
+public class UsernamePasswordAuthentication implements Authentication {
   private final String username;
   private final String password;
 
-  public UsernamePasswordCredentialProvider(final String username, final String password) {
+  public UsernamePasswordAuthentication(final String username, final String password) {
     this.username = username;
     this.password = password;
   }