Support groups (organizations) to be specified in client cert.
This commit is contained in:
xiangpengzhao
@@ -103,6 +103,7 @@ func getKubeConfigSubCommands(out io.Writer, outDir, defaultKubernetesVersion st
|
|||||||
legacyscheme.Scheme.Default(cfg)
|
legacyscheme.Scheme.Default(cfg)
|
||||||
|
|
||||||
var cfgPath, token, clientName string
|
var cfgPath, token, clientName string
|
||||||
|
var organizations []string
|
||||||
var subCmds []*cobra.Command
|
var subCmds []*cobra.Command
|
||||||
|
|
||||||
subCmdProperties := []struct {
|
subCmdProperties := []struct {
|
||||||
@@ -159,7 +160,7 @@ func getKubeConfigSubCommands(out io.Writer, outDir, defaultKubernetesVersion st
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Otherwise, write a kubeconfig file with a generate client cert
|
// Otherwise, write a kubeconfig file with a generate client cert
|
||||||
return kubeconfigphase.WriteKubeConfigWithClientCert(out, cfg, clientName)
|
return kubeconfigphase.WriteKubeConfigWithClientCert(out, cfg, clientName, organizations)
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
@@ -188,6 +189,7 @@ func getKubeConfigSubCommands(out io.Writer, outDir, defaultKubernetesVersion st
|
|||||||
if properties.use == "user" {
|
if properties.use == "user" {
|
||||||
cmd.Flags().StringVar(&token, "token", token, "The token that should be used as the authentication mechanism for this kubeconfig (instead of client certificates)")
|
cmd.Flags().StringVar(&token, "token", token, "The token that should be used as the authentication mechanism for this kubeconfig (instead of client certificates)")
|
||||||
cmd.Flags().StringVar(&clientName, "client-name", clientName, "The name of user. It will be used as the CN if client certificates are created")
|
cmd.Flags().StringVar(&clientName, "client-name", clientName, "The name of user. It will be used as the CN if client certificates are created")
|
||||||
|
cmd.Flags().StringSliceVar(&organizations, "org", organizations, "The orgnizations of the client certificate. It will be used as the O if client certificates are created")
|
||||||
}
|
}
|
||||||
|
|
||||||
subCmds = append(subCmds, cmd)
|
subCmds = append(subCmds, cmd)
|
||||||
|
|||||||
@@ -271,7 +271,7 @@ func createKubeConfigFileIfNotExists(outDir, filename string, config *clientcmda
|
|||||||
}
|
}
|
||||||
|
|
||||||
// WriteKubeConfigWithClientCert writes a kubeconfig file - with a client certificate as authentication info - to the given writer.
|
// WriteKubeConfigWithClientCert writes a kubeconfig file - with a client certificate as authentication info - to the given writer.
|
||||||
func WriteKubeConfigWithClientCert(out io.Writer, cfg *kubeadmapi.MasterConfiguration, clientName string) error {
|
func WriteKubeConfigWithClientCert(out io.Writer, cfg *kubeadmapi.MasterConfiguration, clientName string, organizations []string) error {
|
||||||
|
|
||||||
// creates the KubeConfigSpecs, actualized for the current MasterConfiguration
|
// creates the KubeConfigSpecs, actualized for the current MasterConfiguration
|
||||||
caCert, caKey, err := pkiutil.TryLoadCertAndKeyFromDisk(cfg.CertificatesDir, kubeadmconstants.CACertAndKeyBaseName)
|
caCert, caKey, err := pkiutil.TryLoadCertAndKeyFromDisk(cfg.CertificatesDir, kubeadmconstants.CACertAndKeyBaseName)
|
||||||
@@ -290,6 +290,7 @@ func WriteKubeConfigWithClientCert(out io.Writer, cfg *kubeadmapi.MasterConfigur
|
|||||||
CACert: caCert,
|
CACert: caCert,
|
||||||
ClientCertAuth: &clientCertAuth{
|
ClientCertAuth: &clientCertAuth{
|
||||||
CAKey: caKey,
|
CAKey: caKey,
|
||||||
|
Organizations: organizations,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -335,7 +335,7 @@ func TestWriteKubeConfigFailsIfCADoesntExists(t *testing.T) {
|
|||||||
}{
|
}{
|
||||||
{ // Test WriteKubeConfigWithClientCert
|
{ // Test WriteKubeConfigWithClientCert
|
||||||
writeKubeConfigFunction: func(out io.Writer) error {
|
writeKubeConfigFunction: func(out io.Writer) error {
|
||||||
return WriteKubeConfigWithClientCert(out, cfg, "myUser")
|
return WriteKubeConfigWithClientCert(out, cfg, "myUser", []string{"myOrg"})
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{ // Test WriteKubeConfigWithToken
|
{ // Test WriteKubeConfigWithToken
|
||||||
@@ -383,7 +383,7 @@ func TestWriteKubeConfig(t *testing.T) {
|
|||||||
}{
|
}{
|
||||||
{ // Test WriteKubeConfigWithClientCert
|
{ // Test WriteKubeConfigWithClientCert
|
||||||
writeKubeConfigFunction: func(out io.Writer) error {
|
writeKubeConfigFunction: func(out io.Writer) error {
|
||||||
return WriteKubeConfigWithClientCert(out, cfg, "myUser")
|
return WriteKubeConfigWithClientCert(out, cfg, "myUser", []string{"myOrg"})
|
||||||
},
|
},
|
||||||
withClientCert: true,
|
withClientCert: true,
|
||||||
},
|
},
|
||||||
|
|||||||
Reference in New Issue
Block a user