Skip to content

Commit

Permalink
make login, project, and discovery work against kube with RBAC enabled
Browse files Browse the repository at this point in the history
  • Loading branch information
@deads2k
deads2k committed Nov 22, 2016
1 parent 34497b8 commit 6c6ec1a
Show file tree
Hide file tree
Showing 6 changed files with 11 additions and 7 deletions.
3 changes: 3 additions & 0 deletions hack/dind-cluster.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -220,6 +220,9 @@ function wait-for-cluster() {
local oc
oc="$(os::build::find-binary oc)"

# wait for healthz to report ok before trying to get nodes
os::util::wait-for-condition "ok" "${oc} get --config=${kubeconfig} --raw=/healthz" "120"

local msg="${expected_node_count} nodes to report readiness"
local condition="nodes-are-ready ${kubeconfig} ${oc} ${expected_node_count}"
local timeout=120
Expand Down
2 changes: 1 addition & 1 deletion pkg/cmd/cli/cmd/login/helpers.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ func whoAmI(clientConfig *restclient.Config) (*api.User, error) {
me, err := client.Users().Get("~")

// if we're talking to kube (or likely talking to kube),
if kerrors.IsNotFound(err) {
if kerrors.IsNotFound(err) || kerrors.IsForbidden(err) {
switch {
case len(clientConfig.BearerToken) > 0:
// the user has already been willing to provide the token on the CLI, so they probably
Expand Down
2 changes: 1 addition & 1 deletion pkg/cmd/cli/cmd/login/loginoptions.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -286,7 +286,7 @@ func (o *LoginOptions) gatherProjectInfo() error {

projectsList, err := oClient.Projects().List(kapi.ListOptions{})
// if we're running on kube (or likely kube), just set it to "default"
if kerrors.IsNotFound(err) {
if kerrors.IsNotFound(err) || kerrors.IsForbidden(err) {
fmt.Fprintf(o.Out, "Using \"default\". You can switch projects with '%s project <projectname>':\n\n", o.CommandName)
o.Project = "default"
return nil
Expand Down
7 changes: 4 additions & 3 deletions pkg/cmd/cli/cmd/project.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -281,11 +281,11 @@ func (o ProjectOptions) RunProject() error {

func confirmProjectAccess(currentProject string, oClient *client.Client, kClient kclient.Interface) error {
_, projectErr := oClient.Projects().Get(currentProject)
if !kapierrors.IsNotFound(projectErr) {
if !kapierrors.IsNotFound(projectErr) && !kapierrors.IsForbidden(projectErr) {
return projectErr
}

// at this point we know the error is a not found, but we'll test namespaces just in case we're running on kube
// at this point we know the error is a not found or forbidden, but we'll test namespaces just in case we're running on kube
if _, err := kClient.Namespaces().Get(currentProject); err == nil {
return nil
}
Expand All @@ -299,7 +299,8 @@ func getProjects(oClient *client.Client, kClient kclient.Interface) ([]api.Proje
if err == nil {
return projects.Items, nil
}
if err != nil && !kapierrors.IsNotFound(err) {
// if this is kube with authorization enabled, this endpoint will be forbidden. OpenShift allows this for everyone.
if err != nil && !(kapierrors.IsNotFound(err) || kapierrors.IsForbidden(err)) {
return nil, err
}

Expand Down
2 changes: 1 addition & 1 deletion pkg/cmd/cli/config/smart_merge.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ func getUserPartOfNickname(clientCfg *restclient.Config) (string, error) {
return "", err
}
userInfo, err := client.Users().Get("~")
if kerrors.IsNotFound(err) {
if kerrors.IsNotFound(err) || kerrors.IsForbidden(err) {
// if we're talking to kube (or likely talking to kube), take a best guess consistent with login
switch {
case len(clientCfg.BearerToken) > 0:
Expand Down
2 changes: 1 addition & 1 deletion pkg/cmd/util/clientcmd/negotiate.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ func negotiateVersion(client *kclient.Client, config *restclient.Config, request
// Get server versions
serverGVs, err := serverAPIVersions(client, "/oapi")
if err != nil {
if errors.IsNotFound(err) {
if errors.IsNotFound(err) || errors.IsForbidden(err) {
glog.V(4).Infof("Server path /oapi was not found, returning the requested group version %v", preferredGV)
return preferredGV, nil
}
Expand Down

0 comments on commit 6c6ec1a

Please sign in to comment.