Merge pull request #7 from Bisnode/token_handling_correction

Fixed token lookup since token moved out from kubeconfig

Author: mdanielolsson

cmd/create_secret.go

@@ -27,6 +27,7 @@ import (
 )
 
 var container string
+var app string
 
 // secretCmd represents the secret command
 var createSecretCmd = &cobra.Command{
@@ -51,7 +52,7 @@ kubectl tbac create secret my-secret --container opa -d "USER=foo" -d "PWD=bar"
 `,
 
 	Run: func(cmd *cobra.Command, args []string) {
-		clientSet, err := util.CreateClientSet()
+		clientSet, err := util.CreateClientSet(&Context)
 		if err != nil {
 			fmt.Printf("Failed to create clientSet: %v\n", err)
 			os.Exit(1)
@@ -65,13 +66,18 @@ kubectl tbac create secret my-secret --container opa -d "USER=foo" -d "PWD=bar"
 // CreateSecret creates a secret in teams namespace
 func CreateSecret(clientSet kubernetes.Interface, secretName, container *string, data []string) (err error) {
 	secretsClient := clientSet.CoreV1().Secrets(Namespace)
+	appLabel := *secretName
+
+	if app != "" {
+		appLabel = app
+	}
 
 	newSecret := &v1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      *secretName + "-" + *container,
 			Namespace: Namespace,
 			Labels: map[string]string{
-				"app":                        *secretName,
+				"app":                        appLabel,
 				"tbac.bisnode.com/container": *container,
 				"tbac.bisnode.com/sandbox":   fmt.Sprintf("%v", sandbox),
 			},
@@ -96,4 +102,5 @@ func init() {
 	createCmd.AddCommand(createSecretCmd)
 	createSecretCmd.Flags().StringArrayVarP(&data, "data", "d", []string{}, "Data to add to secret")
 	createSecretCmd.Flags().StringVarP(&container, "container", "c", "default", "Which container to create secret for. Only set this if you want to create a secret for a sidecar. (Default: \"default\"")
+	createSecretCmd.Flags().StringVarP(&app, "app", "a", "", "Set the app label different than the secret name. Note that the app label must match the app label on the service that should use this secret.")
 }

cmd/delete_secret.go

@@ -43,7 +43,7 @@ kubectl tbac delete secret my-secret"
 kubectl tbac delete secret my-secret --namespace team-platform"
 `,
 	Run: func(cmd *cobra.Command, args []string) {
-		clientSet, err := util.CreateClientSet()
+		clientSet, err := util.CreateClientSet(&Context)
 		if err != nil {
 			fmt.Printf("Failed to create clientSet: %v\n", err)
 			os.Exit(1)

cmd/get_secret.go

@@ -45,7 +45,7 @@ var getSecretCmd = &cobra.Command{
 	Short:   "Get a list of secrets or describe one.",
 	Long:    `List secrets in team namespace or describe one.`,
 	Run: func(cmd *cobra.Command, args []string) {
-		clientSet, err := util.CreateClientSet()
+		clientSet, err := util.CreateClientSet(&Context)
 		if err != nil {
 			fmt.Printf("Failed to create clientSet: %v\n", err)
 			os.Exit(1)
@@ -102,6 +102,10 @@ func GetSecretList(clientSet kubernetes.Interface) (secrets []string, err error)
 	for _, s := range secretList.Items {
 		secrets = append(secrets, s.Name)
 	}
+
+	if len(secretList.Items) == 0 {
+		fmt.Println("No resources found.")
+	}
 	return secrets, nil
 }
 
@@ -114,10 +118,20 @@ func GetSecretDescription(clientSet kubernetes.Interface, secretName string) (se
 		CoreV1().
 		Secrets(Namespace).
 		List(listOpts)
+
 	if err != nil {
 		fmt.Printf("Failed to list secrets in namespace %v: %v\n", Namespace, err.Error())
 		return nil, err
 	}
+
+	// Due to an issue with the ListOptions filters in
+	// kubernetes fake-client that is used for testing
+	// we cannot check for exactly one result
+	if len(secrets.Items) < 1 {
+		err := fmt.Errorf("Secret not found: %v/%v\n", Namespace, secretName)
+		return nil, err
+	}
+
 	data := make(map[string][]byte)
 	for k, v := range secrets.Items[0].Data {
 		data[k] = v

cmd/patch_secret.go

@@ -51,7 +51,7 @@ kubectl tbac patch secret my-secret --namespace team-platform -d "USER=foo" -d "
 kubectl tbac patch secret my-secret --remove-data USERNAME --remove-data PASSWORD
 `,
 	Run: func(cmd *cobra.Command, args []string) {
-		clientSet, err := util.CreateClientSet()
+		clientSet, err := util.CreateClientSet(&Context)
 		if err != nil {
 			fmt.Printf("Failed to create clientSet: %v\n", err)
 			os.Exit(1)
@@ -115,6 +115,10 @@ func PatchSecret(clientSet kubernetes.Interface, secretName *string, removeData,
 		}
 	}
 
+	if patchSecret.Data == nil {
+		patchSecret.Data = make(map[string][]byte)
+	}
+
 	for k, v := range util.AssembleInputData(*updateData) {
 		patchSecret.Data[k] = v
 	}

cmd/root.go

@@ -27,6 +27,9 @@ import (
 // Namespace in kubernetes.
 var Namespace string
 
+// Context name
+var Context string
+
 var (
 	cfgFile string
 	verbose bool
@@ -63,6 +66,7 @@ func init() {
 	rootCmd.PersistentFlags().BoolVarP(&verbose, "verbose", "v", false, "verbose output")
 	rootCmd.PersistentFlags().BoolVarP(&sandbox, "sandbox", "s", false, "Set if you want to work in a sandbox Namespace.")
 	rootCmd.PersistentFlags().StringVarP(&Namespace, "namespace", "n", "", "Namespace to create secret in. Usually only needed when member of more than one team.")
+	rootCmd.PersistentFlags().StringVarP(&Context, "context", "", "", "Set context name.")
 
 	// Hide flags
 	rootCmd.PersistentFlags().MarkHidden("lab")
@@ -81,7 +85,7 @@ func identifyTeam() {
 	} else {
 		matchPrefix := "sec-tbac-team-"
 		trimPrefix := "sec-tbac-"
-		teams = util.WhoAmI(&matchPrefix, &trimPrefix)
+		teams = util.WhoAmI(&matchPrefix, &trimPrefix, &Context)
 	}
 
 	if len(teams) == 1 {

go.mod

@@ -3,20 +3,19 @@ module github.com/Bisnode/kubectl-tbac
 go 1.14
 
 require (
+	cloud.google.com/go v0.38.0 // indirect
 	github.com/Azure/go-autorest v11.1.2+incompatible // indirect
-	github.com/coreos/etcd v3.3.10+incompatible
-	github.com/dgrijalva/jwt-go v3.2.0+incompatible
+	github.com/Azure/go-autorest/autorest v0.9.0 // indirect
+	github.com/Bisnode/kubectl-login v1.1.0
 	github.com/golang/protobuf v1.3.5 // indirect
-	github.com/gophercloud/gophercloud v0.0.0-20190126172459-c818fa66e4c8 // indirect
-	github.com/gregjones/httpcache v0.0.0-20170728041850-787624de3eb7 // indirect
+	github.com/gophercloud/gophercloud v0.1.0 // indirect
+	github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect
 	github.com/imdario/mergo v0.3.9 // indirect
 	github.com/json-iterator/go v1.1.9 // indirect
-	github.com/mitchellh/go-homedir v1.1.0
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pkg/errors v0.9.1
-	github.com/prometheus/client_golang v0.9.3
+	github.com/skratchdot/open-golang v0.0.0-20190402232053-79abb63cd66e // indirect
 	github.com/spf13/cobra v0.0.7
-	github.com/spf13/viper v1.6.2
 	github.com/stretchr/testify v1.4.0
 	golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 // indirect
 	golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e // indirect
@@ -25,8 +24,10 @@ require (
 	golang.org/x/time v0.0.0-20191024005414-555d28b269f0 // indirect
 	google.golang.org/appengine v1.6.5 // indirect
 	k8s.io/api v0.15.11
-	k8s.io/apimachinery v0.15.11
-	k8s.io/client-go v0.15.11
+	k8s.io/apimachinery v0.17.0
+	k8s.io/client-go v11.0.0+incompatible
 	k8s.io/utils v0.0.0-20200327001022-6496210b90e8 // indirect
 	sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e // indirect
 )
+
+replace k8s.io/client-go => k8s.io/client-go v0.15.11