Refactor the client (again) to better support auth

cmd/apiserver/apiserver.go

@@ -27,7 +27,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/GoogleCloudPlatform/kubernetes/pkg/api"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/apiserver"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/capabilities"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/client"
@@ -127,8 +126,12 @@ func main() {
 		Port:   *minionPort,
 	}
 
-	ctx := api.NewContext()
-	client, err := client.New(ctx, net.JoinHostPort(*address, strconv.Itoa(int(*port))), *storageVersion, nil)
+	// TODO: expose same flags as client.BindClientConfigFlags but for a server
+	clientConfig := &client.Config{
+		Host:    net.JoinHostPort(*address, strconv.Itoa(int(*port))),
+		Version: *storageVersion,
+	}
+	client, err := client.New(clientConfig)
 	if err != nil {
 		glog.Fatalf("Invalid server address: %v", err)
 	}

cmd/controller-manager/controller-manager.go

@@ -27,8 +27,6 @@ import (
 	"strconv"
 	"time"
 
-	"github.com/GoogleCloudPlatform/kubernetes/pkg/api"
-	"github.com/GoogleCloudPlatform/kubernetes/pkg/api/latest"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/client"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/controller"
 	_ "github.com/GoogleCloudPlatform/kubernetes/pkg/healthz"
@@ -39,25 +37,29 @@ import (
 )
 
 var (
-	master  = flag.String("master", "", "The address of the Kubernetes API server")
-	port    = flag.Int("port", masterPkg.ControllerManagerPort, "The port that the controller-manager's http service runs on")
-	address = flag.String("address", "127.0.0.1", "The address to serve from")
+	port         = flag.Int("port", masterPkg.ControllerManagerPort, "The port that the controller-manager's http service runs on")
+	address      = flag.String("address", "127.0.0.1", "The address to serve from")
+	clientConfig = &client.Config{}
 )
 
+func init() {
+	client.BindClientConfigFlags(flag.CommandLine, clientConfig)
+}
+
 func main() {
 	flag.Parse()
 	util.InitLogs()
 	defer util.FlushLogs()
 
 	verflag.PrintAndExitIfRequested()
 
-	if len(*master) == 0 {
+	if len(clientConfig.Host) == 0 {
 		glog.Fatal("usage: controller-manager -master <master>")
 	}
-	ctx := api.NewContext()
-	kubeClient, err := client.New(ctx, *master, latest.OldestVersion, nil)
+
+	kubeClient, err := client.New(clientConfig)
 	if err != nil {
-		glog.Fatalf("Invalid -master: %v", err)
+		glog.Fatalf("Invalid API configuration: %v", err)
 	}
 
 	go http.ListenAndServe(net.JoinHostPort(*address, strconv.Itoa(*port)), nil)

cmd/integration/integration.go

@@ -29,7 +29,9 @@ import (
 	"time"
 
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/api"
+	"github.com/GoogleCloudPlatform/kubernetes/pkg/api/errors"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/api/latest"
+	"github.com/GoogleCloudPlatform/kubernetes/pkg/api/testapi"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/apiserver"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/client"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/controller"
@@ -106,7 +108,7 @@ func startComponents(manifestURL string) (apiServerURL string) {
 		}
 	}
 
-	cl := client.NewOrDie(api.NewContext(), apiServer.URL, "", nil)
+	cl := client.NewOrDie(&client.Config{Host: apiServer.URL, Version: testapi.Version()})
 	cl.PollPeriod = time.Second * 1
 	cl.Sync = true
 
@@ -262,12 +264,10 @@ func runAtomicPutTest(c *client.Client) {
 				glog.Infof("Posting update (%s, %s)", l, v)
 				err = c.Put().Path("services").Path(svc.ID).Body(&tmpSvc).Do().Error()
 				if err != nil {
-					if se, ok := err.(*client.StatusErr); ok {
-						if se.Status.Code == http.StatusConflict {
-							glog.Infof("Conflict: (%s, %s)", l, v)
-							// This is what we expect.
-							continue
-						}
+					if errors.IsConflict(err) {
+						glog.Infof("Conflict: (%s, %s)", l, v)
+						// This is what we expect.
+						continue
 					}
 					glog.Errorf("Unexpected error putting atomicService: %v", err)
 					continue
@@ -311,7 +311,7 @@ func main() {
 	// Wait for the synchronization threads to come up.
 	time.Sleep(time.Second * 10)
 
-	kubeClient := client.NewOrDie(api.NewContext(), apiServerURL, "", nil)
+	kubeClient := client.NewOrDie(&client.Config{Host: apiServerURL, Version: testapi.Version()})
 
 	// Run tests in parallel
 	testFuncs := []testFunc{

cmd/kubecfg/kubecfg.go

@@ -43,7 +43,6 @@ import (
 var (
 	serverVersion = verflag.Version("server_version", verflag.VersionFalse, "Print the server's version information and quit")
 	preventSkew   = flag.Bool("expect_version_match", false, "Fail if server's version doesn't match own version.")
-	httpServer    = flag.String("h", "", "The host to connect to.")
 	config        = flag.String("c", "", "Path or URL to the config file, or '-' to read from STDIN")
 	selector      = flag.String("l", "", "Selector (label query) to use for listing")
 	updatePeriod  = flag.Duration("u", 60*time.Second, "Update interval period")
@@ -58,12 +57,17 @@ var (
 	templateFile  = flag.String("template_file", "", "If present, load this file as a golang template and use it for output printing")
 	templateStr   = flag.String("template", "", "If present, parse this string as a golang template and use it for output printing")
 	imageName     = flag.String("image", "", "Image used when updating a replicationController.  Will apply to the first container in the pod template.")
-	apiVersion    = flag.String("api_version", latest.Version, "The version of the API to use against this server.")
-	caFile        = flag.String("certificate_authority", "", "Path to a cert. file for the certificate authority")
-	certFile      = flag.String("client_certificate", "", "Path to a client certificate for TLS.")
-	keyFile       = flag.String("client_key", "", "Path to a client key file for TLS.")
+	clientConfig  = &client.Config{}
 )
 
+func init() {
+	flag.StringVar(&clientConfig.Host, "h", "", "The host to connect to.")
+	flag.StringVar(&clientConfig.Version, "api_version", latest.Version, "The version of the API to use against this server.")
+	flag.StringVar(&clientConfig.CAFile, "certificate_authority", "", "Path to a cert. file for the certificate authority")
+	flag.StringVar(&clientConfig.CertFile, "client_certificate", "", "Path to a client certificate for TLS.")
+	flag.StringVar(&clientConfig.KeyFile, "client_key", "", "Path to a client key file for TLS.")
+}
+
 var parser = kubecfg.NewParser(map[string]runtime.Object{
 	"pods":                   &api.Pod{},
 	"services":               &api.Service{},
@@ -165,43 +169,29 @@ func main() {
 
 	verflag.PrintAndExitIfRequested()
 
-	var masterServer string
-	if len(*httpServer) > 0 {
-		masterServer = *httpServer
-	} else if len(os.Getenv("KUBERNETES_MASTER")) > 0 {
-		masterServer = os.Getenv("KUBERNETES_MASTER")
-	} else {
-		masterServer = "http://localhost:8080"
+	// Initialize the client
+	if clientConfig.Host == "" {
+		clientConfig.Host = os.Getenv("KUBERNETES_MASTER")
 	}
 
 	// TODO: get the namespace context when kubecfg ns is completed
-	ctx := api.NewContext()
+	clientConfig.Context = api.NewContext()
 
-	kubeClient, err := client.New(ctx, masterServer, *apiVersion, nil)
-	if err != nil {
-		glog.Fatalf("Can't configure client: %v", err)
+	if clientConfig.Host == "" {
+		// TODO: eventually apiserver should start on 443 and be secure by default
+		clientConfig.Host = "http://localhost:8080"
 	}
-
-	// TODO: this won't work if TLS is enabled with client cert auth, but no
-	// passwords are required. Refactor when we address client auth abstraction.
-	if kubeClient.Secure() {
+	if client.IsConfigTransportSecure(clientConfig) {
 		auth, err := kubecfg.LoadAuthInfo(*authConfig, os.Stdin)
 		if err != nil {
 			glog.Fatalf("Error loading auth: %v", err)
 		}
-		if *caFile != "" {
-			auth.CAFile = *caFile
-		}
-		if *certFile != "" {
-			auth.CertFile = *certFile
-		}
-		if *keyFile != "" {
-			auth.KeyFile = *keyFile
-		}
-		kubeClient, err = client.New(ctx, masterServer, *apiVersion, auth)
-		if err != nil {
-			glog.Fatalf("Can't configure client: %v", err)
-		}
+		clientConfig.Username = auth.User
+		clientConfig.Password = auth.Password
+	}
+	kubeClient, err := client.New(clientConfig)
+	if err != nil {
+		glog.Fatalf("Can't configure client: %v", err)
 	}
 
 	if *serverVersion != verflag.VersionFalse {

cmd/proxy/proxy.go

@@ -20,8 +20,6 @@ import (
 	"flag"
 	"time"
 
-	"github.com/GoogleCloudPlatform/kubernetes/pkg/api"
-	"github.com/GoogleCloudPlatform/kubernetes/pkg/api/latest"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/client"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/proxy"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/proxy/config"
@@ -33,12 +31,13 @@ import (
 
 var (
 	configFile     = flag.String("configfile", "/tmp/proxy_config", "Configuration file for the proxy")
-	master         = flag.String("master", "", "The address of the Kubernetes API server (optional)")
 	etcdServerList util.StringList
 	bindAddress    = flag.String("bindaddress", "0.0.0.0", "The address for the proxy server to serve on (set to 0.0.0.0 or \"\" for all interfaces)")
+	clientConfig   = &client.Config{}
 )
 
 func init() {
+	client.BindClientConfigFlags(flag.CommandLine, clientConfig)
 	flag.Var(&etcdServerList, "etcd_servers", "List of etcd servers to watch (http://ip:port), comma separated (optional)")
 }
 
@@ -53,13 +52,11 @@ func main() {
 	endpointsConfig := config.NewEndpointsConfig()
 
 	// define api config source
-	if *master != "" {
-		glog.Infof("Using api calls to get config %v", *master)
-		ctx := api.NewContext()
-		//TODO: add auth info
-		client, err := client.New(ctx, *master, latest.OldestVersion, nil)
+	if clientConfig.Host != "" {
+		glog.Infof("Using api calls to get config %v", clientConfig.Host)
+		client, err := client.New(clientConfig)
 		if err != nil {
-			glog.Fatalf("Invalid -master: %v", err)
+			glog.Fatalf("Invalid API configuration: %v", err)
 		}
 		config.NewSourceAPI(
 			client,
@@ -70,7 +67,7 @@ func main() {
 	}
 
 	// Create a configuration source that handles configuration from etcd.
-	if len(etcdServerList) > 0 && *master == "" {
+	if len(etcdServerList) > 0 && clientConfig.Host == "" {
 		glog.Infof("Using etcd servers %v", etcdServerList)
 
 		// Set up logger for etcd client

pkg/api/testapi/testapi.go

@@ -0,0 +1,42 @@
+/*
+Copyright 2014 Google Inc. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package testapi provides a helper for retrieving the KUBE_API_VERSION environment variable.
+package testapi
+
+import (
+	"os"
+
+	"github.com/GoogleCloudPlatform/kubernetes/pkg/api/latest"
+	"github.com/GoogleCloudPlatform/kubernetes/pkg/runtime"
+)
+
+// Version returns the API version to test against as set by the KUBE_API_VERSION env var.
+func Version() string {
+	version := os.Getenv("KUBE_API_VERSION")
+	if version == "" {
+		version = latest.Version
+	}
+	return version
+}
+
+func CodecForVersionOrDie() runtime.Codec {
+	interfaces, err := latest.InterfacesFor(Version())
+	if err != nil {
+		panic(err)
+	}
+	return interfaces.Codec
+}