-
Notifications
You must be signed in to change notification settings - Fork 1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
refactor(kubernetes): Fix some unsafe casts in credential creation (#…
…4023) * refactor(kubernetes): Split CredentialFactory to V1 and V2 A lot of the unecessary casts that we do when creating credentials stem from the fact that we have a single CredentialFactory with different methods for creating V1 and V2 credentials. Instead, make a generic interface KubernetesCredentialFactory that pulls out the common logic to default methods. (These default methods should probably both eventually live somewhere else, but I think having them on the interface is a resonable solution for now.) Then give both the V1 and V2 credentials an inner factory class that implements that interface and allows us to create credentials in a type-safe way. It also logically makes more sense, as the factory for credentials lives with the credentials it's creating. * refactor(kubernetes): Add some generic bounds to the account code Add some parametrized types to eliminate a bunch of unsafe casts. * refactor(kubernetes): Push getSpinnakerKindMap to V1/V2 The getSpinnakerKindMap function on the base KubernetesNamedAccountCredentials class is needed to support sending the kind map to the UI. It forks using an if block depending on which implementation we're using, which means we should push the logic down to the actual implementations. One solution would have been to keep the kind map at the top level and just implement an "add custom resources" in the V2 provider class (that is a no-op in V1). I didn't do that because: (1) It's strange that there's logic in this class anyway, which is just supposed to hold some metadata and delegate down to the actual credentials. (2) Ultimately, it probably makes sense for the V2 provider to implement its own account-specific KubernetesSpinnakerKindMap instead of building this map on the fly. Pushing this down to the V1/V2 implementations allows us to do this later. * fix(kubernetes): Add missing import statements
- Loading branch information
Showing
26 changed files
with
285 additions
and
235 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
56 changes: 56 additions & 0 deletions
56
...vy/com/netflix/spinnaker/clouddriver/kubernetes/security/KubernetesCredentialFactory.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
/* | ||
* Copyright 2019 Google, Inc. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License") | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package com.netflix.spinnaker.clouddriver.kubernetes.security; | ||
|
||
import com.netflix.spinnaker.clouddriver.kubernetes.config.KubernetesConfigurationProperties; | ||
import com.netflix.spinnaker.kork.configserver.ConfigFileService; | ||
import org.apache.commons.lang3.StringUtils; | ||
|
||
public interface KubernetesCredentialFactory<C extends KubernetesCredentials> { | ||
C build(KubernetesConfigurationProperties.ManagedAccount managedAccount); | ||
|
||
default void validateAccount(KubernetesConfigurationProperties.ManagedAccount managedAccount) { | ||
if (StringUtils.isEmpty(managedAccount.getName())) { | ||
throw new IllegalArgumentException("Account name for Kubernetes provider missing."); | ||
} | ||
|
||
if (!managedAccount.getOmitNamespaces().isEmpty() | ||
&& !managedAccount.getNamespaces().isEmpty()) { | ||
throw new IllegalArgumentException( | ||
"At most one of 'namespaces' and 'omitNamespaces' can be specified"); | ||
} | ||
|
||
if (!managedAccount.getOmitKinds().isEmpty() && !managedAccount.getKinds().isEmpty()) { | ||
throw new IllegalArgumentException("At most one of 'kinds' and 'omitKinds' can be specified"); | ||
} | ||
} | ||
|
||
default String getKubeconfigFile( | ||
ConfigFileService configFileService, | ||
KubernetesConfigurationProperties.ManagedAccount managedAccount) { | ||
if (StringUtils.isNotEmpty(managedAccount.getKubeconfigFile())) { | ||
return configFileService.getLocalPath(managedAccount.getKubeconfigFile()); | ||
} | ||
|
||
if (StringUtils.isNotEmpty(managedAccount.getKubeconfigContents())) { | ||
return configFileService.getLocalPathForContents( | ||
managedAccount.getKubeconfigContents(), managedAccount.getName()); | ||
} | ||
|
||
return System.getProperty("user.home") + "/.kube/config"; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.