Fix #221. Append oci profile and auth to kubeconfig exec args

oracle · Feb 10, 2025 · e5f699c · e5f699c
1 parent 35de1fa
commit e5f699c
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 2 deletions.
diff --git a/scripts/examples/project_o/oci_commands b/scripts/examples/project_o/oci_commands
@@ -602,7 +602,7 @@ oci ce addon-option list --kubernetes-version [text] + --addon-name [text] --all
 oci ce cluster cluster-migrate-to-native-vcn --cluster-id [text] --endpoint-config [complex type] + --decommission-delay-duration [text] --from-json [text] --if-match [text] --max-wait-seconds [integer] --wait-for-state [ACCEPTED|CANCELED|CANCELING|FAILED|IN_PROGRESS|SUCCEEDED] --wait-interval-seconds [integer]
 oci ce cluster complete-credential-rotation --cluster-id [text] + --from-json [text] --if-match [text] --max-wait-seconds [integer] --wait-for-state [ACCEPTED|CANCELED|CANCELING|FAILED|IN_PROGRESS|SUCCEEDED] --wait-interval-seconds [integer]
 oci ce cluster create --compartment-id [text] --kubernetes-version [text] --name [text] --vcn-id [text] + --cluster-pod-network-options [complex type] --dashboard-enabled [boolean] --defined-tags [complex type] --endpoint-nsg-ids [complex type] --endpoint-public-ip-enabled [boolean] --endpoint-subnet-id [text] --freeform-tags [complex type] --from-json [text] --image-policy-config [complex type] --kms-key-id [text] --max-wait-seconds [integer] --persistent-volume-defined-tags [complex type] --persistent-volume-freeform-tags [complex type] --pods-cidr [text] --service-lb-defined-tags [complex type] --service-lb-freeform-tags [complex type] --service-lb-subnet-ids [complex type] --services-cidr [text] --tiller-enabled [boolean] --type [BASIC_CLUSTER|ENHANCED_CLUSTER] --wait-for-state [ACCEPTED|CANCELED|CANCELING|FAILED|IN_PROGRESS|SUCCEEDED] --wait-interval-seconds [integer]
-oci ce cluster create-kubeconfig --cluster-id [text] + --expiration [integer] --file [path] --from-json [text] --kube-endpoint [LEGACY_KUBERNETES|PRIVATE_ENDPOINT|PUBLIC_ENDPOINT|VCN_HOSTNAME] --overwrite --token-version [text] --token-version [2.0.0]
+oci ce cluster create-kubeconfig --cluster-id [text] + --expiration [integer] --file [path] --from-json [text] --kube-endpoint [LEGACY_KUBERNETES|PRIVATE_ENDPOINT|PUBLIC_ENDPOINT|VCN_HOSTNAME] --overwrite --token-version [text] --token-version [2.0.0] --with-auth-context
 oci ce cluster delete --cluster-id [text] + --force --from-json [text] --if-match [text] --max-wait-seconds [integer] --wait-for-state [ACCEPTED|CANCELED|CANCELING|FAILED|IN_PROGRESS|SUCCEEDED] --wait-interval-seconds [integer]
 oci ce cluster disable-addon --addon-name [text] --cluster-id [text] --is-remove-existing-add-on [boolean] + --force --from-json [text] --if-match [text] --max-wait-seconds [integer] --wait-for-state [ACCEPTED|CANCELED|CANCELING|FAILED|IN_PROGRESS|SUCCEEDED] --wait-interval-seconds [integer]
 oci ce cluster generate-token --cluster-id [text] + --from-json [text]

diff --git a/services/container_engine/src/oci_cli_container_engine/containerengine_cli_extended.py b/services/container_engine/src/oci_cli_container_engine/containerengine_cli_extended.py
@@ -580,10 +580,12 @@ def update_node_pool(ctx, **kwargs):
 @cli_util.option('--kube-endpoint', type=custom_types.CliCaseInsensitiveChoice(["LEGACY_KUBERNETES", "PUBLIC_ENDPOINT", "PRIVATE_ENDPOINT", "VCN_HOSTNAME"]), help=u"""The endpoint to target. A cluster may have multiple endpoints exposed but the kubeconfig can only target one at a time. Supported values LEGACY_KUBERNETES, PUBLIC_ENDPOINT, PRIVATE_ENDPOINT, VCN_HOSTNAME""")
 @cli_util.option('--overwrite', is_flag=True, help="""Overwrites the contents of kubeconfig file specified using --file\
  option or kubeconfig file at default location if --file is not used.""")
+@cli_util.option('--with-auth-context', default=False, is_flag=True, help="""Appends the current authentication context of the OCI CLI command\
+ to the kubeconfig user exec command required to generate the OKE endpoint token.""")
 @click.pass_context
 @json_skeleton_utils.json_skeleton_generation_handler(input_params_to_complex_types={})
 @cli_util.wrap_exceptions
-def create_kubeconfig(ctx, from_json, file, cluster_id, token_version, expiration, kube_endpoint, overwrite):
+def create_kubeconfig(ctx, from_json, file, cluster_id, token_version, expiration, kube_endpoint, overwrite, with_auth_context):
     if isinstance(cluster_id, six.string_types) and len(cluster_id.strip()) == 0:
         raise click.UsageError('Parameter --cluster-id cannot be whitespace or empty string')
 
@@ -613,6 +615,22 @@ def create_kubeconfig(ctx, from_json, file, cluster_id, token_version, expiratio
     for chunk in result.data.raw.stream(cli_constants.MEBIBYTE, decode_content=True):
         new_kubeconfig = b''.join([new_kubeconfig, chunk])
 
+    # enrich kubeconfig auth command with oci cli auth and profile
+    auth = ctx.obj.get('auth', '')
+    profile = ctx.obj.get('profile', '')
+    try:
+        temp_kubeconfig = yaml.safe_load(new_kubeconfig)
+        if with_auth_context and auth:
+            temp_kubeconfig['users'][0]['user']['exec']['args'].extend(['--auth', auth])
+        if with_auth_context and profile:
+            temp_kubeconfig['users'][0]['user']['exec']['args'].extend(['--profile', profile])
+        new_kubeconfig = yaml.dump(temp_kubeconfig, encoding=('utf-8'))
+    except yaml.YAMLError as e:
+        click.echo('Error parsing configuration file {}'.format(e))
+        return
+    except (KeyError, IndexError):
+        pass        
+
     file = os.path.expandvars(os.path.expanduser(file))
     # If the user wants stdout; just print it after decoding in utf-8 format.
     if file == '-':