Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
K
k3s
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jacklull
k3s
Commits
7df0f6d3
Commit
7df0f6d3
authored
Nov 14, 2014
by
Daniel Smith
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #2343 from erictune/tokens_need_private_comms
Use https when Insecure is selected.
parents
f47f1da3
5c248553
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
28 additions
and
20 deletions
+28
-20
kubecfg.go
cmd/kubecfg/kubecfg.go
+1
-1
helper.go
pkg/client/helper.go
+8
-7
helper_test.go
pkg/client/helper_test.go
+18
-11
cmd.go
pkg/kubectl/cmd/cmd.go
+1
-1
No files found.
cmd/kubecfg/kubecfg.go
View file @
7df0f6d3
...
@@ -201,7 +201,7 @@ func main() {
...
@@ -201,7 +201,7 @@ func main() {
// TODO: eventually apiserver should start on 443 and be secure by default
// TODO: eventually apiserver should start on 443 and be secure by default
clientConfig
.
Host
=
"http://localhost:8080"
clientConfig
.
Host
=
"http://localhost:8080"
}
}
if
client
.
IsConfigTransport
Secure
(
clientConfig
)
{
if
client
.
IsConfigTransport
TLS
(
clientConfig
)
{
auth
,
err
:=
kubecfg
.
LoadAuthInfo
(
*
authConfig
,
os
.
Stdin
)
auth
,
err
:=
kubecfg
.
LoadAuthInfo
(
*
authConfig
,
os
.
Stdin
)
if
err
!=
nil
{
if
err
!=
nil
{
glog
.
Fatalf
(
"Error loading auth: %v"
,
err
)
glog
.
Fatalf
(
"Error loading auth: %v"
,
err
)
...
...
pkg/client/helper.go
View file @
7df0f6d3
...
@@ -172,7 +172,7 @@ func TransportFor(config *Config) (http.RoundTripper, error) {
...
@@ -172,7 +172,7 @@ func TransportFor(config *Config) (http.RoundTripper, error) {
// DefaultServerURL converts a host, host:port, or URL string to the default base server API path
// DefaultServerURL converts a host, host:port, or URL string to the default base server API path
// to use with a Client at a given API version following the standard conventions for a
// to use with a Client at a given API version following the standard conventions for a
// Kubernetes API.
// Kubernetes API.
func
DefaultServerURL
(
host
,
prefix
,
version
string
,
default
Secure
bool
)
(
*
url
.
URL
,
error
)
{
func
DefaultServerURL
(
host
,
prefix
,
version
string
,
default
TLS
bool
)
(
*
url
.
URL
,
error
)
{
if
host
==
""
{
if
host
==
""
{
return
nil
,
fmt
.
Errorf
(
"host must be a URL or a host:port pair"
)
return
nil
,
fmt
.
Errorf
(
"host must be a URL or a host:port pair"
)
}
}
...
@@ -186,7 +186,7 @@ func DefaultServerURL(host, prefix, version string, defaultSecure bool) (*url.UR
...
@@ -186,7 +186,7 @@ func DefaultServerURL(host, prefix, version string, defaultSecure bool) (*url.UR
}
}
if
hostURL
.
Scheme
==
""
{
if
hostURL
.
Scheme
==
""
{
scheme
:=
"http://"
scheme
:=
"http://"
if
default
Secure
{
if
default
TLS
{
scheme
=
"https://"
scheme
=
"https://"
}
}
hostURL
,
err
=
url
.
Parse
(
scheme
+
base
)
hostURL
,
err
=
url
.
Parse
(
scheme
+
base
)
...
@@ -213,13 +213,13 @@ func DefaultServerURL(host, prefix, version string, defaultSecure bool) (*url.UR
...
@@ -213,13 +213,13 @@ func DefaultServerURL(host, prefix, version string, defaultSecure bool) (*url.UR
return
hostURL
,
nil
return
hostURL
,
nil
}
}
// IsConfigTransport
Secure
returns true iff the provided config will result in a protected
// IsConfigTransport
TLS
returns true iff the provided config will result in a protected
// connection to the server when it is passed to client.New() or client.RESTClientFor().
// connection to the server when it is passed to client.New() or client.RESTClientFor().
// Use to determine when to send credentials over the wire.
// Use to determine when to send credentials over the wire.
//
//
// Note: the Insecure flag is ignored when testing for this value, so MITM attacks are
// Note: the Insecure flag is ignored when testing for this value, so MITM attacks are
// still possible.
// still possible.
func
IsConfigTransport
Secure
(
config
*
Config
)
bool
{
func
IsConfigTransport
TLS
(
config
*
Config
)
bool
{
baseURL
,
err
:=
defaultServerUrlFor
(
config
)
baseURL
,
err
:=
defaultServerUrlFor
(
config
)
if
err
!=
nil
{
if
err
!=
nil
{
return
false
return
false
...
@@ -227,16 +227,17 @@ func IsConfigTransportSecure(config *Config) bool {
...
@@ -227,16 +227,17 @@ func IsConfigTransportSecure(config *Config) bool {
return
baseURL
.
Scheme
==
"https"
return
baseURL
.
Scheme
==
"https"
}
}
// defaultServerUrlFor is shared between IsConfig
Secure
and RESTClientFor
// defaultServerUrlFor is shared between IsConfig
TransportTLS
and RESTClientFor
func
defaultServerUrlFor
(
config
*
Config
)
(
*
url
.
URL
,
error
)
{
func
defaultServerUrlFor
(
config
*
Config
)
(
*
url
.
URL
,
error
)
{
version
:=
defaultVersionFor
(
config
)
version
:=
defaultVersionFor
(
config
)
// TODO: move the default to secure when the apiserver supports TLS by default
// TODO: move the default to secure when the apiserver supports TLS by default
defaultSecure
:=
config
.
CertFile
!=
""
// config.Insecure is taken to mean "I want HTTPS but don't bother checking the certs against a CA."
defaultTLS
:=
config
.
CertFile
!=
""
||
config
.
Insecure
host
:=
config
.
Host
host
:=
config
.
Host
if
host
==
""
{
if
host
==
""
{
host
=
"localhost"
host
=
"localhost"
}
}
return
DefaultServerURL
(
host
,
config
.
Prefix
,
version
,
default
Secure
)
return
DefaultServerURL
(
host
,
config
.
Prefix
,
version
,
default
TLS
)
}
}
// defaultVersionFor is shared between defaultServerUrlFor and RESTClientFor
// defaultVersionFor is shared between defaultServerUrlFor and RESTClientFor
...
...
pkg/client/helper_test.go
View file @
7df0f6d3
...
@@ -47,40 +47,47 @@ func TestTransportFor(t *testing.T) {
...
@@ -47,40 +47,47 @@ func TestTransportFor(t *testing.T) {
}
}
}
}
func
TestIsConfigTransport
Secure
(
t
*
testing
.
T
)
{
func
TestIsConfigTransport
TLS
(
t
*
testing
.
T
)
{
testCases
:=
[]
struct
{
testCases
:=
[]
struct
{
Config
*
Config
Config
*
Config
Secure
bool
TransportTLS
bool
}{
}{
{
{
Config
:
&
Config
{},
Config
:
&
Config
{},
Secure
:
false
,
TransportTLS
:
false
,
},
},
{
{
Config
:
&
Config
{
Config
:
&
Config
{
Host
:
"https://localhost"
,
Host
:
"https://localhost"
,
},
},
Secure
:
true
,
TransportTLS
:
true
,
},
},
{
{
Config
:
&
Config
{
Config
:
&
Config
{
Host
:
"localhost"
,
Host
:
"localhost"
,
CertFile
:
"foo"
,
CertFile
:
"foo"
,
},
},
Secure
:
true
,
TransportTLS
:
true
,
},
},
{
{
Config
:
&
Config
{
Config
:
&
Config
{
Host
:
"///:://localhost"
,
Host
:
"///:://localhost"
,
CertFile
:
"foo"
,
CertFile
:
"foo"
,
},
},
Secure
:
false
,
TransportTLS
:
false
,
},
{
Config
:
&
Config
{
Host
:
"1.2.3.4:567"
,
Insecure
:
true
,
},
TransportTLS
:
true
,
},
},
}
}
for
_
,
testCase
:=
range
testCases
{
for
_
,
testCase
:=
range
testCases
{
secure
:=
IsConfigTransportSecure
(
testCase
.
Config
)
useTLS
:=
IsConfigTransportTLS
(
testCase
.
Config
)
if
testCase
.
Secure
!=
secure
{
if
testCase
.
TransportTLS
!=
useTLS
{
t
.
Errorf
(
"expected %v for %#v"
,
testCase
.
Secure
,
testCase
.
Config
)
t
.
Errorf
(
"expected %v for %#v"
,
testCase
.
TransportTLS
,
testCase
.
Config
)
}
}
}
}
}
}
pkg/kubectl/cmd/cmd.go
View file @
7df0f6d3
...
@@ -170,7 +170,7 @@ func GetKubeConfig(cmd *cobra.Command) *client.Config {
...
@@ -170,7 +170,7 @@ func GetKubeConfig(cmd *cobra.Command) *client.Config {
}
}
config
.
Host
=
host
config
.
Host
=
host
if
client
.
IsConfigTransport
Secure
(
config
)
{
if
client
.
IsConfigTransport
TLS
(
config
)
{
// Get the values from the file on disk (or from the user at the
// Get the values from the file on disk (or from the user at the
// command line). Override them with the command line parameters, if
// command line). Override them with the command line parameters, if
// provided.
// provided.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment