H`SrSSKJr SSKJr SSKJr SSKrSSKrSSKJr SSKJ r SSKJ r SS KJ r SS KJ r SS KJr SS KJr SS KJr "SS\ R&5r"SS\5rSr"SS\5rS SjrS!SjrSrSrSrS\-rS"SjrS#SjrSr Sr!Sr"g)$z-Utilities for loading and parsing kubeconfig.)absolute_import)division)unicode_literalsN)config) exceptions)log) properties)yaml)encoding)files) platformsc\rSrSrSrSrg)Error#z0Class for errors raised by kubeconfig utilities.N__name__ __module__ __qualname____firstlineno____doc____static_attributes__r2lib/googlecloudsdk/api_lib/container/kubeconfig.pyrr#s8rrc\rSrSrSrSrg)MissingEnvVarError'zDAn exception raised when required environment variables are missing.rNrrrrrr'sLrrgke_gcloud_auth_plugin_cachec\rSrSrSrSr\S5r\S5rSr Sr Sr \ S 5r \ S 5r\ S 5r\ S 5r\S 5rSrSrg) Kubeconfig.z1Interface for interacting with a kubeconfig file.cX lXl0Ul0Ul0UlSnURSHnUnX@RUS'M URSHnUnXPRUS'M URSHnUnX`RUS'M g![ an[ SRXs55eSnAff=f)Nclustersnameuserscontextsz(expected key {0} not found for entry {1}) _filename_datar#r%r&KeyErrorrformat)selfraw_datafilenameentryclusterusercontexterrors r__init__Kubeconfig.__init__1sNJDMDJDM E ZZ +')0 gfo&,**W%$#' 4< &ZZ +')0 gfo&,   4 ; ;E I sA;B!! C +CC c URS$Ncurrent-contextr(r+s rcurrent_contextKubeconfig.current_contextJs ::' ((rcUR$N)r'r9s rr-Kubeconfig.filenameNs >>rc URRUS5 URRUS5 URRUS5 URR S5U:XaSURS'gg)Nr7)r&popr#r%r(get)r+keys rClearKubeconfig.ClearRsfMMc4 MMc4 JJNN3 zz~~'(C/&(djj"#0rc[URR55URS'[URR55URS'[UR R55URS'[ R"URSS9n[R"URU5 SSS5 [RRUR5n[RRU[5n[RR!U5(a[ R""US5 gg!,(df  N=f)znSave kubeconfig to file. Raises: Error: don't have the permission to open kubeconfig or plugin cache file. r#r%r&T)privateNr@)listr#valuesr(r%r& file_utils FileWriterr'r dumpospathdirnamejoin&GKE_GCLOUD_AUTH_PLUGIN_CACHE_FILE_NAMEexistsWriteFileAtomically)r+fprO gke_gcloud_auth_plugin_file_paths r SaveToFileKubeconfig.SaveToFileYs "$--"6"6"89DJJztzz0023DJJw!$--"6"6"89DJJz   t~~t < ii B =ggoodnn-G')ww||7($ ww~~677$$%ErJ8 = 2#$)T**)00DOL  3 > .55e< ==>sA*A B'BBc[R"U5nUR U5 U"X!5$![Ra)n[SRXR55eSnAff=f)Nz&unable to load kubeconfig for {0}: {1})r load_pathrr* inner_errorr`)r^r-r_r2s r LoadFromFileKubeconfig.LoadFromFilesh ^^H %dMM$ t  ::  2 9 9))  s1A.$A))A.c[RRU5(a[SR U55e[RR U5(aUR U5$[R"[RRU55 U"[5U5nUR5 U$![[4a/n[R"SR X!55 SnANSnAff=f)zARead in the kubeconfig, and if it doesn't exist create one there.z*{0} is a directory. File must be provided.z6unable to load default kubeconfig: {0}; recreating {1}N)rMrNisdirIsADirectoryErrorr*isfilererIOErrorrdebugrJMakeDirrOEmptyKubeconfigrV)r^rNr2 kubeconfigs r LoadOrCreateKubeconfig.LoadOrCreates ww}}T  6 = =d C  ww~~d %%rwwt,-_&-J W   D K K    s$C D %DD cHUR[R55$r=)rpr DefaultPath)r^s rDefaultKubeconfig.Defaults   J224 55rc[R"[RS5nU(aPUR [R 5nUH+nU(dM [R RU5s $ [R"[RS5nU(d[RR5(a[R"[RS5n[R"[RS5nU(a&U(a[R RX45nU(d%[R"[RS5nU(dC[SR[RR5(aSS95eSS95e[R RUS S 5$) z(Return default path for kubeconfig file. KUBECONFIGHOME HOMEDRIVEHOMEPATH USERPROFILEzVenvironment variable {vars} or KUBECONFIG must be set to store credentials for kubectlz&HOMEDRIVE/HOMEPATH, USERPROFILE, HOME,)varsz.kuber)r GetEncodedValuerMenvironsplitpathseprNabspathr OperatingSystem IsWindowsrPrr*)ro kubeconfigshome_dir home_drive home_paths rrsKubeconfig.DefaultPathsN))"**lCJ$$RZZ0k#* :, ,$ '' F;H  11;;==++BJJ Dj**2::zBi  77<< 6 ++BJJ F   $$*F**4466<%+%   %+%   77<<'8 44rc^URUR=(d UR5 [[URR 55[URR 55-5Ul[[UR R 55[UR R 55-5Ul[[URR 55[URR 55-5Ulg)zMerge another kubeconfig into self. In case of overlapping keys, the value in self is kept and the value in the other kubeconfig is lost. Args: kubeconfig: a Kubeconfig instance N)rYr:dictrHr#itemsr%r&)r+ros rMergeKubeconfig.Merges 4//M:3M3MN Z & & ()D1D1D1F,GGDMd:++1134tDJJ >  (6655@rr cSU0nU(aU(a [S5eU(aX%S'OUb U(dX5S'O U(dSUS'XS.$)z0Generate and return a cluster kubeconfig object.serverz'cannot specify both ca_path and ca_datazcertificate-authorityzcertificate-authority-dataTzinsecure-skip-tls-verify)r$r/)r)r$rca_pathca_datahas_dns_endpointr/s rClusterrsX '  9 :: '. #$#3,3 () *.G &' ++rc ,U(d'U(aU(dU(aU (d [S5e0n [5n U(aBU(dU(dU(dU(dU (d[UUUUUS9U S'O[U 5U S'U(aU(a [S5eU(aXlS'O U(aX|S'U(aU (a [S5eU(aXS 'O U (aXS 'U (a'XS '[R R S US 35 X S.$)acGenerates and returns a user kubeconfig object. Args: name: str, nickname for this user entry. auth_provider: str, authentication provider. auth_provider_cmd_path: str, authentication provider command path. auth_provider_cmd_args: str, authentication provider command args. auth_provider_expiry_key: str, authentication provider expiry key. auth_provider_token_key: str, authentication provider token key. cert_path: str, path to client certificate file. cert_data: str, base64 encoded client certificate data. key_path: str, path to client key file. key_data: str, base64 encoded client key data. impersonate_service_account: str, service account to impersonate. iam_token: str, IAM token to use for authentication. Returns: dict, valid kubeconfig user entry. Raises: Error: if no auth info is provided (auth_provider or cert AND key) z3either auth_provider or cert & key must be provided)r$cmd_pathcmd_args expiry_key token_keyz auth-providerexecz+cannot specify both cert_path and cert_datazclient-certificatezclient-certificate-dataz)cannot specify both key_path and key_dataz client-keyzclient-key-datatokenz-Added IAM token to kubeconfig entry for user .)r$r0)r _UseExecAuth _AuthProvider_ExecAuthPluginrstatusPrint)r$ auth_providerauth_provider_cmd_pathauth_provider_cmd_argsauth_provider_expiry_keyauth_provider_token_key cert_path cert_datakey_pathkey_dataimpersonate_service_account iam_tokenr0 use_exec_auths rUserrsL hI( E FF $.-  ! # ",))-+ d?%%@Ad6l9 = >>!* &/ "# ( ; << !& MJJDTF!LM %%rcSn[R"[RS5nU(aUR 5S:XaSnU$U(aUR 5S:XaSnU$)zqReturns a bool noting if ExecAuth should be enabled. Returns: bool, which notes if ExecAuth should be enabled TUSE_GKE_GCLOUD_AUTH_PLUGINtruefalseF)r r}rMr~lower)ruse_gke_gcloud_auth_plugins rrrCsh-'77jj.  ! $ * * , 6M  ! $ * * , 7M rzPath to sdk installation not found. Please switch to application default credentials using one of $ gcloud config set container/use_application_default_credentials true $ export CLOUDSDK_CONTAINER_USE_APPLICATION_DEFAULT_CREDENTIALS=truezInstall gke-gcloud-auth-plugin for use with kubectl by following https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-access-for-kubectl#install_pluginz{ACTION REQUIRED: gke-gcloud-auth-plugin, which is needed for continued use of kubectl, was not found or is not executable. c[RRRR 5n[ 5nUS[ SS.n/nU(aURS5 U(aURSU-5 U(aXCS'U$)a Generate and return an exec auth plugin config. Constructs an exec auth plugin config entry readable by kubectl. This tells kubectl to call out to gke-gcloud-auth-plugin and parse the output to retrieve access tokens to authenticate to the kubernetes master. Kubernetes GKE Auth Provider plugin is defined at https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins GKE GCloud Exec Auth Plugin code is at https://github.com/kubernetes/cloud-provider-gcp/tree/master/cmd/gke-gcloud-auth-plugin Args: impersonate_service_account: str, service account to impersonate. Returns: dict, valid exec auth plugin config entry. Raises: Error: Only one of --dns-endpoint or USE_APPLICATION_DEFAULT_CREDENTIALS should be set at a time. z$client.authentication.k8s.io/v1beta1T)command apiVersion installHintprovideClusterInfoz%--use_application_default_credentialsz--impersonate_service_account=args)r VALUES containeruse_app_default_credentialsGetBool)_GetGkeGcloudPluginCommandAndPrintWarningGKE_GCLOUD_AUTH_INSTALL_HINTappend)r#use_application_default_credentialsrexec_cfgrs rrrps2!!==EEG& 6 7':1 ( $(KK78 KK03NNO V /rc2SU0nUS:Xa[RRRR 5(dSn[ R R5(aSnUcu[R"5RnUc)[R"[5 [[5e[R R#Xv5n[%5 UU(aUOSU(aUOSU(aUOSS.nXS 'U$![&a N4f=f) aGenerates and returns an auth provider config. Constructs an auth provider config entry readable by kubectl. This tells kubectl to call out to a specific gcloud command and parse the output to retrieve access tokens to authenticate to the kubernetes master. Kubernetes gcp auth provider plugin at https://github.com/kubernetes/kubernetes/tree/master/staging/src/k8s.io/client-go/plugin/pkg/client/auth/gcp Args: name: auth provider name cmd_path: str, authentication provider command path. cmd_args: str, authentication provider command arguments. expiry_key: str, authentication provider expiry key. token_key: str, authentication provider token key. Returns: dict, valid auth provider config entry. Raises: Error: Path to sdk installation not found. Please switch to application default credentials using one of $ gcloud config set container/use_application_default_credentials true $ export CLOUDSDK_CONTAINER_USE_APPLICATION_DEFAULT_CREDENTIALS=true. r$gcpgcloudz gcloud.cmdz"config config-helper --format=jsonz{.credential.access_token}z{.credential.token_expiry})zcmd-pathzcmd-argsz token-keyz expiry-keyr)r rrrrr rrrPaths sdk_bin_pathrr2SDK_BIN_PATH_NOT_FOUNDrrMrNrPr Exception) r$rrrrproviderbin_namercfgs rrrs6d^( em))EEMMOOH  **,,h\\^00l   ()*++l5h 13!H&J#,Y1M%J*F C$X /1   s D DDc pSn[RR5(aSnUn[R"US/SS[R [R S9 U$![ a [R"5RnUc[R"[5 O[RRX!5n[R"US/SS[R [R S9 UnU$![ a [R"[5 U$f=fU$f=f)zGet Gke Gcloud Plugin Command to be used. Returns Gke Gcloud Plugin Command to be used. Also, prints warning if plugin is not present or doesn't work correctly. Returns: string, Gke Gcloud Plugin Command to be used. zgke-gcloud-auth-pluginzgke-gcloud-auth-plugin.exez --versionF)timeoutcheckstdoutstderr)r rr subprocessrunDEVNULLrrrrrcritical GKE_GCLOUD_AUTH_PLUGIN_NOT_FOUNDrMrNrP)rrrsdk_path_bin_names rrrs&(((**+H '5NN +!!!! < ./ 55\\^00l   56GGLL?  ,%%%%  $ . 5 ll34 .5 7 ./5s<6A## D5.rs 4&' &=#*$-8.9O ! !9MM*H&jjZ ,$!    $U&p8H d$#$# -bJNEP/d r