Skip to content

Commit

Permalink
Merge pull request #9780 from johngmyers/kubecfg-user
Browse files Browse the repository at this point in the history 
Put userid in kubecfg cert CommonName
  • Loading branch information
@k8s-ci-robot
k8s-ci-robot authored Aug 19, 2020
2 parents 5b7d1d7 + 7ab0a63 commit ba6fb0e
Showing 1 changed file with 13 additions and 4 deletions.
17 changes: 13 additions & 4 deletions pkg/kubeconfig/create_kubecfg.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ package kubeconfig
import (
"crypto/x509/pkix"
"fmt"
"os/user"
"sort"
"time"

Expand All @@ -34,7 +35,7 @@ import (

const DefaultKubecfgAdminLifetime = 18 * time.Hour

func BuildKubecfg(cluster *kops.Cluster, keyStore fi.Keystore, secretStore fi.SecretStore, status kops.StatusStore, configAccess clientcmd.ConfigAccess, admin time.Duration, user string) (*KubeconfigBuilder, error) {
func BuildKubecfg(cluster *kops.Cluster, keyStore fi.Keystore, secretStore fi.SecretStore, status kops.StatusStore, configAccess clientcmd.ConfigAccess, admin time.Duration, configUser string) (*KubeconfigBuilder, error) {
clusterName := cluster.ObjectMeta.Name

master := cluster.Spec.MasterPublicName
Expand Down Expand Up @@ -111,11 +112,19 @@ func BuildKubecfg(cluster *kops.Cluster, keyStore fi.Keystore, secretStore fi.Se
}

if admin != 0 {
cn := "kubecfg"
user, err := user.Current()
if err != nil || user == nil {
klog.Infof("unable to get user: %v", err)
} else {
cn += "-" + user.Name
}

req := pki.IssueCertRequest{
Signer: fi.CertificateIDCA,
Type: "client",
Subject: pkix.Name{
CommonName: "kubecfg",
CommonName: cn,
Organization: []string{rbac.SystemPrivilegedGroup},
},
Validity: admin,
Expand Down Expand Up @@ -165,10 +174,10 @@ func BuildKubecfg(cluster *kops.Cluster, keyStore fi.Keystore, secretStore fi.Se
}
}

if user == "" {
if configUser == "" {
b.User = cluster.ObjectMeta.Name
} else {
b.User = user
b.User = configUser
}

return b, nil
Expand Down

0 comments on commit ba6fb0e

Please sign in to comment.