Merge pull request #52 from tg123/sensitive_conf

make BuildConfigFromConfigFile less sensitive

Author: brendandburns

src/KubeConfigModels/K8SConfiguration.cs

@@ -1,4 +1,4 @@
-namespace k8s.KubeConfigModels
+namespace k8s.KubeConfigModels
 {
     using System.Collections.Generic;
     using YamlDotNet.Serialization;
@@ -9,7 +9,7 @@
     public class K8SConfiguration
     {
         [YamlMember(Alias = "preferences")]
-        public IDictionary<string, object> preferences{ get; set; }
+        public IDictionary<string, object> Preferences{ get; set; }
 
         [YamlMember(Alias = "apiVersion")]
         public string ApiVersion { get; set; }
@@ -21,12 +21,12 @@ public class K8SConfiguration
         public string CurrentContext { get; set; }
 
         [YamlMember(Alias = "contexts")]
-        public IEnumerable<Context> Contexts { get; set; }
+        public IEnumerable<Context> Contexts { get; set; } = new Context[0];
 
         [YamlMember(Alias = "clusters")]
-        public IEnumerable<Cluster> Clusters { get; set; }
+        public IEnumerable<Cluster> Clusters { get; set; } = new Cluster[0];
 
         [YamlMember(Alias = "users")]
-        public IEnumerable<User> Users { get; set; }
+        public IEnumerable<User> Users { get; set; } = new User[0];
     }
 }

src/Kubernetes.ConfigInit.cs

@@ -1,10 +1,10 @@
-using k8s.Models;
 using System;
 using System.Diagnostics.CodeAnalysis;
 using System.Net.Http;
 using System.Net.Security;
 using System.Security.Cryptography.X509Certificates;
 using k8s.Exceptions;
+using k8s.Models;
 using Microsoft.Rest;
 
 namespace k8s
@@ -22,8 +22,21 @@ public partial class Kubernetes
         /// </param>
         public Kubernetes(KubernetesClientConfiguration config, params DelegatingHandler[] handlers) : this(handlers)
         {
+            if (string.IsNullOrWhiteSpace(config.Host))
+            {
+                throw new KubeConfigException("Host url must be set");
+            }
+
+            try
+            {
+                BaseUri = new Uri(config.Host);
+            }
+            catch (UriFormatException e)
+            {
+                throw new KubeConfigException("Bad host url", e);
+            }
+
             CaCert = config.SslCaCert;
-            BaseUri = new Uri(config.Host);
 
             if (BaseUri.Scheme == "https")
             {

src/KubernetesClientConfiguration.ConfigFile.cs

@@ -12,35 +12,37 @@ namespace k8s
     public partial class KubernetesClientConfiguration
     {
         /// <summary>
-        /// Gets CurrentContext
-        /// </summary>
-        public string CurrentContext { get; private set; }
-
-        /// <summary>
-        /// kubeconfig Default Location
+        ///     kubeconfig Default Location
         /// </summary>
         private static readonly string KubeConfigDefaultLocation =
             RuntimeInformation.IsOSPlatform(OSPlatform.Windows)
                 ? Path.Combine(Environment.GetEnvironmentVariable("USERPROFILE"), @".kube\config")
                 : Path.Combine(Environment.GetEnvironmentVariable("HOME"), ".kube/config");
 
         /// <summary>
-        /// Initializes a new instance of the <see cref="KubernetesClientConfiguration"/> from config file
+        ///     Gets CurrentContext
+        /// </summary>
+        public string CurrentContext { get; private set; }
+
+        /// <summary>
+        ///     Initializes a new instance of the <see cref="KubernetesClientConfiguration" /> from config file
         /// </summary>
         /// <param name="masterUrl">kube api server endpoint</param>
         /// <param name="kubeconfigPath">kubeconfig filepath</param>
-        public static KubernetesClientConfiguration BuildConfigFromConfigFile(string masterUrl = null, string kubeconfigPath = null)
+        public static KubernetesClientConfiguration BuildConfigFromConfigFile(string masterUrl = null,
+            string kubeconfigPath = null)
         {
-            return BuildConfigFromConfigFile(new FileInfo(kubeconfigPath ?? KubeConfigDefaultLocation), null, masterUrl);
+            return BuildConfigFromConfigFile(new FileInfo(kubeconfigPath ?? KubeConfigDefaultLocation), null,
+                masterUrl);
         }
 
         /// <summary>
-        /// 
         /// </summary>
         /// <param name="kubeconfig">Fileinfo of the kubeconfig, cannot be null</param>
         /// <param name="currentContext">override the context in config file, set null if do not want to override</param>
         /// <param name="masterUrl">overrider kube api server endpoint, set null if do not want to override</param>
-        public static KubernetesClientConfiguration BuildConfigFromConfigFile(FileInfo kubeconfig, string currentContext = null, string masterUrl = null)
+        public static KubernetesClientConfiguration BuildConfigFromConfigFile(FileInfo kubeconfig,
+            string currentContext = null, string masterUrl = null)
         {
             if (kubeconfig == null)
             {
@@ -49,54 +51,59 @@ public static KubernetesClientConfiguration BuildConfigFromConfigFile(FileInfo k
 
             var k8SConfig = LoadKubeConfig(kubeconfig);
             var k8SConfiguration = new KubernetesClientConfiguration();
-            k8SConfiguration.Initialize(k8SConfig, currentContext);
+
+            currentContext = currentContext ?? k8SConfig.CurrentContext;
+
+            // only init context if context if set
+            if (currentContext != null)
+            {
+                k8SConfiguration.InitializeContext(k8SConfig, currentContext);
+            }
 
             if (!string.IsNullOrWhiteSpace(masterUrl))
             {
                 k8SConfiguration.Host = masterUrl;
             }
+
+            if (string.IsNullOrWhiteSpace(k8SConfiguration.Host))
+            {
+                throw new KubeConfigException("Cannot infer server host url either from context or masterUrl");
+            }
+
             return k8SConfiguration;
         }
-            
 
         /// <summary>
-        /// Validates and Intializes Client Configuration
+        ///     Validates and Intializes Client Configuration
         /// </summary>
         /// <param name="k8SConfig">Kubernetes Configuration</param>
         /// <param name="currentContext">Current Context</param>
-        private void Initialize(K8SConfiguration k8SConfig, string currentContext = null)
+        private void InitializeContext(K8SConfiguration k8SConfig, string currentContext)
         {
-            if (k8SConfig.Contexts == null)
-            {
-                throw new KubeConfigException("No contexts found in kubeconfig");
-            }
-
-            if (k8SConfig.Clusters == null)
-            {
-                throw new KubeConfigException($"No clusters found in kubeconfig");
-            }
-
-            if (k8SConfig.Users == null)
-            {
-                throw new KubeConfigException($"No users found in kubeconfig");
-            }
-
             // current context
-            currentContext = currentContext ?? k8SConfig.CurrentContext;
-            Context activeContext =
+            var activeContext =
                 k8SConfig.Contexts.FirstOrDefault(
                     c => c.Name.Equals(currentContext, StringComparison.OrdinalIgnoreCase));
             if (activeContext == null)
             {
                 throw new KubeConfigException($"CurrentContext: {currentContext} not found in contexts in kubeconfig");
             }
 
-            this.CurrentContext = activeContext.Name;
+            CurrentContext = activeContext.Name;
 
             // cluster
+            SetClusterDetails(k8SConfig, activeContext);
+
+            // user
+            SetUserDetails(k8SConfig, activeContext);
+        }
+
+        private void SetClusterDetails(K8SConfiguration k8SConfig, Context activeContext)
+        {
             var clusterDetails =
                 k8SConfig.Clusters.FirstOrDefault(c => c.Name.Equals(activeContext.ContextDetails.Cluster,
                     StringComparison.OrdinalIgnoreCase));
+
             if (clusterDetails?.ClusterEndpoint == null)
             {
                 throw new KubeConfigException($"Cluster not found for context {activeContext} in kubeconfig");
@@ -106,33 +113,49 @@ private void Initialize(K8SConfiguration k8SConfig, string currentContext = null
             {
                 throw new KubeConfigException($"Server not found for current-context {activeContext} in kubeconfig");
             }
+            Host = clusterDetails.ClusterEndpoint.Server;
 
-            if (!clusterDetails.ClusterEndpoint.SkipTlsVerify &&
-                string.IsNullOrWhiteSpace(clusterDetails.ClusterEndpoint.CertificateAuthorityData) &&
-                string.IsNullOrWhiteSpace(clusterDetails.ClusterEndpoint.CertificateAuthority))
-            {
-                throw new KubeConfigException(
-                    $"neither certificate-authority-data nor certificate-authority not found for current-context :{activeContext} in kubeconfig");
-            }
+            SkipTlsVerify = clusterDetails.ClusterEndpoint.SkipTlsVerify;
 
-            this.Host = clusterDetails.ClusterEndpoint.Server;
-            if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthorityData))
+            try
             {
-                string data = clusterDetails.ClusterEndpoint.CertificateAuthorityData;
-                this.SslCaCert = new X509Certificate2(Convert.FromBase64String(data));
+                var uri = new Uri(Host);
+                if (uri.Scheme == "https")
+                {
+
+                    // check certificate for https
+                    if (!clusterDetails.ClusterEndpoint.SkipTlsVerify &&
+                        string.IsNullOrWhiteSpace(clusterDetails.ClusterEndpoint.CertificateAuthorityData) &&
+                        string.IsNullOrWhiteSpace(clusterDetails.ClusterEndpoint.CertificateAuthority))
+                    {
+                        throw new KubeConfigException(
+                            $"neither certificate-authority-data nor certificate-authority not found for current-context :{activeContext} in kubeconfig");
+                    }
+
+                    if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthorityData))
+                    {
+                        var data = clusterDetails.ClusterEndpoint.CertificateAuthorityData;
+                        SslCaCert = new X509Certificate2(Convert.FromBase64String(data));
+                    }
+                    else if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthority))
+                    {
+                        SslCaCert = new X509Certificate2(clusterDetails.ClusterEndpoint.CertificateAuthority);
+                    }
+                }
             }
-            else if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthority))
+            catch (UriFormatException e)
             {
-                this.SslCaCert = new X509Certificate2(clusterDetails.ClusterEndpoint.CertificateAuthority);
+                throw new KubeConfigException("Bad Server host url", e);
             }
-            this.SkipTlsVerify = clusterDetails.ClusterEndpoint.SkipTlsVerify;
-
-            // user
-            this.SetUserDetails(k8SConfig, activeContext);
         }
 
         private void SetUserDetails(K8SConfiguration k8SConfig, Context activeContext)
         {
+            if (string.IsNullOrWhiteSpace(activeContext.ContextDetails.User))
+            {
+                return;
+            }
+
             var userDetails = k8SConfig.Users.FirstOrDefault(c => c.Name.Equals(activeContext.ContextDetails.User,
                 StringComparison.OrdinalIgnoreCase));
 
@@ -151,31 +174,31 @@ private void SetUserDetails(K8SConfiguration k8SConfig, Context activeContext)
             // Basic and bearer tokens are mutually exclusive
             if (!string.IsNullOrWhiteSpace(userDetails.UserCredentials.Token))
             {
-                this.AccessToken = userDetails.UserCredentials.Token;
+                AccessToken = userDetails.UserCredentials.Token;
                 userCredentialsFound = true;
             }
             else if (!string.IsNullOrWhiteSpace(userDetails.UserCredentials.UserName) &&
                      !string.IsNullOrWhiteSpace(userDetails.UserCredentials.Password))
             {
-                this.Username = userDetails.UserCredentials.UserName;
-                this.Password = userDetails.UserCredentials.Password;
+                Username = userDetails.UserCredentials.UserName;
+                Password = userDetails.UserCredentials.Password;
                 userCredentialsFound = true;
             }
 
             // Token and cert based auth can co-exist
             if (!string.IsNullOrWhiteSpace(userDetails.UserCredentials.ClientCertificateData) &&
                 !string.IsNullOrWhiteSpace(userDetails.UserCredentials.ClientKeyData))
             {
-                this.ClientCertificateData = userDetails.UserCredentials.ClientCertificateData;
-                this.ClientCertificateKeyData = userDetails.UserCredentials.ClientKeyData;
+                ClientCertificateData = userDetails.UserCredentials.ClientCertificateData;
+                ClientCertificateKeyData = userDetails.UserCredentials.ClientKeyData;
                 userCredentialsFound = true;
             }
 
             if (!string.IsNullOrWhiteSpace(userDetails.UserCredentials.ClientCertificate) &&
                 !string.IsNullOrWhiteSpace(userDetails.UserCredentials.ClientKey))
             {
-                this.ClientCertificateFilePath = userDetails.UserCredentials.ClientCertificate;
-                this.ClientKeyFilePath = userDetails.UserCredentials.ClientKey;
+                ClientCertificateFilePath = userDetails.UserCredentials.ClientCertificate;
+                ClientKeyFilePath = userDetails.UserCredentials.ClientKey;
                 userCredentialsFound = true;
             }
 
@@ -187,7 +210,7 @@ private void SetUserDetails(K8SConfiguration k8SConfig, Context activeContext)
         }
 
         /// <summary>
-        /// Loads Kube Config
+        ///     Loads Kube Config
         /// </summary>
         /// <param name="kubeconfig">Kube config file contents</param>
         /// <returns>Instance of the <see cref="K8SConfiguration"/> class</returns>
@@ -197,11 +220,10 @@ private static K8SConfiguration LoadKubeConfig(FileInfo kubeconfig)
             {
                 throw new KubeConfigException($"kubeconfig file not found at {kubeconfig.FullName}");
             }
-            var kubeconfigContent = File.ReadAllText(kubeconfig.FullName);
 
             var deserializeBuilder = new DeserializerBuilder();
             var deserializer = deserializeBuilder.Build();
-            return deserializer.Deserialize<K8SConfiguration>(kubeconfigContent);
+            return deserializer.Deserialize<K8SConfiguration>(kubeconfig.OpenText());
         }
     }
-}
+}