Add support for multiple kubeconfigs in the KUBECONFIG env var.

Author: brendandburns

src/config.ts

@@ -45,11 +45,6 @@ export class KubeConfig {
      */
     public 'currentContext': string;
 
-    /**
-     * Root directory for a config file driven config. Used for loading relative cert paths.
-     */
-    public 'rootDirectory': string;
-
     public getContexts() {
         return this.contexts;
     }
@@ -102,8 +97,9 @@ export class KubeConfig {
     }
 
     public loadFromFile(file: string) {
-        this.rootDirectory = path.dirname(file);
+        const rootDirectory = path.dirname(file);
         this.loadFromString(fs.readFileSync(file, 'utf8'));
+        this.makePathsAbsolute(rootDirectory);
     }
 
     public applytoHTTPSOptions(opts: https.RequestOptions) {
@@ -201,9 +197,55 @@ export class KubeConfig {
         this.currentContext = contextName;
     }
 
+    public mergeConfig(config: KubeConfig) {
+        this.currentContext = config.currentContext;
+        config.clusters.forEach((cluster: Cluster) => {
+            this.addCluster(cluster);
+        });
+        config.users.forEach((user: User) => {
+            this.addUser(user);
+        });
+        config.contexts.forEach((ctx: Context) => {
+            this.addContext(ctx);
+        });
+    }
+
+    public addCluster(cluster: Cluster) {
+        this.clusters.forEach((c: Cluster, ix: number) => {
+            if (c.name === cluster.name) {
+                throw new Error(`Duplicate cluster: ${c.name}`);
+            }
+        });
+        this.clusters.push(cluster);
+    }
+
+    public addUser(user: User) {
+        this.users.forEach((c: User, ix: number) => {
+            if (c.name === user.name) {
+                throw new Error(`Duplicate user: ${c.name}`);
+            }
+        });
+        this.users.push(user);
+    }
+
+    public addContext(ctx: Context) {
+        this.contexts.forEach((c: Context, ix: number) => {
+            if (c.name === ctx.name) {
+                throw new Error(`Duplicate context: ${c.name}`);
+            }
+        });
+        this.contexts.push(ctx);
+    }
+
     public loadFromDefault() {
         if (process.env.KUBECONFIG && process.env.KUBECONFIG.length > 0) {
-            this.loadFromFile(process.env.KUBECONFIG);
+            const files = process.env.KUBECONFIG.split(path.delimiter);
+            this.loadFromFile(files[0]);
+            for (let i = 1; i < files.length; i++) {
+                const kc = new KubeConfig();
+                kc.loadFromFile(files[i]);
+                this.mergeConfig(kc);
+            }
             return;
         }
         const home = findHomeDir();
@@ -247,6 +289,22 @@ export class KubeConfig {
         return apiClient;
     }
 
+    public makePathsAbsolute(rootDirectory: string) {
+        this.clusters.forEach((cluster: Cluster) => {
+            if (cluster.caFile) {
+                cluster.caFile = makeAbsolutePath(rootDirectory, cluster.caFile);
+            }
+        });
+        this.users.forEach((user: User) => {
+            if (user.certFile) {
+                user.certFile = makeAbsolutePath(rootDirectory, user.certFile);
+            }
+            if (user.keyFile) {
+                user.keyFile = makeAbsolutePath(rootDirectory, user.keyFile);
+            }
+        });
+    }
+
     private getCurrentContextObject() {
         return this.getContextObject(this.currentContext);
     }
@@ -261,18 +319,15 @@ export class KubeConfig {
         if (cluster != null && cluster.skipTLSVerify) {
             opts.rejectUnauthorized = false;
         }
-        const ca =
-            cluster != null
-                ? bufferFromFileOrString(this.rootDirectory, cluster.caFile, cluster.caData)
-                : null;
+        const ca = cluster != null ? bufferFromFileOrString(cluster.caFile, cluster.caData) : null;
         if (ca) {
             opts.ca = ca;
         }
-        const cert = bufferFromFileOrString(this.rootDirectory, user.certFile, user.certData);
+        const cert = bufferFromFileOrString(user.certFile, user.certData);
         if (cert) {
             opts.cert = cert;
         }
-        const key = bufferFromFileOrString(this.rootDirectory, user.keyFile, user.keyData);
+        const key = bufferFromFileOrString(user.keyFile, user.keyData);
         if (key) {
             opts.key = key;
         }
@@ -363,12 +418,16 @@ export class Config {
     }
 }
 
+export function makeAbsolutePath(root: string, file: string): string {
+    if (!root || path.isAbsolute(file)) {
+        return file;
+    }
+    return path.join(root, file);
+}
+
 // This is public really only for testing.
-export function bufferFromFileOrString(root?: string, file?: string, data?: string): Buffer | null {
+export function bufferFromFileOrString(file?: string, data?: string): Buffer | null {
     if (file) {
-        if (!path.isAbsolute(file) && root) {
-            file = path.join(root, file);
-        }
         return fs.readFileSync(file);
     }
     if (data) {

src/config_test.ts

@@ -5,12 +5,18 @@ import { dirname, join } from 'path';
 import { expect } from 'chai';
 import mockfs from 'mock-fs';
 import * as requestlib from 'request';
+import * as path from 'path';
 
 import { CoreV1Api } from './api';
-import { bufferFromFileOrString, findHomeDir, findObject, KubeConfig, Named } from './config';
+import { bufferFromFileOrString, findHomeDir, findObject, KubeConfig, makeAbsolutePath } from './config';
 import { Cluster, newClusters, newContexts, newUsers, User } from './config_types';
 
 const kcFileName = 'testdata/kubeconfig.yaml';
+const kc2FileName = 'testdata/kubeconfig-2.yaml';
+const kcDupeCluster = 'testdata/kubeconfig-dupe-cluster.yaml';
+const kcDupeContext = 'testdata/kubeconfig-dupe-context.yaml';
+const kcDupeUser = 'testdata/kubeconfig-dupe-user.yaml';
+
 const kcNoUserFileName = 'testdata/empty-user-kubeconfig.yaml';
 
 /* tslint:disable: no-empty */
@@ -174,7 +180,6 @@ describe('KubeConfig', () => {
         it('should load the kubeconfig file properly', () => {
             const kc = new KubeConfig();
             kc.loadFromFile(kcFileName);
-            expect(kc.rootDirectory).to.equal(dirname(kcFileName));
             validateFileLoad(kc);
         });
         it('should fail to load a missing kubeconfig file', () => {
@@ -890,6 +895,52 @@ describe('KubeConfig', () => {
         });
     });
 
+    describe('load from multi $KUBECONFIG', () => {
+        it('should load from multiple files', () => {
+            process.env.KUBECONFIG = kcFileName + path.delimiter + kc2FileName;
+
+            const kc = new KubeConfig();
+            kc.loadFromDefault();
+
+            // 2 in the first config, 1 in the second config
+            expect(kc.clusters.length).to.equal(3);
+            expect(kc.users.length).to.equal(6);
+            expect(kc.contexts.length).to.equal(4);
+            expect(kc.getCurrentContext()).to.equal('contextA');
+        });
+        it('should throw with duplicate clusters', () => {
+            process.env.KUBECONFIG = kcFileName + path.delimiter + kcDupeCluster;
+
+            const kc = new KubeConfig();
+            expect(() => kc.loadFromDefault()).to.throw('Duplicate cluster: cluster1');
+        });
+
+        it('should throw with duplicate contexts', () => {
+            process.env.KUBECONFIG = kcFileName + path.delimiter + kcDupeContext;
+
+            const kc = new KubeConfig();
+            expect(() => kc.loadFromDefault()).to.throw('Duplicate context: context1');
+        });
+
+        it('should throw with duplicate users', () => {
+            process.env.KUBECONFIG = kcFileName + path.delimiter + kcDupeUser;
+
+            const kc = new KubeConfig();
+            expect(() => kc.loadFromDefault()).to.throw('Duplicate user: user1');
+        });
+    });
+
+    describe('MakeAbsolutePaths', () => {
+        it('should correctly make absolute paths', () => {
+            const relative = 'foo/bar';
+            const absolute = '/tmp/foo/bar';
+            const root = '/usr/';
+
+            expect(makeAbsolutePath(root, relative)).to.equal('/usr/foo/bar');
+            expect(makeAbsolutePath(root, absolute)).to.equal(absolute);
+        });
+    });
+
     describe('loadFromDefault', () => {
         it('should load from $KUBECONFIG', () => {
             process.env.KUBECONFIG = kcFileName;
@@ -1047,7 +1098,7 @@ describe('KubeConfig', () => {
                 },
             };
             mockfs(arg);
-            const inputData = bufferFromFileOrString('configDir', 'config');
+            const inputData = bufferFromFileOrString('configDir/config');
             expect(inputData).to.not.equal(null);
             if (inputData) {
                 expect(inputData.toString()).to.equal(data);
@@ -1060,7 +1111,7 @@ describe('KubeConfig', () => {
                 config: data,
             };
             mockfs(arg);
-            const inputData = bufferFromFileOrString(undefined, 'config');
+            const inputData = bufferFromFileOrString('config');
             expect(inputData).to.not.equal(null);
             if (inputData) {
                 expect(inputData.toString()).to.equal(data);

src/config_types.ts

@@ -5,7 +5,7 @@ import { ExtensionsV1beta1RollbackConfig } from './api';
 export interface Cluster {
     readonly name: string;
     readonly caData?: string;
-    readonly caFile?: string;
+    caFile?: string;
     readonly server: string;
     readonly skipTLSVerify: boolean;
 }
@@ -38,10 +38,10 @@ function clusterIterator(): u.ListIterator<any, Cluster> {
 export interface User {
     readonly name: string;
     readonly certData?: string;
-    readonly certFile?: string;
+    certFile?: string;
     readonly exec?: any;
     readonly keyData?: string;
-    readonly keyFile?: string;
+    keyFile?: string;
     readonly authProvider?: any;
     readonly token?: string;
     readonly username?: string;

testdata/kubeconfig-2.yaml

@@ -0,0 +1,30 @@
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: Q0FEQVRA 
+    server: http://example2.com
+  name: clusterA
+
+contexts:
+- context:
+    cluster: clusterA
+    user: userA
+  name: contextA
+
+current-context: contextA
+kind: Config
+preferences: {}
+users:
+- name: userA
+  user:
+    client-certificate-data: XVNFUl9DQURBVEE=
+    client-key-data: XVNFUl9DS0RBVEE=
+- name: userB
+  user:
+    client-certificate-data: XVNFUjJfQ0FEQVRB
+    client-key-data: XVNFUjJfQ0tEQVRB
+- name: userC
+  user:
+    username: foo
+    password: bar
+    

testdata/kubeconfig-dupe-cluster.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: Q0FEQVRB 
+    server: http://example.com 
+  name: cluster1
+
+contexts:
+current-context: context2 
+kind: Config
+preferences: {}
+users:

testdata/kubeconfig-dupe-context.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: Q0FEQVRB 
+    server: http://example.com 
+  name: clusterA
+
+contexts:
+- context:
+    cluster: cluster1 
+    user: user1
+  name: context1 
+
+current-context: context2 
+kind: Config
+preferences: {}
+users:
+- name: userA
+  user:
+    client-certificate-data: VVNFUl9DQURBVEE=
+    client-key-data: VVNFUl9DS0RBVEE=

testdata/kubeconfig-dupe-user.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: Q0FEQVRB 
+    server: http://example.com 
+  name: clusterA
+
+contexts:
+- context:
+    cluster: clusterA
+    user: user1
+  name: contextA 
+
+current-context: context2 
+kind: Config
+preferences: {}
+users:
+- name: user1
+  user:
+    client-certificate-data: VVNFUl9DQURBVEE=
+    client-key-data: VVNFUl9DS0RBVEE=