fix certificate-authority kubeconfig parsing (#304)

kr8s-org · Feb 7, 2024 · a602e53 · a602e53
1 parent fe585eb
commit a602e53
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 5 deletions.
diff --git a/kr8s/_auth.py b/kr8s/_auth.py
@@ -168,7 +168,7 @@ async def _load_kubeconfig(self) -> None:
                 self.client_key_file = str(key_file)
         if "client-certificate" in self._user:
             client_cert_path = anyio.Path(self._user["client-certificate"])
-            if await client_key_path.exists():
+            if await client_cert_path.exists():
                 self.client_cert_file = self._user["client-certificate"]
             else:
                 self.client_cert_file = (
@@ -180,10 +180,10 @@ async def _load_kubeconfig(self) -> None:
                     base64.b64decode(self._user["client-certificate-data"])
                 )
                 self.client_cert_file = str(cert_file)
-        if "certificate-authority" in self._user:
-            server_ca_path = anyio.Path(self._user["certificate-authority"])
-            if await client_key_path.exists():
-                self.server_ca_file = self._user["certificate-authority"]
+        if "certificate-authority" in self._cluster:
+            server_ca_path = anyio.Path(self._cluster["certificate-authority"])
+            if await server_ca_path.exists():
+                self.server_ca_file = self._cluster["certificate-authority"]
             else:
                 self.server_ca_file = (
                     anyio.Path(self._kubeconfig).parent / server_ca_path

diff --git a/kr8s/tests/test_auth.py b/kr8s/tests/test_auth.py
@@ -70,15 +70,21 @@ def f(absolute=True):
         # Open kubeconfig and dump certs to disk, then write new kubeconfig with paths to certs
         kubeconfig = yaml.safe_load(k8s_cluster.kubeconfig_path.read_text())
         user = kubeconfig["users"][0]["user"]
+        ca = kubeconfig["clusters"][0]["cluster"].pop("certificate-authority-data")
         with tempfile.TemporaryDirectory() as d:
             kubeconfig["users"][0]["user"] = {
                 "client-certificate": f"{d}/client.crt" if absolute else "client.crt",
                 "client-key": f"{d}/client.key" if absolute else "client.key",
             }
+            kubeconfig["clusters"][0]["cluster"]["certificate-authority"] = (
+                f"{d}/ca.crt" if absolute else "ca.crt"
+            )
             with open(f"{d}/client.crt", "wb") as f:
                 f.write(base64.b64decode(user["client-certificate-data"]))
             with open(f"{d}/client.key", "wb") as f:
                 f.write(base64.b64decode(user["client-key-data"]))
+            with open(f"{d}/ca.crt", "wb") as f:
+                f.write(base64.b64decode(ca))
             with open(f"{d}/config", "wb") as f:
                 f.write(yaml.safe_dump(kubeconfig).encode())
                 f.flush()