Appended OS's environment variables to the ones configured in Credent…

[n4j]

1. Appended OS's environment variables with the ones provided in the Credential Provider Config file
2. Wrote UnitTest cases to validate the above behaviour

What type of PR is this?

/kind bug

What this PR does / why we need it:

According to the behaviour described in the kubelete-credential-provider documentation, the environment variables provided in the config file should be appended with the OS env vars.

However, this seems to be a missed out case and credential providers may fail to execute if $PATH and $HOME are missing.

This bug was verified for ecr-credential-provider

Which issue(s) this PR fixes:

Fixes #102750

Special notes for your reviewer:

Does this PR introduce a user-facing change?

Fixed an issue which didn't append OS's environment variables with the one provided in Credential Provider Config file, which may lead to failed execution of external credential provider binary. 
See https://github.com/kubernetes/kubernetes/issues/102750

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

[k8s-ci-robot]

Hi @n4j. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[MadhavJivrajani]

/ok-to-test

[n4j]

/sig node

[n4j]

/test pull-kubernetes-integration

[k8s-ci-robot]

@n4j: The label triage/accepted cannot be applied. Only GitHub organization members can add the label.

In response to this:

/triage accepted

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[n4j]

@thockin @smarterclayton Can anyone of you guys review this PR?

[n4j]

@adisky Can you accept the triage on this PR?

[n4j]

/priority important-soon

[adisky]

/triage accepted

[n4j]

/test pull-kubernetes-e2e-kind-ipv6

[liggitt]

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: liggitt, n4j

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• pkg/credentialprovider/OWNERS [liggitt]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[n4j]

I'd consider this a bug fix since the API docs say the kubelet env vars are appended, so I would like to see this land in v1.22, if not it should be cherry-picked anyways.

@liggitt How do I get this merged in v1.22 release?

[liggitt]

this can wait until master reopens for 1.23, and be picked to release-1.22 for 1.22.1 if needed

[n4j]

/test all

[n4j]

/meow caturday

[k8s-ci-robot]

@n4j:

In response to this:

/meow caturday

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[n4j]

/retest

[n4j]

/test all

[n4j]

/retest

[liggitt]

this is effectively

return append(sysEnvVars, credProviderVars...)

I don't think we need a separate method to accomplish the same thing as the built-in append method.

[liggitt]

The unit test is only exercising mergeEnvVars, not the inputs to it given the environ() and e.envVars values.

Computing the env like this:

cmd.Env = e.computeEnv()

would let us put the entire implementation calling environ() call and appending e.envVars in a unit testable location.

[n4j]

@liggitt Since this PR was approved and the branch for 1.23 opened up it was auto merged, I can open a separate PR to fix the comments.

Thoughts?

[liggitt]

Sure, a follow up is fine

[brandond]

I'm having a hard time following the breadcrumbs here - did this ever get cleaned up and/or backported to 1.21 and 1.22?

[brandond]

@liggitt @n4j this is still broken on the older release branches, correct?

[liggitt]

yeah, this is only resolved in 1.23