Merge pull request #61803 from awly/client-auth-exec-tls

Automatic merge from submit-queue (batch tested with PRs 61803, 64305, 64170, 64361, 64339). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Add TLS support to exec authenticator plugin **What this PR does / why we need it**: https://github.com/kubernetes/community/blob/master/contributors/design-proposals/auth/kubectl-exec-plugins.md#tls-client-certificate-support Allows exec plugin to return raw TLS key/cert data. This data populates transport.Config.TLS field. This requires a change to AuthProvider interface to expose TLS configs, not only RoundTripper. **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes #61421 **Special notes for your reviewer**: **Release note**: ```release-note Exec authenticator plugin supports TLS client certificates. ``` Kubernetes-commit: f701b7529937493a64f2f2553aa9a5cd7020d9b7
2026-05-01 00:00:03 +08:00 · 2018-05-30 17:34:11 -07:00
parent 7b21116d89 7fc8b05313
commit 4444bdf630
14 changed files with 572 additions and 276 deletions
@@ -25,6 +25,8 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/util/json"
+	"k8s.io/apimachinery/pkg/util/strategicpatch"
 	"k8s.io/apimachinery/pkg/watch"
 	restclient "k8s.io/client-go/rest"
 )
@@ -72,7 +74,6 @@ func ObjectReaction(tracker ObjectTracker) ReactionFunc {
 	return func(action Action) (bool, runtime.Object, error) {
 		ns := action.GetNamespace()
 		gvr := action.GetResource()
-
 		// Here and below we need to switch on implementation types,
 		// not on interfaces, as some interfaces are identical
 		// (e.g. UpdateAction and CreateAction), so if we use them,
@@ -125,6 +126,34 @@ func ObjectReaction(tracker ObjectTracker) ReactionFunc {
 			}
 			return true, nil, nil

+		case PatchActionImpl:
+			obj, err := tracker.Get(gvr, ns, action.GetName())
+			if err != nil {
+				// object is not registered
+				return false, nil, err
+			}
+
+			old, err := json.Marshal(obj)
+			if err != nil {
+				return true, nil, err
+			}
+			// Only supports strategic merge patch
+			// TODO: Add support for other Patch types
+			mergedByte, err := strategicpatch.StrategicMergePatch(old, action.GetPatch(), obj)
+			if err != nil {
+				return true, nil, err
+			}
+
+			if err = json.Unmarshal(mergedByte, obj); err != nil {
+				return true, nil, err
+			}
+
+			if err = tracker.Update(gvr, obj, ns); err != nil {
+				return true, nil, err
+			}
+
+			return true, obj, nil
+
 		default:
 			return false, nil, fmt.Errorf("no reaction implemented for %s", action)
 		}