Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update kube context with certmap info if necessary #829

Merged
merged 1 commit into from
Nov 21, 2024
Merged

Update kube context with certmap info if necessary #829

merged 1 commit into from
Nov 21, 2024

Conversation

vuil
Copy link
Contributor

@vuil vuil commented Nov 13, 2024
edited
Loading

Since the cert data and skip verify intent is captured in the certmap for the endpoint that one tanzu logins to, subsequent tanzu login to the same endpoint can succeed without providing these values. However the kube context created with the subsequent login attempt does not incorporate these values when they originate from the cert map.

This change addresses this inconsistency, by ensuring that these values are incorporated unless command line arguments of alternative ones are provided in the login command.

What this PR does / why we need it

Which issue(s) this PR fixes

Fixes #

Describe testing done for PR

Updated and ran unit tests

Also manually tested with following

first establish successfully login with

tanzu login --endpoint https://tpsm-host --endpoint-ca-certificate ~/myca.crt 
OR
tanzu login --endpoint https://tpsm-host  --insecure-skip-tls-verify

then test with

tanzu context delete -y tpsm-ef5efcd6; ./bin/tanzu login --endpoint https://tpsm-host; tanzu project use xxx; tanzu space list

[i] Refreshing plugin inventory cache for "projects.packages.broadcom.com/tanzu_cli/plugins/plugin-inventory:latest", this will take a few seconds.
[i] Reading plugin inventory for "projects.packages.broadcom.com/tanzu_cli/plugins/plugin-inventory:latest", this will take a few seconds.
[i] Deleting kubeconfig context 'tanzu-cli-tpsm-ef5efcd6:xxx' from the file '/Users/vuichiap/.config/tanzu/kube/config'
[ok] Successfully deleted context "tpsm-ef5efcd6"
[i] Opening the browser window to complete the login
Log in by visiting this link:

    https://tpsm-host/auth/oauth/authorize?client_id=tp_cli_app&code_challenge=sV_qnOMk4CG...

    Optionally, paste your authorization code: [...]


[ok] Successfully logged in to 'https://tpsm-airgap-bugbash.acc.broadcom.net' and created a tanzu context
✓ Successfully set project to xxx

prior to fix, this follows:

Error: failed to get API group resources: unable to retrieve the complete list of server APIs: spaces.tanzu.vmware.com/v1alpha1: Get "https://tpsm-airgap-bugbash.acc.broadcom.net/org/2b96f0c0-e25c-4f93-868d-41285e8e0dc4/project/7ae590c2-3f5b-4aee-9e03-85c2dc28ef56/apis/spaces.tanzu.vmware.com/v1alpha1": tls: failed to verify certificate: x509: certificate signed by unknown authority

after fix, tanzu space works as expected:

Listing spaces from organization yyyyyyyyyyy, project xxx
  NAME                         STATUS     PROFILES RESOLVED  REPLICAS  AGE
  accelerator-test             Ready      2/2                1/1       28h
...

Release note

kubecontext constructed on successful `tanzu login` will incorporate custom cert or skip verification flag from the cert map if neither are explicitly provided in the command invocation

Additional information

Special notes for your reviewer

@vuil vuil requested a review from a team as a code owner November 13, 2024 23:40
@vuil
Update kube context with certmap info if necessary
c3c12f8 
Since the cert data and skip verify intent is captured in the certmap
for the endpoint that one `tanzu login`s to, subsequent tanzu login
to the same endpoint can succeed without providing these values.
However the kube context created with the subsequent login attempt does
not incorporate these values when they originate from the cert map.

This change addresses this inconsistency, by ensuring that these values
are incorporated unless command line arguments of alternative ones are
provided in the login command.

Signed-off-by: Vui Lam <[email protected]>
@vuil vuil force-pushed the update-kubeconfig-with-certmap branch from a17e14c to c3c12f8 Compare November 15, 2024 21:10
prkalle
prkalle approved these changes Nov 15, 2024
View reviewed changes
Copy link
Contributor

@prkalle prkalle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks for the changes!

@vuil vuil merged commit 57567a1 into vmware-tanzu:main Nov 21, 2024
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@prkalle prkalle prkalle approved these changes

Assignees
No one assigned
Labels
cla-not-required
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vuil @prkalle @vmwclabot