From fef24506ad83cb153c503f19d93f68faaf853df1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Almeida?= Date: Mon, 18 Dec 2023 21:58:20 -0300 Subject: [PATCH 1/2] Remove basic authentication --- kr8s/_api.py | 9 --------- kr8s/_auth.py | 6 ------ 2 files changed, 15 deletions(-) diff --git a/kr8s/_api.py b/kr8s/_api.py index 9f7c5cbd..b2c7fb34 100644 --- a/kr8s/_api.py +++ b/kr8s/_api.py @@ -75,13 +75,9 @@ async def _create_session(self) -> None: with contextlib.suppress(RuntimeError): await self._session.aclose() self._session = None - userauth = None - if self.auth.username and self.auth.password: - userauth = httpx.BasicAuth(self.auth.username, self.auth.password) self._session = httpx.AsyncClient( base_url=self.auth.server, headers=headers, - auth=userauth, verify=await self.auth.ssl_context(), ) @@ -187,8 +183,6 @@ async def open_websocket( if self.auth.token: headers["Authorization"] = f"Bearer {self.auth.token}" userauth = None - if self.auth.username and self.auth.password: - userauth = aiohttp.BasicAuth(self.auth.username, self.auth.password) url = self._construct_url(version, base, namespace, url) kwargs.update(url=url, ssl=await self.auth.ssl_context()) auth_attempts = 0 @@ -197,7 +191,6 @@ async def open_websocket( async with aiohttp.ClientSession( base_url=self.auth.server, headers=headers, - auth=userauth, ) as session: async with session.ws_connect(**kwargs) as response: yield response @@ -254,8 +247,6 @@ async def _whoami(self): ) as r: data = r.json() return data["status"]["user"]["username"] - elif self.auth.username: - return f"kubecfg:basicauth:{self.auth.username}" elif self.auth.client_cert_file: with open(self.auth.client_cert_file, "rb") as f: cert = x509.load_pem_x509_certificate(f.read()) diff --git a/kr8s/_auth.py b/kr8s/_auth.py index af781426..5a1023a6 100644 --- a/kr8s/_auth.py +++ b/kr8s/_auth.py @@ -27,8 +27,6 @@ def __init__( self.client_key_file = None self.server_ca_file = None self.token = None - self.username = None - self.password = None self.namespace = namespace self.active_context = None self._insecure_skip_tls_verify = False @@ -182,10 +180,6 @@ async def _load_kubeconfig(self) -> None: ) if "token" in self._user: self.token = self._user["token"] - if "username" in self._user: - self.username = self._user["username"] - if "password" in self._user: - self.password = self._user["password"] if self.namespace is None: self.namespace = self._context.get("namespace", "default") if "auth-provider" in self._user: From 0eeea801138aff7d50fc8da4ee9caf33f296a86f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Almeida?= Date: Tue, 19 Dec 2023 23:07:58 -0300 Subject: [PATCH 2/2] raise execption if using basic auth --- kr8s/_api.py | 1 - kr8s/_auth.py | 5 +++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/kr8s/_api.py b/kr8s/_api.py index b2c7fb34..2fe6d8bb 100644 --- a/kr8s/_api.py +++ b/kr8s/_api.py @@ -182,7 +182,6 @@ async def open_websocket( headers = {"User-Agent": self.__version__, "content-type": "application/json"} if self.auth.token: headers["Authorization"] = f"Bearer {self.auth.token}" - userauth = None url = self._construct_url(version, base, namespace, url) kwargs.update(url=url, ssl=await self.auth.ssl_context()) auth_attempts = 0 diff --git a/kr8s/_auth.py b/kr8s/_auth.py index 5a1023a6..6f47ae29 100644 --- a/kr8s/_auth.py +++ b/kr8s/_auth.py @@ -180,6 +180,11 @@ async def _load_kubeconfig(self) -> None: ) if "token" in self._user: self.token = self._user["token"] + if "username" in self._user or "password" in self._user: + raise ValueError( + "username/password authentication was removed in Kubernetes 1.19, " + "kr8s doesn't not support this Kubernetes version" + ) if self.namespace is None: self.namespace = self._context.get("namespace", "default") if "auth-provider" in self._user: