Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove basic authentication #260

Merged
merged 2 commits into from
Dec 21, 2023
Merged

Remove basic authentication #260

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fef2450
Remove basic authentication
marceloFA Dec 19, 2023
0eeea80
raise execption if using basic auth
marceloFA Dec 20, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 0 additions & 10 deletions kr8s/_api.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,13 +75,9 @@ async def _create_session(self) -> None:
with contextlib.suppress(RuntimeError):
await self._session.aclose()
self._session = None
userauth = None
if self.auth.username and self.auth.password:
userauth = httpx.BasicAuth(self.auth.username, self.auth.password)
self._session = httpx.AsyncClient(
base_url=self.auth.server,
headers=headers,
auth=userauth,
verify=await self.auth.ssl_context(),
)

Expand Down Expand Up @@ -186,9 +182,6 @@ async def open_websocket(
headers = {"User-Agent": self.__version__, "content-type": "application/json"}
if self.auth.token:
headers["Authorization"] = f"Bearer {self.auth.token}"
userauth = None
if self.auth.username and self.auth.password:
userauth = aiohttp.BasicAuth(self.auth.username, self.auth.password)
url = self._construct_url(version, base, namespace, url)
kwargs.update(url=url, ssl=await self.auth.ssl_context())
auth_attempts = 0
Expand All @@ -197,7 +190,6 @@ async def open_websocket(
async with aiohttp.ClientSession(
base_url=self.auth.server,
headers=headers,
auth=userauth,
) as session:
async with session.ws_connect(**kwargs) as response:
yield response
Expand Down Expand Up @@ -254,8 +246,6 @@ async def _whoami(self):
) as r:
data = r.json()
return data["status"]["user"]["username"]
elif self.auth.username:
return f"kubecfg:basicauth:{self.auth.username}"
elif self.auth.client_cert_file:
with open(self.auth.client_cert_file, "rb") as f:
cert = x509.load_pem_x509_certificate(f.read())
Expand Down
11 changes: 5 additions & 6 deletions kr8s/_auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,6 @@
self.client_key_file = None
self.server_ca_file = None
self.token = None
self.username = None
self.password = None
self.namespace = namespace
self.active_context = None
self._insecure_skip_tls_verify = False
Expand Down Expand Up @@ -182,10 +180,11 @@
)
if "token" in self._user:
self.token = self._user["token"]
if "username" in self._user:
self.username = self._user["username"]
if "password" in self._user:
self.password = self._user["password"]
marceloFA marked this conversation as resolved.
Show resolved Hide resolved
if "username" in self._user or "password" in self._user:
raise ValueError(

Check warning on line 184 in kr8s/_auth.py

View check run for this annotation

Codecov / codecov/patch

kr8s/_auth.py#L184 

Added line #L184 was not covered by tests
"username/password authentication was removed in Kubernetes 1.19, "
"kr8s doesn't not support this Kubernetes version"
)
if self.namespace is None:
self.namespace = self._context.get("namespace", "default")
if "auth-provider" in self._user:
Expand Down
Loading