mirror of
https://github.com/gravitational/teleport
synced 2024-10-21 01:34:01 +00:00
Make sure all needed credentials are present in kubeconfig.Update
If TLS client key/cert or CA cert are missing, the kubeconfig ends up generated successfully, but with those fields empty. For a user, this looks like a successful `tsh login` with `kubectl` not working afterwards with cryptic x509 errors. We should always have the necessary fields provided. If not, `tsh login` should say exactly what was missing.
This commit is contained in:
parent
64edb20ea1
commit
a6994db3f8
|
@ -68,13 +68,26 @@ func Update(path string, v Values) error {
|
|||
return trace.Wrap(err)
|
||||
}
|
||||
|
||||
cas := bytes.Join(v.Credentials.TLSCAs(), []byte("\n"))
|
||||
// Validate the provided credentials, to avoid partially-populated
|
||||
// kubeconfig.
|
||||
if len(v.Credentials.Priv) == 0 {
|
||||
return trace.BadParameter("private key missing in provided credentials")
|
||||
}
|
||||
if len(v.Credentials.TLSCert) == 0 {
|
||||
return trace.BadParameter("TLS certificate missing in provided credentials")
|
||||
}
|
||||
if len(cas) == 0 {
|
||||
return trace.BadParameter("TLS trusted CAs missing in provided credentials")
|
||||
}
|
||||
|
||||
config.AuthInfos[v.Name] = &clientcmdapi.AuthInfo{
|
||||
ClientCertificateData: v.Credentials.TLSCert,
|
||||
ClientKeyData: v.Credentials.Priv,
|
||||
}
|
||||
config.Clusters[v.Name] = &clientcmdapi.Cluster{
|
||||
Server: v.ClusterAddr,
|
||||
CertificateAuthorityData: bytes.Join(v.Credentials.TLSCAs(), []byte("\n")),
|
||||
CertificateAuthorityData: cas,
|
||||
}
|
||||
|
||||
lastContext := config.Contexts[v.Name]
|
||||
|
|
Loading…
Reference in a new issue