cli option to enable uid impersonation

knative · Oct 12, 2022 · 7977647 · 7977647
1 parent fca4dce
commit 7977647
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 2 deletions.
diff --git a/pkg/kn/commands/types.go b/pkg/kn/commands/types.go
@@ -17,7 +17,6 @@ package commands
 import (
 	"fmt"
 	"io"
-
 	"os"
 	"path/filepath"
 
@@ -52,6 +51,7 @@ type KnParams struct {
 	KubeContext              string
 	KubeCluster              string
 	KubeAsUser               string
+	KubeAsUID                string
 	KubeAsGroup              []string
 	ClientConfig             clientcmd.ClientConfig
 	NewServingClient         func(namespace string) (clientservingv1.KnServingClient, error)
@@ -239,6 +239,9 @@ func (params *KnParams) GetClientConfig() (clientcmd.ClientConfig, error) {
 	if params.KubeAsUser != "" {
 		configOverrides.AuthInfo.Impersonate = params.KubeAsUser
 	}
+	if params.KubeAsUID != "" {
+		configOverrides.AuthInfo.ImpersonateUID = params.KubeAsUID
+	}
 	if len(params.KubeAsGroup) > 0 {
 		configOverrides.AuthInfo.ImpersonateGroups = params.KubeAsGroup
 	}

diff --git a/pkg/kn/commands/types_test.go b/pkg/kn/commands/types_test.go
@@ -113,6 +113,7 @@ type typeTestCase struct {
 	kubeCfgPath   string
 	kubeContext   string
 	kubeAsUser    string
+	kubeAsUID     string
 	kubeAsGroup   []string
 	kubeCluster   string
 	explicitPath  string
@@ -132,6 +133,7 @@ func TestGetClientConfig(t *testing.T) {
 			"",
 			"",
 			"",
+			"",
 			[]string{},
 			"",
 			clientcmd.NewDefaultClientConfigLoadingRules().ExplicitPath,
@@ -141,6 +143,7 @@ func TestGetClientConfig(t *testing.T) {
 			tempFile,
 			"",
 			"",
+			"",
 			[]string{},
 			"",
 			tempFile,
@@ -150,6 +153,7 @@ func TestGetClientConfig(t *testing.T) {
 			"/testing/assets/kube-config-01.yml",
 			"foo",
 			"",
+			"",
 			[]string{},
 			"bar",
 			"",
@@ -159,6 +163,7 @@ func TestGetClientConfig(t *testing.T) {
 			multiConfigs,
 			"",
 			"",
+			"",
 			[]string{},
 			"",
 			"",
@@ -168,7 +173,8 @@ func TestGetClientConfig(t *testing.T) {
 			tempFile,
 			"",
 			"admin",
-			[]string{"system:masters"},
+			"",
+			[]string{},
 			"",
 			tempFile,
 			"",
@@ -177,16 +183,28 @@ func TestGetClientConfig(t *testing.T) {
 			tempFile,
 			"",
 			"admin",
+			"",
 			[]string{"system:authenticated", "system:masters"},
 			"",
 			tempFile,
 			"",
 		},
+		{
+			tempFile,
+			"",
+			"admin",
+			"abc123",
+			[]string{},
+			"",
+			tempFile,
+			"",
+		},
 	} {
 		p := &KnParams{
 			KubeCfgPath: tc.kubeCfgPath,
 			KubeContext: tc.kubeContext,
 			KubeAsUser:  tc.kubeAsUser,
+			KubeAsUID:   tc.kubeAsUID,
 			KubeAsGroup: tc.kubeAsGroup,
 			KubeCluster: tc.kubeCluster,
 		}
@@ -215,6 +233,12 @@ func TestGetClientConfig(t *testing.T) {
 				assert.Assert(t, config.Impersonate.UserName == tc.kubeAsUser)
 			}
 
+			if tc.kubeAsUID != "" {
+				config, err := clientConfig.ClientConfig()
+				assert.NilError(t, err)
+				assert.Assert(t, config.Impersonate.UID == tc.kubeAsUID)
+			}
+
 			if len(tc.kubeAsGroup) > 0 {
 				config, err := clientConfig.ClientConfig()
 				assert.NilError(t, err)

diff --git a/pkg/kn/root/root.go b/pkg/kn/root/root.go
@@ -87,6 +87,7 @@ Find more information about Knative at: https://knative.dev`, rootName),
 	rootCmd.PersistentFlags().StringVar(&p.KubeContext, "context", "", "name of the kubeconfig context to use")
 	rootCmd.PersistentFlags().StringVar(&p.KubeCluster, "cluster", "", "name of the kubeconfig cluster to use")
 	rootCmd.PersistentFlags().StringVar(&p.KubeAsUser, "as", "", "username to impersonate for the operation")
+	rootCmd.PersistentFlags().StringVar(&p.KubeAsUID, "as-uid", "", "uid to impersonate for the operation")
 	rootCmd.PersistentFlags().StringArrayVar(&p.KubeAsGroup, "as-group", []string{}, "group to impersonate for the operation, this flag can be repeated to specify multiple groups")
 	flags.AddBothBoolFlags(rootCmd.PersistentFlags(), &p.LogHTTP, "log-http", "", false, "log http traffic")
 

diff --git a/pkg/kn/root/root_test.go b/pkg/kn/root/root_test.go
@@ -49,6 +49,7 @@ func TestNewRootCommand(t *testing.T) {
 	assert.Assert(t, rootCmd.PersistentFlags().Lookup("context") != nil)
 	assert.Assert(t, rootCmd.PersistentFlags().Lookup("cluster") != nil)
 	assert.Assert(t, rootCmd.PersistentFlags().Lookup("as") != nil)
+	assert.Assert(t, rootCmd.PersistentFlags().Lookup("as-uid") != nil)
 	assert.Assert(t, rootCmd.PersistentFlags().Lookup("as-group") != nil)
 
 	assert.Assert(t, rootCmd.RunE == nil)