Revert "tiltfile: disallow deploys to remote kube by default (#1995)" (…

…#2010) This reverts commit 58bad17.
tilt-dev · Aug 7, 2019 · 58582e6 · 58582e6
1 parent 4146e42
commit 58582e6
Show file tree

Hide file tree

Showing 7 changed files with 28 additions and 169 deletions.
diff --git a/internal/cli/wire_gen.go b/internal/cli/wire_gen.go
diff --git a/internal/engine/upper_test.go b/internal/engine/upper_test.go
@@ -46,7 +46,6 @@ import (
 	"github.com/windmilleng/tilt/internal/synclet"
 	"github.com/windmilleng/tilt/internal/testutils"
 	"github.com/windmilleng/tilt/internal/testutils/bufsync"
-	"github.com/windmilleng/tilt/internal/testutils/k8sutils"
 	"github.com/windmilleng/tilt/internal/testutils/manifestbuilder"
 	"github.com/windmilleng/tilt/internal/testutils/podbuilder"
 	"github.com/windmilleng/tilt/internal/testutils/tempdir"
@@ -2687,9 +2686,7 @@ func newTestFixture(t *testing.T) *testFixture {
 
 	fakeDcc := dockercompose.NewFakeDockerComposeClient(t, ctx)
 
-	k8sConfig := k8sutils.NewConfig("fake-context", "fake-cluster", "http://localhost:6443")
-
-	tfl := tiltfile.ProvideTiltfileLoader(ta, k8s, fakeDcc, "fake-context", k8sConfig, feature.MainDefaults)
+	tfl := tiltfile.ProvideTiltfileLoader(ta, k8s, fakeDcc, "fake-context", feature.MainDefaults)
 	cc := NewConfigsController(tfl, dockerClient)
 	dcw := NewDockerComposeEventWatcher(fakeDcc)
 	dclm := NewDockerComposeLogManager(fakeDcc)

diff --git a/internal/testutils/k8sutils/config.go b/internal/testutils/k8sutils/config.go
diff --git a/internal/tiltfile/k8s.go b/internal/tiltfile/k8s.go
@@ -2,23 +2,22 @@ package tiltfile
 
 import (
 	"fmt"
-	"net/url"
-	"regexp"
 	"sort"
 	"strconv"
 	"strings"
 
+	"github.com/windmilleng/tilt/internal/sliceutils"
+
+	"go.starlark.net/syntax"
+
 	"github.com/docker/distribution/reference"
 	"github.com/pkg/errors"
 	"go.starlark.net/starlark"
-	"go.starlark.net/syntax"
 	"k8s.io/apimachinery/pkg/labels"
-	"k8s.io/client-go/tools/clientcmd/api"
 
 	"github.com/windmilleng/tilt/internal/container"
 	"github.com/windmilleng/tilt/internal/k8s"
 	"github.com/windmilleng/tilt/internal/model"
-	"github.com/windmilleng/tilt/internal/sliceutils"
 )
 
 type referenceList []reference.Named
@@ -888,64 +887,3 @@ func newK8sObjectID(e k8s.K8sEntity) k8sObjectID {
 func (s *tiltfileState) k8sContext(thread *starlark.Thread, fn *starlark.Builtin, args starlark.Tuple, kwargs []starlark.Tuple) (starlark.Value, error) {
 	return starlark.String(s.kubeContext), nil
 }
-
-func (s *tiltfileState) allowK8SContexts(thread *starlark.Thread, fn *starlark.Builtin, args starlark.Tuple, kwargs []starlark.Tuple) (starlark.Value, error) {
-	var contexts starlark.Value
-	if err := starlark.UnpackArgs(fn.Name(), args, kwargs,
-		"contexts", &contexts,
-	); err != nil {
-		return nil, err
-	}
-
-	for _, c := range starlarkValueOrSequenceToSlice(contexts) {
-		switch val := c.(type) {
-		case starlark.String:
-			s.whitelistedK8SContexts = append(s.whitelistedK8SContexts, k8s.KubeContext(val))
-		default:
-			return nil, fmt.Errorf("allow_k8s_contexts contexts must be a string or a sequence of strings; found a %T", val)
-
-		}
-	}
-
-	return starlark.None, nil
-}
-
-var ipv4Loopback = regexp.MustCompile(`^127(?:\.0){1,2}\.1$`)
-var ipv6Loopback = "::1"
-
-// this is non-exhaustive, but hopefully gets >99% of cases, without having to make a network request
-// it doesn't cover ipv6-mapped ipv4 addresses (e.g., "http://[::ffff:7f00:1]"), non-loopback ips,
-// or non-"localhost" hostnames mapped to loopback
-func isLocalhost(host string) bool {
-	return host == "localhost" ||
-		ipv4Loopback.MatchString(host) ||
-		host == ipv6Loopback
-}
-
-func (s *tiltfileState) validateK8SContext(kubeConfig *api.Config) error {
-	contextName := kubeConfig.CurrentContext
-	clusterName := kubeConfig.Contexts[contextName].Cluster
-	server := kubeConfig.Clusters[clusterName].Server
-	url, err := url.Parse(server)
-	if err != nil {
-		return errors.Wrapf(err, "running in kube context %q, which specifies kube api url %q. error parsing that url", contextName, server)
-	}
-
-	if isLocalhost(url.Hostname()) {
-		return nil
-	}
-
-	for _, c := range s.whitelistedK8SContexts {
-		if c == k8s.KubeContext(contextName) {
-			return nil
-		}
-	}
-
-	return fmt.Errorf(
-		`Stop! '%s' might be production.
-If you're sure you want to deploy there, add:
-allow_k8s_contexts('%s')
-to your Tiltfile. Otherwise, switch k8s contexts and restart Tilt.`,
-		contextName,
-		contextName)
-}
diff --git a/internal/tiltfile/tiltfile.go b/internal/tiltfile/tiltfile.go
@@ -10,7 +10,6 @@ import (
 	"github.com/pkg/errors"
 	"go.starlark.net/resolve"
 	"go.starlark.net/starlark"
-	"k8s.io/client-go/tools/clientcmd/api"
 
 	"github.com/windmilleng/tilt/internal/analytics"
 	"github.com/windmilleng/tilt/internal/dockercompose"
@@ -73,14 +72,12 @@ func ProvideTiltfileLoader(
 	kCli k8s.Client,
 	dcCli dockercompose.DockerComposeClient,
 	kubeContext k8s.KubeContext,
-	kubeConfig *api.Config,
 	fDefaults feature.Defaults) TiltfileLoader {
 	return tiltfileLoader{
 		analytics:   analytics,
 		kCli:        kCli,
 		dcCli:       dcCli,
 		kubeContext: kubeContext,
-		kubeConfig:  kubeConfig,
 		fDefaults:   fDefaults,
 	}
 }
@@ -90,7 +87,6 @@ type tiltfileLoader struct {
 	kCli        k8s.Client
 	dcCli       dockercompose.DockerComposeClient
 	kubeContext k8s.KubeContext
-	kubeConfig  *api.Config
 	fDefaults   feature.Defaults
 }
 
@@ -145,11 +141,6 @@ func (tfl tiltfileLoader) Load(ctx context.Context, filename string, matching ma
 		if err != nil {
 			return TiltfileLoadResult{}, err
 		}
-
-		err = s.validateK8SContext(tfl.kubeConfig)
-		if err != nil {
-			return TiltfileLoadResult{}, err
-		}
 	} else {
 		manifests, err = s.translateDC(resources.dc)
 		if err != nil {

diff --git a/internal/tiltfile/tiltfile_state.go b/internal/tiltfile/tiltfile_state.go
@@ -57,7 +57,6 @@ type tiltfileState struct {
 	k8sResourceAssemblyVersion       int
 	k8sResourceAssemblyVersionReason k8sResourceAssemblyVersionReason
 	workloadToResourceFunction       workloadToResourceFunction
-	whitelistedK8SContexts           []k8s.KubeContext
 
 	// for assembly
 	usedImages map[string]bool
@@ -95,10 +94,6 @@ const (
 	k8sResourceAssemblyVersionReasonExplicit
 )
 
-// These are k8s context names that we assume are safe to deploy to even if they are neither localhost
-// nor in allow_k8s_contexts. e.g., minikube uses a non-loopback ip on a virtual interface
-var defaultWhitelistedKubeContexts = []k8s.KubeContext{"minikube"}
-
 func newTiltfileState(ctx context.Context, dcCli dockercompose.DockerComposeClient, kubeContext k8s.KubeContext, privateRegistry container.Registry, features feature.FeatureSet) *tiltfileState {
 	return &tiltfileState{
 		ctx:                        ctx,
@@ -118,7 +113,6 @@ func newTiltfileState(ctx context.Context, dcCli dockercompose.DockerComposeClie
 		triggerMode:                TriggerModeAuto,
 		features:                   features,
 		loadCache:                  make(map[string]loadCacheEntry),
-		whitelistedK8SContexts:     defaultWhitelistedKubeContexts,
 	}
 }
 
@@ -171,7 +165,6 @@ const (
 	k8sImageJSONPathN           = "k8s_image_json_path"
 	workloadToResourceFunctionN = "workload_to_resource_function"
 	k8sContextN                 = "k8s_context"
-	allowK8SContexts            = "allow_k8s_contexts"
 
 	// file functions
 	localGitRepoN = "local_git_repo"
@@ -301,7 +294,6 @@ func (s *tiltfileState) predeclared() starlark.StringDict {
 	addBuiltin(r, k8sImageJSONPathN, s.k8sImageJsonPath)
 	addBuiltin(r, workloadToResourceFunctionN, s.workloadToResourceFunctionFn)
 	addBuiltin(r, k8sContextN, s.k8sContext)
-	addBuiltin(r, allowK8SContexts, s.allowK8SContexts)
 	addBuiltin(r, localGitRepoN, s.localGitRepo)
 	addBuiltin(r, kustomizeN, s.kustomize)
 	addBuiltin(r, helmN, s.helm)