openshift · openshift-merge-robot · Oct 16, 2017 · Oct 13, 2017
diff --git a/pkg/cmd/util/clientcmd/clientcmd.go b/pkg/cmd/util/clientcmd/clientcmd.go
@@ -46,31 +46,6 @@ func NewConfig() *Config {
 	}
 }
 
-// AnonymousClientConfig returns a copy of the given config with all user credentials (cert/key, bearer token, and username/password) removed
-func AnonymousClientConfig(config *restclient.Config) restclient.Config {
-	// copy only known safe fields
-	// TODO: expose a copy method on the config that is "auth free"
-	return restclient.Config{
-		Host:          config.Host,
-		APIPath:       config.APIPath,
-		Prefix:        config.Prefix,
-		ContentConfig: config.ContentConfig,
-		TLSClientConfig: restclient.TLSClientConfig{
-			CAFile:     config.TLSClientConfig.CAFile,
-			CAData:     config.TLSClientConfig.CAData,
-			Insecure:   config.Insecure,
-			ServerName: config.ServerName,
-		},
-		RateLimiter:   config.RateLimiter,
-		UserAgent:     config.UserAgent,
-		Transport:     config.Transport,
-		WrapTransport: config.WrapTransport,
-		QPS:           config.QPS,
-		Burst:         config.Burst,
-		Timeout:       config.Timeout,
-	}
-}
-
 // BindClientConfigSecurityFlags adds flags for the supplied client config
 func BindClientConfigSecurityFlags(config *restclient.Config, flags *pflag.FlagSet) {
 	flags.BoolVar(&config.Insecure, "insecure-skip-tls-verify", config.Insecure, "If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure.")

diff --git a/pkg/cmd/util/clientcmd/clientcmd_test.go b/pkg/cmd/util/clientcmd/clientcmd_test.go
diff --git a/test/integration/cli_get_token_test.go b/test/integration/cli_get_token_test.go
@@ -5,8 +5,8 @@ import (
 	"testing"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/rest"
 
-	"github.com/openshift/origin/pkg/cmd/util/clientcmd"
 	"github.com/openshift/origin/pkg/cmd/util/tokencmd"
 	userclient "github.com/openshift/origin/pkg/user/generated/internalclientset/typed/user/internalversion"
 	testutil "github.com/openshift/origin/test/util"
@@ -24,20 +24,20 @@ func TestCLIGetToken(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	anonymousConfig := clientcmd.AnonymousClientConfig(clusterAdminClientConfig)
+	anonymousConfig := rest.AnonymousClientConfig(clusterAdminClientConfig)
 	reader := bytes.NewBufferString("user\npass")
-	accessToken, err := tokencmd.RequestToken(&anonymousConfig, reader, "", "")
+	accessToken, err := tokencmd.RequestToken(anonymousConfig, reader, "", "")
 	if err != nil {
 		t.Errorf("Unexpected error: %v", err)
 	}
 	if len(accessToken) == 0 {
 		t.Error("Expected accessToken, but did not get one")
 	}
 
-	clientConfig := clientcmd.AnonymousClientConfig(clusterAdminClientConfig)
+	clientConfig := rest.AnonymousClientConfig(clusterAdminClientConfig)
 	clientConfig.BearerToken = accessToken
 
-	user, err := userclient.NewForConfigOrDie(&clientConfig).Users().Get("~", metav1.GetOptions{})
+	user, err := userclient.NewForConfigOrDie(clientConfig).Users().Get("~", metav1.GetOptions{})
 	if err != nil {
 		t.Fatal(err)
 	}

diff --git a/test/integration/node_auth_test.go b/test/integration/node_auth_test.go
@@ -16,7 +16,6 @@ import (
 	authorizationclient "github.com/openshift/origin/pkg/authorization/generated/internalclientset"
 	configapi "github.com/openshift/origin/pkg/cmd/server/api"
 	"github.com/openshift/origin/pkg/cmd/server/bootstrappolicy"
-	"github.com/openshift/origin/pkg/cmd/util/clientcmd"
 	oauthapi "github.com/openshift/origin/pkg/oauth/apis/oauth"
 	oauthapiserver "github.com/openshift/origin/pkg/oauth/apiserver"
 	oauthclient "github.com/openshift/origin/pkg/oauth/generated/internalclientset/typed/oauth/internalversion"
@@ -62,9 +61,9 @@ func TestNodeAuth(t *testing.T) {
 	}
 	masterKubeletClientConfig.Port = uint(nodePortInt)
 
-	anonymousConfig := clientcmd.AnonymousClientConfig(adminConfig)
+	anonymousConfig := restclient.AnonymousClientConfig(adminConfig)
 
-	badTokenConfig := clientcmd.AnonymousClientConfig(adminConfig)
+	badTokenConfig := restclient.AnonymousClientConfig(adminConfig)
 	badTokenConfig.BearerToken = "bad-token"
 
 	bobKubeClient, bobConfig, err := testutil.GetClientForUser(adminConfig, "bob")
@@ -135,10 +134,10 @@ func TestNodeAuth(t *testing.T) {
 		NodeAdmin           bool
 	}{
 		"bad token": {
-			KubeletClientConfig: kubeletClientConfig(&badTokenConfig),
+			KubeletClientConfig: kubeletClientConfig(badTokenConfig),
 		},
 		"anonymous": {
-			KubeletClientConfig: kubeletClientConfig(&anonymousConfig),
+			KubeletClientConfig: kubeletClientConfig(anonymousConfig),
 			Forbidden:           true,
 		},
 		"cluster admin": {

diff --git a/test/integration/router/router_http_server.go b/test/integration/router/router_http_server.go
@@ -18,6 +18,7 @@ import (
 	apirequest "k8s.io/apiserver/pkg/endpoints/request"
 	kapi "k8s.io/kubernetes/pkg/api"
 
+	_ "github.com/openshift/origin/pkg/api/install"
 	"github.com/openshift/origin/pkg/cmd/util"
 )
 

diff --git a/test/integration/scopes_test.go b/test/integration/scopes_test.go
@@ -13,7 +13,6 @@ import (
 	"github.com/openshift/origin/pkg/authorization/authorizer/scope"
 	buildapi "github.com/openshift/origin/pkg/build/apis/build"
 	buildclient "github.com/openshift/origin/pkg/build/generated/internalclientset"
-	"github.com/openshift/origin/pkg/cmd/util/clientcmd"
 	oauthapi "github.com/openshift/origin/pkg/oauth/apis/oauth"
 	oauthapiserver "github.com/openshift/origin/pkg/oauth/apiserver"
 	oauthclient "github.com/openshift/origin/pkg/oauth/generated/internalclientset/typed/oauth/internalversion"
@@ -63,14 +62,14 @@ func TestScopedTokens(t *testing.T) {
 		t.Fatalf("unexpected error: %v", err)
 	}
 
-	whoamiConfig := clientcmd.AnonymousClientConfig(clusterAdminClientConfig)
+	whoamiConfig := rest.AnonymousClientConfig(clusterAdminClientConfig)
 	whoamiConfig.BearerToken = whoamiOnlyToken.Name
 
-	if _, err := buildclient.NewForConfigOrDie(&whoamiConfig).Builds(projectName).List(metav1.ListOptions{}); !kapierrors.IsForbidden(err) {
+	if _, err := buildclient.NewForConfigOrDie(whoamiConfig).Builds(projectName).List(metav1.ListOptions{}); !kapierrors.IsForbidden(err) {
 		t.Fatalf("unexpected error: %v", err)
 	}
 
-	user, err := userclient.NewForConfigOrDie(&whoamiConfig).Users().Get("~", metav1.GetOptions{})
+	user, err := userclient.NewForConfigOrDie(whoamiConfig).Users().Get("~", metav1.GetOptions{})
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
@@ -80,7 +79,7 @@ func TestScopedTokens(t *testing.T) {
 
 	// try to impersonate a service account using this token
 	whoamiConfig.Impersonate = rest.ImpersonationConfig{UserName: apiserverserviceaccount.MakeUsername(projectName, "default")}
-	impersonatedUser, err := userclient.NewForConfigOrDie(&whoamiConfig).Users().Get("~", metav1.GetOptions{})
+	impersonatedUser, err := userclient.NewForConfigOrDie(whoamiConfig).Users().Get("~", metav1.GetOptions{})
 	if !kapierrors.IsForbidden(err) {
 		t.Fatalf("missing error: %v got user %#v", err, impersonatedUser)
 	}
@@ -167,9 +166,9 @@ func TestScopeEscalations(t *testing.T) {
 		t.Fatalf("unexpected error: %v", err)
 	}
 
-	nonEscalatingEditConfig := clientcmd.AnonymousClientConfig(clusterAdminClientConfig)
+	nonEscalatingEditConfig := rest.AnonymousClientConfig(clusterAdminClientConfig)
 	nonEscalatingEditConfig.BearerToken = nonEscalatingEditToken.Name
-	nonEscalatingEditClient, err := kclientset.NewForConfig(&nonEscalatingEditConfig)
+	nonEscalatingEditClient, err := kclientset.NewForConfig(nonEscalatingEditConfig)
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
@@ -190,9 +189,9 @@ func TestScopeEscalations(t *testing.T) {
 		t.Fatalf("unexpected error: %v", err)
 	}
 
-	escalatingEditConfig := clientcmd.AnonymousClientConfig(clusterAdminClientConfig)
+	escalatingEditConfig := rest.AnonymousClientConfig(clusterAdminClientConfig)
 	escalatingEditConfig.BearerToken = escalatingEditToken.Name
-	escalatingEditClient, err := kclientset.NewForConfig(&escalatingEditConfig)
+	escalatingEditClient, err := kclientset.NewForConfig(escalatingEditConfig)
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}

diff --git a/test/util/client.go b/test/util/client.go
@@ -20,7 +20,6 @@ import (
 
 	configapi "github.com/openshift/origin/pkg/cmd/server/api"
 	cmdutil "github.com/openshift/origin/pkg/cmd/util"
-	"github.com/openshift/origin/pkg/cmd/util/clientcmd"
 	"github.com/openshift/origin/pkg/cmd/util/tokencmd"
 	oauthapi "github.com/openshift/origin/pkg/oauth/apis/oauth"
 	oauthclient "github.com/openshift/origin/pkg/oauth/generated/internalclientset"
@@ -145,15 +144,15 @@ func GetClientForServiceAccount(adminClient kclientset.Interface, clientConfig r
 		return nil, nil, err
 	}
 
-	saClientConfig := clientcmd.AnonymousClientConfig(&clientConfig)
+	saClientConfig := restclient.AnonymousClientConfig(&clientConfig)
 	saClientConfig.BearerToken = token
 
-	kubeClientset, err := kclientset.NewForConfig(&saClientConfig)
+	kubeClientset, err := kclientset.NewForConfig(saClientConfig)
 	if err != nil {
 		return nil, nil, err
 	}
 
-	return kubeClientset, &saClientConfig, nil
+	return kubeClientset, saClientConfig, nil
 }
 
 // WaitForResourceQuotaSync watches given resource quota until its hard limit is updated to match the desired