Extend kubeconfig create command with flag to retrieve login kubeconfig

Author: Kai Kummerer

go.mod

@@ -23,7 +23,7 @@ require (
 	github.com/stackitcloud/stackit-sdk-go/services/resourcemanager v0.8.0
 	github.com/stackitcloud/stackit-sdk-go/services/secretsmanager v0.7.0
 	github.com/stackitcloud/stackit-sdk-go/services/serviceaccount v0.4.0
-	github.com/stackitcloud/stackit-sdk-go/services/ske v0.14.0
+	github.com/stackitcloud/stackit-sdk-go/services/ske v0.15.0
 	github.com/zalando/go-keyring v0.2.4
 	golang.org/x/mod v0.17.0
 	golang.org/x/oauth2 v0.20.0

go.sum

@@ -144,8 +144,8 @@ github.com/stackitcloud/stackit-sdk-go/services/secretsmanager v0.7.0 h1:1Ho+M4D
 github.com/stackitcloud/stackit-sdk-go/services/secretsmanager v0.7.0/go.mod h1:LX0Mcyr7/QP77zf7e05fHCJO38RMuTxr7nEDUDZ3oPQ=
 github.com/stackitcloud/stackit-sdk-go/services/serviceaccount v0.4.0 h1:JB1O0E9+L50ZaO36uz7azurvUuB5JdX5s2ZXuIdb9t8=
 github.com/stackitcloud/stackit-sdk-go/services/serviceaccount v0.4.0/go.mod h1:Ni9RBJvcaXRIrDIuQBpJcuQvCQSj27crQSyc+WM4p0c=
-github.com/stackitcloud/stackit-sdk-go/services/ske v0.14.0 h1:GH67aTvjXiXC2XmYhgmqNXfG13JHKB3wsk5JlTErsjg=
-github.com/stackitcloud/stackit-sdk-go/services/ske v0.14.0/go.mod h1:0fFs4R7kg+gU7FNAIzzFvlCZJz6gyZ8CFhbK3eSrAwQ=
+github.com/stackitcloud/stackit-sdk-go/services/ske v0.15.0 h1:7iTzdiglvJmKMaHlr4JUPvNOmA730rAniry74cnZ8zI=
+github.com/stackitcloud/stackit-sdk-go/services/ske v0.15.0/go.mod h1:0fFs4R7kg+gU7FNAIzzFvlCZJz6gyZ8CFhbK3eSrAwQ=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=

internal/cmd/ske/kubeconfig/create/create.go

@@ -21,6 +21,7 @@ import (
 const (
 	clusterNameArg = "CLUSTER_NAME"
 
+	loginFlag      = "login"
 	expirationFlag = "expiration"
 	filepathFlag   = "filepath"
 )
@@ -30,6 +31,7 @@ type inputModel struct {
 	ClusterName    string
 	Filepath       *string
 	ExpirationTime *string
+	Login          bool
 }
 
 func NewCmd(p *print.Printer) *cobra.Command {
@@ -47,6 +49,10 @@ func NewCmd(p *print.Printer) *cobra.Command {
 			examples.NewExample(
 				`Create a kubeconfig for the SKE cluster with name "my-cluster"`,
 				"$ stackit ske kubeconfig create my-cluster"),
+			examples.NewExample(
+				`Create a login kubeconfig for the SKE cluster with name "my-cluster".`,
+				"This kubeconfig does not contain any credentials and instead obtains valid credentials via the STACKIT CLI",
+				"$ stackit ske kubeconfig create my-cluster --login"),
 			examples.NewExample(
 				`Create a kubeconfig for the SKE cluster with name "my-cluster" and set the expiration time to 30 days`,
 				"$ stackit ske kubeconfig create my-cluster --expiration 30d"),
@@ -79,20 +85,41 @@ func NewCmd(p *print.Printer) *cobra.Command {
 			}
 
 			// Call API
-			req, err := buildRequest(ctx, model, apiClient)
-			if err != nil {
-				return fmt.Errorf("build kubeconfig create request: %w", err)
-			}
-			resp, err := req.Execute()
-			if err != nil {
-				return fmt.Errorf("create kubeconfig for SKE cluster: %w", err)
+			var (
+				kubeconfig     string
+				respKubeconfig *ske.Kubeconfig
+				respLogin      *ske.V1LoginKubeconfig
+			)
+
+			if !model.Login {
+				req, err := buildRequestCreate(ctx, model, apiClient)
+				if err != nil {
+					return fmt.Errorf("build kubeconfig create request: %w", err)
+				}
+				respKubeconfig, err = req.Execute()
+				if err != nil {
+					return fmt.Errorf("create kubeconfig for SKE cluster: %w", err)
+				}
+				if respKubeconfig.Kubeconfig == nil {
+					return fmt.Errorf("no kubeconfig returned from the API")
+				}
+				kubeconfig = *respKubeconfig.Kubeconfig
+			} else {
+				req, err := buildRequestLogin(ctx, model, apiClient)
+				if err != nil {
+					return fmt.Errorf("build login kubeconfig create request: %w", err)
+				}
+				respLogin, err = req.Execute()
+				if err != nil {
+					return fmt.Errorf("create login kubeconfig for SKE cluster: %w", err)
+				}
+				if respLogin.Kubeconfig == nil {
+					return fmt.Errorf("no login kubeconfig returned from the API")
+				}
+				kubeconfig = *respLogin.Kubeconfig
 			}
 
 			// Create the config file
-			if resp.Kubeconfig == nil {
-				return fmt.Errorf("no kubeconfig returned from the API")
-			}
-
 			var kubeconfigPath string
 			if model.Filepath == nil {
 				kubeconfigPath, err = skeUtils.GetDefaultKubeconfigPath()
@@ -103,21 +130,26 @@ func NewCmd(p *print.Printer) *cobra.Command {
 				kubeconfigPath = *model.Filepath
 			}
 
-			err = skeUtils.WriteConfigFile(kubeconfigPath, *resp.Kubeconfig)
-			if err != nil {
-				return fmt.Errorf("write kubeconfig file: %w", err)
+			if model.OutputFormat != print.JSONOutputFormat {
+				err = skeUtils.WriteConfigFile(kubeconfigPath, kubeconfig)
+				if err != nil {
+					return fmt.Errorf("write kubeconfig file: %w", err)
+				}
 			}
 
-			return outputResult(p, model, kubeconfigPath, resp)
+			return outputResult(p, model, kubeconfigPath, respKubeconfig, respLogin)
 		},
 	}
 	configureFlags(cmd)
 	return cmd
 }
 
 func configureFlags(cmd *cobra.Command) {
+	cmd.Flags().BoolP(loginFlag, "l", false, "Create a login kubeconfig that obtains valid credentials via the STACKIT CLI. This flag is mutually exclusive with the `expiration` flag.")
 	cmd.Flags().StringP(expirationFlag, "e", "", "Expiration time for the kubeconfig in seconds(s), minutes(m), hours(h), days(d) or months(M). Example: 30d. By default, expiration time is 1h")
 	cmd.Flags().String(filepathFlag, "", "Path to create the kubeconfig file. By default, the kubeconfig is created as 'config' in the .kube folder, in the user's home directory.")
+
+	cmd.MarkFlagsMutuallyExclusive(loginFlag, expirationFlag)
 }
 
 func parseInput(p *print.Printer, cmd *cobra.Command, inputArgs []string) (*inputModel, error) {
@@ -146,6 +178,7 @@ func parseInput(p *print.Printer, cmd *cobra.Command, inputArgs []string) (*inpu
 		ClusterName:     clusterName,
 		Filepath:        flags.FlagToStringPointer(p, cmd, filepathFlag),
 		ExpirationTime:  expTime,
+		Login:           flags.FlagToBoolValue(p, cmd, loginFlag),
 	}
 
 	if p.IsVerbosityDebug() {
@@ -160,7 +193,7 @@ func parseInput(p *print.Printer, cmd *cobra.Command, inputArgs []string) (*inpu
 	return &model, nil
 }
 
-func buildRequest(ctx context.Context, model *inputModel, apiClient *ske.APIClient) (ske.ApiCreateKubeconfigRequest, error) {
+func buildRequestCreate(ctx context.Context, model *inputModel, apiClient *ske.APIClient) (ske.ApiCreateKubeconfigRequest, error) {
 	req := apiClient.CreateKubeconfig(ctx, model.ProjectId, model.ClusterName)
 
 	payload := ske.CreateKubeconfigPayload{}
@@ -172,18 +205,32 @@ func buildRequest(ctx context.Context, model *inputModel, apiClient *ske.APIClie
 	return req.CreateKubeconfigPayload(payload), nil
 }
 
-func outputResult(p *print.Printer, model *inputModel, kubeconfigPath string, resp *ske.Kubeconfig) error {
+func buildRequestLogin(ctx context.Context, model *inputModel, apiClient *ske.APIClient) (ske.ApiGetLoginKubeconfigRequest, error) {
+	return apiClient.GetLoginKubeconfig(ctx, model.ProjectId, model.ClusterName), nil
+}
+
+func outputResult(p *print.Printer, model *inputModel, kubeconfigPath string, respKubeconfig *ske.Kubeconfig, respLogin *ske.V1LoginKubeconfig) error {
 	switch model.OutputFormat {
 	case print.JSONOutputFormat:
-		details, err := json.MarshalIndent(resp, "", "  ")
+		var err error
+		var details []byte
+		if respKubeconfig != nil {
+			details, err = json.MarshalIndent(respKubeconfig, "", "  ")
+		} else if respLogin != nil {
+			details, err = json.MarshalIndent(respLogin, "", "  ")
+		}
 		if err != nil {
 			return fmt.Errorf("marshal SKE Kubeconfig: %w", err)
 		}
 		p.Outputln(string(details))
 
 		return nil
 	default:
-		p.Outputf("Created kubeconfig file for cluster %s in %q, with expiration date %v (UTC)\n", model.ClusterName, kubeconfigPath, *resp.ExpirationTimestamp)
+		var expiration string
+		if respKubeconfig != nil {
+			expiration = fmt.Sprintf(", with expiration date %v (UTC)", *respKubeconfig.ExpirationTimestamp)
+		}
+		p.Outputf("Created kubeconfig file for cluster %s in %q%s\n", model.ClusterName, kubeconfigPath, expiration)
 
 		return nil
 	}

internal/cmd/ske/kubeconfig/create/create_test.go

@@ -92,7 +92,17 @@ func TestParseInput(t *testing.T) {
 				model.ExpirationTime = utils.Ptr("2592000")
 			}),
 		},
-
+		{
+			description: "login",
+			argValues:   fixtureArgValues(),
+			flagValues: fixtureFlagValues(func(flagValues map[string]string) {
+				flagValues["login"] = "true"
+			}),
+			isValid: true,
+			expectedModel: fixtureInputModel(func(model *inputModel) {
+				model.Login = true
+			}),
+		},
 		{
 			description: "custom filepath",
 			argValues:   fixtureArgValues(),
@@ -202,7 +212,7 @@ func TestParseInput(t *testing.T) {
 	}
 }
 
-func TestBuildRequest(t *testing.T) {
+func TestBuildRequestCreate(t *testing.T) {
 	tests := []struct {
 		description     string
 		model           *inputModel
@@ -225,7 +235,7 @@ func TestBuildRequest(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.description, func(t *testing.T) {
-			request, _ := buildRequest(testCtx, tt.model, testClient)
+			request, _ := buildRequestCreate(testCtx, tt.model, testClient)
 
 			diff := cmp.Diff(request, tt.expectedRequest,
 				cmp.AllowUnexported(tt.expectedRequest),