Accepting changes from Aisuko

Signed-off-by: yash37158 <[email protected]>
meshery · Nov 1, 2023 · 5427339 · 5427339
1 parent 3137d5b
commit 5427339
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 73 deletions.
diff --git a/utils/kubernetes/client.go b/utils/kubernetes/client.go
@@ -1,6 +1,7 @@
 package kubernetes
 
 import (
+	"fmt"
 	"log"
 	"os"
 	"path/filepath"
@@ -9,13 +10,12 @@ import (
 	event "github.com/layer5io/meshkit/models/events"
 	"github.com/layer5io/meshkit/utils"
 	"github.com/layer5io/meshkit/utils/events"
-	"gopkg.in/yaml.v2"
+	"gopkg.in/yaml.v3"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
 )
 
-
 // DetectKubeConfig detects the kubeconfig for the kubernetes cluster and returns it
 func DetectKubeConfig(configfile []byte) (config *rest.Config, err error) {
 	if len(configfile) > 0 {
@@ -25,7 +25,7 @@ func DetectKubeConfig(configfile []byte) (config *rest.Config, err error) {
 
 		models := &models.Kubeconfig{}
 		var cfgFile []byte
-		
+
 		cfgFile, err = processConfig(configfile)
 		if err != nil {
 			return nil, err
@@ -35,30 +35,8 @@ func DetectKubeConfig(configfile []byte) (config *rest.Config, err error) {
 			return nil, err
 		}
 
-		for _, clusters := range models.Clusters {
-			if config, err = clientcmd.RESTConfigFromKubeConfig(cfgFile); err == nil {
-				// Check the `InsecureSkipTLSVerify` field
-				if insecureSkipTLSVerify := clusters.Cluster.InsecureSkipTLSVerify; insecureSkipTLSVerify != nil && *insecureSkipTLSVerify {
-					// Skip TLS verification if the field is set to true
-					config.TLSClientConfig.Insecure = *insecureSkipTLSVerify
-
-					clusters.Cluster.CertificateAuthorityData = ""
-
-					// Create an event to record the insecure connection
-					eventBuilder := event.NewEvent().WithCategory("connection").WithAction("insecure")
-					eventBuilder.WithSeverity(event.Warning).WithDescription("Insecure TLS connection to Kubernetes cluster detected")
-
-					// Publish the event directly using the events package
-					event := eventBuilder.Build()
-					_ = publishEvent(event)
-
-					log.Println("SKIP TLS verification part was called")
-
-				}
-
-				return config, err
-			}
-		}
+		config, err = processClustersAndConfig(models, cfgFile)
+		return config, err
 	}
 
 	// If deployed within the cluster
@@ -67,62 +45,35 @@ func DetectKubeConfig(configfile []byte) (config *rest.Config, err error) {
 	}
 
 	// Look for kubeconfig from the path mentioned in $KUBECONFIGZ
-	var models models.Kubeconfig
+	models := &models.Kubeconfig{}
+	var cfgFile []byte
 	kubeconfig := os.Getenv("KUBECONFIG")
 	if kubeconfig != "" {
 		if config, err = clientcmd.BuildConfigFromFlags("", kubeconfig); err == nil {
-			for _, cluster := range models.Clusters {
-				if cluster.Cluster.InsecureSkipTLSVerify != nil {
-					// Skip TLS verification for this cluster
-					config.TLSClientConfig.Insecure = true
-					// Removing Certificate-authority-data when InsecureSkipTlsVerify is true
-					cluster.Cluster.CertificateAuthorityData = ""
-
-					// Create an event to record the insecure connection
-					eventBuilder := event.NewEvent().WithCategory("connection").WithAction("insecure")
-					eventBuilder.WithSeverity(event.Warning).WithDescription("Insecure TLS connection to Kubernetes cluster detected")
-
-					// Publish the event directly using the events package
-					event := eventBuilder.Build()
-					_ = publishEvent(event)
-				}
-			}
 
+			config, err = processClustersAndConfig(models, cfgFile)
 			return config, err
+
 		}
+		return
 	}
 
 	// Look for kubeconfig at the default path
 	path := filepath.Join(utils.GetHome(), ".kube", "config")
 	if config, err = clientcmd.BuildConfigFromFlags("", path); err == nil {
-		for _, cluster := range models.Clusters {
-			if cluster.Cluster.InsecureSkipTLSVerify != nil {
-				// Skip TLS verification for this cluster
-				config.TLSClientConfig.Insecure = true
 
-				cluster.Cluster.CertificateAuthorityData = ""
-
-				// Create an event to record the insecure connection
-				eventBuilder := event.NewEvent().WithCategory("connection").WithAction("insecure")
-				eventBuilder.WithSeverity(event.Warning).WithDescription("Insecure TLS connection to Kubernetes cluster detected")
-
-				// Publish the event directly using the events package
-				event := eventBuilder.Build()
-				_ = publishEvent(event)
-			}
-		}
+		config, err = processClustersAndConfig(models, cfgFile)
 		return config, err
 	}
 
 	return
 }
 
-func publishEvent(event interface{}) error {
+func publishEvent(event interface{}) {
 	eventStreamer := events.NewEventStreamer()
 	clientChannel := make(chan interface{})
 	eventStreamer.Subscribe(clientChannel)
 	eventStreamer.Publish(event)
-	return nil
 }
 
 func processConfig(configFile []byte) ([]byte, error) {
@@ -148,3 +99,28 @@ func processConfig(configFile []byte) ([]byte, error) {
 
 	return clientcmd.Write(*cfg)
 }
+
+func processClustersAndConfig(models *models.Kubeconfig, cfgFile []byte) (*rest.Config, error) {
+	for _, clusters := range models.Clusters {
+		if config, err := clientcmd.RESTConfigFromKubeConfig(cfgFile); err == nil {
+			if insecureSkipTLSVerify := clusters.Cluster.InsecureSkipTLSVerify; insecureSkipTLSVerify != nil && *insecureSkipTLSVerify {
+				// Skip TLS verification if the field is set to true
+				config.TLSClientConfig.Insecure = *insecureSkipTLSVerify
+
+				clusters.Cluster.CertificateAuthorityData = ""
+
+				// Create an event to record the insecure connection
+				eventBuilder := event.NewEvent().WithCategory("connection").WithAction("insecure")
+				eventBuilder.WithSeverity(event.Warning).WithDescription("Insecure TLS connection to Kubernetes cluster detected")
+
+				// Publish the event directly using the events package
+				event := eventBuilder.Build()
+				publishEvent(event)
+
+				log.Println("SKIP TLS verification part was called")
+			}
+			return config, err
+		}
+	}
+	return nil, fmt.Errorf("unable to build Kubernetes configuration")
+}
diff --git a/utils/kubernetes/client_test.go b/utils/kubernetes/client_test.go
@@ -6,6 +6,7 @@ import (
 )
 
 func TestDetectKubeConfig(t *testing.T) {
+	t.Parallel()
 	// Test case 1: Valid kubeconfig file with tls-skip-verify set to true
 	configfile := []byte(`
 apiVersion: v1
@@ -89,6 +90,7 @@ users:
 }
 
 func TestPublishEventWithChannelLeak(t *testing.T) {
+	t.Parallel()
 	// Simulate multiple subscribers
 	numSubscribers := 10
 	channels := make([]chan interface{}, numSubscribers)
@@ -98,17 +100,6 @@ func TestPublishEventWithChannelLeak(t *testing.T) {
 
 	// Publish an event without closing the channels
 	event := "test event with channel leak"
-	err := publishEvent(event)
+	publishEvent(event)
 
-	if err != nil {
-		t.Errorf("Expected no error, but got: %v", err)
-	}
-}
-
-func TestPublishEvent(t *testing.T) {
-	event := "test event"
-	err := publishEvent(event)
-	if err != nil {
-		t.Errorf("Expected no error, but got: %v", err)
-	}
 }