aws-iam-authenticator support added (2)

[slyoldfox]

Synced the PR from https://github.com/databricks/click/pull/78 with the latest master branch and added some caching for the token.

At the moment haven't reused much from AuthProvider since it does seem a bit different to me. If you have any remarks (my rust experience is 0), please let me know @nicklan

[philipbjorge]

Thanks for adding this @slyoldfox! @nicklan -- I'd love to see this merged but in the meantime can try a custom build :). Thanks!

@slyoldfox -- I made a release build (mv target/release/click /usr/local/bin/click) and am hitting the following error while running...

⟩ env RUST_BACKTRACE=1 click
[staging-k8s.x.io] [none] [none] > pods
thread 'main' panicked at 'called `Option::unwrap()` on a `None` value', src/libcore/option.rs:355:21
stack backtrace:
   0: std::sys::unix::backtrace::tracing::imp::unwind_backtrace
   1: std::sys_common::backtrace::_print
   2: std::panicking::default_hook::{{closure}}
   3: std::panicking::default_hook
   4: std::panicking::rust_panic_with_hook
   5: std::panicking::continue_panic_fmt
   6: rust_begin_unwind
   7: core::panicking::panic_fmt
   8: core::panicking::panic
   9: click::config::kubefile::Exec::ensure_token
  10: click::kube::Kluster::add_auth_header
  11: click::kube::Kluster::send_req
  12: click::kube::Kluster::get
  13: click::Env::run_on_kluster
  14: <click::cmd::Pods as click::cmd::Cmd>::exec
  15: click::main
  16: std::rt::lang_start::{{closure}}
  17: std::panicking::try::do_call
  18: __rust_maybe_catch_panic
  19: std::rt::lang_start_internal
  20: main

[slyoldfox]

@philipbjorge I had the same issues running with the aws-iam-authenticator binary, but since awscli now generates it with aws eks get-token exec I haven't bothered much in figuring out what the issue was.

Try updating to the latest awscli which supports the get-token construct and use them like this in your .kube/config:

users:
- name: eks-acceptance
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      args:
      - --region
      - eu-west-1
      - eks
      - get-token
      - --cluster-name
      - eks-acceptance
      command: aws
      env:
      - name: AWS_PROFILE
        value: default

And of course make sure you your profile name matches with the one from your aws-adfs login, check with aws sts get-caller-identity --profile default

Drop me your .kube/config files if it doesn't work and I'll try debugging it.

[kkolk]

I pulled this down today because I wanted to give click a try with AWS EKS and that wasn't working with the current release. Had to merge databricks/master into it since rust threw a few errors compiling dependencies (rustyline).

But, once that was cleared up this worked immediately for me with my existing kubeconfig.

My build error was the same one that caused Travis to mark this as failed, so pulling master into this resolves that failing check.

[slyoldfox]

@kkolk thanks for pinging me on this. I've updated the PR by merging master onto it and that seems to have fixed Travis indeed!

I hope @nicklan has some time to review the PR.

[philipbjorge]

I took another look at https://github.com/databricks/click/pull/111#issuecomment-501833344

The crash is on this line and occurs because user.exec.env was null in my config.

- name: xxx
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      args:
      - token
      - -i
      - xxx
      - -r
      - arn:aws:iam::xxx:role/KubernetesUser
      command: aws-iam-authenticator
      env: null # also crashes if this key is omitted

---

When setting the value to [] it does not crash, and I can successfully access my cluster.

[nicklan]

I believe this is provided now by what I merged in #129. If anyone who is interested in EKS auth could try that out, that would be great. I tested by adding the cluster to my config via aws eks update-kubeconfig --name cluster-name and then just running click and it worked.