refactor: Use REST config instead of client config (#66)

This updates the `NewWhoCan` method to take a `rest.Config` object instead of a `ClientConfig` object. This allows the consumer of the API to use a custom `rest.Config` object rather than relying on the one created from the `ClientConfig` object. This also removes the `clientConfig` field from the `WhoCan` object. It is only used within the `ActionFrom` method, and it is passed in as an argument. As a result, there is no need to store it on the `WhoCan` object. Signed-off-by: Bridget McErlean <[email protected]>
aquasecurity · Feb 19, 2020 · 3b55776 · 3b55776
1 parent f549a4c
commit 3b55776
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 13 deletions.
diff --git a/pkg/cmd/list.go b/pkg/cmd/list.go
@@ -17,6 +17,7 @@ import (
 	"k8s.io/client-go/kubernetes"
 	clientcore "k8s.io/client-go/kubernetes/typed/core/v1"
 	clientrbac "k8s.io/client-go/kubernetes/typed/rbac/v1"
+	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 	"strings"
 	"text/tabwriter"
@@ -93,7 +94,6 @@ type roles map[string]struct{}
 type clusterRoles map[string]struct{}
 
 type WhoCan struct {
-	clientConfig    clientcmd.ClientConfig
 	clientNamespace clientcore.NamespaceInterface
 	clientRBAC      clientrbac.RbacV1Interface
 
@@ -103,20 +103,16 @@ type WhoCan struct {
 	policyRuleMatcher  PolicyRuleMatcher
 }
 
-// NewWhoCan constructs a new WhoCan checker with the specified ClientConfig and RESTMapper.
-func NewWhoCan(clientConfig clientcmd.ClientConfig, mapper apimeta.RESTMapper) (*WhoCan, error) {
-	config, err := clientConfig.ClientConfig()
-	if err != nil {
-		return nil, err
-	}
-	client, err := kubernetes.NewForConfig(config)
+// NewWhoCan constructs a new WhoCan checker with the specified rest.Config and RESTMapper.
+func NewWhoCan(restConfig *rest.Config, mapper apimeta.RESTMapper) (*WhoCan, error) {
+	client, err := kubernetes.NewForConfig(restConfig)
 	if err != nil {
 		return nil, err
 	}
+
 	clientNamespace := client.CoreV1().Namespaces()
 
 	return &WhoCan{
-		clientConfig:       clientConfig,
 		clientNamespace:    clientNamespace,
 		clientRBAC:         client.RbacV1(),
 		namespaceValidator: NewNamespaceValidator(clientNamespace),
@@ -137,6 +133,10 @@ func NewWhoCanCommand(streams clioptions.IOStreams) (*cobra.Command, error) {
 		SilenceUsage: true,
 		RunE: func(cmd *cobra.Command, args []string) error {
 			clientConfig := configFlags.ToRawKubeConfigLoader()
+			restConfig, err := clientConfig.ClientConfig()
+			if err != nil {
+				return fmt.Errorf("getting rest config: %v", err)
+			}
 
 			mapper, err := configFlags.ToRESTMapper()
 			if err != nil {
@@ -148,7 +148,7 @@ func NewWhoCanCommand(streams clioptions.IOStreams) (*cobra.Command, error) {
 				return err
 			}
 
-			o, err := NewWhoCan(clientConfig, mapper)
+			o, err := NewWhoCan(restConfig, mapper)
 			if err != nil {
 				return err
 			}

diff --git a/pkg/cmd/list_test.go b/pkg/cmd/list_test.go
@@ -11,7 +11,6 @@ import (
 	meta "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	clioptions "k8s.io/cli-runtime/pkg/genericclioptions"
 	"k8s.io/client-go/kubernetes/fake"
 	clientTesting "k8s.io/client-go/testing"
 	"k8s.io/client-go/tools/clientcmd"
@@ -334,9 +333,7 @@ func TestWhoCan_CheckAPIAccess(t *testing.T) {
 			}
 
 			// given
-			configFlags := &clioptions.ConfigFlags{}
 			wc := WhoCan{
-				clientConfig:       configFlags.ToRawKubeConfigLoader(),
 				clientNamespace:    client.CoreV1().Namespaces(),
 				clientRBAC:         client.RbacV1(),
 				namespaceValidator: namespaceValidator,