fixup! cmd/kube-rbac-proxy/app: finalize creation of options and prox…

…y config within Complete()
brancz · Jun 21, 2023 · 9398674 · 9398674
1 parent a61f278
commit 9398674
Showing 1 changed file with 46 additions and 47 deletions.
diff --git a/cmd/kube-rbac-proxy/app/kube-rbac-proxy.go b/cmd/kube-rbac-proxy/app/kube-rbac-proxy.go
@@ -77,7 +77,7 @@ that can perform RBAC authorization against the Kubernetes API using SubjectAcce
 			k8sapiflag.PrintFlags(fs)
 
 			// set default options
-			completedOptions, proxyCfg, err := Complete(o)
+			completedOptions, err := Complete(o)
 			if err != nil {
 				return err
 			}
@@ -87,6 +87,12 @@ that can perform RBAC authorization against the Kubernetes API using SubjectAcce
 				return utilerrors.NewAggregate(errs)
 			}
 
+			// create the KubeRBACProxyConfig based on the completed options
+			proxyCfg, err := completedOptions.ProxyConfig()
+			if err != nil {
+				return err
+			}
+
 			return Run(proxyCfg)
 		},
 		Args: cobra.NoArgs,
@@ -122,18 +128,50 @@ func (o *completedProxyRunOptions) Validate() []error {
 	return errs
 }
 
-// Complete sets defaults for the ProxyRunOptions and creates a server.KubeRBACProxyConfig
-// based on the completed options.
-// Should be called after the flags are parsed.
-func Complete(o *options.ProxyRunOptions) (*completedProxyRunOptions, *server.KubeRBACProxyConfig, error) {
+func (o *completedProxyRunOptions) ProxyConfig() (*server.KubeRBACProxyConfig, error) {
+	proxyConfig := server.NewConfig()
+	if err := o.SecureServing.ApplyTo(&proxyConfig.SecureServing); err != nil {
+		return nil, err
+	}
+
+	if o.ProxySecureServing != nil {
+		if err := o.ProxySecureServing.ApplyTo(&proxyConfig.KubeRBACProxyInfo.ProxyEndpointsSecureServing); err != nil {
+			return nil, err
+		}
+	}
+	if err := o.DelegatingAuthentication.ApplyTo(
+		proxyConfig.DelegatingAuthentication,
+		proxyConfig.SecureServing,
+		nil,
+	); err != nil {
+		return nil, err
+	}
+
+	if err := o.DelegatingAuthorization.ApplyTo(proxyConfig.DelegatingAuthorization); err != nil {
+		return nil, err
+	}
+
+	if err := o.ProxyOptions.ApplyTo(proxyConfig.KubeRBACProxyInfo, proxyConfig.DelegatingAuthentication); err != nil {
+		return nil, err
+	}
+
+	if err := o.OIDCOptions.ApplyTo(proxyConfig.KubeRBACProxyInfo); err != nil {
+		return nil, err
+	}
+
+	return proxyConfig, nil
+}
 
+// Complete sets defaults for the ProxyRunOptions.
+// Should be called after the flags are parsed.
+func Complete(o *options.ProxyRunOptions) (*completedProxyRunOptions, error) {
 	hostname, err := os.Hostname()
 	if err != nil {
-		return nil, nil, fmt.Errorf("failed to retrieve hostname for self-signed cert: %w", err)
+		return nil, fmt.Errorf("failed to retrieve hostname for self-signed cert: %w", err)
 	}
 
 	if err := o.SecureServing.MaybeDefaultWithSelfSignedCerts(hostname, nil, nil); err != nil {
-		return nil, nil, fmt.Errorf("error creating self-signed certificates: %v", err)
+		return nil, fmt.Errorf("error creating self-signed certificates: %v", err)
 	}
 
 	if o.ProxyOptions.ProxyEndpointsPort != 0 {
@@ -147,12 +185,7 @@ func Complete(o *options.ProxyRunOptions) (*completedProxyRunOptions, *server.Ku
 		ProxyRunOptions: o,
 	}
 
-	proxyCfg, err := createKubeRBACProxyConfig(completed)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	return completed, proxyCfg, nil
+	return completed, nil
 }
 
 func Run(cfg *server.KubeRBACProxyConfig) error {
@@ -230,40 +263,6 @@ func Run(cfg *server.KubeRBACProxyConfig) error {
 	return nil
 }
 
-func createKubeRBACProxyConfig(opts *completedProxyRunOptions) (*server.KubeRBACProxyConfig, error) {
-	proxyConfig := server.NewConfig()
-	if err := opts.SecureServing.ApplyTo(&proxyConfig.SecureServing); err != nil {
-		return nil, err
-	}
-
-	if opts.ProxySecureServing != nil {
-		if err := opts.ProxySecureServing.ApplyTo(&proxyConfig.KubeRBACProxyInfo.ProxyEndpointsSecureServing); err != nil {
-			return nil, err
-		}
-	}
-	if err := opts.DelegatingAuthentication.ApplyTo(
-		proxyConfig.DelegatingAuthentication,
-		proxyConfig.SecureServing,
-		nil,
-	); err != nil {
-		return nil, err
-	}
-
-	if err := opts.DelegatingAuthorization.ApplyTo(proxyConfig.DelegatingAuthorization); err != nil {
-		return nil, err
-	}
-
-	if err := opts.ProxyOptions.ApplyTo(proxyConfig.KubeRBACProxyInfo, proxyConfig.DelegatingAuthentication); err != nil {
-		return nil, err
-	}
-
-	if err := opts.OIDCOptions.ApplyTo(proxyConfig.KubeRBACProxyInfo); err != nil {
-		return nil, err
-	}
-
-	return proxyConfig, nil
-}
-
 type runnerFunc func() error
 type interrupterFunc func(error)