Kubectl: Kubectl user exec should accept zero-length environment values

Created on 8 May 2019 · 5Comments · Source: kubernetes/kubectl

Is this a request for help? (If yes, you should use our troubleshooting guide and community support channels, see http://kubernetes.io/docs/troubleshooting/.): No

What keywords did you search in Kubernetes issues before filing this one? (If you have found any duplicates, you should instead reply there.): Searched through current open issues

Is this a BUG REPORT or FEATURE REQUEST? (choose one): BUG REPORT

Kubernetes version (use kubectl version):

Client Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.1", GitCommit:"b7394102d6ef778017f2ca4046abbaa23b88c290", GitTreeState:"clean", BuildDate:"2019-04-19T22:12:47Z", GoVersion:"go1.12.4", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"12+", GitVersion:"v1.12.6-eks-d69f1b", GitCommit:"d69f1bf3669bf00b7f4a758e978e0e7a1e3a68f7", GitTreeState:"clean", BuildDate:"2019-02-28T20:26:10Z", GoVersion:"go1.10.8", Compiler:"gc", Platform:"linux/amd64"}

Environment:

Cloud provider or hardware configuration: AWS
OS (e.g. from /etc/os-release): MacOS
Kernel (e.g. uname -a):
Install tools: brew
Others:

What happened:

Error in configuration: 
* env variable AWS_SECURITY_TOKEN value must be specified for eks-staging to use exec authentication plugin
* env variable AWS_SESSION_TOKEN value must be specified for eks-staging to use exec authentication plugin
* env variable AWS_SECRET_ACCESS_KEY value must be specified for eks-staging to use exec authentication plugin
* env variable AWS_ACCESS_KEY_ID value must be specified for eks-staging to use exec authentication plugin

What you expected to happen:
empty environment variable should be allowed

How to reproduce it (as minimally and precisely as possible):
Kubernetes config users.[].user.exec.env.[].value = ""

Anything else we need to know:
https://github.com/kubernetes/kubectl/blob/master/vendor/k8s.io/client-go/tools/clientcmd/validation.go#L253-L255 - these lines cause the problem. While it's totally reasonable to force a non-zero-length environment name (the lines immediately preceding, an empty environment value (overriding a value in the shell, for example) has utility and shouldn't be blocked. Asserting that value is present is reasonable, asserting that it's not empty is not.

arekubectl kinbug sicli

Source

mb-m

Most helpful comment

I tried to address here: https://github.com/kubernetes/kubernetes/pull/78875

pswica on 11 Jun 2019

❤3

All 5 comments

I tried to address here: https://github.com/kubernetes/kubernetes/pull/78875

pswica on 11 Jun 2019

❤3

/sig cli
/area kubectl
/kind bug

seans3 on 11 Jun 2019

Thank you so much, @pswica!

mb-m on 11 Jun 2019

/assign @pswica

seans3 on 11 Jun 2019

@seans3: GitHub didn't allow me to assign the following users: pswica.

Note that only kubernetes members and repo collaborators can be assigned and that issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

In response to this:

/assign @pswica

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.