vendor: update docker/cli to 8667ccd

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2025-07-09 21:17:09 +08:00 · 2022-02-27 00:35:39 +01:00
parent f62c02329e
commit 971b5d2b73
35 changed files with 495 additions and 527 deletions
--- a/driver/kubernetes/context/constants.go
+++ b/driver/kubernetes/context/constants.go
@ -0,0 +1,6 @@
+package context
+
+const (
+	// KubernetesEndpoint is the kubernetes endpoint name in a stored context
+	KubernetesEndpoint = "kubernetes"
+)
--- a/driver/kubernetes/context/endpoint_test.go
+++ b/driver/kubernetes/context/endpoint_test.go
@ -0,0 +1,225 @@
+package context
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/docker/cli/cli/context"
+	"github.com/docker/cli/cli/context/store"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"k8s.io/client-go/tools/clientcmd"
+	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
+)
+
+func testEndpoint(server, defaultNamespace string, ca, cert, key []byte, skipTLSVerify bool) Endpoint {
+	var tlsData *context.TLSData
+	if ca != nil || cert != nil || key != nil {
+		tlsData = &context.TLSData{
+			CA:   ca,
+			Cert: cert,
+			Key:  key,
+		}
+	}
+	return Endpoint{
+		EndpointMeta: EndpointMeta{
+			EndpointMetaBase: context.EndpointMetaBase{
+				Host:          server,
+				SkipTLSVerify: skipTLSVerify,
+			},
+			DefaultNamespace: defaultNamespace,
+		},
+		TLSData: tlsData,
+	}
+}
+
+var testStoreCfg = store.NewConfig(
+	func() interface{} {
+		return &map[string]interface{}{}
+	},
+	store.EndpointTypeGetter(KubernetesEndpoint, func() interface{} { return &EndpointMeta{} }),
+)
+
+func TestSaveLoadContexts(t *testing.T) {
+	storeDir, err := ioutil.TempDir("", "test-load-save-k8-context")
+	require.NoError(t, err)
+	defer os.RemoveAll(storeDir)
+	store := store.New(storeDir, testStoreCfg)
+	require.NoError(t, save(store, testEndpoint("https://test", "test", nil, nil, nil, false), "raw-notls"))
+	require.NoError(t, save(store, testEndpoint("https://test", "test", nil, nil, nil, true), "raw-notls-skip"))
+	require.NoError(t, save(store, testEndpoint("https://test", "test", []byte("ca"), []byte("cert"), []byte("key"), true), "raw-tls"))
+
+	kcFile, err := ioutil.TempFile(os.TempDir(), "test-load-save-k8-context")
+	require.NoError(t, err)
+	defer os.Remove(kcFile.Name())
+	defer kcFile.Close()
+	cfg := clientcmdapi.NewConfig()
+	cfg.AuthInfos["user"] = clientcmdapi.NewAuthInfo()
+	cfg.Contexts["context1"] = clientcmdapi.NewContext()
+	cfg.Clusters["cluster1"] = clientcmdapi.NewCluster()
+	cfg.Contexts["context2"] = clientcmdapi.NewContext()
+	cfg.Clusters["cluster2"] = clientcmdapi.NewCluster()
+	cfg.AuthInfos["user"].ClientCertificateData = []byte("cert")
+	cfg.AuthInfos["user"].ClientKeyData = []byte("key")
+	cfg.Clusters["cluster1"].Server = "https://server1"
+	cfg.Clusters["cluster1"].InsecureSkipTLSVerify = true
+	cfg.Clusters["cluster2"].Server = "https://server2"
+	cfg.Clusters["cluster2"].CertificateAuthorityData = []byte("ca")
+	cfg.Contexts["context1"].AuthInfo = "user"
+	cfg.Contexts["context1"].Cluster = "cluster1"
+	cfg.Contexts["context1"].Namespace = "namespace1"
+	cfg.Contexts["context2"].AuthInfo = "user"
+	cfg.Contexts["context2"].Cluster = "cluster2"
+	cfg.Contexts["context2"].Namespace = "namespace2"
+	cfg.CurrentContext = "context1"
+	cfgData, err := clientcmd.Write(*cfg)
+	require.NoError(t, err)
+	_, err = kcFile.Write(cfgData)
+	require.NoError(t, err)
+	kcFile.Close()
+
+	epDefault, err := FromKubeConfig(kcFile.Name(), "", "")
+	require.NoError(t, err)
+	epContext2, err := FromKubeConfig(kcFile.Name(), "context2", "namespace-override")
+	require.NoError(t, err)
+	require.NoError(t, save(store, epDefault, "embed-default-context"))
+	require.NoError(t, save(store, epContext2, "embed-context2"))
+
+	rawNoTLSMeta, err := store.GetMetadata("raw-notls")
+	require.NoError(t, err)
+	rawNoTLSSkipMeta, err := store.GetMetadata("raw-notls-skip")
+	require.NoError(t, err)
+	rawTLSMeta, err := store.GetMetadata("raw-tls")
+	require.NoError(t, err)
+	embededDefaultMeta, err := store.GetMetadata("embed-default-context")
+	require.NoError(t, err)
+	embededContext2Meta, err := store.GetMetadata("embed-context2")
+	require.NoError(t, err)
+
+	rawNoTLS := EndpointFromContext(rawNoTLSMeta)
+	rawNoTLSSkip := EndpointFromContext(rawNoTLSSkipMeta)
+	rawTLS := EndpointFromContext(rawTLSMeta)
+	embededDefault := EndpointFromContext(embededDefaultMeta)
+	embededContext2 := EndpointFromContext(embededContext2Meta)
+
+	rawNoTLSEP, err := rawNoTLS.WithTLSData(store, "raw-notls")
+	require.NoError(t, err)
+	checkClientConfig(t, rawNoTLSEP, "https://test", "test", nil, nil, nil, false)
+	rawNoTLSSkipEP, err := rawNoTLSSkip.WithTLSData(store, "raw-notls-skip")
+	require.NoError(t, err)
+	checkClientConfig(t, rawNoTLSSkipEP, "https://test", "test", nil, nil, nil, true)
+	rawTLSEP, err := rawTLS.WithTLSData(store, "raw-tls")
+	require.NoError(t, err)
+	checkClientConfig(t, rawTLSEP, "https://test", "test", []byte("ca"), []byte("cert"), []byte("key"), true)
+	embededDefaultEP, err := embededDefault.WithTLSData(store, "embed-default-context")
+	require.NoError(t, err)
+	checkClientConfig(t, embededDefaultEP, "https://server1", "namespace1", nil, []byte("cert"), []byte("key"), true)
+	embededContext2EP, err := embededContext2.WithTLSData(store, "embed-context2")
+	require.NoError(t, err)
+	checkClientConfig(t, embededContext2EP, "https://server2", "namespace-override", []byte("ca"), []byte("cert"), []byte("key"), false)
+}
+
+func checkClientConfig(t *testing.T, ep Endpoint, server, namespace string, ca, cert, key []byte, skipTLSVerify bool) {
+	config := ep.KubernetesConfig()
+	cfg, err := config.ClientConfig()
+	require.NoError(t, err)
+	ns, _, _ := config.Namespace()
+	assert.Equal(t, server, cfg.Host)
+	assert.Equal(t, namespace, ns)
+	assert.Equal(t, ca, cfg.CAData)
+	assert.Equal(t, cert, cfg.CertData)
+	assert.Equal(t, key, cfg.KeyData)
+	assert.Equal(t, skipTLSVerify, cfg.Insecure)
+}
+
+func save(s store.Writer, ep Endpoint, name string) error {
+	meta := store.Metadata{
+		Endpoints: map[string]interface{}{
+			KubernetesEndpoint: ep.EndpointMeta,
+		},
+		Name: name,
+	}
+	if err := s.CreateOrUpdate(meta); err != nil {
+		return err
+	}
+	return s.ResetEndpointTLSMaterial(name, KubernetesEndpoint, ep.TLSData.ToStoreTLSData())
+}
+
+func TestSaveLoadGKEConfig(t *testing.T) {
+	storeDir, err := ioutil.TempDir("", t.Name())
+	require.NoError(t, err)
+	defer os.RemoveAll(storeDir)
+	store := store.New(storeDir, testStoreCfg)
+	cfg, err := clientcmd.LoadFromFile("fixtures/gke-kubeconfig")
+	require.NoError(t, err)
+	clientCfg := clientcmd.NewDefaultClientConfig(*cfg, &clientcmd.ConfigOverrides{})
+	expectedCfg, err := clientCfg.ClientConfig()
+	require.NoError(t, err)
+	ep, err := FromKubeConfig("fixtures/gke-kubeconfig", "", "")
+	require.NoError(t, err)
+	require.NoError(t, save(store, ep, "gke-context"))
+	persistedMetadata, err := store.GetMetadata("gke-context")
+	require.NoError(t, err)
+	persistedEPMeta := EndpointFromContext(persistedMetadata)
+	assert.True(t, persistedEPMeta != nil)
+	persistedEP, err := persistedEPMeta.WithTLSData(store, "gke-context")
+	require.NoError(t, err)
+	persistedCfg := persistedEP.KubernetesConfig()
+	actualCfg, err := persistedCfg.ClientConfig()
+	require.NoError(t, err)
+	assert.Equal(t, expectedCfg.AuthProvider, actualCfg.AuthProvider)
+}
+
+func TestSaveLoadEKSConfig(t *testing.T) {
+	storeDir, err := ioutil.TempDir("", t.Name())
+	require.NoError(t, err)
+	defer os.RemoveAll(storeDir)
+	store := store.New(storeDir, testStoreCfg)
+	cfg, err := clientcmd.LoadFromFile("fixtures/eks-kubeconfig")
+	require.NoError(t, err)
+	clientCfg := clientcmd.NewDefaultClientConfig(*cfg, &clientcmd.ConfigOverrides{})
+	expectedCfg, err := clientCfg.ClientConfig()
+	require.NoError(t, err)
+	ep, err := FromKubeConfig("fixtures/eks-kubeconfig", "", "")
+	require.NoError(t, err)
+	require.NoError(t, save(store, ep, "eks-context"))
+	persistedMetadata, err := store.GetMetadata("eks-context")
+	require.NoError(t, err)
+	persistedEPMeta := EndpointFromContext(persistedMetadata)
+	assert.True(t, persistedEPMeta != nil)
+	persistedEP, err := persistedEPMeta.WithTLSData(store, "eks-context")
+	require.NoError(t, err)
+	persistedCfg := persistedEP.KubernetesConfig()
+	actualCfg, err := persistedCfg.ClientConfig()
+	require.NoError(t, err)
+	assert.Equal(t, expectedCfg.ExecProvider, actualCfg.ExecProvider)
+}
+
+func TestSaveLoadK3SConfig(t *testing.T) {
+	storeDir, err := ioutil.TempDir("", t.Name())
+	require.NoError(t, err)
+	defer os.RemoveAll(storeDir)
+	store := store.New(storeDir, testStoreCfg)
+	cfg, err := clientcmd.LoadFromFile("fixtures/k3s-kubeconfig")
+	require.NoError(t, err)
+	clientCfg := clientcmd.NewDefaultClientConfig(*cfg, &clientcmd.ConfigOverrides{})
+	expectedCfg, err := clientCfg.ClientConfig()
+	require.NoError(t, err)
+	ep, err := FromKubeConfig("fixtures/k3s-kubeconfig", "", "")
+	require.NoError(t, err)
+	require.NoError(t, save(store, ep, "k3s-context"))
+	persistedMetadata, err := store.GetMetadata("k3s-context")
+	require.NoError(t, err)
+	persistedEPMeta := EndpointFromContext(persistedMetadata)
+	assert.True(t, persistedEPMeta != nil)
+	persistedEP, err := persistedEPMeta.WithTLSData(store, "k3s-context")
+	require.NoError(t, err)
+	persistedCfg := persistedEP.KubernetesConfig()
+	actualCfg, err := persistedCfg.ClientConfig()
+	require.NoError(t, err)
+	assert.True(t, len(actualCfg.Username) > 0)
+	assert.True(t, len(actualCfg.Password) > 0)
+	assert.Equal(t, expectedCfg.Username, actualCfg.Username)
+	assert.Equal(t, expectedCfg.Password, actualCfg.Password)
+}
--- a/driver/kubernetes/context/fixtures/eks-kubeconfig
+++ b/driver/kubernetes/context/fixtures/eks-kubeconfig
@ -0,0 +1,23 @@
+  apiVersion: v1
+  clusters:
+  - cluster:
+      server: https://some-server      
+    name: kubernetes
+  contexts:
+  - context:
+      cluster: kubernetes
+      user: aws
+    name: aws
+  current-context: aws
+  kind: Config
+  preferences: {}
+  users:
+  - name: aws
+    user:
+      exec:
+        apiVersion: client.authentication.k8s.io/v1alpha1
+        command: heptio-authenticator-aws
+        args:
+          - "token"
+          - "-i"
+          - "eks-cf"
--- a/driver/kubernetes/context/fixtures/gke-kubeconfig
+++ b/driver/kubernetes/context/fixtures/gke-kubeconfig
@ -0,0 +1,23 @@
+apiVersion: v1
+clusters:
+- cluster:    
+    server: https://some-server
+  name: gke_sample
+contexts:
+- context:
+    cluster: gke_sample
+    user: gke_sample
+  name: gke_sample
+current-context: gke_sample
+kind: Config
+preferences: {}
+users:
+- name: gke_sample
+  user:
+    auth-provider:
+      config:
+        cmd-args: config config-helper --format=json
+        cmd-path: /google/google-cloud-sdk/bin/gcloud
+        expiry-key: '{.credential.token_expiry}'
+        token-key: '{.credential.access_token}'
+      name: gcp
--- a/driver/kubernetes/context/fixtures/k3s-kubeconfig
+++ b/driver/kubernetes/context/fixtures/k3s-kubeconfig
@ -0,0 +1,20 @@
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: dGhlLWNh
+    server: https://someserver
+  name: test-cluster
+contexts:
+- context:
+    cluster: test-cluster
+    user: test-user
+    namespace: zoinx
+  name: test
+current-context: test
+kind: Config
+preferences: {}
+users:
+- name: test-user
+  user:
+    username: admin
+    password: testpwd
--- a/driver/kubernetes/context/fixtures/test-kubeconfig
+++ b/driver/kubernetes/context/fixtures/test-kubeconfig
@ -0,0 +1,20 @@
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: dGhlLWNh
+    server: https://someserver
+  name: test-cluster
+contexts:
+- context:
+    cluster: test-cluster
+    user: test-user
+    namespace: zoinx
+  name: test
+current-context: test
+kind: Config
+preferences: {}
+users:
+- name: test-user
+  user:
+    client-certificate-data: dGhlLWNlcnQ=
+    client-key-data: dGhlLWtleQ==
--- a/driver/kubernetes/context/load.go
+++ b/driver/kubernetes/context/load.go
@ -0,0 +1,155 @@
+package context
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/docker/cli/cli/command"
+	"github.com/docker/cli/cli/context"
+	"github.com/docker/cli/cli/context/store"
+	"github.com/docker/docker/pkg/homedir"
+	"k8s.io/client-go/tools/clientcmd"
+	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
+)
+
+// EndpointMeta is a typed wrapper around a context-store generic endpoint describing
+// a Kubernetes endpoint, without TLS data
+type EndpointMeta struct {
+	context.EndpointMetaBase
+	DefaultNamespace string                           `json:",omitempty"`
+	AuthProvider     *clientcmdapi.AuthProviderConfig `json:",omitempty"`
+	Exec             *clientcmdapi.ExecConfig         `json:",omitempty"`
+	UsernamePassword *UsernamePassword                `json:"usernamePassword,omitempty"`
+}
+
+// UsernamePassword contains username/password auth info
+type UsernamePassword struct {
+	Username string `json:"username,omitempty"`
+	Password string `json:"password,omitempty"`
+}
+
+var _ command.EndpointDefaultResolver = &EndpointMeta{}
+
+// Endpoint is a typed wrapper around a context-store generic endpoint describing
+// a Kubernetes endpoint, with TLS data
+type Endpoint struct {
+	EndpointMeta
+	TLSData *context.TLSData
+}
+
+func init() {
+	command.RegisterDefaultStoreEndpoints(
+		store.EndpointTypeGetter(KubernetesEndpoint, func() interface{} { return &EndpointMeta{} }),
+	)
+}
+
+// WithTLSData loads TLS materials for the endpoint
+func (c *EndpointMeta) WithTLSData(s store.Reader, contextName string) (Endpoint, error) {
+	tlsData, err := context.LoadTLSData(s, contextName, KubernetesEndpoint)
+	if err != nil {
+		return Endpoint{}, err
+	}
+	return Endpoint{
+		EndpointMeta: *c,
+		TLSData:      tlsData,
+	}, nil
+}
+
+// KubernetesConfig creates the kubernetes client config from the endpoint
+func (c *Endpoint) KubernetesConfig() clientcmd.ClientConfig {
+	cfg := clientcmdapi.NewConfig()
+	cluster := clientcmdapi.NewCluster()
+	cluster.Server = c.Host
+	cluster.InsecureSkipTLSVerify = c.SkipTLSVerify
+	authInfo := clientcmdapi.NewAuthInfo()
+	if c.TLSData != nil {
+		cluster.CertificateAuthorityData = c.TLSData.CA
+		authInfo.ClientCertificateData = c.TLSData.Cert
+		authInfo.ClientKeyData = c.TLSData.Key
+	}
+	if c.UsernamePassword != nil {
+		authInfo.Username = c.UsernamePassword.Username
+		authInfo.Password = c.UsernamePassword.Password
+	}
+	authInfo.AuthProvider = c.AuthProvider
+	authInfo.Exec = c.Exec
+	cfg.Clusters["cluster"] = cluster
+	cfg.AuthInfos["authInfo"] = authInfo
+	ctx := clientcmdapi.NewContext()
+	ctx.AuthInfo = "authInfo"
+	ctx.Cluster = "cluster"
+	ctx.Namespace = c.DefaultNamespace
+	cfg.Contexts["context"] = ctx
+	cfg.CurrentContext = "context"
+	return clientcmd.NewDefaultClientConfig(*cfg, &clientcmd.ConfigOverrides{})
+}
+
+// ResolveDefault returns endpoint metadata for the default Kubernetes
+// endpoint, which is derived from the env-based kubeconfig.
+func (c *EndpointMeta) ResolveDefault() (interface{}, *store.EndpointTLSData, error) {
+	kubeconfig := os.Getenv("KUBECONFIG")
+	if kubeconfig == "" {
+		kubeconfig = filepath.Join(homedir.Get(), ".kube/config")
+	}
+	kubeEP, err := FromKubeConfig(kubeconfig, "", "")
+	if err != nil {
+		// We deliberately quash the error here, returning nil
+		// for the first argument is sufficient to indicate we weren't able to
+		// provide a default
+		return nil, nil, nil
+	}
+	var tls *store.EndpointTLSData
+	if kubeEP.TLSData != nil {
+		tls = kubeEP.TLSData.ToStoreTLSData()
+	}
+	return kubeEP.EndpointMeta, tls, nil
+}
+
+// EndpointFromContext extracts kubernetes endpoint info from current context
+func EndpointFromContext(metadata store.Metadata) *EndpointMeta {
+	ep, ok := metadata.Endpoints[KubernetesEndpoint]
+	if !ok {
+		return nil
+	}
+	typed, ok := ep.(EndpointMeta)
+	if !ok {
+		return nil
+	}
+	return &typed
+}
+
+// ConfigFromContext resolves a kubernetes client config for the specified context.
+// If kubeconfigOverride is specified, use this config file instead of the context defaults.ConfigFromContext
+// if command.ContextDockerHost is specified as the context name, fallsback to the default user's kubeconfig file
+func ConfigFromContext(name string, s store.Reader) (clientcmd.ClientConfig, error) {
+	ctxMeta, err := s.GetMetadata(name)
+	if err != nil {
+		return nil, err
+	}
+	epMeta := EndpointFromContext(ctxMeta)
+	if epMeta != nil {
+		ep, err := epMeta.WithTLSData(s, name)
+		if err != nil {
+			return nil, err
+		}
+		return ep.KubernetesConfig(), nil
+	}
+	// context has no kubernetes endpoint
+	return NewKubernetesConfig(""), nil
+}
+
+// NewKubernetesConfig resolves the path to the desired Kubernetes configuration
+// file based on the KUBECONFIG environment variable and command line flags.
+func NewKubernetesConfig(configPath string) clientcmd.ClientConfig {
+	kubeConfig := configPath
+	if kubeConfig == "" {
+		if config := os.Getenv("KUBECONFIG"); config != "" {
+			kubeConfig = config
+		} else {
+			kubeConfig = filepath.Join(homedir.Get(), ".kube/config")
+		}
+	}
+	return clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
+		&clientcmd.ClientConfigLoadingRules{ExplicitPath: kubeConfig},
+		&clientcmd.ConfigOverrides{})
+}
--- a/driver/kubernetes/context/load_test.go
+++ b/driver/kubernetes/context/load_test.go
@ -0,0 +1,23 @@
+package context
+
+import (
+	"os"
+	"testing"
+
+	"github.com/docker/cli/cli/command"
+	"github.com/docker/cli/cli/config/configfile"
+	cliflags "github.com/docker/cli/cli/flags"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestDefaultContextInitializer(t *testing.T) {
+	cli, err := command.NewDockerCli()
+	require.NoError(t, err)
+	os.Setenv("KUBECONFIG", "./fixtures/test-kubeconfig")
+	defer os.Unsetenv("KUBECONFIG")
+	ctx, err := command.ResolveDefaultContext(&cliflags.CommonOptions{}, &configfile.ConfigFile{}, command.DefaultContextStoreConfig(), cli.Err())
+	require.NoError(t, err)
+	assert.Equal(t, "default", ctx.Meta.Name)
+	assert.Equal(t, "zoinx", ctx.Meta.Endpoints[KubernetesEndpoint].(EndpointMeta).DefaultNamespace)
+}
--- a/driver/kubernetes/context/save.go
+++ b/driver/kubernetes/context/save.go
@ -0,0 +1,69 @@
+package context
+
+import (
+	"io/ioutil"
+
+	"github.com/docker/cli/cli/context"
+	"k8s.io/client-go/tools/clientcmd"
+	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
+)
+
+// FromKubeConfig creates a Kubernetes endpoint from a Kubeconfig file
+func FromKubeConfig(kubeconfig, kubeContext, namespaceOverride string) (Endpoint, error) {
+	cfg := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
+		&clientcmd.ClientConfigLoadingRules{ExplicitPath: kubeconfig},
+		&clientcmd.ConfigOverrides{CurrentContext: kubeContext, Context: clientcmdapi.Context{Namespace: namespaceOverride}})
+	ns, _, err := cfg.Namespace()
+	if err != nil {
+		return Endpoint{}, err
+	}
+	clientcfg, err := cfg.ClientConfig()
+	if err != nil {
+		return Endpoint{}, err
+	}
+	var ca, key, cert []byte
+	if ca, err = readFileOrDefault(clientcfg.CAFile, clientcfg.CAData); err != nil {
+		return Endpoint{}, err
+	}
+	if key, err = readFileOrDefault(clientcfg.KeyFile, clientcfg.KeyData); err != nil {
+		return Endpoint{}, err
+	}
+	if cert, err = readFileOrDefault(clientcfg.CertFile, clientcfg.CertData); err != nil {
+		return Endpoint{}, err
+	}
+	var tlsData *context.TLSData
+	if ca != nil || cert != nil || key != nil {
+		tlsData = &context.TLSData{
+			CA:   ca,
+			Cert: cert,
+			Key:  key,
+		}
+	}
+	var usernamePassword *UsernamePassword
+	if clientcfg.Username != "" || clientcfg.Password != "" {
+		usernamePassword = &UsernamePassword{
+			Username: clientcfg.Username,
+			Password: clientcfg.Password,
+		}
+	}
+	return Endpoint{
+		EndpointMeta: EndpointMeta{
+			EndpointMetaBase: context.EndpointMetaBase{
+				Host:          clientcfg.Host,
+				SkipTLSVerify: clientcfg.Insecure,
+			},
+			DefaultNamespace: ns,
+			AuthProvider:     clientcfg.AuthProvider,
+			Exec:             clientcfg.ExecProvider,
+			UsernamePassword: usernamePassword,
+		},
+		TLSData: tlsData,
+	}, nil
+}
+
+func readFileOrDefault(path string, defaultValue []byte) ([]byte, error) {
+	if path != "" {
+		return ioutil.ReadFile(path)
+	}
+	return defaultValue, nil
+}