Fix the "Standalone"-mode of oidc-login in the wrapped kubectl library

[ludost]

Proposed Changes

Currently K3s fails to work with the "standalone mode" of oidc-login, where the kube.config file contains an Auth-provider section for the users. Trying to use any subcommand that requires a valid login will fail with the error:
'error: no Auth Provider found for name "oidc"'

This PR fixes this, and allows the usage of this oidc-login mode for the embedded kubectl library in K3s.
For background info on that oidc-login mode: https://github.com/int128/kubelogin/blob/master/docs/standalone-mode.md

Types of Changes

This is a simple one-liner bugfix copied from the upstream kubectl-cli implementation.
Source of the fix: https://github.com/kubernetes/kubernetes/blob/master/cmd/kubectl/kubectl.go#L25

Verification

Use an example kube.config like described in the kubelogin documentation:

- name: keycloak
  user:
    auth-provider:
      config:
        client-id: YOUR_CLIENT_ID
        client-secret: YOUR_CLIENT_SECRET
        idp-issuer-url: https://issuer.example.com
      name: oidc

Login through the normal oidc-login works correctly:

ludo@ludo-Nitro-Laptop:~/projects/k3s$ bin/k3s kubectl oidc-login 
Opening in existing browser session.
You got a valid token until 2024-11-07 14:41:30 +0100 CET

Then trying to use this login fails, without this fix:

ludo@ludo-Nitro-Laptop:~/projects/k3s$ bin/k3s kubectl auth whoami
error: no Auth Provider found for name "oidc"

However, the upstream kubectl cli command worked correctly:

ludo@ludo-Nitro-Laptop:~/projects/k3s$ kubectl auth whoami
ATTRIBUTE   VALUE
Username    6b3dbab6-f44c-45af-8b55-418ff6f0115c
Groups      [default-roles-development system:authenticated]

Similarly, after applying the fix in this PR:

ludo@ludo-Nitro-Laptop:~/projects/k3s$ bin/k3s kubectl auth whoami
ATTRIBUTE   VALUE
Username    6b3dbab6-f44c-45af-8b55-418ff6f0115c
Groups      [default-roles-development system:authenticated]

Testing

Although no separate test is built for this, K3s might want to consider creating a specific test for this use case.

Linked Issues

• The "Standalone"-mode of oidc-login in the wrapped kubectl library fails, with: no Auth Provider found for name "oidc" #11268

User-Facing Change

Fixes 'no Auth Provider found for name "oidc"' when using oidc-login in standalone mode.

Further Comments

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 42.43%. Comparing base (9c32f83) to head (d14c5d1).
Report is 1 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #11266      +/-   ##
==========================================
- Coverage   46.97%   42.43%   -4.55%     
==========================================
  Files         179      179              
  Lines       18587    18587              
==========================================
- Hits         8732     7888     -844     
- Misses       8493     9490     +997     
+ Partials     1362     1209     -153     

Flag	Coverage Δ
e2etests	34.23% <ø> (-7.84%)	⬇️
inttests	34.70% <ø> (-0.01%)	⬇️
unittests	13.64% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[dereknola]

Can you please open an issue to track this? You can copy-paste most of it from this well filled out PR. That will help us track and handle the backports for this fix.

[brandond]

I was worried that this would pull in some new auth provider stuff that isn't currently included, but I have confirmed from CI logs that this does not have any impact on the size of the shipping K3s binary.

LGTM once we have an issue tracking what's being fixed here.

[ludost]

Can you please open an issue to track this? You can copy-paste most of it from this well filled out PR. That will help us track and handle the backports for this fix.

Done: #11268