Examples with ExecConfig io.fabric8.kubernetes.api.model.ExecConfig used on opensource projects

Example 1 with ExecConfig

use of io.fabric8.kubernetes.api.model.ExecConfig in project kubernetes-client by fabric8io.

the class Config method loadFromKubeconfig.

// Note: kubeconfigPath is optional
// It is only used to rewrite relative tls asset paths inside kubeconfig when a file is passed, and in the case that
// the kubeconfig references some assets via relative paths.
private static boolean loadFromKubeconfig(Config config, String context, String kubeconfigContents) {
    try {
        io.fabric8.kubernetes.api.model.Config kubeConfig = KubeConfigUtils.parseConfigFromString(kubeconfigContents);
        config.setContexts(kubeConfig.getContexts());
        Context currentContext = setCurrentContext(context, config, kubeConfig);
        Cluster currentCluster = KubeConfigUtils.getCluster(kubeConfig, currentContext);
        if (currentContext != null) {
            config.setNamespace(currentContext.getNamespace());
        }
        if (currentCluster != null) {
            config.setMasterUrl(currentCluster.getServer());
            config.setTrustCerts(currentCluster.getInsecureSkipTlsVerify() != null && currentCluster.getInsecureSkipTlsVerify());
            config.setDisableHostnameVerification(currentCluster.getInsecureSkipTlsVerify() != null && currentCluster.getInsecureSkipTlsVerify());
            config.setCaCertData(currentCluster.getCertificateAuthorityData());
            AuthInfo currentAuthInfo = KubeConfigUtils.getUserAuthInfo(kubeConfig, currentContext);
            if (currentAuthInfo != null) {
                // rewrite tls asset paths if needed
                String caCertFile = currentCluster.getCertificateAuthority();
                String clientCertFile = currentAuthInfo.getClientCertificate();
                String clientKeyFile = currentAuthInfo.getClientKey();
                File configFile = config.file;
                if (configFile != null) {
                    caCertFile = absolutify(configFile, currentCluster.getCertificateAuthority());
                    clientCertFile = absolutify(configFile, currentAuthInfo.getClientCertificate());
                    clientKeyFile = absolutify(configFile, currentAuthInfo.getClientKey());
                }
                config.setCaCertFile(caCertFile);
                config.setClientCertFile(clientCertFile);
                config.setClientCertData(currentAuthInfo.getClientCertificateData());
                config.setClientKeyFile(clientKeyFile);
                config.setClientKeyData(currentAuthInfo.getClientKeyData());
                config.setClientKeyAlgo(getKeyAlgorithm(config.getClientKeyFile(), config.getClientKeyData()));
                config.setOauthToken(currentAuthInfo.getToken());
                config.setUsername(currentAuthInfo.getUsername());
                config.setPassword(currentAuthInfo.getPassword());
                if (Utils.isNullOrEmpty(config.getOauthToken()) && currentAuthInfo.getAuthProvider() != null) {
                    if (currentAuthInfo.getAuthProvider().getConfig() != null) {
                        config.setAuthProvider(currentAuthInfo.getAuthProvider());
                        if (!Utils.isNullOrEmpty(currentAuthInfo.getAuthProvider().getConfig().get(ACCESS_TOKEN))) {
                            // GKE token
                            config.setOauthToken(currentAuthInfo.getAuthProvider().getConfig().get(ACCESS_TOKEN));
                        } else if (!Utils.isNullOrEmpty(currentAuthInfo.getAuthProvider().getConfig().get(ID_TOKEN))) {
                            // OpenID Connect token
                            config.setOauthToken(currentAuthInfo.getAuthProvider().getConfig().get(ID_TOKEN));
                        }
                    }
                } else if (config.getOauthTokenProvider() == null) {
                    // https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
                    ExecConfig exec = currentAuthInfo.getExec();
                    if (exec != null) {
                        ExecCredential ec = getExecCredentialFromExecConfig(exec, configFile);
                        if (ec != null && ec.status != null && ec.status.token != null) {
                            config.setOauthToken(ec.status.token);
                        } else {
                            LOGGER.warn("No token returned");
                        }
                    }
                }
                config.getErrorMessages().put(401, "Unauthorized! Token may have expired! Please log-in again.");
                config.getErrorMessages().put(403, "Forbidden! User " + (currentContext != null ? currentContext.getUser() : "") + " doesn't have permission.");
            }
            return true;
        }
    } catch (Exception e) {
        LOGGER.error("Failed to parse the kubeconfig.", e);
    }
    return false;
}

Example 2 with ExecConfig

use of io.fabric8.kubernetes.api.model.ExecConfig in project kubernetes-client by fabric8io.

the class Config method getExecCredentialFromExecConfig.

protected static ExecCredential getExecCredentialFromExecConfig(ExecConfig exec, File configFile) throws IOException, InterruptedException {
    String apiVersion = exec.getApiVersion();
    if ("client.authentication.k8s.io/v1alpha1".equals(apiVersion) || "client.authentication.k8s.io/v1beta1".equals(apiVersion)) {
        List<ExecEnvVar> env = exec.getEnv();
        // TODO check behavior of tty & stdin
        ProcessBuilder pb = new ProcessBuilder(getAuthenticatorCommandFromExecConfig(exec, configFile, Utils.getSystemPathVariable()));
        pb.redirectErrorStream(true);
        if (env != null) {
            Map<String, String> environment = pb.environment();
            env.forEach(var -> environment.put(var.getName(), var.getValue()));
        }
        Process p = pb.start();
        String output;
        try (InputStream is = p.getInputStream()) {
            output = IOHelpers.readFully(is);
        }
        if (p.waitFor() != 0) {
            LOGGER.warn(output);
        }
        ExecCredential ec = Serialization.unmarshal(output, ExecCredential.class);
        if (!apiVersion.equals(ec.apiVersion)) {
            LOGGER.warn("Wrong apiVersion {} vs. {}", ec.apiVersion, apiVersion);
        } else {
            return ec;
        }
    } else {
        // TODO v1beta1?
        LOGGER.warn("Unsupported apiVersion: {}", apiVersion);
    }
    return null;
}

Example 3 with ExecConfig

use of io.fabric8.kubernetes.api.model.ExecConfig in project kubernetes-client by fabric8io.

the class ConfigTest method testGetAuthenticatorCommandFromExecConfig.

@Test
void testGetAuthenticatorCommandFromExecConfig() throws IOException {
    // Given
    File commandFolder = Files.createTempDirectory("test").toFile();
    File commandFile = new File(commandFolder, "aws");
    boolean isNewFileCreated = commandFile.createNewFile();
    String systemPathValue = getTestPathValue(commandFolder);
    ExecConfig execConfig = new ExecConfigBuilder().withApiVersion("client.authentication.k8s.io/v1alpha1").addToArgs("--region", "us-west2", "eks", "get-token", "--cluster-name", "api-eks.example.com").withCommand("aws").build();
    // When
    List<String> processBuilderArgs = Config.getAuthenticatorCommandFromExecConfig(execConfig, new File("~/.kube/config"), systemPathValue);
    // Then
    assertTrue(isNewFileCreated);
    assertNotNull(processBuilderArgs);
    assertEquals(3, processBuilderArgs.size());
    assertPlatformPrefixes(processBuilderArgs);
    List<String> commandParts = Arrays.asList(processBuilderArgs.get(2).split(" "));
    assertEquals(commandFile.getAbsolutePath(), commandParts.get(0));
    assertEquals("--region", commandParts.get(1));
    assertEquals("us-west2", commandParts.get(2));
    assertEquals("eks", commandParts.get(3));
    assertEquals("get-token", commandParts.get(4));
    assertEquals("--cluster-name", commandParts.get(5));
    assertEquals("api-eks.example.com", commandParts.get(6));
}