use of io.fabric8.kubernetes.api.model.ExecConfig in project kubernetes-client by fabric8io.
the class Config method loadFromKubeconfig.
// Note: kubeconfigPath is optional
// It is only used to rewrite relative tls asset paths inside kubeconfig when a file is passed, and in the case that
// the kubeconfig references some assets via relative paths.
private static boolean loadFromKubeconfig(Config config, String context, String kubeconfigContents) {
try {
io.fabric8.kubernetes.api.model.Config kubeConfig = KubeConfigUtils.parseConfigFromString(kubeconfigContents);
config.setContexts(kubeConfig.getContexts());
Context currentContext = setCurrentContext(context, config, kubeConfig);
Cluster currentCluster = KubeConfigUtils.getCluster(kubeConfig, currentContext);
if (currentContext != null) {
config.setNamespace(currentContext.getNamespace());
}
if (currentCluster != null) {
config.setMasterUrl(currentCluster.getServer());
config.setTrustCerts(currentCluster.getInsecureSkipTlsVerify() != null && currentCluster.getInsecureSkipTlsVerify());
config.setDisableHostnameVerification(currentCluster.getInsecureSkipTlsVerify() != null && currentCluster.getInsecureSkipTlsVerify());
config.setCaCertData(currentCluster.getCertificateAuthorityData());
AuthInfo currentAuthInfo = KubeConfigUtils.getUserAuthInfo(kubeConfig, currentContext);
if (currentAuthInfo != null) {
// rewrite tls asset paths if needed
String caCertFile = currentCluster.getCertificateAuthority();
String clientCertFile = currentAuthInfo.getClientCertificate();
String clientKeyFile = currentAuthInfo.getClientKey();
File configFile = config.file;
if (configFile != null) {
caCertFile = absolutify(configFile, currentCluster.getCertificateAuthority());
clientCertFile = absolutify(configFile, currentAuthInfo.getClientCertificate());
clientKeyFile = absolutify(configFile, currentAuthInfo.getClientKey());
}
config.setCaCertFile(caCertFile);
config.setClientCertFile(clientCertFile);
config.setClientCertData(currentAuthInfo.getClientCertificateData());
config.setClientKeyFile(clientKeyFile);
config.setClientKeyData(currentAuthInfo.getClientKeyData());
config.setClientKeyAlgo(getKeyAlgorithm(config.getClientKeyFile(), config.getClientKeyData()));
config.setOauthToken(currentAuthInfo.getToken());
config.setUsername(currentAuthInfo.getUsername());
config.setPassword(currentAuthInfo.getPassword());
if (Utils.isNullOrEmpty(config.getOauthToken()) && currentAuthInfo.getAuthProvider() != null) {
if (currentAuthInfo.getAuthProvider().getConfig() != null) {
config.setAuthProvider(currentAuthInfo.getAuthProvider());
if (!Utils.isNullOrEmpty(currentAuthInfo.getAuthProvider().getConfig().get(ACCESS_TOKEN))) {
// GKE token
config.setOauthToken(currentAuthInfo.getAuthProvider().getConfig().get(ACCESS_TOKEN));
} else if (!Utils.isNullOrEmpty(currentAuthInfo.getAuthProvider().getConfig().get(ID_TOKEN))) {
// OpenID Connect token
config.setOauthToken(currentAuthInfo.getAuthProvider().getConfig().get(ID_TOKEN));
}
}
} else if (config.getOauthTokenProvider() == null) {
// https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
ExecConfig exec = currentAuthInfo.getExec();
if (exec != null) {
ExecCredential ec = getExecCredentialFromExecConfig(exec, configFile);
if (ec != null && ec.status != null && ec.status.token != null) {
config.setOauthToken(ec.status.token);
} else {
LOGGER.warn("No token returned");
}
}
}
config.getErrorMessages().put(401, "Unauthorized! Token may have expired! Please log-in again.");
config.getErrorMessages().put(403, "Forbidden! User " + (currentContext != null ? currentContext.getUser() : "") + " doesn't have permission.");
}
return true;
}
} catch (Exception e) {
LOGGER.error("Failed to parse the kubeconfig.", e);
}
return false;
}
use of io.fabric8.kubernetes.api.model.ExecConfig in project kubernetes-client by fabric8io.
the class Config method getExecCredentialFromExecConfig.
protected static ExecCredential getExecCredentialFromExecConfig(ExecConfig exec, File configFile) throws IOException, InterruptedException {
String apiVersion = exec.getApiVersion();
if ("client.authentication.k8s.io/v1alpha1".equals(apiVersion) || "client.authentication.k8s.io/v1beta1".equals(apiVersion)) {
List<ExecEnvVar> env = exec.getEnv();
// TODO check behavior of tty & stdin
ProcessBuilder pb = new ProcessBuilder(getAuthenticatorCommandFromExecConfig(exec, configFile, Utils.getSystemPathVariable()));
pb.redirectErrorStream(true);
if (env != null) {
Map<String, String> environment = pb.environment();
env.forEach(var -> environment.put(var.getName(), var.getValue()));
}
Process p = pb.start();
String output;
try (InputStream is = p.getInputStream()) {
output = IOHelpers.readFully(is);
}
if (p.waitFor() != 0) {
LOGGER.warn(output);
}
ExecCredential ec = Serialization.unmarshal(output, ExecCredential.class);
if (!apiVersion.equals(ec.apiVersion)) {
LOGGER.warn("Wrong apiVersion {} vs. {}", ec.apiVersion, apiVersion);
} else {
return ec;
}
} else {
// TODO v1beta1?
LOGGER.warn("Unsupported apiVersion: {}", apiVersion);
}
return null;
}
use of io.fabric8.kubernetes.api.model.ExecConfig in project kubernetes-client by fabric8io.
the class ConfigTest method testGetAuthenticatorCommandFromExecConfig.
@Test
void testGetAuthenticatorCommandFromExecConfig() throws IOException {
// Given
File commandFolder = Files.createTempDirectory("test").toFile();
File commandFile = new File(commandFolder, "aws");
boolean isNewFileCreated = commandFile.createNewFile();
String systemPathValue = getTestPathValue(commandFolder);
ExecConfig execConfig = new ExecConfigBuilder().withApiVersion("client.authentication.k8s.io/v1alpha1").addToArgs("--region", "us-west2", "eks", "get-token", "--cluster-name", "api-eks.example.com").withCommand("aws").build();
// When
List<String> processBuilderArgs = Config.getAuthenticatorCommandFromExecConfig(execConfig, new File("~/.kube/config"), systemPathValue);
// Then
assertTrue(isNewFileCreated);
assertNotNull(processBuilderArgs);
assertEquals(3, processBuilderArgs.size());
assertPlatformPrefixes(processBuilderArgs);
List<String> commandParts = Arrays.asList(processBuilderArgs.get(2).split(" "));
assertEquals(commandFile.getAbsolutePath(), commandParts.get(0));
assertEquals("--region", commandParts.get(1));
assertEquals("us-west2", commandParts.get(2));
assertEquals("eks", commandParts.get(3));
assertEquals("get-token", commandParts.get(4));
assertEquals("--cluster-name", commandParts.get(5));
assertEquals("api-eks.example.com", commandParts.get(6));
}
Aggregations