Example 1 with V1ObjectReference
use of io.kubernetes.client.models.V1ObjectReference in project weblogic-kubernetes-operator by oracle.
the class Authenticator method authenticateByServiceAccount.
/**
* Given a V1ServiceAccount object, pull the authentication secrets and
* initialize a new ApiClient to authenticate with those credentials.
*
* @param serviceAccount The name of the Service Account to authenticate with.
* @return ApiClient An ApiClient for the given Service Account.
* @throws ApiException if there is an API error.
*/
private ApiClient authenticateByServiceAccount(V1ServiceAccount serviceAccount) throws ApiException {
LOGGER.entering();
byte[] caCert = null;
String token = null;
List<V1ObjectReference> secretList = serviceAccount.getSecrets();
for (V1ObjectReference reference : secretList) {
// Get the secret.
V1Secret secret = helper.readSecretByReference(reference, serviceAccount.getMetadata().getNamespace());
Map<String, byte[]> secretMap = secret.getData();
for (Entry<String, byte[]> entry : secretMap.entrySet()) {
if (entry.getKey().equals("ca.crt")) {
caCert = entry.getValue();
}
if (entry.getKey().equals("token")) {
token = new String(entry.getValue());
}
}
}
serviceToken = token;
String serviceHost = System.getenv(_SERVICE_HOST);
String servicePort = System.getenv(_SERVICE_PORT);
String serviceUrl = "https://" + serviceHost + ":" + servicePort;
ApiClient newClient = new ApiClient();
newClient.setBasePath(serviceUrl);
newClient.setApiKey("Bearer " + token);
newClient.setSslCaCert(new ByteArrayInputStream(caCert));
LOGGER.exiting(newClient);
return newClient;
}
Also used :
V1ObjectReference(io.kubernetes.client.models.V1ObjectReference)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ApiClient(io.kubernetes.client.ApiClient)
V1Secret(io.kubernetes.client.models.V1Secret)
Example 2 with V1ObjectReference
use of io.kubernetes.client.models.V1ObjectReference in project weblogic-kubernetes-operator by oracle.
the class Helpers method findServiceAccountByToken.
/**
* Find the service account by supplied token
*
* @param token authentication token to search for
* @return V1ServiceAccount where token is secreted
* @throws ApiException if there is an API error
*/
protected V1ServiceAccount findServiceAccountByToken(String token) throws ApiException {
LOGGER.entering();
V1ServiceAccountList serviceAccounts = getAllServiceAccounts();
for (V1ServiceAccount serviceAccount : serviceAccounts.getItems()) {
for (V1ObjectReference reference : serviceAccount.getSecrets()) {
V1Secret secret = readSecretByReference(reference, serviceAccount.getMetadata().getNamespace());
Map<String, byte[]> secretMap = secret.getData();
for (Entry<String, byte[]> entry : secretMap.entrySet()) {
String secretToken = new String(entry.getValue());
if (entry.getKey().equals("token") && token.equals(secretToken)) {
LOGGER.exiting(serviceAccount);
return serviceAccount;
}
}
}
}
ApiException e = new ApiException("token does not match any secret");
LOGGER.throwing(e);
throw e;
}
Also used :
V1ServiceAccountList(io.kubernetes.client.models.V1ServiceAccountList)
V1ObjectReference(io.kubernetes.client.models.V1ObjectReference)
V1ServiceAccount(io.kubernetes.client.models.V1ServiceAccount)
V1Secret(io.kubernetes.client.models.V1Secret)
ApiException(io.kubernetes.client.ApiException)
Aggregations
V1ObjectReference (io.kubernetes.client.models.V1ObjectReference)2
V1Secret (io.kubernetes.client.models.V1Secret)2
ApiClient (io.kubernetes.client.ApiClient)1
ApiException (io.kubernetes.client.ApiException)1
V1ServiceAccount (io.kubernetes.client.models.V1ServiceAccount)1
V1ServiceAccountList (io.kubernetes.client.models.V1ServiceAccountList)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
