// Clients returns an OpenShift and Kubernetes client with the credentials of the named service account // TODO: change return types to client.Interface/kclient.Interface to allow auto-reloading credentials func Clients(config restclient.Config, tokenRetriever TokenRetriever, namespace, name string) (*restclient.Config, *client.Client, *kclient.Client, error) { // Clear existing auth info config.Username = "" config.Password = "" config.CertFile = "" config.CertData = []byte{} config.KeyFile = "" config.KeyData = []byte{} config.BearerToken = "" if len(config.UserAgent) > 0 { config.UserAgent += " " } config.UserAgent += fmt.Sprintf("system:serviceaccount:%s:%s", namespace, name) // For now, just initialize the token once // TODO: refetch the token if the client encounters 401 errors token, err := tokenRetriever.GetToken(namespace, name) if err != nil { return nil, nil, nil, err } config.BearerToken = token c, err := client.New(&config) if err != nil { return nil, nil, nil, err } kc, err := kclient.New(&config) if err != nil { return nil, nil, nil, err } return &config, c, kc, nil }
// Clients returns an OpenShift and Kubernetes client with the credentials of the named service account // TODO: change return types to client.Interface/kclient.Interface to allow auto-reloading credentials func Clients(config restclient.Config, tokenRetriever TokenRetriever, namespace, name string) (*restclient.Config, *client.Client, *kclient.Client, error) { // Clear existing auth info config.Username = "" config.Password = "" config.CertFile = "" config.CertData = []byte{} config.KeyFile = "" config.KeyData = []byte{} config.BearerToken = "" kubeUserAgent := "" openshiftUserAgent := "" // they specified, don't mess with it if len(config.UserAgent) > 0 { kubeUserAgent = config.UserAgent openshiftUserAgent = config.UserAgent } else { kubeUserAgent = fmt.Sprintf("%s system:serviceaccount:%s:%s", restclient.DefaultKubernetesUserAgent(), namespace, name) openshiftUserAgent = fmt.Sprintf("%s system:serviceaccount:%s:%s", client.DefaultOpenShiftUserAgent(), namespace, name) } // For now, just initialize the token once // TODO: refetch the token if the client encounters 401 errors token, err := tokenRetriever.GetToken(namespace, name) if err != nil { return nil, nil, nil, err } config.BearerToken = token config.UserAgent = openshiftUserAgent c, err := client.New(&config) if err != nil { return nil, nil, nil, err } config.UserAgent = kubeUserAgent kc, err := kclient.New(&config) if err != nil { return nil, nil, nil, err } return &config, c, kc, nil }
// MergeWithConfig returns a copy of a client.Config with values from the Info. // The fields of client.Config with a corresponding field in the Info are set // with the value from the Info. func (info Info) MergeWithConfig(c restclient.Config) (restclient.Config, error) { var config restclient.Config = c config.Username = info.User config.Password = info.Password config.CAFile = info.CAFile config.CertFile = info.CertFile config.KeyFile = info.KeyFile config.BearerToken = info.BearerToken if info.Insecure != nil { config.Insecure = *info.Insecure } return config, nil }
// GetKubeClientConfig returns rest client configuration based on the passed url. func GetKubeClientConfig(uri *url.URL) (*kube_rest.Config, error) { var ( kubeConfig *kube_rest.Config err error ) opts := uri.Query() configOverrides, err := getConfigOverrides(uri) if err != nil { return nil, err } inClusterConfig := defaultInClusterConfig if len(opts["inClusterConfig"]) > 0 { inClusterConfig, err = strconv.ParseBool(opts["inClusterConfig"][0]) if err != nil { return nil, err } } if inClusterConfig { kubeConfig, err = kube_rest.InClusterConfig() if err != nil { return nil, err } if configOverrides.ClusterInfo.Server != "" { kubeConfig.Host = configOverrides.ClusterInfo.Server } kubeConfig.GroupVersion = &schema.GroupVersion{Version: configOverrides.ClusterInfo.APIVersion} kubeConfig.Insecure = configOverrides.ClusterInfo.InsecureSkipTLSVerify if configOverrides.ClusterInfo.InsecureSkipTLSVerify { kubeConfig.TLSClientConfig.CAFile = "" } } else { authFile := "" if len(opts["auth"]) > 0 { authFile = opts["auth"][0] } if authFile != "" { if kubeConfig, err = kube_client_cmd.NewNonInteractiveDeferredLoadingClientConfig( &kube_client_cmd.ClientConfigLoadingRules{ExplicitPath: authFile}, configOverrides).ClientConfig(); err != nil { return nil, err } } else { kubeConfig = &kube_rest.Config{ Host: configOverrides.ClusterInfo.Server, Insecure: configOverrides.ClusterInfo.InsecureSkipTLSVerify, } kubeConfig.GroupVersion = &schema.GroupVersion{Version: configOverrides.ClusterInfo.APIVersion} } } if len(kubeConfig.Host) == 0 { return nil, fmt.Errorf("invalid kubernetes master url specified") } if len(kubeConfig.GroupVersion.Version) == 0 { return nil, fmt.Errorf("invalid kubernetes API version specified") } useServiceAccount := defaultUseServiceAccount if len(opts["useServiceAccount"]) >= 1 { useServiceAccount, err = strconv.ParseBool(opts["useServiceAccount"][0]) if err != nil { return nil, err } } if useServiceAccount { // If a readable service account token exists, then use it if contents, err := ioutil.ReadFile(defaultServiceAccountFile); err == nil { kubeConfig.BearerToken = string(contents) } } return kubeConfig, nil }
func GetKubeClientConfig(uri *url.URL) (*kube_client.Config, error) { var ( kubeConfig *kube_client.Config err error ) opts := uri.Query() configOverrides, err := getConfigOverrides(uri) if err != nil { return nil, err } inClusterConfig := defaultInClusterConfig if len(opts["inClusterConfig"]) > 0 { inClusterConfig, err = strconv.ParseBool(opts["inClusterConfig"][0]) if err != nil { return nil, err } } if inClusterConfig { kubeConfig, err = kube_client.InClusterConfig() if err != nil { return nil, err } if configOverrides.ClusterInfo.Server != "" { kubeConfig.Host = configOverrides.ClusterInfo.Server } kubeConfig.GroupVersion = &unversioned.GroupVersion{Version: configOverrides.ClusterInfo.APIVersion} kubeConfig.Insecure = configOverrides.ClusterInfo.InsecureSkipTLSVerify if configOverrides.ClusterInfo.InsecureSkipTLSVerify { kubeConfig.TLSClientConfig.CAFile = "" } } else { authFile := "" if len(opts["auth"]) > 0 { authFile = opts["auth"][0] } if authFile != "" { // Load structured kubeconfig data from the given path. loader := &kubeClientCmd.ClientConfigLoadingRules{ExplicitPath: authFile} loadedConfig, err := loader.Load() if err != nil { return nil, err } // Flatten the loaded data to a particular restclient.Config based on the current context. if kubeConfig, err = kubeClientCmd.NewNonInteractiveClientConfig( *loadedConfig, loadedConfig.CurrentContext, &kubeClientCmd.ConfigOverrides{}, loader).ClientConfig(); err != nil { return nil, err } } else { kubeConfig = &kube_client.Config{ Host: configOverrides.ClusterInfo.Server, Insecure: configOverrides.ClusterInfo.InsecureSkipTLSVerify, } kubeConfig.GroupVersion = &unversioned.GroupVersion{Version: configOverrides.ClusterInfo.APIVersion} } } if len(kubeConfig.Host) == 0 { return nil, fmt.Errorf("invalid kubernetes master url specified") } useServiceAccount := defaultUseServiceAccount if len(opts["useServiceAccount"]) >= 1 { useServiceAccount, err = strconv.ParseBool(opts["useServiceAccount"][0]) if err != nil { return nil, err } } if useServiceAccount { // If a readable service account token exists, then use it if contents, err := ioutil.ReadFile(defaultServiceAccountFile); err == nil { kubeConfig.BearerToken = string(contents) } } kubeConfig.ContentType = "application/vnd.kubernetes.protobuf" return kubeConfig, nil }