From c4a7a6cc2499d923e9542ff61eb954ca2b2ce342 Mon Sep 17 00:00:00 2001 From: Alex Milushev Date: Wed, 19 Dec 2018 16:12:35 +0200 Subject: [PATCH] Add posibility to use Bearer Token for auth --- .dockerignore | 1 + charts/dex-k8s-authenticator/README.md | 1 + html/static/main.css | 3 +-- main.go | 5 +++-- templates.go | 2 ++ templates/linux-mac-common.html | 6 +++++- 6 files changed, 13 insertions(+), 5 deletions(-) diff --git a/.dockerignore b/.dockerignore index 31f9947..aaa460e 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,3 +1,4 @@ +.idea charts examples docs diff --git a/charts/dex-k8s-authenticator/README.md b/charts/dex-k8s-authenticator/README.md index 170011d..c86c6e5 100644 --- a/charts/dex-k8s-authenticator/README.md +++ b/charts/dex-k8s-authenticator/README.md @@ -40,6 +40,7 @@ dexK8sAuthenticator: client_id: my-cluster redirect_uri: https://login.example.com/callback/my-cluster k8s_ca_uri: https://url-to-your-ca.crt + bearer_token: false service: type: ClusterIP diff --git a/html/static/main.css b/html/static/main.css index b08078c..3dcc115 100644 --- a/html/static/main.css +++ b/html/static/main.css @@ -12,8 +12,7 @@ h3 { font-size: 16px; } pre { background-color: #eff0f1; padding: 5px; - white-space: pre-wrap; - overflow-wrap: break-word; + overflow: auto; } .dex-container { diff --git a/main.go b/main.go index 366cc3d..4c4893b 100644 --- a/main.go +++ b/main.go @@ -64,13 +64,14 @@ type Cluster struct { K8s_Master_URI string K8s_Ca_URI string K8s_Ca_Pem string + Bearer_Token bool Verifier *oidc.IDTokenVerifier Provider *oidc.Provider OfflineAsScope bool Client *http.Client Redirect_URI string - Config Config + Config Config } // Define our configuration @@ -189,7 +190,7 @@ func start_app(config Config) { }() } - cluster.Config = config + cluster.Config = config base_redirect_uri, err := url.Parse(cluster.Redirect_URI) diff --git a/templates.go b/templates.go index 27fd192..13e5e80 100644 --- a/templates.go +++ b/templates.go @@ -36,6 +36,7 @@ type templateData struct { K8sMasterURI string K8sCaURI string K8sCaPem string + BearerToken bool IDPCaURI string IDPCaPem string LogoURI string @@ -79,6 +80,7 @@ func (cluster *Cluster) renderToken(w http.ResponseWriter, K8sMasterURI: cluster.K8s_Master_URI, K8sCaURI: cluster.K8s_Ca_URI, K8sCaPem: cluster.K8s_Ca_Pem, + BearerToken: cluster.Bearer_Token, IDPCaURI: idpCaURI, IDPCaPem: idpCaPem, LogoURI: logoURI, diff --git a/templates/linux-mac-common.html b/templates/linux-mac-common.html index 1732268..38de509 100644 --- a/templates/linux-mac-common.html +++ b/templates/linux-mac-common.html @@ -78,14 +78,18 @@

Run configuration commands

kubectl config set-credentials {{ .Username }}-{{ .ClusterName }} \
+  {{- if .BearerToken }}
+    --token={{ .IDToken }}
+  {{- else }}
     --auth-provider=oidc \
     --auth-provider-arg=idp-issuer-url={{ .Issuer }} \
     --auth-provider-arg=client-id={{ .ClientID }} \
     --auth-provider-arg=client-secret={{ .ClientSecret }} \
     --auth-provider-arg=refresh-token={{ .RefreshToken }} \
     --auth-provider-arg=id-token={{ .IDToken }}
-  {{- if or (.IDPCaURI) (.IDPCaPem) }} \
+    {{- if or (.IDPCaURI) (.IDPCaPem) }} \
     --auth-provider-arg=idp-certificate-authority=${HOME}/.kube/certs/{{ .ClusterName }}/idp-ca.crt
+    {{- end }}
   {{- end }}