render kube config using the authenticated user.

instead of a hardcoded value, the configuration file uses the user information from the authentication context for the user and context settings. closes #45
planetlabs · Jan 31, 2022 · 8ce9c97 · 8ce9c97
1 parent 75b0795
commit 8ce9c97
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 18 deletions.
diff --git a/frontend/src/kubehook.vue b/frontend/src/kubehook.vue
@@ -91,6 +91,7 @@ export default {
       kubecfg: false,
       lifetime: 2,
       clusterID: "radcluster",
+      user: null,
       token: null,
       error: null
     };
@@ -121,6 +122,7 @@ export default {
       this.axios
         .post("/generate", { lifetime: this.inHours(this.lifetime) })
         .then(function(response) {
+          _this.user = response.data.user;
           _this.token = response.data.token;
         })
         .catch(function(e) {
@@ -149,26 +151,31 @@ export default {
     },
     snippetManual: function() {
       return (
-        "export CLUSTER=" +
+        "export K8S_CLUSTER=" +
         this.clusterID +
         "\n" +
-        'export TOKEN="' +
+        "export K8S_USER=" +
+        this.user +
+        "\n" +
+        'export K8S_TOKEN="' +
         this.token +
         '"\n' +
         "\n" +
         "# Create or update a user.\n" +
-        'kubectl config set-credentials kubehook --token="${TOKEN}"\n' +
+        'kubectl config set-credentials ${K8S_USER} --token="${K8S_TOKEN}"\n' +
         "\n" +
         "# Associate your user with an existing cluster.\n" +
-        "kubectl config set-context ${CLUSTER} --cluster=${CLUSTER} --user=kubehook\n" +
+        "kubectl config set-context ${K8S_CLUSTER} --cluster=${K8S_CLUSTER} --user=${K8S_USER}\n" +
         "\n" +
         "# Use your context to discover available namespaces.\n" +
-        "kubectl --context=${CLUSTER} get namespaces"
+        "kubectl --context=${K8S_CLUSTER} get namespaces"
       );
     },
     snippetUpdate: function() {
       return (
-        'kubectl config set-credentials kubehook --token="' + this.token + '"\n'
+        'kubectl config set-credentials ' +
+        this.user +
+        ' --token="' + this.token + '"\n'
       );
     }
   }

diff --git a/handlers/generate/generate.go b/handlers/generate/generate.go
@@ -35,6 +35,7 @@ type req struct {
 }
 
 type rsp struct {
+	User  string `json:"user,omitempty"`
 	Token string `json:"token,omitempty"`
 	Error string `json:"error,omitempty"`
 }
@@ -68,12 +69,16 @@ func Handler(g auth.Generator, h handlers.AuthHeaders) http.HandlerFunc {
 			return
 		}
 
-		write(w, rsp{Token: t}, http.StatusOK)
+		res := rsp{
+			User: u,
+			Token: t,
+		}
+		write(w, res, http.StatusOK)
 	}
 }
 
-func write(w http.ResponseWriter, r rsp, httpStatus int) {
+func write(w http.ResponseWriter, data interface{}, httpStatus int) {
 	w.Header().Set("Content-Type", "application/json; charset=utf-8")
 	w.WriteHeader(httpStatus)
-	json.NewEncoder(w).Encode(r) // nolint: gosec
+	json.NewEncoder(w).Encode(data) // nolint: gosec
 }
diff --git a/handlers/kubecfg/kubecfg.go b/handlers/kubecfg/kubecfg.go
@@ -32,7 +32,6 @@ import (
 )
 
 const (
-	templateUser       = "kubehook"
 	queryParamLifetime = "lifetime"
 )
 
@@ -67,7 +66,7 @@ func Handler(g auth.Generator, template *api.Config, h handlers.AuthHeaders) htt
 			return
 		}
 
-		y, err := clientcmd.Write(populateUser(template, templateUser, t))
+		y, err := clientcmd.Write(populateUser(template, u, t))
 		if err != nil {
 			http.Error(w, errors.Wrap(err, "cannot marshal template to YAML").Error(), http.StatusInternalServerError)
 			return
@@ -89,7 +88,7 @@ func populateUser(cfg *api.Config, username, token string) api.Config {
 	}
 	for name, cluster := range cfg.Clusters {
 		c.Clusters[name] = cluster
-		c.Contexts[name] = &api.Context{Cluster: name, AuthInfo: templateUser}
+		c.Contexts[name] = &api.Context{Cluster: name, AuthInfo: username}
 	}
 	c.CurrentContext = cfg.CurrentContext
 	return c

diff --git a/handlers/kubecfg/kubecfg_test.go b/handlers/kubecfg/kubecfg_test.go
@@ -60,10 +60,10 @@ func TestHandler(t *testing.T) {
 					"b": &api.Cluster{Server: "https://example.net", CertificateAuthorityData: []byte("PAM")},
 				},
 				Contexts: map[string]*api.Context{
-					"a": &api.Context{AuthInfo: templateUser, Cluster: "a"},
-					"b": &api.Context{AuthInfo: templateUser, Cluster: "b"},
+					"a": &api.Context{AuthInfo: user, Cluster: "a"},
+					"b": &api.Context{AuthInfo: user, Cluster: "b"},
 				},
-				AuthInfos: map[string]*api.AuthInfo{templateUser: &api.AuthInfo{Token: user}},
+				AuthInfos: map[string]*api.AuthInfo{user: &api.AuthInfo{Token: user}},
 			},
 		},
 		{
@@ -83,10 +83,10 @@ func TestHandler(t *testing.T) {
 					"b": &api.Cluster{Server: "https://example.net", CertificateAuthorityData: []byte("PAM")},
 				},
 				Contexts: map[string]*api.Context{
-					"a": &api.Context{AuthInfo: templateUser, Cluster: "a"},
-					"b": &api.Context{AuthInfo: templateUser, Cluster: "b"},
+					"a": &api.Context{AuthInfo: user, Cluster: "a"},
+					"b": &api.Context{AuthInfo: user, Cluster: "b"},
 				},
-				AuthInfos: map[string]*api.AuthInfo{templateUser: &api.AuthInfo{Token: user}},
+				AuthInfos: map[string]*api.AuthInfo{user: &api.AuthInfo{Token: user}},
 			},
 		},
 		{