From 8ce9c97074e68b9361c4ca69eafe05376730ca03 Mon Sep 17 00:00:00 2001 From: Gordon Bleux Date: Wed, 26 Jan 2022 20:13:54 +0100 Subject: [PATCH] render kube config using the authenticated user. instead of a hardcoded value, the configuration file uses the user information from the authentication context for the user and context settings. closes #45 --- frontend/src/kubehook.vue | 19 +++++++++++++------ handlers/generate/generate.go | 11 ++++++++--- handlers/kubecfg/kubecfg.go | 5 ++--- handlers/kubecfg/kubecfg_test.go | 12 ++++++------ 4 files changed, 29 insertions(+), 18 deletions(-) diff --git a/frontend/src/kubehook.vue b/frontend/src/kubehook.vue index b6f3f64..355982e 100644 --- a/frontend/src/kubehook.vue +++ b/frontend/src/kubehook.vue @@ -91,6 +91,7 @@ export default { kubecfg: false, lifetime: 2, clusterID: "radcluster", + user: null, token: null, error: null }; @@ -121,6 +122,7 @@ export default { this.axios .post("/generate", { lifetime: this.inHours(this.lifetime) }) .then(function(response) { + _this.user = response.data.user; _this.token = response.data.token; }) .catch(function(e) { @@ -149,26 +151,31 @@ export default { }, snippetManual: function() { return ( - "export CLUSTER=" + + "export K8S_CLUSTER=" + this.clusterID + "\n" + - 'export TOKEN="' + + "export K8S_USER=" + + this.user + + "\n" + + 'export K8S_TOKEN="' + this.token + '"\n' + "\n" + "# Create or update a user.\n" + - 'kubectl config set-credentials kubehook --token="${TOKEN}"\n' + + 'kubectl config set-credentials ${K8S_USER} --token="${K8S_TOKEN}"\n' + "\n" + "# Associate your user with an existing cluster.\n" + - "kubectl config set-context ${CLUSTER} --cluster=${CLUSTER} --user=kubehook\n" + + "kubectl config set-context ${K8S_CLUSTER} --cluster=${K8S_CLUSTER} --user=${K8S_USER}\n" + "\n" + "# Use your context to discover available namespaces.\n" + - "kubectl --context=${CLUSTER} get namespaces" + "kubectl --context=${K8S_CLUSTER} get namespaces" ); }, snippetUpdate: function() { return ( - 'kubectl config set-credentials kubehook --token="' + this.token + '"\n' + 'kubectl config set-credentials ' + + this.user + + ' --token="' + this.token + '"\n' ); } } diff --git a/handlers/generate/generate.go b/handlers/generate/generate.go index c4af98a..1c1be18 100644 --- a/handlers/generate/generate.go +++ b/handlers/generate/generate.go @@ -35,6 +35,7 @@ type req struct { } type rsp struct { + User string `json:"user,omitempty"` Token string `json:"token,omitempty"` Error string `json:"error,omitempty"` } @@ -68,12 +69,16 @@ func Handler(g auth.Generator, h handlers.AuthHeaders) http.HandlerFunc { return } - write(w, rsp{Token: t}, http.StatusOK) + res := rsp{ + User: u, + Token: t, + } + write(w, res, http.StatusOK) } } -func write(w http.ResponseWriter, r rsp, httpStatus int) { +func write(w http.ResponseWriter, data interface{}, httpStatus int) { w.Header().Set("Content-Type", "application/json; charset=utf-8") w.WriteHeader(httpStatus) - json.NewEncoder(w).Encode(r) // nolint: gosec + json.NewEncoder(w).Encode(data) // nolint: gosec } diff --git a/handlers/kubecfg/kubecfg.go b/handlers/kubecfg/kubecfg.go index 4550989..dfa4ea2 100644 --- a/handlers/kubecfg/kubecfg.go +++ b/handlers/kubecfg/kubecfg.go @@ -32,7 +32,6 @@ import ( ) const ( - templateUser = "kubehook" queryParamLifetime = "lifetime" ) @@ -67,7 +66,7 @@ func Handler(g auth.Generator, template *api.Config, h handlers.AuthHeaders) htt return } - y, err := clientcmd.Write(populateUser(template, templateUser, t)) + y, err := clientcmd.Write(populateUser(template, u, t)) if err != nil { http.Error(w, errors.Wrap(err, "cannot marshal template to YAML").Error(), http.StatusInternalServerError) return @@ -89,7 +88,7 @@ func populateUser(cfg *api.Config, username, token string) api.Config { } for name, cluster := range cfg.Clusters { c.Clusters[name] = cluster - c.Contexts[name] = &api.Context{Cluster: name, AuthInfo: templateUser} + c.Contexts[name] = &api.Context{Cluster: name, AuthInfo: username} } c.CurrentContext = cfg.CurrentContext return c diff --git a/handlers/kubecfg/kubecfg_test.go b/handlers/kubecfg/kubecfg_test.go index 452d3d6..669bd29 100644 --- a/handlers/kubecfg/kubecfg_test.go +++ b/handlers/kubecfg/kubecfg_test.go @@ -60,10 +60,10 @@ func TestHandler(t *testing.T) { "b": &api.Cluster{Server: "https://example.net", CertificateAuthorityData: []byte("PAM")}, }, Contexts: map[string]*api.Context{ - "a": &api.Context{AuthInfo: templateUser, Cluster: "a"}, - "b": &api.Context{AuthInfo: templateUser, Cluster: "b"}, + "a": &api.Context{AuthInfo: user, Cluster: "a"}, + "b": &api.Context{AuthInfo: user, Cluster: "b"}, }, - AuthInfos: map[string]*api.AuthInfo{templateUser: &api.AuthInfo{Token: user}}, + AuthInfos: map[string]*api.AuthInfo{user: &api.AuthInfo{Token: user}}, }, }, { @@ -83,10 +83,10 @@ func TestHandler(t *testing.T) { "b": &api.Cluster{Server: "https://example.net", CertificateAuthorityData: []byte("PAM")}, }, Contexts: map[string]*api.Context{ - "a": &api.Context{AuthInfo: templateUser, Cluster: "a"}, - "b": &api.Context{AuthInfo: templateUser, Cluster: "b"}, + "a": &api.Context{AuthInfo: user, Cluster: "a"}, + "b": &api.Context{AuthInfo: user, Cluster: "b"}, }, - AuthInfos: map[string]*api.AuthInfo{templateUser: &api.AuthInfo{Token: user}}, + AuthInfos: map[string]*api.AuthInfo{user: &api.AuthInfo{Token: user}}, }, }, {