forked from operator-framework/operator-sdk
-
Notifications
You must be signed in to change notification settings - Fork 0
/
kubeconfig.go
118 lines (105 loc) · 3.11 KB
/
kubeconfig.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
// Copyright 2018 The Operator-SDK Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package kubeconfig
import (
"bytes"
"encoding/base64"
"encoding/json"
"html/template"
"io/ioutil"
"net/url"
"os"
"github.com/operator-framework/operator-sdk/internal/util/fileutil"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
logf "sigs.k8s.io/controller-runtime/pkg/runtime/log"
)
var log = logf.Log.WithName("kubeconfig")
// kubectl, as of 1.10.5, only does basic auth if the username is present in
// the URL. The python client used by ansible, as of 6.0.0, only does basic
// auth if the username and password are provided under the "user" key within
// "users".
const kubeConfigTemplate = `---
apiVersion: v1
kind: Config
clusters:
- cluster:
insecure-skip-tls-verify: true
server: {{.ProxyURL}}
name: proxy-server
contexts:
- context:
cluster: proxy-server
user: admin/proxy-server
name: {{.Namespace}}/proxy-server
current-context: {{.Namespace}}/proxy-server
preferences: {}
users:
- name: admin/proxy-server
user:
username: {{.Username}}
password: unused
`
// values holds the data used to render the template
type values struct {
Username string
ProxyURL string
Namespace string
}
type NamespacedOwnerReference struct {
metav1.OwnerReference
Namespace string
}
// Create renders a kubeconfig template and writes it to disk
func Create(ownerRef metav1.OwnerReference, proxyURL string, namespace string) (*os.File, error) {
nsOwnerRef := NamespacedOwnerReference{OwnerReference: ownerRef, Namespace: namespace}
parsedURL, err := url.Parse(proxyURL)
if err != nil {
return nil, err
}
ownerRefJSON, err := json.Marshal(nsOwnerRef)
if err != nil {
return nil, err
}
username := base64.URLEncoding.EncodeToString([]byte(ownerRefJSON))
parsedURL.User = url.User(username)
v := values{
Username: username,
ProxyURL: parsedURL.String(),
Namespace: namespace,
}
var parsed bytes.Buffer
t := template.Must(template.New("kubeconfig").Parse(kubeConfigTemplate))
if err := t.Execute(&parsed, v); err != nil {
return nil, err
}
file, err := ioutil.TempFile("", "kubeconfig")
if err != nil {
return nil, err
}
// multiple calls to close file will not hurt anything,
// but we don't want to lose the error because we are
// writing to the file, so we will call close twice.
defer func() {
if err := file.Close(); err != nil && !fileutil.IsClosedError(err) {
log.Error(err, "Failed to close generated kubeconfig file")
}
}()
if _, err := file.WriteString(parsed.String()); err != nil {
return nil, err
}
if err := file.Close(); err != nil {
return nil, err
}
return file, nil
}