This repository has been archived by the owner on Dec 5, 2022. It is now read-only.
forked from kubernetes-sigs/aws-iam-authenticator
/
config.go
97 lines (81 loc) · 2.83 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
/*
Copyright 2017 by the contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package config
import (
"crypto/tls"
"fmt"
"net"
"net/url"
"path/filepath"
"strconv"
"github.com/LF-Certification/aws-iam-authenticator/pkg/config/certs"
"github.com/LF-Certification/aws-iam-authenticator/pkg/config/kubeconfig"
)
// ServerURL returns the URL to connect to this server.
func (c *Config) ServerURL() string {
u := url.URL{
Scheme: "https",
Host: c.ServerAddr(),
Path: "/authenticate",
}
return u.String()
}
// ServerAddr returns the host and port clients should use for server endpoint.
func (c *Config) ServerAddr() string {
return net.JoinHostPort(c.Hostname, strconv.Itoa(c.HostPort))
}
// ListenAddr returns the IP address and port mapping to bind with
func (c *Config) ListenAddr() string {
return net.JoinHostPort(c.Address, strconv.Itoa(c.HostPort))
}
// GenerateFiles will generate the certificate and private key and then create the kubeconfig
func (c *Config) GenerateFiles() error {
// load or generate a certificate+private key
_, err := c.GetOrCreateX509KeyPair()
if err != nil {
return fmt.Errorf("could not load/generate a certificate")
}
err = c.GenerateWebhookKubeconfig()
if err != nil {
return fmt.Errorf("could not generate a webhook kubeconfig at %s: %v", c.GenerateKubeconfigPath, err)
}
return nil
}
func (c *Config) GenerateWebhookKubeconfig() error {
cert, err := certs.LoadX509KeyPair(c.CertPath(), c.KeyPath())
if err != nil {
return fmt.Errorf("failed to load an existing certificate: %v", err)
}
return kubeconfig.CreateWebhookKubeconfig(cert, c.GenerateKubeconfigPath, c.ServerURL())
}
// CertPath returns the path to the pem file containing the certificate
func (c *Config) CertPath() string {
return filepath.Join(c.StateDir, "cert.pem")
}
// KeyPath returns the path to the pem file containing the private key
func (c *Config) KeyPath() string {
return filepath.Join(c.StateDir, "key.pem")
}
func (c *Config) CertOpts() certs.CertificateOptions {
return certs.CertificateOptions{
CertPath: c.CertPath(),
KeyPath: c.KeyPath(),
Hostname: c.Hostname,
Address: c.Address,
Lifetime: certLifetime,
}
}
// GetOrCreateCertificate will create a certificate if it cannot find one based on the config
func (c *Config) GetOrCreateX509KeyPair() (*tls.Certificate, error) {
return certs.GetOrCreateX509KeyPair(c.CertOpts())
}