-
Notifications
You must be signed in to change notification settings - Fork 135
/
token_credentials.go
55 lines (44 loc) · 1.12 KB
/
token_credentials.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
package kubernetes
import (
"context"
"encoding/base64"
"fmt"
"os"
"golang.org/x/oauth2"
)
type NativeTokenCredentials struct {
TokenSource oauth2.TokenSource
}
func (c *NativeTokenCredentials) GetRequestMetadata(context.Context, ...string) (map[string]string, error) {
jwt, err := c.getJWT(c.TokenSource)
if err != nil {
return nil, err
}
ca, err := getClusterCA()
if err != nil {
return nil, err
}
encodedCa := base64.RawURLEncoding.EncodeToString([]byte(ca))
body := fmt.Sprintf(`{"token":"%s", "ca":"%s"}`, jwt, encodedCa)
encoded := base64.RawURLEncoding.EncodeToString([]byte(body))
return map[string]string{
"authorization": "KubernetesAuth " + encoded,
}, nil
}
func (c *NativeTokenCredentials) RequireTransportSecurity() bool {
return false
}
func (c *NativeTokenCredentials) getJWT(source oauth2.TokenSource) (string, error) {
t, e := source.Token()
if e != nil {
return "", e
}
return t.AccessToken, nil
}
func getClusterCA() (string, error) {
fromFile, err := os.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/ca.crt")
if err != nil {
return "", err
}
return string(fromFile), nil
}