This repository has been archived by the owner on Apr 5, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
root.go
executable file
·176 lines (149 loc) · 5.92 KB
/
root.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
package cmd
import (
"fmt"
"log"
"os"
homedir "github.com/mitchellh/go-homedir"
"github.com/spf13/cobra"
"github.com/spf13/viper"
)
type clusterConfig struct {
idpIssuerURL string
clientID string
clientSecret string
refreshToken string
idToken string
clusterName string
userName string
insecureCluster bool
port int
}
type authConfig struct {
ClientID string
ClientSecret string
User string
Password string
URL string
insecureOIDC bool
}
var cfgFile string
var username string
var password string
var clusterName string
var clientID string
var clientSecret string
var idpIssuerURL string
var insecureOIDC bool
var insecureCluster bool
var port int
var showToken bool
// rootCmd represents the base command when called without any subcommands
var rootCmd = &cobra.Command{
Use: "kube-login",
Short: "login to keycloak and generate/update kubeconfig with id and refresh token",
Run: func(cmd *cobra.Command, args []string) {
// construct URL with oidc string
URL := fmt.Sprintf("%s/protocol/openid-connect/token", viper.GetString("idp-issuer-url"))
// initialize config struct for oidc request
c := authConfig{
URL: URL,
ClientID: viper.GetString("clientID"),
ClientSecret: viper.GetString("clientSecret"),
User: viper.GetString("username"),
Password: viper.GetString("password"),
insecureOIDC: viper.GetBool("insecure-oidc"),
}
// initialize clusterconfig struct for later kubeconfig manipulation
cc := clusterConfig{
idpIssuerURL: viper.GetString("idp-issuer-url"),
clientID: viper.GetString("clientid"),
clientSecret: viper.GetString("clientsecret"),
userName: viper.GetString("username"),
clusterName: viper.GetString("clustername"),
insecureCluster: viper.GetBool("insecure-cluster"),
port: viper.GetInt("port"),
}
// give user information about his current user and cluster
// maybe move to loglevel info and additional logger
log.Printf("username: %v \n", cc.userName)
log.Printf("cluster: %v \n", cc.clusterName)
// get id and refresh token from keycloak as tokenSet struct
tokenSet := c.GetTokenSet()
cc.idToken = tokenSet.IDToken
cc.refreshToken = tokenSet.RefreshToken
// if show-token is provided as a flag, only output tokens and exit
if viper.GetBool("show-token") {
fmt.Println("id-token is: ", cc.idToken)
fmt.Println("refresh-token is: ", cc.refreshToken)
os.Exit(0)
}
// set oidc config
// and patch kubeconfig
cc.SetAuthConfig()
cc.SetClusterConfig()
cc.SetClusterContext()
cc.UseClusterContext()
},
}
// Execute adds all child commands to the root command and sets flags appropriately.
// This is called by main.main(). It only needs to happen once to the rootCmd.
func Execute() {
if err := rootCmd.Execute(); err != nil {
fmt.Println(err)
os.Exit(1)
}
}
func init() {
cobra.OnInitialize(initConfig)
// Here you will define your flags and configuration settings.
// Cobra supports persistent flags, which, if defined here,
// will be global for your application.
rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.kube-login.yml)")
rootCmd.PersistentFlags().BoolVar(&showToken, "show-token", false, "show keycloak token and exit")
rootCmd.PersistentFlags().StringVarP(&username, "username", "u", "", "username for keycloak")
rootCmd.PersistentFlags().StringVarP(&password, "password", "p", "", "password for keycloak")
rootCmd.PersistentFlags().StringVarP(&clusterName, "clustername", "c", "", "clustername fqdn e.g api.kubernetes.example")
rootCmd.PersistentFlags().IntVar(&port, "port", 6443, "port for apiserver")
rootCmd.PersistentFlags().StringVar(&clientID, "clientid", "", "clientid for idp")
rootCmd.PersistentFlags().StringVar(&clientSecret, "clientsecret", "", "client secret for idp")
rootCmd.PersistentFlags().StringVar(&idpIssuerURL, "idp-issuer-url", "", "idp/oidc fqdn")
rootCmd.PersistentFlags().BoolVar(&insecureOIDC, "insecure-oidc", false, "if set insecure tls to oidc provider will be used, use with caution")
rootCmd.PersistentFlags().BoolVar(&insecureCluster, "insecure-cluster", true, "if set insecure tls to cluster in kubeconfig will be set, use with caution")
// Cobra also supports local flags, which will only run
// when this action is called directly.
rootCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
// Viper Bind Flags
viper.BindPFlag("username", rootCmd.PersistentFlags().Lookup("username"))
viper.BindPFlag("password", rootCmd.PersistentFlags().Lookup("password"))
viper.BindPFlag("clustername", rootCmd.PersistentFlags().Lookup("clustername"))
viper.BindPFlag("port", rootCmd.PersistentFlags().Lookup("port"))
viper.BindPFlag("clientid", rootCmd.PersistentFlags().Lookup("clientid"))
viper.BindPFlag("clientsecret", rootCmd.PersistentFlags().Lookup("clientsecret"))
viper.BindPFlag("idp-issuer-url", rootCmd.PersistentFlags().Lookup("idp-issuer-url"))
viper.BindPFlag("insecureoidc", rootCmd.PersistentFlags().Lookup("insecure-oidc"))
viper.BindPFlag("insecurecluster", rootCmd.PersistentFlags().Lookup("insecure-cluster"))
viper.BindPFlag("show-token", rootCmd.PersistentFlags().Lookup("show-token"))
}
// initConfig reads in config file and ENV variables if set.
func initConfig() {
if cfgFile != "" {
// Use config file from the flag.
viper.SetConfigFile(cfgFile)
} else {
// Find home directory.
home, err := homedir.Dir()
if err != nil {
fmt.Println(err)
os.Exit(1)
}
// Search config in home directory with name ".kube-login" (without extension).
viper.AddConfigPath(home)
viper.SetConfigName(".kube-login")
viper.SetEnvPrefix("KUBE") // will be uppercased automatically
}
viper.AutomaticEnv() // read in environment variables that match
// If a config file is found, read it in.
if err := viper.ReadInConfig(); err == nil {
log.Println("Using config file:", viper.ConfigFileUsed())
}
}