-
Notifications
You must be signed in to change notification settings - Fork 237
/
auth.go
56 lines (48 loc) · 1.59 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
package k8s
import (
"encoding/json"
"os"
"github.com/spf13/cobra"
"encr.dev/cli/cmd/encore/cmdutil"
"encr.dev/cli/cmd/encore/k8s/types"
"encr.dev/internal/conf"
)
var genAuthCmd = &cobra.Command{
Use: "exec-credentials",
Short: "Used by kubectl to get an authentication token for the Encore Kubernetes Proxy",
Args: cobra.NoArgs,
Hidden: true,
DisableFlagsInUseLine: true,
Run: func(cmd *cobra.Command, args []string) { generateExecCredentials() },
}
func init() {
kubernetesCmd.AddCommand(genAuthCmd)
}
// GenerateExecCredentials generates the Kubernetes exec credentials and writes them to stdout.
//
// If an error occurs, it is written to stderr and the program exits with a non-zero exit code.
func generateExecCredentials() {
// Get the OAuth token from the Encore API
token, err := conf.DefaultTokenSource.Token()
if err != nil {
cmdutil.Fatalf("error getting token: %v", err)
}
// Generate the kuberentes exec credentials datastructures
expiryTime := types.NewTime(token.Expiry)
execCredentials := &types.ExecCredential{
TypeMeta: types.TypeMeta{
APIVersion: "client.authentication.k8s.io/v1",
Kind: "ExecCredential",
},
Status: &types.ExecCredentialStatus{
Token: token.AccessToken,
ExpirationTimestamp: &expiryTime,
},
}
// Marshal the exec credentials to JSON and write to stdout
output, err := json.MarshalIndent(execCredentials, "", " ")
if err != nil {
cmdutil.Fatalf("error marshalling exec credentials: %v", err)
}
_, _ = os.Stdout.Write(output)
}