-
Notifications
You must be signed in to change notification settings - Fork 502
/
credentials.go
126 lines (108 loc) · 3.9 KB
/
credentials.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
// Copyright 2018 Canonical Ltd.
// Licensed under the AGPLv3, see LICENCE file for details.
package provider
import (
"context"
jujuclock "github.com/juju/clock"
"github.com/juju/errors"
k8s "github.com/juju/juju/caas/kubernetes"
"github.com/juju/juju/caas/kubernetes/clientconfig"
k8scloud "github.com/juju/juju/caas/kubernetes/cloud"
"github.com/juju/juju/caas/kubernetes/provider/constants"
"github.com/juju/juju/cloud"
"github.com/juju/juju/environs"
)
type environProviderCredentials struct {
cmdRunner CommandRunner
builtinCredentialGetter func(context.Context, CommandRunner) (cloud.Credential, error)
}
var _ environs.ProviderCredentials = (*environProviderCredentials)(nil)
// CredentialSchemas is part of the environs.ProviderCredentials interface.
func (environProviderCredentials) CredentialSchemas() map[cloud.AuthType]cloud.CredentialSchema {
schemas := make(map[cloud.AuthType]cloud.CredentialSchema)
for k, v := range k8scloud.SupportedCredentialSchemas {
schemas[k] = v
}
for k, v := range k8scloud.LegacyCredentialSchemas {
schemas[k] = v
}
return schemas
}
// DetectCredentials is part of the environs.ProviderCredentials interface.
func (environProviderCredentials) DetectCredentials(cloudName string) (*cloud.CloudCredential, error) {
clientConfigFunc, err := clientconfig.NewClientConfigReader(constants.CAASProviderType)
if err != nil {
return nil, errors.Trace(err)
}
caasConfig, err := clientConfigFunc("", nil, "", "", nil)
if err != nil {
return nil, errors.Trace(err)
}
if len(caasConfig.Contexts) == 0 {
return nil, errors.NotFoundf("k8s cluster definitions")
}
defaultContext := caasConfig.Contexts[caasConfig.CurrentContext]
result := &cloud.CloudCredential{
AuthCredentials: caasConfig.Credentials,
DefaultCredential: defaultContext.CredentialName,
}
return result, nil
}
// FinalizeCredential is part of the environs.ProviderCredentials interface.
func (environProviderCredentials) FinalizeCredential(_ environs.FinalizeCredentialContext, args environs.FinalizeCredentialParams) (*cloud.Credential, error) {
cred, err := k8scloud.MigrateLegacyCredential(&args.Credential)
if errors.Is(err, errors.NotSupported) {
return &args.Credential, nil
} else if err != nil {
return &cred, errors.Annotatef(err, "migrating credential %s", args.Credential.Label)
}
return &cred, nil
}
// RegisterCredentials is part of the environs.ProviderCredentialsRegister interface.
func (p environProviderCredentials) RegisterCredentials(cld cloud.Cloud) (map[string]*cloud.CloudCredential, error) {
cloudName := cld.Name
if cloudName != k8s.K8sCloudMicrok8s {
return registerCredentialsKubeConfig(context.TODO(), cld)
}
cred, err := p.builtinCredentialGetter(context.TODO(), p.cmdRunner)
if err != nil {
return nil, errors.Trace(err)
}
return map[string]*cloud.CloudCredential{
cloudName: {
DefaultCredential: cloudName,
AuthCredentials: map[string]cloud.Credential{
cloudName: cred,
},
},
}, nil
}
func registerCredentialsKubeConfig(
ctx context.Context,
cld cloud.Cloud,
) (map[string]*cloud.CloudCredential, error) {
k8sConfig, err := clientconfig.GetLocalKubeConfig()
if err != nil {
return make(map[string]*cloud.CloudCredential), errors.Annotate(err, "reading local kubeconf")
}
context, exists := k8sConfig.Contexts[cld.Name]
if !exists {
return make(map[string]*cloud.CloudCredential), nil
}
resolver := clientconfig.GetJujuAdminServiceAccountResolver(ctx, jujuclock.WallClock)
conf, err := resolver(cld.Name, k8sConfig, cld.Name)
if err != nil {
return make(map[string]*cloud.CloudCredential), errors.Annotatef(
err,
"registering juju admin service account for cloud %q", cld.Name)
}
cred, err := k8scloud.CredentialFromKubeConfig(context.AuthInfo, conf)
return map[string]*cloud.CloudCredential{
cld.Name: {
DefaultCredential: cld.Name,
AuthCredentials: map[string]cloud.Credential{
cld.Name: cred,
},
},
}, err
}