/
bearer_token.go
91 lines (75 loc) · 2.69 KB
/
bearer_token.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
/*
Copyright 2021 The Katanomi Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package client
import (
"strings"
"k8s.io/apimachinery/pkg/api/errors"
"github.com/emicklei/go-restful/v3"
"k8s.io/client-go/rest"
"k8s.io/client-go/tools/clientcmd"
"k8s.io/client-go/tools/clientcmd/api"
)
const (
// UserConfigName configuration/context for user
UserConfigName = "UserConfig"
// AuthorizationHeader authorization header for http requests
AuthorizationHeader = "Authorization"
// BearerPrefix bearer token prefix for token
BearerPrefix = "Bearer "
// QueryParameterTokenName authorization token for http requests
QueryParameterTokenName = "token"
)
// FromBearerToken retrieves config based on the bearer token
func FromBearerToken(req *restful.Request, baseConfig GetBaseConfigFunc) (config *rest.Config, err error) {
if config, err = baseConfig(); err != nil {
return
}
token := GetToken(req)
if strings.TrimSpace(token) == "" {
err = errors.NewUnauthorized("a Bearer token must be provided")
return
}
cmd := BuildCmdConfig(&api.AuthInfo{Token: token}, config)
config, err = cmd.ClientConfig()
return
}
// GetToken get token from request headers or request query parameters.
// return emtry if no token find
func GetToken(req *restful.Request) (token string) {
authHeader := req.HeaderParameter(AuthorizationHeader)
if authHeader != "" && strings.HasPrefix(authHeader, BearerPrefix) && strings.TrimPrefix(authHeader, BearerPrefix) != "" {
token = strings.TrimPrefix(authHeader, BearerPrefix)
return
}
token = req.QueryParameter(QueryParameterTokenName)
return
}
func BuildCmdConfig(authInfo *api.AuthInfo, cfg *rest.Config) clientcmd.ClientConfig {
cmdCfg := api.NewConfig()
cmdCfg.Clusters[UserConfigName] = &api.Cluster{
Server: cfg.Host,
CertificateAuthority: cfg.TLSClientConfig.CAFile,
CertificateAuthorityData: cfg.TLSClientConfig.CAData,
InsecureSkipTLSVerify: cfg.TLSClientConfig.Insecure,
}
cmdCfg.AuthInfos[UserConfigName] = authInfo
cmdCfg.Contexts[UserConfigName] = &api.Context{
Cluster: UserConfigName,
AuthInfo: UserConfigName,
}
cmdCfg.CurrentContext = UserConfigName
return clientcmd.NewDefaultClientConfig(
*cmdCfg,
&clientcmd.ConfigOverrides{},
)
}