Providing Kong admin token via file Kong#4789

Proposal.
ludovic-pourrat · Oct 10, 2023 · 2f59bf1 · 2f59bf1
1 parent 7f7d2e0
commit 2f59bf1
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/internal/manager/config.go b/internal/manager/config.go
@@ -2,6 +2,7 @@ package manager
 
 import (
 	"fmt"
+	"os"
 	"time"
 
 	"github.com/samber/mo"
@@ -48,6 +49,7 @@ type Config struct {
 	KongAdminInitializationRetries    uint
 	KongAdminInitializationRetryDelay time.Duration
 	KongAdminToken                    string
+	KongAdminTokenPath                string
 	KongWorkspace                     string
 	AnonymousReports                  bool
 	EnableReverseSync                 bool
@@ -156,6 +158,7 @@ func (c *Config) FlagSet() *pflag.FlagSet {
 	flagSet.UintVar(&c.KongAdminInitializationRetries, "kong-admin-init-retries", 60, "Number of attempts that will be made initially on controller startup to connect to the Kong Admin API")
 	flagSet.DurationVar(&c.KongAdminInitializationRetryDelay, "kong-admin-init-retry-delay", time.Second*1, "The time delay between every attempt (on controller startup) to connect to the Kong Admin API")
 	flagSet.StringVar(&c.KongAdminToken, "kong-admin-token", "", `The Kong Enterprise RBAC token used by the controller.`)
+	flagSet.StringVar(&c.KongAdminTokenPath, "kong-admin-token-file", "", `Path to the Kong Enterprise RBAC token file used by the controller.`)
 	flagSet.StringVar(&c.KongWorkspace, "kong-workspace", "", "Kong Enterprise workspace to configure. Leave this empty if not using Kong workspaces.")
 	flagSet.BoolVar(&c.AnonymousReports, "anonymous-reports", true, `Send anonymized usage data to help improve Kong`)
 	flagSet.BoolVar(&c.EnableReverseSync, "enable-reverse-sync", false, `Send configuration to Kong even if the configuration checksum has not changed since previous update.`)
@@ -284,6 +287,19 @@ func (c *Config) FlagSet() *pflag.FlagSet {
 	return flagSet
 }
 
+func (c *Config) Resolve() error {
+	if c.KongAdminToken == "" {
+		if c.KongAdminTokenPath != "" {
+			token, err := os.ReadFile(c.KongAdminTokenPath)
+			if err != nil {
+				return fmt.Errorf("failed to read --kong-admin-token-file from path '%s': %w", c.KongAdminTokenPath, err)
+			}
+			c.KongAdminToken = string(token)
+		}
+	}
+	return nil
+}
+
 func (c *Config) GetKubeconfig() (*rest.Config, error) {
 	config, err := clientcmd.BuildConfigFromFlags(c.APIServerHost, c.KubeconfigPath)
 	if err != nil {

diff --git a/internal/manager/run.go b/internal/manager/run.go
@@ -76,6 +76,11 @@ func Run(ctx context.Context, c *Config, diagnostic util.ConfigDumpDiagnostic, d
 		return fmt.Errorf("failed to create admin apis discoverer: %w", err)
 	}
 
+	err = c.Resolve()
+	if err != nil {
+		return fmt.Errorf("failed to resolve configuration: %w", err)
+	}
+
 	adminAPIClientsFactory := adminapi.NewClientFactoryForWorkspace(c.KongWorkspace, c.KongAdminAPIConfig, c.KongAdminToken)
 
 	setupLog.Info("getting the kong admin api client configuration")