forked from openshift/origin
/
logout.go
147 lines (112 loc) · 3.7 KB
/
logout.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
package login
import (
"errors"
"fmt"
"io"
"github.com/spf13/cobra"
"k8s.io/kubernetes/pkg/client/restclient"
kclientcmd "k8s.io/kubernetes/pkg/client/unversioned/clientcmd"
kclientcmdapi "k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api"
kcmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util"
"github.com/openshift/origin/pkg/client"
"github.com/openshift/origin/pkg/cmd/cli/config"
"github.com/openshift/origin/pkg/cmd/templates"
osclientcmd "github.com/openshift/origin/pkg/cmd/util/clientcmd"
)
type LogoutOptions struct {
StartingKubeConfig *kclientcmdapi.Config
Config *restclient.Config
Out io.Writer
PathOptions *kclientcmd.PathOptions
}
var (
logoutLong = templates.LongDesc(`
Log out of the active session out by clearing saved tokens
An authentication token is stored in the config file after login - this command will delete
that token on the server, and then remove the token from the configuration file.
If you are using an alternative authentication method like Kerberos or client certificates,
your ticket or client certificate will not be removed from the current system since these
are typically managed by other programs. Instead, you can delete your config file to remove
the local copy of that certificate or the record of your server login.
After logging out, if you want to log back into the server use '%[1]s'.`)
logoutExample = templates.Examples(`
# Logout
%[1]s`)
)
// NewCmdLogout implements the OpenShift cli logout command
func NewCmdLogout(name, fullName, ocLoginFullCommand string, f *osclientcmd.Factory, reader io.Reader, out io.Writer) *cobra.Command {
options := &LogoutOptions{
Out: out,
}
cmds := &cobra.Command{
Use: name,
Short: "End the current server session",
Long: fmt.Sprintf(logoutLong, ocLoginFullCommand),
Example: fmt.Sprintf(logoutExample, fullName),
Run: func(cmd *cobra.Command, args []string) {
if err := options.Complete(f, cmd, args); err != nil {
kcmdutil.CheckErr(err)
}
if err := options.Validate(args); err != nil {
kcmdutil.CheckErr(err)
}
if err := options.RunLogout(); err != nil {
kcmdutil.CheckErr(err)
}
},
}
// TODO: support --all which performs the same logic on all users in your config file.
return cmds
}
func (o *LogoutOptions) Complete(f *osclientcmd.Factory, cmd *cobra.Command, args []string) error {
kubeconfig, err := f.OpenShiftClientConfig.RawConfig()
o.StartingKubeConfig = &kubeconfig
if err != nil {
return err
}
o.Config, err = f.OpenShiftClientConfig.ClientConfig()
if err != nil {
return err
}
o.PathOptions = config.NewPathOptions(cmd)
return nil
}
func (o LogoutOptions) Validate(args []string) error {
if len(args) > 0 {
return errors.New("No arguments are allowed")
}
if o.StartingKubeConfig == nil {
return errors.New("Must have a config file already created")
}
if len(o.Config.BearerToken) == 0 {
return errors.New("You must have a token in order to logout.")
}
return nil
}
func (o LogoutOptions) RunLogout() error {
token := o.Config.BearerToken
client, err := client.New(o.Config)
if err != nil {
return err
}
userInfo, err := whoAmI(o.Config)
if err != nil {
return err
}
if err := client.OAuthAccessTokens().Delete(token); err != nil {
return err
}
newConfig := *o.StartingKubeConfig
for key, value := range newConfig.AuthInfos {
if value.Token == token {
value.Token = ""
newConfig.AuthInfos[key] = value
// don't break, its possible that more than one user stanza has the same token.
}
}
if err := kclientcmd.ModifyConfig(o.PathOptions, newConfig, true); err != nil {
return err
}
fmt.Fprintf(o.Out, "Logged %q out on %q\n", userInfo.Name, o.Config.Host)
return nil
}