forked from rancher/rancher
-
Notifications
You must be signed in to change notification settings - Fork 0
/
shell.go
74 lines (63 loc) · 2.09 KB
/
shell.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
package cluster
import (
"encoding/base64"
"fmt"
"net/http"
"net/url"
"github.com/rancher/norman/condition"
"github.com/rancher/norman/httperror"
"github.com/rancher/norman/types"
"github.com/rancher/rancher/pkg/clustermanager"
"github.com/rancher/rancher/pkg/settings"
corev1 "k8s.io/api/core/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/transport"
)
type ShellLinkHandler struct {
Proxy http.Handler
ClusterManager *clustermanager.Manager
}
func (s *ShellLinkHandler) LinkHandler(apiContext *types.APIContext, next types.RequestHandler) error {
context, err := s.ClusterManager.UserContext(apiContext.ID)
if err != nil {
return err
}
userManager := context.Management.UserManager
userID := userManager.GetUser(apiContext)
token, err := userManager.EnsureToken("kubectl-shell-"+userID, "Access to kubectl shell in the browser", userID)
if err != nil {
return err
}
cacerts := base64.StdEncoding.EncodeToString([]byte(settings.CACerts.Get()))
pods, err := context.K8sClient.CoreV1().Pods("cattle-system").List(v1.ListOptions{
LabelSelector: "app=cattle-agent",
})
if err != nil {
return err
}
for _, pod := range pods.Items {
if condition.Cond(corev1.PodReady).IsTrue(&pod) {
vars := url.Values{}
vars.Add("container", "agent")
vars.Add("stdout", "1")
vars.Add("stdin", "1")
vars.Add("stderr", "1")
vars.Add("tty", "1")
vars.Add("command", "kubectl-shell.sh")
vars.Add("command", token)
vars.Add("command", context.ClusterName)
vars.Add("command", cacerts)
path := fmt.Sprintf("/k8s/clusters/%s/api/v1/namespaces/%s/pods/%s/exec", context.ClusterName, "cattle-system", pod.Name)
req := apiContext.Request
req.URL.Path = path
req.URL.RawQuery = vars.Encode()
// we want to run this as a the system user
req.Header.Del(transport.ImpersonateUserHeader)
req.Header.Del(transport.ImpersonateGroupHeader)
req.Header.Del(transport.ImpersonateUserExtraHeaderPrefix)
s.Proxy.ServeHTTP(apiContext.Response, req)
return nil
}
}
return httperror.NewAPIError(httperror.NotFound, "failed to find kubectl pod")
}