Merge pull request #28 from kevinrizza/auth-in-appregistry

Use auth from opsrc

go.mod

@@ -28,7 +28,7 @@ require (
 	github.com/modern-go/reflect2 v1.0.1 // indirect
 	github.com/operator-framework/go-appr v0.0.0-20180917210448-f2aef88446f2
 	github.com/operator-framework/operator-lifecycle-manager v0.0.0-20190125151539-1e295784b30a
-	github.com/operator-framework/operator-marketplace v0.0.0-20190212161948-a7ca81b96ad9
+	github.com/operator-framework/operator-marketplace v0.0.0-20190216021216-57300a3ef3ba
 	github.com/sirupsen/logrus v1.2.0
 	github.com/soheilhy/cmux v0.1.4 // indirect
 	github.com/spf13/cobra v0.0.3

go.sum

@@ -141,6 +141,8 @@ github.com/operator-framework/operator-marketplace v0.0.0-20190208230340-d06f7b3
 github.com/operator-framework/operator-marketplace v0.0.0-20190208230340-d06f7b349013/go.mod h1:msZSL8pXwzQjB+hU+awVrZQw94IwJi3sNZVD3NoESIs=
 github.com/operator-framework/operator-marketplace v0.0.0-20190212161948-a7ca81b96ad9 h1:VjGYvB+9cqsf0vgO7npB1bwAIslvLFqqL1ydX9ogCRM=
 github.com/operator-framework/operator-marketplace v0.0.0-20190212161948-a7ca81b96ad9/go.mod h1:msZSL8pXwzQjB+hU+awVrZQw94IwJi3sNZVD3NoESIs=
+github.com/operator-framework/operator-marketplace v0.0.0-20190216021216-57300a3ef3ba h1:47MQUQRBZqwyTPLEHoFlbGRv63p0OvxpPp5g6FUQXQs=
+github.com/operator-framework/operator-marketplace v0.0.0-20190216021216-57300a3ef3ba/go.mod h1:msZSL8pXwzQjB+hU+awVrZQw94IwJi3sNZVD3NoESIs=
 github.com/operator-framework/operator-registry v1.0.1/go.mod h1:1xEdZjjUg2hPEd52LG3YQ0jtwiwEGdm98S1TH5P4RAA=
 github.com/operator-framework/operator-registry v1.0.4/go.mod h1:hve6YwcjM2nGVlscLtNsp9sIIBkNZo6jlJgzWw7vP9s=
 github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=

pkg/apprclient/apprclient.go

@@ -14,21 +14,40 @@ func NewClientFactory() ClientFactory {
 	return &factory{}
 }
 
+type Options struct {
+	// Source refers to the URL of the remote app registry server.
+	Source string
+
+	// AuthToken refers to the authorization token required to access operator
+	// manifest in private repositories.
+	//
+	// If not set, it is assumed that the remote registry is public.
+	AuthToken string
+}
+
+// ClientFactory is an interface that wraps the New method.
 type ClientFactory interface {
-	// New returns a new instance of appregistry Client from given source and type
-	New(sourceType, source string) (Client, error)
+	// New returns a new instance of appregistry Client from the specified source.
+	New(options Options) (Client, error)
 }
 
 type factory struct{}
 
-func (f *factory) New(sourceType, source string) (Client, error) {
-	u, err := url.Parse(source)
+func (f *factory) New(options Options) (Client, error) {
+	u, err := url.Parse(options.Source)
 	if err != nil {
 		return nil, err
 	}
 
 	transport := httptransport.New(u.Host, u.Path, []string{u.Scheme})
 	transport.Consumers["application/x-gzip"] = runtime.ByteStreamConsumer()
+
+	// If a token has been specified then we should pass it along in the headers
+	if options.AuthToken != "" {
+		tokenAuthWriter := httptransport.APIKeyAuth("Authorization", "header", options.AuthToken)
+		transport.DefaultAuthentication = tokenAuthWriter
+	}
+
 	c := apprclient.New(transport, strfmt.Default)
 
 	return &client{

pkg/appregistry/appregistry.go

@@ -6,12 +6,18 @@ import (
 	marketplace "github.com/operator-framework/operator-marketplace/pkg/client/clientset/versioned"
 	"github.com/operator-framework/operator-registry/pkg/sqlite"
 	"github.com/sirupsen/logrus"
+	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 )
 
 func NewLoader(kubeconfig string, logger *logrus.Entry) (*AppregistryLoader, error) {
-	client, err := NewClient(kubeconfig, logger)
+	marketplaceClient, err := NewClient(kubeconfig, logger)
+	if err != nil {
+		return nil, err
+	}
+
+	kubeClient, err := NewKubeClient(kubeconfig, logger)
 	if err != nil {
 		return nil, err
 	}
@@ -20,8 +26,9 @@ func NewLoader(kubeconfig string, logger *logrus.Entry) (*AppregistryLoader, err
 		logger: logger,
 		input:  &inputParser{},
 		downloader: &downloader{
-			logger: logger,
-			client: client,
+			logger:            logger,
+			marketplaceClient: marketplaceClient,
+			kubeClient:      *kubeClient,
 		},
 		merger: &merger{
 			logger: logger,
@@ -100,3 +107,23 @@ func NewClient(kubeconfig string, logger *logrus.Entry) (clientset marketplace.I
 	clientset, err = marketplace.NewForConfig(config)
 	return
 }
+
+func NewKubeClient(kubeconfig string, logger *logrus.Entry) (clientset *kubernetes.Clientset, err error) {
+	var config *rest.Config
+
+	if kubeconfig != "" {
+		logger.Infof("Loading kube client config from path %q", kubeconfig)
+		config, err = clientcmd.BuildConfigFromFlags("", kubeconfig)
+	} else {
+		logger.Infof("Using in-cluster kube client config")
+		config, err = rest.InClusterConfig()
+	}
+
+	if err != nil {
+		err = fmt.Errorf("Cannot load config for REST client: %v", err)
+		return
+	}
+
+	clientset, err = kubernetes.NewForConfig(config)
+	return
+}

pkg/appregistry/downloader.go

@@ -10,6 +10,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	utilerrors "k8s.io/apimachinery/pkg/util/errors"
+	"k8s.io/client-go/kubernetes"
 )
 
 // downloadItem encapsulates the data that is needed to download a specific repository.
@@ -20,15 +21,19 @@ type downloadItem struct {
 
 	// Spec refers to the remote appregistry URL and remote registry namespace.
 	Spec *v1alpha1.OperatorSourceSpec
+
+	// Namespace of the operatorsource that provided the information
+	OpsrcNamespace string
 }
 
 func (d *downloadItem) String() string {
 	return fmt.Sprintf("%s", d.RepositoryMetadata)
 }
 
 type downloader struct {
-	logger *logrus.Entry
-	client marketplace.Interface
+	logger            *logrus.Entry
+	marketplaceClient marketplace.Interface
+	kubeClient      kubernetes.Clientset
 }
 
 // Download downloads manifest(s) associated with the specified package(s) from
@@ -93,6 +98,7 @@ func (d *downloader) Prepare(input *Input) (items []*downloadItem, err error) {
 				itemMap[key] = &downloadItem{
 					RepositoryMetadata: metadata,
 					Spec:               spec,
+					OpsrcNamespace:     source.Namespace,
 				}
 
 				// Remove the package specified since it has been resolved.
@@ -128,7 +134,15 @@ func (d *downloader) DownloadRepositories(items []*downloadItem) (manifests []*a
 
 		factory := apprclient.NewClientFactory()
 
-		client, err := factory.New("appregistry", endpoint)
+		options, err := d.SetupRegistryOptions(item.Spec, item.OpsrcNamespace)
+		if err != nil {
+			allErrors = append(allErrors, err)
+			d.logger.Infof("skipping repository: %s", item.RepositoryMetadata)
+
+			continue
+		}
+
+		client, err := factory.New(*options)
 		if err != nil {
 			allErrors = append(allErrors, err)
 			d.logger.Infof("skipping repository: %s", item.RepositoryMetadata)
@@ -159,13 +173,19 @@ func (d *downloader) DownloadRepositories(items []*downloadItem) (manifests []*a
 // in the cluster and the list of repositories in remote registry associated
 // with it.
 func (d *downloader) QuerySource(key *types.NamespacedName) (spec *v1alpha1.OperatorSourceSpec, repositories []*apprclient.RegistryMetadata, err error) {
-	opsrc, err := d.client.MarketplaceV1alpha1().OperatorSources(key.Namespace).Get(key.Name, metav1.GetOptions{})
+	opsrc, err := d.marketplaceClient.MarketplaceV1alpha1().OperatorSources(key.Namespace).Get(key.Name, metav1.GetOptions{})
 	if err != nil {
 		return
 	}
 
 	factory := apprclient.NewClientFactory()
-	client, err := factory.New("appregistry", opsrc.Spec.Endpoint)
+
+	options, err := d.SetupRegistryOptions(&opsrc.Spec, key.Namespace)
+	if err != nil {
+		return
+	}
+
+	client, err := factory.New(*options)
 	if err != nil {
 		return
 	}
@@ -178,3 +198,24 @@ func (d *downloader) QuerySource(key *types.NamespacedName) (spec *v1alpha1.Oper
 	spec = &opsrc.Spec
 	return
 }
+
+// SetupRegistryOptions generates an Options object based on the OperatorSource spec. It passes along
+// the opsrc endpoint and, if defined, retrieves the authorization token from the specified Secret
+// object.
+func (d *downloader) SetupRegistryOptions(spec *v1alpha1.OperatorSourceSpec, namespace string) (*apprclient.Options, error) {
+	options := &apprclient.Options{
+		Source: spec.Endpoint,
+	}
+
+	auth := spec.AuthorizationToken
+	if auth.SecretName != "" {
+		secret, err := d.kubeClient.CoreV1().Secrets(namespace).Get(auth.SecretName, metav1.GetOptions{})
+		if err != nil {
+			return options, err
+		}
+
+		options.AuthToken = string(secret.Data["token"])
+	}
+
+	return options, nil
+}

vendor/modules.txt

@@ -107,7 +107,7 @@ github.com/operator-framework/go-appr/appregistry/info
 github.com/operator-framework/operator-lifecycle-manager/pkg/api/apis/operators/v1alpha1
 github.com/operator-framework/operator-lifecycle-manager/pkg/controller/registry
 github.com/operator-framework/operator-lifecycle-manager/pkg/api/apis/operators
-# github.com/operator-framework/operator-marketplace v0.0.0-20190212161948-a7ca81b96ad9
+# github.com/operator-framework/operator-marketplace v0.0.0-20190216021216-57300a3ef3ba
 github.com/operator-framework/operator-marketplace/pkg/apis/marketplace/v1alpha1
 github.com/operator-framework/operator-marketplace/pkg/client/clientset/versioned
 github.com/operator-framework/operator-marketplace/pkg/client/clientset/versioned/typed/marketplace/v1alpha1