This repository has been archived by the owner on Aug 3, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 6
/
main.go
109 lines (96 loc) · 2.49 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
package main
import (
"fmt"
"io/ioutil"
"net/http"
"os"
"strings"
log "github.com/Sirupsen/logrus"
"github.com/rancher/kubernetes-auth/authentication"
"github.com/rancher/kubernetes-auth/authentication/rancher"
"github.com/rancher/kubernetes-auth/authentication/test"
"github.com/rancher/kubernetes-auth/handlers"
"github.com/rancher/kubernetes-auth/healthcheck"
"github.com/urfave/cli"
)
var VERSION = "v0.0.0-dev"
func main() {
app := cli.NewApp()
app.Name = "kubernetes-auth"
app.Version = VERSION
app.Flags = []cli.Flag{
cli.BoolFlag{
Name: "debug,d",
},
cli.BoolFlag{
Name: "test-authentication",
},
cli.StringFlag{
Name: "evaluate-token",
},
cli.IntFlag{
Name: "authentication-webhook-port",
Value: 80,
Usage: "Port to handle Kubernetes authentication webhook",
EnvVar: "AUTHENTICATION_WEBHOOK_PORT",
},
cli.IntFlag{
Name: "health-check-port",
Value: 10240,
Usage: "Port to configure an HTTP health check listener on",
EnvVar: "HEALTH_CHECK_PORT",
},
}
app.Action = func(c *cli.Context) error {
if c.Bool("debug") {
log.Warn("All tokens will be logged when in debug mode")
log.SetLevel(log.DebugLevel)
}
bytes, err := ioutil.ReadAll(os.Stdin)
if err != nil {
return err
}
bootstrapToken := strings.TrimSpace(string(bytes))
if bootstrapToken != "" {
log.Info("Bootstrap token read from stdin")
log.Debugf("Bootstrap token: %s", bootstrapToken)
}
var provider authentication.Provider
if c.Bool("test-authentication") {
provider = &testauthentication.Provider{}
} else {
var err error
provider, err = rancherauthentication.NewProvider(bootstrapToken)
if err != nil {
return err
}
}
evaluateToken := c.String("evaluate-token")
if evaluateToken != "" {
userInfo, err := provider.Lookup(evaluateToken)
if err != nil {
return err
}
if userInfo == nil {
return fmt.Errorf("Failed to evaluate token %s", evaluateToken)
}
fmt.Println("Username", userInfo.Username)
fmt.Println("Groups", userInfo.Groups)
return nil
}
resultChan := make(chan error)
go func(rc chan error) {
http.HandleFunc("/", handlers.Authentication(provider))
port := c.Int("authentication-webhook-port")
rc <- http.ListenAndServe(fmt.Sprintf(":%d", port), nil)
}(resultChan)
go func(rc chan error) {
port := c.Int("health-check-port")
rc <- healthcheck.Start(port)
}(resultChan)
return <-resultChan
}
if err := app.Run(os.Args); err != nil {
log.Fatal(err)
}
}