/
skupper_kube_token.go
103 lines (94 loc) · 3.11 KB
/
skupper_kube_token.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
package main
import (
"context"
"fmt"
"os"
"time"
"github.com/skupperproject/skupper/api/types"
"github.com/skupperproject/skupper/pkg/utils"
"github.com/spf13/cobra"
"k8s.io/apimachinery/pkg/runtime/serializer/json"
"k8s.io/client-go/kubernetes/scheme"
)
type SkupperKubeToken struct {
kube *SkupperKube
}
func (s *SkupperKubeToken) NewClient(cmd *cobra.Command, args []string) {
s.kube.NewClient(cmd, args)
}
func (s *SkupperKubeToken) Platform() types.Platform {
return s.kube.Platform()
}
func (s *SkupperKubeToken) Create(cmd *cobra.Command, args []string) error {
silenceCobra(cmd)
if tokenTemplate != "" {
return s.createFromTemplate(cmd, args)
}
cli := s.kube.Cli
switch tokenType {
case "cert":
err := cli.ConnectorTokenCreateFile(context.Background(), clientIdentity, args[0])
if err != nil {
return fmt.Errorf("Failed to create token: %w", err)
}
return nil
case "claim":
name := clientIdentity
if name == "skupper" {
name = ""
}
if password == "" {
password = utils.RandomId(24)
}
err := cli.TokenClaimCreateFile(context.Background(), name, []byte(password), expiry, uses, args[0])
if err != nil {
return fmt.Errorf("Failed to create token: %w", err)
}
return nil
default:
return fmt.Errorf("invalid token type. Specify cert or claim")
}
}
func (s *SkupperKubeToken) createFromTemplate(cmd *cobra.Command, args []string) error {
cli := s.kube.Cli
switch tokenType {
case "cert":
filename := args[0]
secret, localOnly, err := cli.ConnectorTokenCreateFromTemplate(context.Background(), clientIdentity, tokenTemplate)
if err != nil {
return fmt.Errorf("Failed to create token: %w", err)
}
s := json.NewYAMLSerializer(json.DefaultMetaFactory, scheme.Scheme, scheme.Scheme)
out, err := os.Create(filename)
if err != nil {
return fmt.Errorf("Could not write to file " + filename + ": " + err.Error())
}
err = s.Encode(secret, out)
if err != nil {
return fmt.Errorf("Could not write out generated secret: " + err.Error())
} else {
var extra string
if localOnly {
extra = "(Note: token will only be valid for local cluster)"
}
fmt.Printf("Connection token written to %s %s", filename, extra)
fmt.Println()
return nil
}
return nil
case "claim":
return fmt.Errorf("--template option cannot be used for a claim")
default:
return fmt.Errorf("invalid token type.")
}
return nil
}
func (s *SkupperKubeToken) CreateFlags(cmd *cobra.Command) {
cmd.Flags().StringVarP(&tokenType, "token-type", "t", "claim", "Type of token to create. Valid options are 'claim' or 'cert'")
cmd.Flags().StringVarP(&password, "password", "p", "", "A password for the claim (only valid if --token-type=claim). If not specified one will be generated.")
cmd.Flags().DurationVarP(&expiry, "expiry", "", 15*time.Minute, "Expiration time for claim (only valid if --token-type=claim)")
cmd.Flags().IntVarP(&uses, "uses", "", 1, "Number of uses for which claim will be valid (only valid if --token-type=claim)")
cmd.Flags().StringVarP(&tokenTemplate, "template", "", "", "The name of a secret used as a template for the token")
f := cmd.Flag("template")
f.Hidden = true
}