-
Notifications
You must be signed in to change notification settings - Fork 20
/
kubeconfig.go
127 lines (107 loc) · 4.18 KB
/
kubeconfig.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
// Copyright 2023 VMware, Inc. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Package tanzu provides functionality related to authentication for the Tanzu control plane
package tanzu
import (
"encoding/base64"
"encoding/json"
"os"
"path/filepath"
"strings"
"github.com/pkg/errors"
clientauthenticationv1 "k8s.io/client-go/pkg/apis/clientauthentication/v1"
clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
kubeutils "github.com/vmware-tanzu/tanzu-cli/pkg/auth/utils/kubeconfig"
"github.com/vmware-tanzu/tanzu-plugin-runtime/config"
configtypes "github.com/vmware-tanzu/tanzu-plugin-runtime/config/types"
)
const (
// tanzuLocalKubeDir is the local config directory
tanzuLocalKubeDir = "kube"
// tanzuKubeconfigFile is the name the of the kubeconfig file
tanzuKubeconfigFile = "config"
)
// GetTanzuKubeconfig constructs and returns the kubeconfig that points to Tanzu Org and
func GetTanzuKubeconfig(c *configtypes.Context, endpoint, orgID, endpointCACertPath string, skipTLSVerify bool) (string, string, string, error) {
clusterAPIServerURL := strings.TrimSpace(endpoint)
if !strings.HasPrefix(clusterAPIServerURL, "https://") && !strings.HasPrefix(clusterAPIServerURL, "http://") {
clusterAPIServerURL = "https://" + clusterAPIServerURL
}
clusterAPIServerURL = clusterAPIServerURL + "/org/" + orgID
clusterCACertData := ""
if endpointCACertPath != "" {
fileBytes, err := os.ReadFile(endpointCACertPath)
if err != nil {
return "", "", "", errors.Wrapf(err, "error reading CA certificate file %s", endpointCACertPath)
}
clusterCACertData = base64.StdEncoding.EncodeToString(fileBytes)
}
contextName := kubeconfigContextName(c.Name)
clusterName := kubeconfigClusterName(c.Name)
username := kubeconfigUserName(c.Name)
execConfig := getExecConfig(c)
kcfg := &clientcmdapi.Config{
Kind: "Config",
APIVersion: clientcmdapi.SchemeGroupVersion.Version,
Clusters: map[string]*clientcmdapi.Cluster{clusterName: {
CertificateAuthorityData: []byte(clusterCACertData),
InsecureSkipTLSVerify: skipTLSVerify,
Server: clusterAPIServerURL,
}},
AuthInfos: map[string]*clientcmdapi.AuthInfo{username: {Exec: execConfig}},
Contexts: map[string]*clientcmdapi.Context{contextName: {Cluster: clusterName, AuthInfo: username}},
CurrentContext: contextName,
}
kubeconfigByes, err := json.Marshal(kcfg)
if err != nil {
return "", "", "", errors.Wrap(err, "failed to marshal the tanzu kubeconfig")
}
kubeconfigPath, err := tanzuLocalKubeConfigPath()
if err != nil {
return "", "", "", errors.Wrap(err, "unable to get the Tanzu local kubeconfig path")
}
err = kubeutils.MergeKubeConfigWithoutSwitchContext(kubeconfigByes, kubeconfigPath)
if err != nil {
return "", "", "", errors.Wrap(err, "failed to merge the tanzu kubeconfig")
}
return kubeconfigPath, contextName, clusterAPIServerURL, nil
}
func kubeconfigContextName(tanzuContextName string) string {
return "tanzu-cli-" + tanzuContextName
}
func kubeconfigClusterName(tanzuContextName string) string {
return "tanzu-cli-" + tanzuContextName
}
func kubeconfigUserName(tanzuContextName string) string {
return "tanzu-cli-" + tanzuContextName + "-user"
}
func getExecConfig(c *configtypes.Context) *clientcmdapi.ExecConfig {
execConfig := &clientcmdapi.ExecConfig{
APIVersion: clientauthenticationv1.SchemeGroupVersion.String(),
Args: []string{},
Env: []clientcmdapi.ExecEnvVar{},
InteractiveMode: clientcmdapi.IfAvailableExecInteractiveMode,
}
execConfig.Command = "tanzu"
execConfig.Args = append([]string{"context", "get-token"}, c.Name)
return execConfig
}
// tanzuLocalKubeConfigPath returns the local tanzu kubeconfig path
func tanzuLocalKubeConfigPath() (path string, err error) {
localDir, err := config.LocalDir()
if err != nil {
return path, errors.Wrap(err, "could not locate local tanzu dir")
}
path = filepath.Join(localDir, tanzuLocalKubeDir)
// create tanzu kubeconfig directory
if _, err := os.Stat(path); os.IsNotExist(err) {
err = os.MkdirAll(path, 0755)
if err != nil {
return "", err
}
} else if err != nil {
return "", err
}
configFilePath := filepath.Join(path, tanzuKubeconfigFile)
return configFilePath, nil
}