@Override public Response intercept(Chain chain) throws IOException { Request request = chain.request(); if (Utils.isNotNullOrEmpty(config.getUsername()) && Utils.isNotNullOrEmpty(config.getPassword())) { Request authReq = chain.request().newBuilder().addHeader("Authorization", Credentials.basic(config.getUsername(), config.getPassword())).build(); return chain.proceed(authReq); } else if (Utils.isNotNullOrEmpty(config.getOauthToken())) { Request authReq = chain.request().newBuilder().addHeader("Authorization", "Bearer " + config.getOauthToken()).build(); return chain.proceed(authReq); } return chain.proceed(request); } }).addInterceptor(new ImpersonatorInterceptor(config))
@Test public void honorClientAuthenticatorCommands() throws Exception { if (SystemUtils.IS_OS_WINDOWS) { System.setProperty(Config.KUBERNETES_KUBECONFIG_FILE, TEST_KUBECONFIG_EXEC_WIN_FILE); } else { Files.setPosixFilePermissions(Paths.get(TEST_TOKEN_GENERATOR_FILE), PosixFilePermissions.fromString("rwxrwxr-x")); System.setProperty(Config.KUBERNETES_KUBECONFIG_FILE, TEST_KUBECONFIG_EXEC_FILE); } Config config = Config.autoConfigure(null); assertNotNull(config); assertEquals("HELLO WORLD", config.getOauthToken()); }
@Test public void testWithKubeConfig() { System.setProperty(Config.KUBERNETES_KUBECONFIG_FILE, TEST_KUBECONFIG_FILE); Config config = new Config(); assertNotNull(config); assertEquals("https://172.28.128.4:8443/", config.getMasterUrl()); assertEquals("testns", config.getNamespace()); assertEquals("token", config.getOauthToken()); assertTrue(config.getCaCertFile().endsWith("testns/ca.pem".replace("/", File.separator))); assertTrue(new File(config.getCaCertFile()).isAbsolute()); }
@Test public void testWithMultipleKubeConfigAndOverrideContext() { System.setProperty(Config.KUBERNETES_KUBECONFIG_FILE, TEST_KUBECONFIG_FILE + File.pathSeparator + "some-other-file"); Config config = Config.autoConfigure("production/172-28-128-4:8443/root"); assertNotNull(config); assertEquals("https://172.28.128.4:8443/", config.getMasterUrl()); assertEquals("production", config.getNamespace()); assertEquals("supertoken", config.getOauthToken()); assertTrue(config.getCaCertFile().endsWith("testns/ca.pem".replace("/", File.separator))); assertTrue(new File(config.getCaCertFile()).isAbsolute()); }
@Test public void testWithKubeConfigAndOverrideContext() { System.setProperty(Config.KUBERNETES_KUBECONFIG_FILE, TEST_KUBECONFIG_FILE); Config config = Config.autoConfigure("production/172-28-128-4:8443/root"); assertNotNull(config); assertEquals("https://172.28.128.4:8443/", config.getMasterUrl()); assertEquals("production", config.getNamespace()); assertEquals("supertoken", config.getOauthToken()); assertTrue(config.getCaCertFile().endsWith("testns/ca.pem".replace("/", File.separator))); assertTrue(new File(config.getCaCertFile()).isAbsolute()); }
config.setPassword(currentAuthInfo.getPassword()); if (Utils.isNullOrEmpty(config.getOauthToken()) && currentAuthInfo.getAuthProvider() != null && !Utils.isNullOrEmpty(currentAuthInfo.getAuthProvider().getConfig().get(ACCESS_TOKEN))) { config.setOauthToken(currentAuthInfo.getAuthProvider().getConfig().get(ACCESS_TOKEN)); } else { // https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
@Test public void testWithKubeConfigAndSystemProperties() { System.setProperty(Config.KUBERNETES_KUBECONFIG_FILE, TEST_KUBECONFIG_FILE); System.setProperty(Config.KUBERNETES_MASTER_SYSTEM_PROPERTY, "http://somehost:80"); Config config = new Config(); assertNotNull(config); assertEquals("http://somehost:80/", config.getMasterUrl()); assertEquals("testns", config.getNamespace()); assertEquals("token", config.getOauthToken()); }
@Test public void testWithKubeConfigAndSytemPropertiesAndBuilder() { System.setProperty(Config.KUBERNETES_KUBECONFIG_FILE, TEST_KUBECONFIG_FILE); System.setProperty(Config.KUBERNETES_MASTER_SYSTEM_PROPERTY, "http://somehost:80"); Config config = new ConfigBuilder() .withNamespace("testns2") .build(); assertNotNull(config); assertEquals("http://somehost:80/", config.getMasterUrl()); assertEquals("token", config.getOauthToken()); assertEquals("testns2", config.getNamespace()); }
config.setKeyStoreFile(Utils.getSystemPropertyOrEnvVar(KUBERNETES_KEYSTORE_FILE_PROPERTY, config.getKeyStoreFile())); config.setOauthToken(Utils.getSystemPropertyOrEnvVar(KUBERNETES_OAUTH_TOKEN_SYSTEM_PROPERTY, config.getOauthToken())); config.setUsername(Utils.getSystemPropertyOrEnvVar(KUBERNETES_AUTH_BASIC_USERNAME_SYSTEM_PROPERTY, config.getUsername())); config.setPassword(Utils.getSystemPropertyOrEnvVar(KUBERNETES_AUTH_BASIC_PASSWORD_SYSTEM_PROPERTY, config.getPassword()));
@Test public void shouldInstantiateClientUsingSerializeDeserialize() throws MalformedURLException { DefaultKubernetesClient original = new DefaultKubernetesClient(); String json = Serialization.asJson(original.getConfiguration()); DefaultKubernetesClient copy = DefaultKubernetesClient.fromConfig(json); Assert.assertEquals(original.getConfiguration().getMasterUrl(), copy.getConfiguration().getMasterUrl()); Assert.assertEquals(original.getConfiguration().getOauthToken(), copy.getConfiguration().getOauthToken()); Assert.assertEquals(original.getConfiguration().getNamespace(), copy.getConfiguration().getNamespace()); Assert.assertEquals(original.getConfiguration().getUsername(), copy.getConfiguration().getUsername()); Assert.assertEquals(original.getConfiguration().getPassword(), copy.getConfiguration().getPassword()); }
@Override public Response intercept(Chain chain) throws IOException { Request request = chain.request(); if (isNotNullOrEmpty(config.getUsername()) && isNotNullOrEmpty(config.getPassword())) { Request authReq = chain.request().newBuilder().addHeader("Authorization", Credentials.basic(config.getUsername(), config.getPassword())).build(); return chain.proceed(authReq); } else if (isNotNullOrEmpty(config.getOauthToken())) { Request authReq = chain.request().newBuilder().addHeader("Authorization", "Bearer " + config.getOauthToken()).build(); return chain.proceed(authReq); } return chain.proceed(request); } });
@Test public void shouldInstantiateClientUsingSerializeDeserialize() throws MalformedURLException { DefaultOpenShiftClient original = new DefaultOpenShiftClient(); String json = Serialization.asJson(original.getConfiguration()); DefaultOpenShiftClient copy = DefaultOpenShiftClient.fromConfig(json); Assert.assertEquals(original.getConfiguration().getMasterUrl(), copy.getConfiguration().getMasterUrl()); Assert.assertEquals(original.getConfiguration().getOauthToken(), copy.getConfiguration().getOauthToken()); Assert.assertEquals(original.getConfiguration().getNamespace(), copy.getConfiguration().getNamespace()); Assert.assertEquals(original.getConfiguration().getUsername(), copy.getConfiguration().getUsername()); Assert.assertEquals(original.getConfiguration().getPassword(), copy.getConfiguration().getPassword()); } }
private JsonObject config() { String token = client.getConfiguration().getOauthToken(); if (token == null || token.trim().isEmpty()) { token = "some-token"; } return new JsonObject() .put("token", token) .put("host", "localhost") .put("ssl", false) .put("port", port); }
private JsonObject config() { String token = client.getConfiguration().getOauthToken(); if (token == null) { token = "some-token"; } return new JsonObject() .put("token", token) .put("host", "localhost") .put("ssl", false) .put("port", port); }
private JsonObject config() { String token = client.getConfiguration().getOauthToken(); if (token == null) { token = "some-token"; } return new JsonObject() .put("token", token) .put("host", "localhost") .put("ssl", false) .put("port", port); }
kubernetesConfig.getClientKeyFile(), kubernetesConfig.getClientKeyData(), kubernetesConfig.getClientKeyAlgo(), kubernetesConfig.getClientKeyPassphrase(), kubernetesConfig.getUsername(), kubernetesConfig.getPassword(), kubernetesConfig.getOauthToken(), kubernetesConfig.getWatchReconnectInterval(), kubernetesConfig.getWatchReconnectLimit(), kubernetesConfig.getConnectionTimeout(), kubernetesConfig.getRequestTimeout(),
private void ensureCredentialsExist(NamespacedOpenShiftClient client, ServiceBrokerOptions options) { Secret secret = client.secrets().withName(options.getServiceCatalogCredentialsSecretName()).get(); if (secret == null) { client.secrets().createNew() .editOrNewMetadata() .withName(options.getServiceCatalogCredentialsSecretName()) .addToLabels("app", "enmasse") .endMetadata() .addToData("token", Base64.getEncoder().encodeToString(client.getConfiguration().getOauthToken().getBytes(StandardCharsets.UTF_8))) .done(); } }
@Override public void start(Future<Void> startPromise) throws Exception { SchemaApi schemaApi = KubeSchemaApi.create(client, client.getNamespace(), true); CachingSchemaProvider schemaProvider = new CachingSchemaProvider(); schemaApi.watchSchema(schemaProvider, options.getResyncInterval()); ensureRouteExists(client, options); ensureCredentialsExist(client, options); AddressSpaceApi addressSpaceApi = new ConfigMapAddressSpaceApi(client); AuthApi authApi = new KubeAuthApi(client, client.getConfiguration().getOauthToken()); UserApi userApi = createUserApi(options); ConsoleProxy consoleProxy = addressSpace -> { Route route = client.routes().withName(options.getConsoleProxyRouteName()).get(); if (route == null) { return null; } return String.format("https://%s/console/%s", route.getSpec().getHost(), addressSpace.getMetadata().getName()); }; vertx.deployVerticle(new HTTPServer(addressSpaceApi, schemaProvider, authApi, options.getCertDir(), options.getEnableRbac(), userApi, options.getListenPort(), consoleProxy), result -> { if (result.succeeded()) { log.info("EnMasse Service Broker started"); startPromise.complete(); } else { startPromise.fail(result.cause()); } }); }
assertEquals("http://somehost:80/", config.getMasterUrl()); assertEquals("testns", config.getNamespace()); assertEquals("token", config.getOauthToken()); assertEquals("user", config.getUsername()); assertEquals("pass", config.getPassword());
private void updateKubeConfig(Config kubeConfig, JsonObject config, K8SDiscovery annotation) { final String user = ConfigurationUtil.getStringConfiguration(config, USER, annotation.user()); final String password = ConfigurationUtil.getStringConfiguration(config, PASSWORD, annotation.password()); final String api_token = ConfigurationUtil.getStringConfiguration(config, API_TOKEN, annotation.api_token()); final String master_url = ConfigurationUtil.getStringConfiguration(config, MASTER_URL, annotation.master_url()); final String namespace = ConfigurationUtil.getStringConfiguration(config, NAMESPACE, annotation.namespace()); if (StringUtil.isNullOrEmpty(kubeConfig.getUsername())) kubeConfig.setUsername(user); if (StringUtil.isNullOrEmpty(kubeConfig.getPassword())) kubeConfig.setPassword(password); if (StringUtil.isNullOrEmpty(kubeConfig.getOauthToken())) kubeConfig.setOauthToken(api_token); if (StringUtil.isNullOrEmpty(kubeConfig.getMasterUrl())) kubeConfig.setMasterUrl(master_url); if (StringUtil.isNullOrEmpty(kubeConfig.getNamespace())) kubeConfig.setNamespace(namespace); // check oauthToken if (StringUtil.isNullOrEmpty(kubeConfig.getOauthToken())) kubeConfig.setOauthToken(TokenUtil.getAccountToken()); } }