blob: c341726774f6ab004c3437fabaa9d86cacecaf5a [file] [log] [blame]
Scott Bakere7144bc2019-10-01 14:16:47 -07001/*
2Copyright 2014 The Kubernetes Authors.
3
4Licensed under the Apache License, Version 2.0 (the "License");
5you may not use this file except in compliance with the License.
6You may obtain a copy of the License at
7
8 http://www.apache.org/licenses/LICENSE-2.0
9
10Unless required by applicable law or agreed to in writing, software
11distributed under the License is distributed on an "AS IS" BASIS,
12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13See the License for the specific language governing permissions and
14limitations under the License.
15*/
16
17/*
18Package auth defines a file format for holding authentication
19information needed by clients of Kubernetes. Typically,
20a Kubernetes cluster will put auth info for the admin in a known
21location when it is created, and will (soon) put it in a known
22location within a Container's file tree for Containers that
23need access to the Kubernetes API.
24
25Having a defined format allows:
26 - clients to be implemented in multiple languages
27 - applications which link clients to be portable across
28 clusters with different authentication styles (e.g.
29 some may use SSL Client certs, others may not, etc)
30 - when the format changes, applications only
31 need to update this code.
32
33The file format is json, marshalled from a struct authcfg.Info.
34
35Clinet libraries in other languages should use the same format.
36
37It is not intended to store general preferences, such as default
38namespace, output options, etc. CLIs (such as kubectl) and UIs should
39develop their own format and may wish to inline the authcfg.Info type.
40
41The authcfg.Info is just a file format. It is distinct from
42client.Config which holds options for creating a client.Client.
43Helper functions are provided in this package to fill in a
44client.Client from an authcfg.Info.
45
46Example:
47
48 import (
49 "pkg/client"
50 "pkg/client/auth"
51 )
52
53 info, err := auth.LoadFromFile(filename)
54 if err != nil {
55 // handle error
56 }
57 clientConfig = client.Config{}
58 clientConfig.Host = "example.com:4901"
59 clientConfig = info.MergeWithConfig()
60 client := client.New(clientConfig)
61 client.Pods(ns).List()
62*/
63package auth
64
65// TODO: need a way to rotate Tokens. Therefore, need a way for client object to be reset when the authcfg is updated.
66import (
67 "encoding/json"
68 "io/ioutil"
69 "os"
70
71 restclient "k8s.io/client-go/rest"
72)
73
74// Info holds Kubernetes API authorization config. It is intended
75// to be read/written from a file as a JSON object.
76type Info struct {
77 User string
78 Password string
79 CAFile string
80 CertFile string
81 KeyFile string
82 BearerToken string
83 Insecure *bool
84}
85
86// LoadFromFile parses an Info object from a file path.
87// If the file does not exist, then os.IsNotExist(err) == true
88func LoadFromFile(path string) (*Info, error) {
89 var info Info
90 if _, err := os.Stat(path); os.IsNotExist(err) {
91 return nil, err
92 }
93 data, err := ioutil.ReadFile(path)
94 if err != nil {
95 return nil, err
96 }
97 err = json.Unmarshal(data, &info)
98 if err != nil {
99 return nil, err
100 }
101 return &info, err
102}
103
104// MergeWithConfig returns a copy of a client.Config with values from the Info.
105// The fields of client.Config with a corresponding field in the Info are set
106// with the value from the Info.
107func (info Info) MergeWithConfig(c restclient.Config) (restclient.Config, error) {
girishke7ca43b2019-10-10 12:30:03 +0000108 var config = c
Scott Bakere7144bc2019-10-01 14:16:47 -0700109 config.Username = info.User
110 config.Password = info.Password
111 config.CAFile = info.CAFile
112 config.CertFile = info.CertFile
113 config.KeyFile = info.KeyFile
114 config.BearerToken = info.BearerToken
115 if info.Insecure != nil {
116 config.Insecure = *info.Insecure
117 }
118 return config, nil
119}
120
girishke7ca43b2019-10-10 12:30:03 +0000121// Complete returns true if the Kubernetes API authorization info is complete.
Scott Bakere7144bc2019-10-01 14:16:47 -0700122func (info Info) Complete() bool {
123 return len(info.User) > 0 ||
124 len(info.CertFile) > 0 ||
125 len(info.BearerToken) > 0
126}