1 /* 2 Copyright 2014 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 /* 18 Package auth defines a file format for holding authentication 19 information needed by clients of Kubernetes. Typically, 20 a Kubernetes cluster will put auth info for the admin in a known 21 location when it is created, and will (soon) put it in a known 22 location within a Container's file tree for Containers that 23 need access to the Kubernetes API. 24 25 Having a defined format allows: 26 - clients to be implemented in multiple languages 27 - applications which link clients to be portable across 28 clusters with different authentication styles (e.g. 29 some may use SSL Client certs, others may not, etc) 30 - when the format changes, applications only 31 need to update this code. 32 33 The file format is json, marshalled from a struct authcfg.Info. 34 35 Client libraries in other languages should use the same format. 36 37 It is not intended to store general preferences, such as default 38 namespace, output options, etc. CLIs (such as kubectl) and UIs should 39 develop their own format and may wish to inline the authcfg.Info type. 40 41 The authcfg.Info is just a file format. It is distinct from 42 client.Config which holds options for creating a client.Client. 43 Helper functions are provided in this package to fill in a 44 client.Client from an authcfg.Info. 45 46 Example: 47 48 import ( 49 "pkg/client" 50 "pkg/client/auth" 51 ) 52 53 info, err := auth.LoadFromFile(filename) 54 if err != nil { 55 // handle error 56 } 57 clientConfig = client.Config{} 58 clientConfig.Host = "example.com:4901" 59 clientConfig = info.MergeWithConfig() 60 client := client.New(clientConfig) 61 client.Pods(ns).List() 62 */ 63 package auth 64 65 // TODO: need a way to rotate Tokens. Therefore, need a way for client object to be reset when the authcfg is updated. 66 import ( 67 "encoding/json" 68 "os" 69 70 restclient "k8s.io/client-go/rest" 71 ) 72 73 // Info holds Kubernetes API authorization config. It is intended 74 // to be read/written from a file as a JSON object. 75 type Info struct { 76 User string 77 Password string `datapolicy:"password"` 78 CAFile string 79 CertFile string 80 KeyFile string 81 BearerToken string `datapolicy:"token"` 82 Insecure *bool 83 } 84 85 // LoadFromFile parses an Info object from a file path. 86 // If the file does not exist, then os.IsNotExist(err) == true 87 func LoadFromFile(path string) (*Info, error) { 88 var info Info 89 if _, err := os.Stat(path); os.IsNotExist(err) { 90 return nil, err 91 } 92 data, err := os.ReadFile(path) 93 if err != nil { 94 return nil, err 95 } 96 err = json.Unmarshal(data, &info) 97 if err != nil { 98 return nil, err 99 } 100 return &info, err 101 } 102 103 // MergeWithConfig returns a copy of a client.Config with values from the Info. 104 // The fields of client.Config with a corresponding field in the Info are set 105 // with the value from the Info. 106 func (info Info) MergeWithConfig(c restclient.Config) (restclient.Config, error) { 107 var config = c 108 config.Username = info.User 109 config.Password = info.Password 110 config.CAFile = info.CAFile 111 config.CertFile = info.CertFile 112 config.KeyFile = info.KeyFile 113 config.BearerToken = info.BearerToken 114 if info.Insecure != nil { 115 config.Insecure = *info.Insecure 116 } 117 return config, nil 118 } 119 120 // Complete returns true if the Kubernetes API authorization info is complete. 121 func (info Info) Complete() bool { 122 return len(info.User) > 0 || 123 len(info.CertFile) > 0 || 124 len(info.BearerToken) > 0 125 } 126