mirror of
https://github.com/lensapp/lens.git
synced 2025-05-20 05:10:56 +00:00
Add auth header token to proxy config
Signed-off-by: Sebastian Malton <sebastian@malton.name>
This commit is contained in:
Sebastian Malton
parent
fab36c23a0
commit
0458513797
@ -15,6 +15,7 @@ import pathExistsInjectable from "../../common/fs/path-exists.injectable";
|
||||
import writeFileInjectable from "../../common/fs/write-file.injectable";
|
||||
import removePathInjectable from "../../common/fs/remove.injectable";
|
||||
import lensProxyCertificateInjectable from "../../common/certificate/lens-proxy-certificate.injectable";
|
||||
import authHeaderStateInjectable from "../../features/auth-header/common/header-state.injectable";
|
||||
|
||||
export interface KubeConfigManagerInstantiationParameter {
|
||||
cluster: Cluster;
|
||||
@ -30,12 +31,13 @@ const createKubeconfigManagerInjectable = getInjectable({
|
||||
directoryForTemp: di.inject(directoryForTempInjectable),
|
||||
logger: di.inject(loggerInjectable),
|
||||
lensProxyPort: di.inject(lensProxyPortInjectable),
|
||||
certificate: di.inject(lensProxyCertificateInjectable).get(),
|
||||
authHeaderToken: di.inject(authHeaderStateInjectable).get(),
|
||||
joinPaths: di.inject(joinPathsInjectable),
|
||||
getDirnameOfPath: di.inject(getDirnameOfPathInjectable),
|
||||
removePath: di.inject(removePathInjectable),
|
||||
pathExists: di.inject(pathExistsInjectable),
|
||||
writeFile: di.inject(writeFileInjectable),
|
||||
certificate: di.inject(lensProxyCertificateInjectable).get(),
|
||||
};
|
||||
|
||||
return (cluster) => new KubeconfigManager(dependencies, cluster);
|
||||
|
||||
@ -21,12 +21,13 @@ export interface KubeconfigManagerDependencies {
|
||||
readonly directoryForTemp: string;
|
||||
readonly logger: Logger;
|
||||
readonly lensProxyPort: { get: () => number };
|
||||
readonly certificate: SelfSignedCert;
|
||||
readonly authHeaderToken: string;
|
||||
joinPaths: JoinPaths;
|
||||
getDirnameOfPath: GetDirnameOfPath;
|
||||
pathExists: PathExists;
|
||||
removePath: RemovePath;
|
||||
writeFile: WriteFile;
|
||||
certificate: SelfSignedCert;
|
||||
}
|
||||
|
||||
export class KubeconfigManager {
|
||||
@ -87,10 +88,6 @@ export class KubeconfigManager {
|
||||
}
|
||||
}
|
||||
|
||||
get resolveProxyUrl() {
|
||||
return `https://127.0.0.1:${this.dependencies.lensProxyPort.get()}/${this.cluster.id}`;
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates new "temporary" kubeconfig that point to the kubectl-proxy.
|
||||
* This way any user of the config does not need to know anything about the auth etc. details.
|
||||
@ -98,24 +95,36 @@ export class KubeconfigManager {
|
||||
protected async createProxyKubeconfig(): Promise<string> {
|
||||
const { cluster } = this;
|
||||
const { contextName, id } = cluster;
|
||||
const tempFile = this.dependencies.joinPaths(
|
||||
this.dependencies.directoryForTemp,
|
||||
const {
|
||||
certificate,
|
||||
authHeaderToken,
|
||||
joinPaths,
|
||||
lensProxyPort,
|
||||
writeFile,
|
||||
directoryForTemp,
|
||||
logger,
|
||||
} = this.dependencies;
|
||||
|
||||
const tempFile = joinPaths(
|
||||
directoryForTemp,
|
||||
`kubeconfig-${id}`,
|
||||
);
|
||||
const kubeConfig = await cluster.getKubeconfig();
|
||||
const { certificate } = this.dependencies;
|
||||
const proxyConfig: PartialDeep<KubeConfig> = {
|
||||
currentContext: contextName,
|
||||
clusters: [
|
||||
{
|
||||
name: contextName,
|
||||
server: this.resolveProxyUrl,
|
||||
server: `https://127.0.0.1:${lensProxyPort.get()}/${cluster.id}`,
|
||||
skipTLSVerify: false,
|
||||
caData: Buffer.from(certificate.cert).toString("base64"),
|
||||
},
|
||||
],
|
||||
users: [
|
||||
{ name: "proxy", username: "lens", password: "fake" },
|
||||
{
|
||||
name: "proxy",
|
||||
token: authHeaderToken,
|
||||
},
|
||||
],
|
||||
contexts: [
|
||||
{
|
||||
@ -129,8 +138,8 @@ export class KubeconfigManager {
|
||||
// write
|
||||
const configYaml = dumpConfigYaml(proxyConfig);
|
||||
|
||||
await this.dependencies.writeFile(tempFile, configYaml, { mode: 0o600 });
|
||||
this.dependencies.logger.debug(`[KUBECONFIG-MANAGER]: Created temp kubeconfig "${contextName}" at "${tempFile}": \n${configYaml}`);
|
||||
await writeFile(tempFile, configYaml, { mode: 0o600 });
|
||||
logger.debug(`[KUBECONFIG-MANAGER]: Created temp kubeconfig "${contextName}" at "${tempFile}": \n${configYaml}`);
|
||||
|
||||
return tempFile;
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user