mirror of
https://github.com/lensapp/lens.git
synced 2025-05-20 05:10:56 +00:00
Add auth header token to proxy config
Signed-off-by: Sebastian Malton <sebastian@malton.name>
This commit is contained in:
Sebastian Malton
parent
fab36c23a0
commit
0458513797
@ -15,6 +15,7 @@ import pathExistsInjectable from "../../common/fs/path-exists.injectable";
|
|||||||
import writeFileInjectable from "../../common/fs/write-file.injectable";
|
import writeFileInjectable from "../../common/fs/write-file.injectable";
|
||||||
import removePathInjectable from "../../common/fs/remove.injectable";
|
import removePathInjectable from "../../common/fs/remove.injectable";
|
||||||
import lensProxyCertificateInjectable from "../../common/certificate/lens-proxy-certificate.injectable";
|
import lensProxyCertificateInjectable from "../../common/certificate/lens-proxy-certificate.injectable";
|
||||||
|
import authHeaderStateInjectable from "../../features/auth-header/common/header-state.injectable";
|
||||||
|
|
||||||
export interface KubeConfigManagerInstantiationParameter {
|
export interface KubeConfigManagerInstantiationParameter {
|
||||||
cluster: Cluster;
|
cluster: Cluster;
|
||||||
@ -30,12 +31,13 @@ const createKubeconfigManagerInjectable = getInjectable({
|
|||||||
directoryForTemp: di.inject(directoryForTempInjectable),
|
directoryForTemp: di.inject(directoryForTempInjectable),
|
||||||
logger: di.inject(loggerInjectable),
|
logger: di.inject(loggerInjectable),
|
||||||
lensProxyPort: di.inject(lensProxyPortInjectable),
|
lensProxyPort: di.inject(lensProxyPortInjectable),
|
||||||
|
certificate: di.inject(lensProxyCertificateInjectable).get(),
|
||||||
|
authHeaderToken: di.inject(authHeaderStateInjectable).get(),
|
||||||
joinPaths: di.inject(joinPathsInjectable),
|
joinPaths: di.inject(joinPathsInjectable),
|
||||||
getDirnameOfPath: di.inject(getDirnameOfPathInjectable),
|
getDirnameOfPath: di.inject(getDirnameOfPathInjectable),
|
||||||
removePath: di.inject(removePathInjectable),
|
removePath: di.inject(removePathInjectable),
|
||||||
pathExists: di.inject(pathExistsInjectable),
|
pathExists: di.inject(pathExistsInjectable),
|
||||||
writeFile: di.inject(writeFileInjectable),
|
writeFile: di.inject(writeFileInjectable),
|
||||||
certificate: di.inject(lensProxyCertificateInjectable).get(),
|
|
||||||
};
|
};
|
||||||
|
|
||||||
return (cluster) => new KubeconfigManager(dependencies, cluster);
|
return (cluster) => new KubeconfigManager(dependencies, cluster);
|
||||||
|
|||||||
@ -21,12 +21,13 @@ export interface KubeconfigManagerDependencies {
|
|||||||
readonly directoryForTemp: string;
|
readonly directoryForTemp: string;
|
||||||
readonly logger: Logger;
|
readonly logger: Logger;
|
||||||
readonly lensProxyPort: { get: () => number };
|
readonly lensProxyPort: { get: () => number };
|
||||||
|
readonly certificate: SelfSignedCert;
|
||||||
|
readonly authHeaderToken: string;
|
||||||
joinPaths: JoinPaths;
|
joinPaths: JoinPaths;
|
||||||
getDirnameOfPath: GetDirnameOfPath;
|
getDirnameOfPath: GetDirnameOfPath;
|
||||||
pathExists: PathExists;
|
pathExists: PathExists;
|
||||||
removePath: RemovePath;
|
removePath: RemovePath;
|
||||||
writeFile: WriteFile;
|
writeFile: WriteFile;
|
||||||
certificate: SelfSignedCert;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
export class KubeconfigManager {
|
export class KubeconfigManager {
|
||||||
@ -87,10 +88,6 @@ export class KubeconfigManager {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
get resolveProxyUrl() {
|
|
||||||
return `https://127.0.0.1:${this.dependencies.lensProxyPort.get()}/${this.cluster.id}`;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Creates new "temporary" kubeconfig that point to the kubectl-proxy.
|
* Creates new "temporary" kubeconfig that point to the kubectl-proxy.
|
||||||
* This way any user of the config does not need to know anything about the auth etc. details.
|
* This way any user of the config does not need to know anything about the auth etc. details.
|
||||||
@ -98,24 +95,36 @@ export class KubeconfigManager {
|
|||||||
protected async createProxyKubeconfig(): Promise<string> {
|
protected async createProxyKubeconfig(): Promise<string> {
|
||||||
const { cluster } = this;
|
const { cluster } = this;
|
||||||
const { contextName, id } = cluster;
|
const { contextName, id } = cluster;
|
||||||
const tempFile = this.dependencies.joinPaths(
|
const {
|
||||||
this.dependencies.directoryForTemp,
|
certificate,
|
||||||
|
authHeaderToken,
|
||||||
|
joinPaths,
|
||||||
|
lensProxyPort,
|
||||||
|
writeFile,
|
||||||
|
directoryForTemp,
|
||||||
|
logger,
|
||||||
|
} = this.dependencies;
|
||||||
|
|
||||||
|
const tempFile = joinPaths(
|
||||||
|
directoryForTemp,
|
||||||
`kubeconfig-${id}`,
|
`kubeconfig-${id}`,
|
||||||
);
|
);
|
||||||
const kubeConfig = await cluster.getKubeconfig();
|
const kubeConfig = await cluster.getKubeconfig();
|
||||||
const { certificate } = this.dependencies;
|
|
||||||
const proxyConfig: PartialDeep<KubeConfig> = {
|
const proxyConfig: PartialDeep<KubeConfig> = {
|
||||||
currentContext: contextName,
|
currentContext: contextName,
|
||||||
clusters: [
|
clusters: [
|
||||||
{
|
{
|
||||||
name: contextName,
|
name: contextName,
|
||||||
server: this.resolveProxyUrl,
|
server: `https://127.0.0.1:${lensProxyPort.get()}/${cluster.id}`,
|
||||||
skipTLSVerify: false,
|
skipTLSVerify: false,
|
||||||
caData: Buffer.from(certificate.cert).toString("base64"),
|
caData: Buffer.from(certificate.cert).toString("base64"),
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
users: [
|
users: [
|
||||||
{ name: "proxy", username: "lens", password: "fake" },
|
{
|
||||||
|
name: "proxy",
|
||||||
|
token: authHeaderToken,
|
||||||
|
},
|
||||||
],
|
],
|
||||||
contexts: [
|
contexts: [
|
||||||
{
|
{
|
||||||
@ -129,8 +138,8 @@ export class KubeconfigManager {
|
|||||||
// write
|
// write
|
||||||
const configYaml = dumpConfigYaml(proxyConfig);
|
const configYaml = dumpConfigYaml(proxyConfig);
|
||||||
|
|
||||||
await this.dependencies.writeFile(tempFile, configYaml, { mode: 0o600 });
|
await writeFile(tempFile, configYaml, { mode: 0o600 });
|
||||||
this.dependencies.logger.debug(`[KUBECONFIG-MANAGER]: Created temp kubeconfig "${contextName}" at "${tempFile}": \n${configYaml}`);
|
logger.debug(`[KUBECONFIG-MANAGER]: Created temp kubeconfig "${contextName}" at "${tempFile}": \n${configYaml}`);
|
||||||
|
|
||||||
return tempFile;
|
return tempFile;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user