github.com/Azure/aad-pod-identity@v1.8.17/pkg/nmi/nmi.go

github.com/Azure/aad-pod-identity@v1.8.17/pkg/nmi/nmi.go (about)

     1  package nmi
     2  
     3  import (
     4  	"context"
     5  	"fmt"
     6  
     7  	aadpodid "github.com/Azure/aad-pod-identity/pkg/apis/aadpodidentity"
     8  	"github.com/Azure/aad-pod-identity/pkg/k8s"
     9  
    10  	"github.com/Azure/go-autorest/autorest/adal"
    11  	"k8s.io/klog/v2"
    12  )
    13  
    14  // OperationMode is the mode in which NMI is operating
    15  // allowed values: standard, managed
    16  type OperationMode string
    17  
    18  // Config is the parameters used by token client
    19  type Config struct {
    20  	// Mode is the operation mode for token client
    21  	Mode string
    22  	// RetryAttemptsForCreated number of retries in NMI to find assigned identity in CREATED state for standard mode
    23  	RetryAttemptsForCreated int
    24  	// RetryAttemptsForAssigned number of retries in NMI to find assigned identity in ASSIGNED state for standard mode
    25  	RetryAttemptsForAssigned int
    26  	// FindIdentityRetryIntervalInSeconds Retry interval to find assigned identities in seconds for standard mode
    27  	FindIdentityRetryIntervalInSeconds int
    28  	// NodeName is the node on which NMI is running
    29  	NodeName string
    30  	// Namespaced makes NMI looks for identities in same namespace as pods
    31  	Namespaced bool
    32  }
    33  
    34  const (
    35  	// StandardMode is the name of NMI's standard mode.
    36  	StandardMode OperationMode = "standard"
    37  
    38  	// ManagedMode is the name of NMI's managed mode.
    39  	ManagedMode OperationMode = "managed"
    40  )
    41  
    42  // TokenClient is an abstraction used to retrieve pods' identities and ADAL tokens.
    43  type TokenClient interface {
    44  	// GetIdentities gets the list of identities which match the
    45  	// given pod in the form of AzureIdentity.
    46  	GetIdentities(ctx context.Context, podns, podname, clientID, resourceID string) (*aadpodid.AzureIdentity, error)
    47  	// GetTokens acquires tokens by using the AzureIdentity.
    48  	GetTokens(ctx context.Context, clientID, resource string, podID aadpodid.AzureIdentity) (tokens []*adal.Token, err error)
    49  }
    50  
    51  // GetTokenClient returns a token client
    52  func GetTokenClient(client k8s.Client, config Config) (TokenClient, error) {
    53  	klog.Infof("initializing in %s mode", config.Mode)
    54  
    55  	switch getOperationMode(config.Mode) {
    56  	case StandardMode:
    57  		return NewStandardTokenClient(client, config)
    58  	case ManagedMode:
    59  		return NewManagedTokenClient(client, config)
    60  	default:
    61  		return nil, fmt.Errorf("operation mode %s not supported", config.Mode)
    62  	}
    63  }
    64  
    65  func getOperationMode(mode string) OperationMode {
    66  	return OperationMode(mode)
    67  }
    68  
    69  // GetKubeClient returns kube client based on nmi mode
    70  func GetKubeClient(nodeName, mode string, enableScaleFeatures bool) (k8s.Client, error) {
    71  	// StandardMode client doesn't require azure identity and binding informers
    72  	// ManagedMode client doesn't require azure assigned identity informers
    73  	return k8s.NewKubeClient(nodeName, enableScaleFeatures, OperationMode(mode) == StandardMode)
    74  }