github.com/kyma-incubator/compass/components/director@v0.0.0-20230623144113-d764f56ff805/pkg/http/service_acccount_token_transport.go (about) 1 package http 2 3 import ( 4 "net/http" 5 "os" 6 7 "github.com/pkg/errors" 8 ) 9 10 // DefaultServiceAccountTokenPath missing godoc 11 const DefaultServiceAccountTokenPath = "/var/run/secrets/kubernetes.io/serviceaccount/token" 12 13 // InternalAuthorizationHeader missing godoc 14 const InternalAuthorizationHeader = "X-Authorization" 15 16 // NewServiceAccountTokenTransport constructs an serviceAccountTokenTransport 17 func NewServiceAccountTokenTransport(roundTripper HTTPRoundTripper) *serviceAccountTokenTransport { 18 return &serviceAccountTokenTransport{ 19 roundTripper: roundTripper, 20 } 21 } 22 23 // NewServiceAccountTokenTransportWithHeader constructs an serviceAccountTokenTransport with configurable header name 24 func NewServiceAccountTokenTransportWithHeader(roundTripper HTTPRoundTripper, headerName string) *serviceAccountTokenTransport { 25 return &serviceAccountTokenTransport{ 26 roundTripper: roundTripper, 27 headerName: headerName, 28 } 29 } 30 31 // NewServiceAccountTokenTransportWithPath constructs an serviceAccountTokenTransport with a given path 32 func NewServiceAccountTokenTransportWithPath(roundTripper HTTPRoundTripper, path string) *serviceAccountTokenTransport { 33 return &serviceAccountTokenTransport{ 34 roundTripper: roundTripper, 35 path: path, 36 } 37 } 38 39 // NewServiceAccountTokenTransportWithPathAndHeader constructs a serviceAccountTokenTransport with a given path and configurable header name 40 func NewServiceAccountTokenTransportWithPathAndHeader(roundTripper HTTPRoundTripper, path, headerName string) *serviceAccountTokenTransport { 41 return &serviceAccountTokenTransport{ 42 roundTripper: roundTripper, 43 path: path, 44 headerName: headerName, 45 } 46 } 47 48 // serviceAccountTokenTransport is transport that attaches a kubernetes service account token in the X-Authorization header for internal authentication. 49 type serviceAccountTokenTransport struct { 50 roundTripper HTTPRoundTripper 51 path string 52 headerName string 53 } 54 55 // RoundTrip attaches a kubernetes service account token in the X-Authorization header for internal authentication. 56 func (tr *serviceAccountTokenTransport) RoundTrip(r *http.Request) (*http.Response, error) { 57 path := tr.path 58 if len(path) == 0 { 59 path = DefaultServiceAccountTokenPath 60 } 61 token, err := os.ReadFile(path) 62 if err != nil { 63 return nil, errors.Wrapf(err, "Unable to read service account token file") 64 } 65 66 headerName := InternalAuthorizationHeader 67 if tr.headerName != "" { 68 headerName = tr.headerName 69 } 70 r.Header.Set(headerName, "Bearer "+string(token)) 71 72 return tr.roundTripper.RoundTrip(r) 73 } 74 75 // Clone clones the underlying transport 76 func (tr *serviceAccountTokenTransport) Clone() HTTPRoundTripper { 77 return &serviceAccountTokenTransport{ 78 roundTripper: tr.roundTripper.Clone(), 79 path: tr.path, 80 headerName: tr.headerName, 81 } 82 } 83 84 func (tr *serviceAccountTokenTransport) GetTransport() *http.Transport { 85 return tr.roundTripper.GetTransport() 86 }