github.com/telepresenceio/telepresence/v2@v2.20.0-pro.6.0.20240517030216-236ea954e789/integration_test/testdata/k8screds/main.go (about) 1 package main 2 3 import ( 4 "bytes" 5 "fmt" 6 "os" 7 "os/exec" 8 9 meta "k8s.io/apimachinery/pkg/apis/meta/v1" 10 "k8s.io/apimachinery/pkg/runtime" 11 "k8s.io/apimachinery/pkg/runtime/serializer" 12 "k8s.io/client-go/pkg/apis/clientauthentication" 13 "k8s.io/client-go/pkg/apis/clientauthentication/install" 14 "k8s.io/client-go/tools/clientcmd/api" 15 16 "github.com/telepresenceio/telepresence/v2/pkg/client" 17 "github.com/telepresenceio/telepresence/v2/pkg/dos" 18 ) 19 20 func main() { 21 if err := run(os.Args); err != nil { 22 _, _ = fmt.Fprintln(os.Stderr, err.Error()) 23 os.Exit(1) 24 } 25 } 26 27 func run(args []string) error { 28 var cn string 29 var fm map[string]string 30 switch len(args) { 31 case 1: 32 case 2: 33 cn = os.Args[1] 34 fm = map[string]string{"context": cn} 35 default: 36 return fmt.Errorf("usage %s <name of kubecontext>", args) 37 } 38 flags, err := client.ConfigFlags(fm) 39 if err != nil { 40 return err 41 } 42 config, err := flags.ToRawKubeConfigLoader().RawConfig() 43 if err != nil { 44 return err 45 } 46 if cn == "" { 47 cn = config.CurrentContext 48 } else { 49 config.CurrentContext = cn 50 } 51 if err = api.MinifyConfig(&config); err != nil { 52 return fmt.Errorf("unable to load context %q: %w", cn, err) 53 } 54 // Ensure that all certs are embedded instead of reachable using a path 55 if err = api.FlattenConfig(&config); err != nil { 56 return fmt.Errorf("unable to flatten context %q: %w", cn, err) 57 } 58 cc := config.Contexts[cn] 59 ai, ok := config.AuthInfos[cc.AuthInfo] 60 if !ok { 61 return fmt.Errorf("unable to load authinfo %q for context %q", cc.AuthInfo, cn) 62 } 63 64 var data []byte 65 if ec := ai.Exec; ec != nil { 66 data, err = resolveExec(ec) 67 } else { 68 data, err = resolveCreds(ai, config.Clusters[cc.Cluster]) 69 } 70 if err != nil { 71 return err 72 } 73 _, err = os.Stdout.Write(data) 74 return err 75 } 76 77 func resolveCreds(ai *api.AuthInfo, cl *api.Cluster) ([]byte, error) { 78 st := clientauthentication.ExecCredentialStatus{ 79 Token: ai.Token, 80 } 81 if len(ai.ClientCertificateData) > 0 { 82 st.ClientCertificateData = string(ai.ClientCertificateData) 83 } 84 if len(ai.ClientCertificateData) > 0 { 85 st.ClientKeyData = string(ai.ClientKeyData) 86 } 87 creds := clientauthentication.ExecCredential{ 88 TypeMeta: meta.TypeMeta{ 89 Kind: "ExecCredential", 90 APIVersion: "client.authentication.k8s.io/v1beta1", 91 }, 92 Spec: clientauthentication.ExecCredentialSpec{ 93 Interactive: false, 94 }, 95 Status: &st, 96 } 97 if cl != nil { 98 creds.Spec.Cluster = &clientauthentication.Cluster{ 99 Server: cl.Server, 100 TLSServerName: cl.TLSServerName, 101 InsecureSkipTLSVerify: cl.InsecureSkipTLSVerify, 102 CertificateAuthorityData: cl.CertificateAuthorityData, 103 ProxyURL: cl.ProxyURL, 104 DisableCompression: cl.DisableCompression, 105 } 106 } 107 scheme := runtime.NewScheme() 108 install.Install(scheme) 109 codecs := serializer.NewCodecFactory(scheme) 110 return runtime.Encode(codecs.LegacyCodec(creds.GroupVersionKind().GroupVersion()), &creds) 111 } 112 113 func resolveExec(execConfig *api.ExecConfig) ([]byte, error) { 114 var buf bytes.Buffer 115 cmd := exec.Command(execConfig.Command, execConfig.Args...) 116 cmd.Stdout = &buf 117 cmd.Stderr = os.Stderr 118 cmd.Env = os.Environ() 119 if len(execConfig.Env) > 0 { 120 em := dos.FromEnvPairs(cmd.Env) 121 for _, ev := range execConfig.Env { 122 em[ev.Name] = ev.Value 123 } 124 cmd.Env = em.Environ() 125 } 126 127 if err := cmd.Run(); err != nil { 128 return nil, fmt.Errorf("failed to run host command: %w", err) 129 } 130 131 return buf.Bytes(), nil 132 }