-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmain.go
107 lines (86 loc) · 2.83 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
package main
import (
"bufio"
"context"
"encoding/json"
"fmt"
"os"
"strings"
"time"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/client-go/kubernetes"
clientauthenticationv1beta1 "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1"
"k8s.io/client-go/rest"
"k8s.io/client-go/tools/auth/exec"
)
func performBusinessLogicWithExecCredential(ec runtime.Object) {
// Fill in any business logic here that requires the use of the provided ExecCredential.Spec.
// E.g., make decision whether this plugin should require information from the user on stdin.
exampleExecCredentialBusinessLogic(ec)
}
func performBusinessLogicWithRESTConfig(rc *rest.Config) {
// Fill in any business logic here that requires the use of a REST config.
// E.g., make anonymous requests to an on-cluster endpoint.
exampleRESTConfigBusinessLogic(rc)
}
func main() {
printfln("start")
printfln("KUBERNETES_EXEC_INFO: %q", os.Getenv("KUBERNETES_EXEC_INFO"))
ec, rc, err := exec.LoadExecCredentialFromEnv()
if err != nil {
dief("load: %q", err.Error())
}
performBusinessLogicWithExecCredential(ec)
performBusinessLogicWithRESTConfig(rc)
data, err := json.Marshal(ec)
if err != nil {
dief("marshal: %q", err.Error())
}
printfln("marshal: %q", string(data))
fmt.Println(string(data))
}
func dief(format string, a ...interface{}) {
reallyPrintf("error: "+format+"\n", a...)
// Exit with a non-zero exit code to indicate to client-go that this exec plugin failed to obtain
// a credential.
os.Exit(1)
}
func printfln(format string, a ...interface{}) {
if os.Getenv("QUIET") != "true" {
reallyPrintf(format+"\n", a...)
}
}
func reallyPrintf(format string, a ...interface{}) {
// Always print to stderr since stdout is used to communicate credentials to client-go.
fmt.Fprintf(os.Stderr, "sample-exec-plugin> "+format, a...)
}
func exampleExecCredentialBusinessLogic(ec runtime.Object) {
ecBeta, ok := ec.(*clientauthenticationv1beta1.ExecCredential)
if !ok {
dief("cast failed: %#v\n", ec)
}
if !ecBeta.Spec.Interactive {
dief("exec plugin not running in interactive mode, please run in terminal")
}
reallyPrintf("enter token: ")
token, err := bufio.NewReader(os.Stdin).ReadString('\n')
if err != nil {
dief("cannot read stdin: %q", err.Error())
}
token = strings.TrimSpace(token)
ecBeta.Status = &clientauthenticationv1beta1.ExecCredentialStatus{
Token: token,
}
}
func exampleRESTConfigBusinessLogic(rc *rest.Config) {
c, err := kubernetes.NewForConfig(rc)
if err != nil {
dief("cannot create kubernetes client: %q", err.Error())
}
ctx, cancel := context.WithTimeout(context.Background(), time.Second*3)
defer cancel()
if _, err := c.CoreV1().ConfigMaps("kube-public").Get(ctx, "cluster-info", metav1.GetOptions{}); err != nil {
fmt.Fprintln(os.Stderr, "cannot find cluster-info: "+err.Error())
}
}