Skip to content
This repository has been archived by the owner on Apr 18, 2024. It is now read-only.

Commit

Permalink
fix: use env var source for auth
Browse files Browse the repository at this point in the history
  • Loading branch information
@teodor-pripoae
teodor-pripoae committed Aug 10, 2021
1 parent 1f81b86 commit b8d389e
Show file tree
Hide file tree
Showing 10 changed files with 222 additions and 21 deletions.
9 changes: 6 additions & 3 deletions api/v1/rest_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ limitations under the License.
package v1

import (
"github.com/flanksource/kommons"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

Expand All @@ -27,7 +28,7 @@ type RESTSpec struct {

// Auth may be used for http basic authentication
// +optional
Auth RESTAuth `json:"auth,omitempty"`
Auth *RESTAuth `json:"auth,omitempty"`

// Headers are optional http headers to be sent on the request
// +optional
Expand All @@ -42,9 +43,11 @@ type RESTSpec struct {

type RESTAuth struct {
// Username represents the HTTP Basic Auth username
Username string `json:"username,omitempty"`
Username kommons.EnvVarSource `json:"username,omitempty"`
// Password represents the HTTP Basic Auth password
Password string `json:"password,omitempty"`
Password kommons.EnvVarSource `json:"password,omitempty"`
// Namespace where secret / config map is present
Namespace string `json:"namespace,omitempty"`
}

type RESTAction struct {
Expand Down
8 changes: 7 additions & 1 deletion api/v1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 6 additions & 1 deletion config/base/deploy.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
apiVersion: v1
kind: Namespace
metadata:
name: template-operator
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: template-operator-manager
Expand Down Expand Up @@ -116,7 +121,7 @@ spec:
- --metrics-addr=0.0.0.0:8080
- --enable-leader-election
- --sync-period=20s
image: flanksource/template-operator:v1
image: flanksource/template-operator:dev
name: manager
resources:
limits:
Expand Down
53 changes: 51 additions & 2 deletions config/crd/bases/templating.flanksource.com_rests.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,12 +39,61 @@ spec:
auth:
description: Auth may be used for http basic authentication
properties:
namespace:
description: Namespace where secret / config map is present
type: string
password:
description: Password represents the HTTP Basic Auth password
type: string
properties:
configMapKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
secretKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
type: object
username:
description: Username represents the HTTP Basic Auth username
type: string
properties:
configMapKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
secretKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
type: object
type: object
headers:
additionalProperties:
Expand Down
53 changes: 51 additions & 2 deletions config/deploy/crd.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,12 +37,61 @@ spec:
auth:
description: Auth may be used for http basic authentication
properties:
namespace:
description: Namespace where secret / config map is present
type: string
password:
description: Password represents the HTTP Basic Auth password
type: string
properties:
configMapKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
secretKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
type: object
username:
description: Username represents the HTTP Basic Auth username
type: string
properties:
configMapKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
secretKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
type: object
type: object
headers:
additionalProperties:
Expand Down
60 changes: 57 additions & 3 deletions config/deploy/operator.yml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
apiVersion: v1
kind: Namespace
metadata:
name: template-operator
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
Expand Down Expand Up @@ -37,12 +42,61 @@ spec:
auth:
description: Auth may be used for http basic authentication
properties:
namespace:
description: Namespace where secret / config map is present
type: string
password:
description: Password represents the HTTP Basic Auth password
type: string
properties:
configMapKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
secretKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
type: object
username:
description: Username represents the HTTP Basic Auth username
type: string
properties:
configMapKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
secretKeyRef:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
type: object
type: object
headers:
additionalProperties:
Expand Down Expand Up @@ -599,7 +653,7 @@ spec:
- --metrics-addr=0.0.0.0:8080
- --enable-leader-election
- --sync-period=20s
image: flanksource/template-operator:v1
image: flanksource/template-operator:dev
name: manager
resources:
limits:
Expand Down
2 changes: 1 addition & 1 deletion config/manager/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@ kind: Kustomization
images:
- name: controller
newName: flanksource/template-operator
newTag: v1
newTag: dev
20 changes: 18 additions & 2 deletions examples/rest.yml
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,27 @@
apiVersion: v1
kind: Secret
metadata:
name: "example-alertmanager-http-auth"
namespace: default
stringData:
username: foo
password: bar
---
apiVersion: templating.flanksource.com/v1
kind: REST
metadata:
name: "example-alertmanager"
spec:
auth:
username: foo
password: bar
username:
secretKeyRef:
name: example-alertmanager-http-auth
key: username
password:
secretKeyRef:
name: example-alertmanager-http-auth
key: password
namespace: default
headers:
Content-Type: application/json
update:
Expand Down
30 changes: 25 additions & 5 deletions k8s/rest_manager.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package k8s
import (
"bytes"
"context"
"encoding/base64"
"encoding/json"
"fmt"
"io/ioutil"
Expand Down Expand Up @@ -122,18 +123,23 @@ func (r *RESTManager) doRequest(ctx context.Context, rest *templatev1.REST, url,
}
}

fmt.Printf("Sending Request:\n")
fmt.Printf("URL: %s\n", newURL)
fmt.Printf("Method: %s\n", method)
fmt.Printf("Body:\n%s\n", newBody)
if rest.Spec.Auth != nil {
basicAuth, err := getRestAuthorization(r.Client, rest.Spec.Auth)
if err != nil {
return nil, errors.Wrap(err, "failed to generate basic auth")
}
req.Header.Set("Authorization", basicAuth)
}

r.Log.V(3).Info("Sending Request:", "url", newURL, "method", method, "body", newBody)

resp, err := client.Do(req)
if err != nil {
return nil, errors.Wrap(err, "http request failed")
}
defer resp.Body.Close()

fmt.Printf("Status code: %d\n", resp.StatusCode)
r.Log.V(3).Info("Response:", "statusCode", resp.StatusCode)

bodyBytes, err := ioutil.ReadAll(resp.Body)
if err != nil {
Expand Down Expand Up @@ -215,3 +221,17 @@ func sameGeneration(rest *templatev1.REST) bool {

return gen == rest.ObjectMeta.Generation
}

func getRestAuthorization(client *kommons.Client, auth *templatev1.RESTAuth) (string, error) {
_, username, err := client.GetEnvValue(kommons.EnvVar{Name: "username", ValueFrom: &auth.Username}, auth.Namespace)
if err != nil {
return "", errors.Wrap(err, "failed to get username value")
}
_, password, err := client.GetEnvValue(kommons.EnvVar{Name: "password", ValueFrom: &auth.Password}, auth.Namespace)
if err != nil {
return "", errors.Wrap(err, "failed to get username value")
}

basicAuth := "Basic " + base64.StdEncoding.EncodeToString([]byte(username+":"+password))
return basicAuth, nil
}
1 change: 0 additions & 1 deletion test/e2e.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -794,7 +794,6 @@ metadata:
spec:
backup:
bucket: e2e-postgres-backups
restic: false
cpu: "0.5"
memory: 6Gi
parameters:
Expand Down

0 comments on commit b8d389e

Please sign in to comment.