forked from kubernetes-client/javascript
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathexec_auth.ts
More file actions
49 lines (45 loc) · 1.81 KB
/
exec_auth.ts
File metadata and controls
49 lines (45 loc) · 1.81 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
import * as shell from 'shelljs';
import { Authenticator } from './auth';
import { User } from './config_types';
export class ExecAuth implements Authenticator {
private readonly tokenCache: { [key: string]: any } = {};
public isAuthProvider(user: User) {
return user.authProvider.name === 'exec' ||
(user.authProvider.config && user.authProvider.config.exec);
}
public getToken(user: User): string | null {
// TODO: Handle client cert auth here, requires auth refactor.
// See https://kubernetes.io/docs/reference/access-authn-authz/authentication/#input-and-output-formats
// for details on this protocol.
// TODO: Add a unit test for token caching.
const cachedToken = this.tokenCache[user.name];
if (cachedToken) {
const date = Date.parse(cachedToken.status.expirationTimestamp);
if (date < Date.now()) {
return `Bearer ${cachedToken.status.token}`;
}
this.tokenCache[user.name] = null;
}
const config = user.authProvider.config;
if (!config.exec.command) {
throw new Error('No command was specified for exec authProvider!');
}
let cmd = config.exec.command;
if (config.exec.args) {
cmd = `${cmd} ${config.exec.args.join(' ')}`;
}
let opts: shell.ExecOpts;
if (config.exec.env) {
const env = {};
config.exec.env.forEach((elt) => env[elt.name] = elt.value);
opts = { env };
}
const result = shell.exec(cmd, opts);
if (result.code === 0) {
const obj = JSON.parse(result.stdout);
this.tokenCache[user.name] = obj;
return `Bearer ${obj.status.token}`;
}
throw new Error(result.stderr);
}
}