Skip to content

Commit

Permalink
working as and tls_server_name args in conf
Browse files Browse the repository at this point in the history
  • Loading branch information
@nicklan
nicklan committed May 25, 2023
1 parent c50a8b4 commit 898e79b
Show file tree
Hide file tree
Showing 3 changed files with 54 additions and 10 deletions.
52 changes: 42 additions & 10 deletions src/config/kube.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,22 +32,29 @@ use crate::k8s::UserAuth as K8SUserAuth;
pub struct ClusterConf {
pub cert: Option<String>,
pub server: String,
pub tls_server_name: Option<String>,
pub insecure_skip_tls_verify: bool,
}

impl ClusterConf {
fn new(cert: Option<String>, server: String) -> ClusterConf {
fn new(cert: Option<String>, server: String, tls_server_name: Option<String>) -> ClusterConf {
ClusterConf {
cert,
server,
tls_server_name,
insecure_skip_tls_verify: false,
}
}

fn new_insecure(cert: Option<String>, server: String) -> ClusterConf {
fn new_insecure(
cert: Option<String>,
server: String,
tls_server_name: Option<String>,
) -> ClusterConf {
ClusterConf {
cert,
server,
tls_server_name,
insecure_skip_tls_verify: true,
}
}
Expand All @@ -69,6 +76,7 @@ pub enum UserAuth {

#[derive(Debug)]
pub struct UserConf {
impersonate_user: Option<String>,
auths: Vec<UserAuth>,
}

Expand Down Expand Up @@ -96,7 +104,10 @@ impl From<super::kubefile::UserConf> for UserConf {
if let Some(exec_conf) = conf.exec {
auth_vec.push(UserAuth::ExecProvider(ExecProvider::new(exec_conf)))
}
UserConf { auths: auth_vec }
UserConf {
impersonate_user: conf.impersonate_user,
auths: auth_vec,
}
}
}

Expand Down Expand Up @@ -175,7 +186,11 @@ impl Config {
br.read_to_string(&mut s).expect("Couldn't read cert");
cluster_map.insert(
cluster.name.clone(),
ClusterConf::new(Some(s), cluster.conf.server.clone()),
ClusterConf::new(
Some(s),
cluster.conf.server.clone(),
cluster.conf.tls_server_name.clone(),
),
);
}
Err(e) => {
Expand All @@ -197,7 +212,11 @@ impl Config {
})?;
cluster_map.insert(
cluster.name.clone(),
ClusterConf::new(Some(cert_pem), cluster.conf.server.clone()),
ClusterConf::new(
Some(cert_pem),
cluster.conf.server.clone(),
cluster.conf.tls_server_name.clone(),
),
);
}
Err(e) => {
Expand All @@ -206,9 +225,17 @@ impl Config {
},
(None, None) => {
let conf = if cluster.conf.skip_tls {
ClusterConf::new_insecure(None, cluster.conf.server.clone())
ClusterConf::new_insecure(
None,
cluster.conf.server.clone(),
cluster.conf.tls_server_name.clone(),
)
} else {
ClusterConf::new(None, cluster.conf.server.clone())
ClusterConf::new(
None,
cluster.conf.server.clone(),
cluster.conf.tls_server_name.clone(),
)
};
cluster_map.insert(cluster.name.clone(), conf);
}
Expand Down Expand Up @@ -258,7 +285,11 @@ impl Config {
.get(&context.user)
.ok_or(ClickError::Kube(ClickErrNo::InvalidUser))?;

let endpoint = reqwest::Url::parse(&cluster.server)?;
let mut endpoint = reqwest::Url::parse(&cluster.server)?;
if cluster.tls_server_name.is_some() {
endpoint.set_host(cluster.tls_server_name.as_deref())?;
}

let ca_certs = match &cluster.cert {
Some(cert) => {
let reqwest_certs = get_reqwest_certs(cert)?;
Expand Down Expand Up @@ -305,12 +336,13 @@ impl Config {
};
}

k8suser.map(|user| {
k8suser.map(|user_auth| {
crate::k8s::Context::new(
context_name,
endpoint,
ca_certs,
Some(user),
Some(user_auth),
user.impersonate_user.clone(),
click_conf.connect_timeout_secs,
click_conf.read_timeout_secs,
)
Expand Down
5 changes: 5 additions & 0 deletions src/config/kubefile.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,8 @@ pub struct ClusterConf {
#[serde(rename = "insecure-skip-tls-verify", default = "default_false")]
pub skip_tls: bool,
pub server: String,
#[serde(rename = "tls-server-name")]
pub tls_server_name: Option<String>,
}

#[derive(Debug, Deserialize)]
Expand Down Expand Up @@ -111,6 +113,9 @@ pub struct UserConf {
pub username: Option<String>,
pub password: Option<String>,

#[serde(rename = "as")]
pub impersonate_user: Option<String>,

#[serde(rename = "auth-provider")]
pub auth_provider: Option<AuthProvider>,

Expand Down
7 changes: 7 additions & 0 deletions src/k8s.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,6 +171,7 @@ pub struct Context {
log_client: RefCell<Client>,
root_cas: Option<Vec<Certificate>>,
auth: RefCell<Option<UserAuth>>,
impersonate_user: Option<String>,
connect_timeout_secs: u32,
read_timeout_secs: u32,
}
Expand All @@ -181,6 +182,7 @@ impl Context {
endpoint: Url,
root_cas: Option<Vec<Certificate>>,
auth: Option<UserAuth>,
impersonate_user: Option<String>,
connect_timeout_secs: u32,
read_timeout_secs: u32,
) -> Context {
Expand All @@ -207,6 +209,7 @@ impl Context {
log_client,
root_cas,
auth: client_auth,
impersonate_user,
connect_timeout_secs,
read_timeout_secs,
}
Expand Down Expand Up @@ -327,6 +330,10 @@ impl Context {
_ => unimplemented!(),
};

let req = match self.impersonate_user.as_ref() {
Some(impersonate_user) => req.header("Impersonate-User", impersonate_user),
None => req,
};
let req = req.headers(parts.headers).body(body);
let req = match &*self.auth.borrow() {
Some(auth) => match auth {
Expand Down

0 comments on commit 898e79b

Please sign in to comment.