CoCalc -- config.go

GitHub Repository: gitpod-io/gitpod
Path: blob/main/dev/preview/previewctl/pkg/k8s/config.go
²⁵⁰¹ views
1
// Copyright (c) 2022 Gitpod GmbH. All rights reserved.
2
// Licensed under the GNU Affero General Public License (AGPL).
3
// See License.AGPL.txt in the project root for license information.
4

5
package k8s
6

7
import (
8
	"context"
9
	"strings"
10

11
	"github.com/cockroachdb/errors"
12
	"github.com/sirupsen/logrus"
13
	authorizationv1 "k8s.io/api/authorization/v1"
14
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
15
	"k8s.io/client-go/dynamic"
16
	"k8s.io/client-go/kubernetes"
17
	"k8s.io/client-go/rest"
18
	"k8s.io/client-go/tools/clientcmd"
19
	"k8s.io/client-go/tools/clientcmd/api"
20
)
21

22
var (
23
	ErrContextNotExists = errors.New("context doesn't exist")
24
)
25

26
type Config struct {
27
	CoreClient    kubernetes.Interface
28
	DynamicClient dynamic.Interface
29

30
	config       *rest.Config
31
	clientConfig *api.Config
32

33
	logger *logrus.Logger
34
}
35

36
func NewWithConfig(logger *logrus.Logger, config *rest.Config) (*Config, error) {
37
	coreClient := kubernetes.NewForConfigOrDie(config)
38
	dynamicClient := dynamic.NewForConfigOrDie(config)
39

40
	return &Config{
41
		CoreClient:    coreClient,
42
		DynamicClient: dynamicClient,
43
		logger:        logger,
44
		config:        config,
45
	}, nil
46
}
47

48
func NewFromDefaultConfigWithContext(logger *logrus.Logger, contextName string) (*Config, error) {
49
	kconf, err := GetKubernetesConfigFromContext(contextName)
50
	if err != nil {
51
		return nil, errors.Wrapf(err, "couldn't get [%s] kube context", contextName)
52
	}
53

54
	coreClient := kubernetes.NewForConfigOrDie(kconf)
55
	dynamicClient := dynamic.NewForConfigOrDie(kconf)
56

57
	clientConfig, err := GetClientConfigFromContext(contextName)
58
	if err != nil {
59
		return nil, err
60
	}
61

62
	return &Config{
63
		CoreClient:    coreClient,
64
		DynamicClient: dynamicClient,
65
		logger:        logger,
66
		config:        kconf,
67
		clientConfig:  clientConfig,
68
	}, nil
69
}
70

71
func GetClientConfigFromContext(context string) (*api.Config, error) {
72
	configLoadingRules := clientcmd.NewDefaultClientConfigLoadingRules()
73
	configOverrides := &clientcmd.ConfigOverrides{CurrentContext: context}
74

75
	config, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(configLoadingRules, configOverrides).RawConfig()
76
	if err != nil {
77
		return nil, err
78
	}
79

80
	if _, ok := config.Contexts[context]; !ok {
81
		return nil, ErrContextNotExists
82
	}
83

84
	return &config, err
85
}
86

87
func GetKubernetesConfigFromContext(context string) (*rest.Config, error) {
88
	configLoadingRules := clientcmd.NewDefaultClientConfigLoadingRules()
89
	configOverrides := &clientcmd.ConfigOverrides{CurrentContext: context}
90

91
	kconf, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(configLoadingRules, configOverrides).ClientConfig()
92
	if err != nil {
93
		if strings.Contains(err.Error(), "does not exist") {
94
			return nil, errors.Mark(err, ErrContextNotExists)
95
		}
96
		return nil, err
97
	}
98

99
	return kconf, err
100
}
101

102
func (c *Config) ClientConfig() *api.Config {
103
	return c.clientConfig
104
}
105

106
func (c *Config) HasAccess(ctx context.Context) bool {
107
	sar := &authorizationv1.SelfSubjectAccessReview{
108
		Spec: authorizationv1.SelfSubjectAccessReviewSpec{
109
			ResourceAttributes: &authorizationv1.ResourceAttributes{
110
				Namespace: "default",
111
				Verb:      "get",
112
				Group:     "secrets",
113
			},
114
		},
115
	}
116

117
	_, err := c.CoreClient.AuthorizationV1().SelfSubjectAccessReviews().Create(ctx, sar, metav1.CreateOptions{})
118
	if err != nil {
119
		c.logger.Error(err)
120
		return false
121
	}
122

123
	return true
124
}
125

126
Product

Resources

Company
