aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat(cli): Add token authentication support for connect kube helper

Browse Source
pull/6333/head
Kaldei 1 month ago committed by Kaldei
parent 0b6530b8b6
commit 5796ffd3e9
No known key found for this signature in database
2 changed files with 22 additions and 4 deletions
Show Stats Download Patch File Download Diff File

3
internal/cmd/commands/connect/connect.go
Unescape View File

@ -796,13 +796,14 @@ func (c *Command) handleExec(clientProxy *apiproxy.ClientProxy, passthroughArgs
creds = sshCreds
case "kube":
kubeArgs, err := c.kubeFlags.buildArgs(c, port, host, addr)
kubeArgs, kubeCreds, err := c.kubeFlags.buildArgs(c, port, host, addr, creds)
if err != nil {
c.PrintCliError(fmt.Errorf("Error parsing session args: %w", err))
c.execCmdReturnValue.Store(int32(3))
return
}
args = append(args, kubeArgs...)
creds = kubeCreds
}
if argsErr != nil {

23
internal/cmd/commands/connect/kube.go
Unescape View File

@ -8,6 +8,7 @@ import (
"net/url"
"strings"
"github.com/hashicorp/boundary/api/proxy"
"github.com/hashicorp/boundary/internal/cmd/base"
"github.com/posener/complete"
)
@ -56,17 +57,29 @@ func (f *kubeFlags) defaultExec() string {
return strings.ToLower(f.flagKubeStyle)
}
func (f *kubeFlags) buildArgs(c *Command, port, ip, addr string) ([]string, error) {
func (f *kubeFlags) buildArgs(c *Command, port, ip, addr string, creds proxy.Credentials) ([]string, proxy.Credentials, error) {
var args []string
var saToken string
host := f.flagKubeHost
if host == "" && c.sessInfo.Endpoint != "" {
hostUrl := c.sessInfo.Endpoint
u, err := url.Parse(hostUrl)
if err != nil {
return nil, fmt.Errorf("error parsing endpoint URL: %w", err)
return nil, creds, fmt.Errorf("error parsing endpoint URL: %w", err)
}
host = u.Hostname()
}
retCreds := creds
if len(retCreds.Password) > 0 {
// Mark credential as consumed so that it is not printed to user
retCreds.Password[0].Consumed = true
// Grab the first username password credential brokered
saToken = retCreds.Password[0].Password
}
switch f.flagKubeStyle {
case "kubectl":
if host != "" && f.flagKubeScheme == "https" {
@ -74,6 +87,10 @@ func (f *kubeFlags) buildArgs(c *Command, port, ip, addr string) ([]string, erro
args = append(args, "--tls-server-name", host)
}
args = append(args, "--server", fmt.Sprintf("%s://%s", f.flagKubeScheme, addr))
if saToken != "" {
args = append(args, "--token", saToken)
}
}
return args, nil
return args, retCreds, nil
}

Write Preview
Loading…
Cancel
Save