Created
March 25, 2021 06:27
-
-
Save YangKeao/bb94f3e4f4792814bdff87c141e09073 to your computer and use it in GitHub Desktop.
Kubernetes Application OpenID PoC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "context" | |
| "encoding/json" | |
| v1 "k8s.io/api/core/v1" | |
| "k8s.io/apimachinery/pkg/runtime" | |
| "log" | |
| "net/http" | |
| "os" | |
| "github.com/go-chi/chi" | |
| "golang.org/x/oauth2" | |
| "github.com/coreos/go-oidc/v3/oidc" | |
| clientgoscheme "k8s.io/client-go/kubernetes/scheme" | |
| "k8s.io/client-go/rest" | |
| "sigs.k8s.io/controller-runtime/pkg/client" | |
| ) | |
| // Channel is a StreamElements channel | |
| type Channel struct { | |
| ID string `json:"_id"` | |
| Name string `json:"username"` | |
| } | |
| var oauth oauth2.Config | |
| var provider *oidc.Provider | |
| var verifier *oidc.IDTokenVerifier | |
| var httpClient = http.Client{} | |
| func main() { | |
| var err error | |
| provider, err = oidc.NewProvider(context.TODO(), "https://accounts.google.com") | |
| if err != nil { | |
| log.Fatal(err) | |
| } | |
| verifier = provider.Verifier(&oidc.Config{ClientID: os.Getenv("CLIENT_ID")}) | |
| oauth = oauth2.Config{ | |
| ClientID: os.Getenv("CLIENT_ID"), | |
| ClientSecret: os.Getenv("CLIENT_SECRET"), | |
| RedirectURL: os.Getenv("REDIRECT_URI"), | |
| Endpoint: provider.Endpoint(), | |
| Scopes: []string{oidc.ScopeOpenID, "email"}, | |
| } | |
| r := chi.NewRouter() | |
| r.Get("/", handleRedirect) | |
| r.Get("/callback", handleCallback) | |
| log.Fatal(http.ListenAndServe(":3200", r)) | |
| } | |
| func handleRedirect(w http.ResponseWriter, r *http.Request) { | |
| uri := oauth.AuthCodeURL("") | |
| http.Redirect(w, r, uri, http.StatusTemporaryRedirect) | |
| } | |
| func handleCallback(w http.ResponseWriter, r *http.Request) { | |
| oauth2Token, err := oauth.Exchange(context.TODO(), r.URL.Query().Get("code")) | |
| if err != nil { | |
| log.Fatal(err) | |
| } | |
| // Extract the ID Token from OAuth2 token. | |
| rawIDToken, ok := oauth2Token.Extra("id_token").(string) | |
| if !ok { | |
| // handle missing token | |
| } | |
| config := &rest.Config{ | |
| Host: "https://192.168.39.25:8443", | |
| BearerToken: rawIDToken, | |
| } | |
| scheme := runtime.NewScheme() | |
| clientgoscheme.AddToScheme(scheme) | |
| c, err := client.New(config, client.Options{ | |
| Scheme: scheme, | |
| }) | |
| if err != nil { | |
| w.Header().Set("Content-Type", "text") | |
| w.WriteHeader(200) | |
| w.Write([]byte(err.Error())) | |
| return | |
| } | |
| var pods v1.PodList | |
| err = c.List(context.TODO(), &pods, &client.ListOptions{Namespace: "default"}) | |
| if err != nil { | |
| w.Header().Set("Content-Type", "text") | |
| w.WriteHeader(200) | |
| w.Write([]byte(err.Error())) | |
| return | |
| } | |
| output, err := json.Marshal(pods) | |
| if err != nil { | |
| w.Header().Set("Content-Type", "text") | |
| w.WriteHeader(200) | |
| w.Write([]byte(err.Error())) | |
| } else { | |
| w.Header().Set("Content-Type", "application/json") | |
| w.WriteHeader(200) | |
| w.Write(output) | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment