Untitled

avatar
unknown
plain_text
2 months ago
3.0 kB
5
Indexable
// GetClient returns a KubeClient instance
func (f *KubeClientFactory) GetClient(config ClientConfig) (KubeClient, error) {
    var kubeconfigPath string

    // For testing environment
    if config.ClusterID == "default" {
        kubeconfigPath = filepath.Join(f.kubeconfigBasePath, "kubeconfig")
    } else {
        kubeconfigPath = filepath.Join(f.kubeconfigBasePath, config.TenantID, config.ClusterID, "kubeconfig")
    }

    // Load the kubeconfig file
    kubeConfig, err := clientcmd.BuildConfigFromFlags("", kubeconfigPath)
    if err != nil {
        return nil, fmt.Errorf("failed to load kubeconfig: %w", err)
    }

    // Try to get token from environment first
    if token := os.Getenv("KUBE_TOKEN"); token != "" {
        kubeConfig.BearerToken = token
    } else if token := os.Getenv("RUNAI_TOKEN"); token != "" {
        kubeConfig.BearerToken = token
    } else {
        // Load raw kubeconfig to access auth provider config
        raw, err := clientcmd.LoadFromFile(kubeconfigPath)
        if err != nil {
            return nil, fmt.Errorf("failed to load raw kubeconfig: %w", err)
        }

        // Get current context and user
        currentContext := raw.CurrentContext
        context := raw.Contexts[currentContext]
        if context == nil {
            return nil, fmt.Errorf("current context not found: %s", currentContext)
        }

        authInfo := raw.AuthInfos[context.AuthInfo]
        if authInfo == nil {
            return nil, fmt.Errorf("auth info not found for user: %s", context.AuthInfo)
        }

        // Handle OIDC authentication
        if authInfo.AuthProvider != nil && authInfo.AuthProvider.Name == "oidc" {
            if authInfo.AuthProvider.Config != nil {
                // Try id-token first
                if idToken, exists := authInfo.AuthProvider.Config["id-token"]; exists && idToken != "" {
                    kubeConfig.BearerToken = idToken
                } else if refreshToken, exists := authInfo.AuthProvider.Config["refresh-token"]; exists && refreshToken != "" {
                    // TODO: Implement refresh token logic here if needed
                    return nil, fmt.Errorf("token refresh required but not implemented")
                }
            }
        } else if authInfo.Token != "" {
            // Fall back to static token if present
            kubeConfig.BearerToken = authInfo.Token
        }
    }

    // Ensure we have a token
    if kubeConfig.BearerToken == "" {
        return nil, fmt.Errorf("no valid authentication token found")
    }

    // Create the clientset
    clientset, err := kubernetes.NewForConfig(kubeConfig)
    if err != nil {
        return nil, fmt.Errorf("failed to create clientset: %w", err)
    }

    // Create dynamic client
    dynamicClient, err := dynamic.NewForConfig(kubeConfig)
    if err != nil {
        return nil, fmt.Errorf("failed to create dynamic client: %w", err)
    }

    return NewKubeClientImpl(clientset, dynamicClient, &config), nil
}
Editor is loading...
Leave a Comment