Merge pull request #37 from brendandburns/plugins

Add an authenticator interface and implementation.

Author: brendandburns

util/src/main/java/io/kubernetes/client/util/KubeConfig.java

@@ -22,11 +22,14 @@
 import java.nio.file.FileSystems;
 import java.util.ArrayList;
 import java.util.Date;
+import java.util.HashMap;
 import java.util.Map;
 
 import org.yaml.snakeyaml.Yaml;
 import org.yaml.snakeyaml.constructor.SafeConstructor;
 
+import io.kubernetes.client.util.authenticators.Authenticator;
+
 /**
  * KubeConfig represents a kubernetes client configuration
  */
@@ -35,6 +38,7 @@ public class KubeConfig {
     public static final String ENV_HOME = "HOME";
     public static final String KUBEDIR = ".kube";
     public static final String KUBECONFIG = "config";
+    private static Map<String, Authenticator> authenticators = new HashMap<>();
 
     // Note to the reader: I considered creating a Config object
     // and parsing into that instead of using Maps, but honestly
@@ -47,6 +51,12 @@ public class KubeConfig {
     Map<String, Object> currentCluster;
     Map<String, Object> currentUser;
 
+    public static void registerAuthenticator(Authenticator auth) {
+        synchronized (authenticators) {
+            authenticators.put(auth.getName(), auth);
+        }
+    }
+
     /**
      * Load a Kubernetes config from the default location
      */
@@ -154,19 +164,21 @@ public String getAccessToken() {
         if (currentUser == null) {
             return null;
         } 
+        
         Object authProvider = currentUser.get("auth-provider");
-        if (authProvider != null) {
-            Map<String, Object> authProviderMap = (Map<String, Object>) authProvider;
+        if (authProvider != null) {            Map<String, Object> authProviderMap = (Map<String, Object>) authProvider;
             Map<String, Object> authConfig = (Map<String, Object>) authProviderMap.get("config");
             if (authConfig != null) {
-                Date expiry = (Date) authConfig.get("expiry");
-                if (expiry != null) {
-                    if (expiry.compareTo(new Date()) <= 0) {
-                        // TODO: Generate new token here...
-                        throw new IllegalStateException("Token is expired!");
+                String name = (String) authProviderMap.get("name");
+                Authenticator auth = authenticators.get(name);
+                System.out.println(auth + " for " + name);                
+                if (auth != null) {
+                    if (auth.isExpired(authConfig)) {
+                        authConfig = auth.refresh(authConfig);
+                        // TODO persist things here.
                     }
+                    return auth.getToken(authConfig);
                 }
-                return (String) authConfig.get("access-token");
             }
         }
         if (currentUser.containsKey("token")) {

util/src/main/java/io/kubernetes/client/util/authenticators/Authenticator.java

@@ -0,0 +1,44 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package io.kubernetes.client.util.authenticators;
+
+import java.util.Map;
+
+/**
+ * The Authenticator interface represents a plugin that can handle
+ * a specific type of authentication information (e.g. 'gcp')
+ */
+public interface Authenticator {
+    /**
+     * Return the name of this authenticator, this should be the
+     * value that is also in a kubeconfig file.
+     */
+    public String getName();
+
+    /**
+     * Get a token from this authenticator.
+     * @param config The configuration information for this authenticator
+     * @returns The new token, null of no such token can be found/generated
+     */
+    public String getToken(Map<String, Object> config);
+
+    /**
+     * Determine if this config is expired
+     */
+    public boolean isExpired(Map<String, Object> config);
+
+    /**
+     * Refresh an expired token with a new fresh one.
+     */
+    public Map<String, Object> refresh(Map<String, Object> config);
+}

util/src/main/java/io/kubernetes/client/util/authenticators/GCPAuthenticator.java

@@ -0,0 +1,51 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package io.kubernetes.client.util.authenticators;
+
+import java.util.Date;
+import java.util.Map;
+
+import io.kubernetes.client.util.KubeConfig;
+
+/**
+ * The Authenticator interface represents a plugin that can handle
+ * a specific type of authentication information (e.g. 'gcp')
+ */
+public class GCPAuthenticator implements Authenticator {
+    static {
+        KubeConfig.registerAuthenticator(new GCPAuthenticator());
+    }
+    @Override
+    public String getName() {
+        return "gcp";
+    }
+
+    @Override
+    public String getToken(Map<String, Object> config) {
+        return (String) config.get("access-token");
+    }
+
+    @Override
+    public boolean isExpired(Map<String, Object> config) {
+        Date expiry = (Date) config.get("expiry");
+        if (expiry != null && expiry.compareTo(new Date()) <= 0) {
+            return true;
+        }
+        return false;
+    }
+
+    @Override
+    public Map<String, Object> refresh(Map<String, Object> config) {
+        throw new IllegalStateException("Unimplemented");
+    }
+}

util/src/test/java/io/kuberentes/client/util/KubeConfigTest.java

@@ -14,8 +14,10 @@
 
 import com.google.common.io.ByteStreams;
 import io.kubernetes.client.ApiClient;
+import io.kubernetes.client.util.authenticators.GCPAuthenticator;
 
 import java.io.File;
+import java.io.FileReader;
 import java.io.FileWriter;
 import java.io.IOException;
 import java.io.StringReader;
@@ -72,4 +74,43 @@ public void testTokenFile() throws IOException {
         KubeConfig config = KubeConfig.loadKubeConfig(new StringReader(replace));
         assertEquals(config.getAccessToken(), token);
     }
-}
+
+    public static String GCP_CONFIG = 
+        "apiVersion: v1\n" +
+        "contexts:\n" + 
+        "- context:\n" +
+        "    user: gke-cluster\n" + 
+        "  name: foo-context\n" +
+        "current-context: foo-context\n" +
+        "users:\n" +
+        "- name: gke-cluster\n" +
+        "  user:\n" +
+        "    auth-provider:\n" +
+        "      config:\n" +
+        "        access-token: fake-token\n" +
+        "        cmd-args: config config-helper --format=json\n" +
+        "        cmd-path: /usr/lib/google-cloud-sdk/bin/gcloud\n" +
+        "        expiry: 2117-06-22T18:27:02Z\n" +
+        "        expiry-key: '{.credential.token_expiry}'\n" +
+        "        token-key: '{.credential.access_token}'\n" +
+        "      name: gcp\n";
+
+    @Test
+    public void testGCPAuthProvider() {
+        KubeConfig.registerAuthenticator(new GCPAuthenticator());
+
+        try {
+            File config = folder.newFile("config");
+            FileWriter writer = new FileWriter(config);
+            writer.write(GCP_CONFIG);
+            writer.flush();
+            writer.close();
+
+            KubeConfig kc = KubeConfig.loadKubeConfig(new FileReader(config));
+            assertEquals("fake-token", kc.getAccessToken());
+        } catch (Exception ex) {
+            ex.printStackTrace();
+            fail("Unexpected exception: " + ex);
+        }
+    }
+}