Start implementation focused around ClientBuilder instead of Config

lewisheadden · lewisheadden · commit f55b7623b950 · 2018-02-02T21:04:30.000-05:00
diff --git a/util/src/main/java/io/kubernetes/client/util/ClientBuilder.java b/util/src/main/java/io/kubernetes/client/util/ClientBuilder.java
diff --git a/util/src/main/java/io/kubernetes/client/util/Config.java b/util/src/main/java/io/kubernetes/client/util/Config.java
@@ -13,6 +13,7 @@
 package io.kubernetes.client.util;
 
 import io.kubernetes.client.ApiClient;
+import java.io.ByteArrayInputStream;
 import okio.ByteString;
 import org.apache.log4j.Logger;
 
@@ -121,10 +122,8 @@ public static ApiClient fromConfig(KubeConfig config) {
 
         try {
             KeyManager[] mgrs = SSLUtils.keyManagers(
-                config.getClientCertificateData(),
-                config.getClientCertificateFile(),
-                config.getClientKeyData(),
-                config.getClientKeyFile(),
+                KubeConfig.getDataOrFile(config.getClientCertificateData(), config.getClientCertificateFile()),
+                KubeConfig.getDataOrFile(config.getClientKeyData(), config.getClientKeyFile()),
                 "RSA", "",
                 null, null);
             client.setKeyManagers(mgrs);
@@ -136,14 +135,14 @@ public static ApiClient fromConfig(KubeConfig config) {
             // It's silly to have to do it in this order, but each SSL setup
             // consumes the CA cert, so if we do this before the client certs
             // are injected the cert input stream is exhausted and things get
-            // grumpy'
+            // grumpy
             String caCert = config.getCertificateAuthorityData();
             String caCertFile = config.getCertificateAuthorityFile();
             if (caCert != null || caCertFile != null) {
                 try {
-                    client.setSslCaCert(SSLUtils.getInputStreamFromDataOrFile(caCert, caCertFile));
-                } catch (FileNotFoundException ex) {
-                    log.error("Failed to find CA Cert file", ex);
+                    client.setSslCaCert(new ByteArrayInputStream(KubeConfig.getDataOrFile(caCert, caCertFile)));
+                } catch (IOException ex) {
+                    log.error("Failed to read CA Cert file", ex);
                 }
             }
         } else {
diff --git a/util/src/main/java/io/kubernetes/client/util/KubeConfig.java b/util/src/main/java/io/kubernetes/client/util/KubeConfig.java
@@ -12,7 +12,10 @@
 */
 package io.kubernetes.client.util;
 
+import com.google.common.base.Charsets;
 import io.kubernetes.client.util.authenticators.Authenticator;
+import java.nio.file.Paths;
+import org.apache.commons.codec.binary.Base64;
 import org.apache.log4j.Logger;
 import org.yaml.snakeyaml.Yaml;
 import org.yaml.snakeyaml.constructor.SafeConstructor;
@@ -233,4 +236,15 @@ private static Map<String, Object> findObject(ArrayList<Object> list, String nam
         }
         return null;
     }
+
+    public static byte[] getDataOrFile(final String data, final String file)
+        throws IOException {
+        if(data != null) {
+            return Base64.decodeBase64(data);
+        }
+        if(file != null) {
+            return Files.readAllBytes(Paths.get(file));
+        }
+        return null;
+    }
 }
diff --git a/util/src/main/java/io/kubernetes/client/util/SSLUtils.java b/util/src/main/java/io/kubernetes/client/util/SSLUtils.java
@@ -53,14 +53,13 @@ public static boolean isNotNullOrEmpty(String val) {
         return val != null && val.length() > 0;
     }
 
-    public static KeyManager[] keyManagers(String certData, String certFile, String keyData, String keyFile,
+    public static KeyManager[] keyManagers(byte[] certData, byte[] keyData,
             String algo, String passphrase, String keyStoreFile, String keyStorePassphrase)
             throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, CertificateException,
             InvalidKeySpecException, IOException {
         KeyManager[] keyManagers = null;
-        if ((isNotNullOrEmpty(certData) || isNotNullOrEmpty(certFile))
-                && (isNotNullOrEmpty(keyData) || isNotNullOrEmpty(keyFile))) {
-            KeyStore keyStore = createKeyStore(certData, certFile, keyData, keyFile, algo, passphrase, keyStoreFile,
+        if (certData != null && keyData != null) {
+            KeyStore keyStore = createKeyStore(certData, keyData, algo, passphrase, keyStoreFile,
                     keyStorePassphrase);
             KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
             kmf.init(keyStore, passphrase.toCharArray());
@@ -69,12 +68,11 @@ public static KeyManager[] keyManagers(String certData, String certFile, String
         return keyManagers;
     }
 
-    public static KeyStore createKeyStore(String clientCertData, String clientCertFile, String clientKeyData,
-            String clientKeyFile, String clientKeyAlgo, String clientKeyPassphrase, String keyStoreFile,
-            String keyStorePassphrase) throws IOException, CertificateException, NoSuchAlgorithmException,
-            InvalidKeySpecException, KeyStoreException {
-        try (InputStream certInputStream = getInputStreamFromDataOrFile(clientCertData, clientCertFile);
-                InputStream keyInputStream = getInputStreamFromDataOrFile(clientKeyData, clientKeyFile)) {
+    public static KeyStore createKeyStore(byte[] clientCertData, byte[] clientKeyData, String clientKeyAlgo,
+        String clientKeyPassphrase, String keyStoreFile, String keyStorePassphrase) throws IOException,
+        CertificateException, NoSuchAlgorithmException, InvalidKeySpecException, KeyStoreException {
+        try (InputStream certInputStream = new ByteArrayInputStream(clientCertData);
+             InputStream keyInputStream = new ByteArrayInputStream(clientKeyData)) {
             return createKeyStore(certInputStream, keyInputStream, clientKeyAlgo,
                     clientKeyPassphrase != null ? clientKeyPassphrase.toCharArray() : null,
                     keyStoreFile, getKeyStorePassphrase(keyStorePassphrase));
@@ -264,18 +262,6 @@ private static boolean loadDefaultStoreFile(KeyStore keyStore, File fileToLoad,
         return false;
     }
 
-    public static InputStream getInputStreamFromDataOrFile(String data, String file) throws FileNotFoundException {
-        if (data != null) {
-            byte[] bytes = Base64.decodeBase64(data);
-            // TODO handle non-base64 here?
-            return new ByteArrayInputStream(bytes);
-        }
-        if (file != null) {
-            return new FileInputStream(file);
-        }
-        return null;
-    }
-
   private static char[] getKeyStorePassphrase(String keyStorePassphrase) {
     if (keyStorePassphrase == null || keyStorePassphrase.length() == 0) {
       return System.getProperty("javax.net.ssl.keyStorePassword", "changeit").toCharArray();
diff --git a/util/src/main/java/io/kubernetes/client/util/credentials/AccessTokenCredentialProvider.java b/util/src/main/java/io/kubernetes/client/util/credentials/AccessTokenCredentialProvider.java
@@ -0,0 +1,16 @@
+package io.kubernetes.client.util.credentials;
+
+import io.kubernetes.client.ApiClient;
+
+public class AccessTokenCredentialProvider implements CredentialProvider {
+  private String token;
+
+  public AccessTokenCredentialProvider(final String token) {
+    this.token = token;
+  }
+
+  @Override public void provide(ApiClient client) {
+    client.setApiKeyPrefix("Bearer");
+    client.setApiKey(token);
+  }
+}
diff --git a/util/src/main/java/io/kubernetes/client/util/credentials/ClientCertificateCredentialProvider.java b/util/src/main/java/io/kubernetes/client/util/credentials/ClientCertificateCredentialProvider.java
@@ -0,0 +1,34 @@
+package io.kubernetes.client.util.credentials;
+
+import io.kubernetes.client.ApiClient;
+import io.kubernetes.client.util.SSLUtils;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.security.spec.InvalidKeySpecException;
+import javax.net.ssl.KeyManager;
+import org.apache.log4j.Logger;
+
+public class ClientCertificateCredentialProvider implements CredentialProvider {
+  private static final Logger log = Logger.getLogger(ClientCertificateCredentialProvider.class);
+  private final byte[] certificate;
+  private final byte[] key;
+
+  public ClientCertificateCredentialProvider(final byte[] certificate, final byte[] key) {
+    this.certificate = certificate;
+    this.key = key;
+  }
+
+  @Override public void provide(ApiClient client) {
+    try {
+      final KeyManager[] keyManagers =
+          SSLUtils.keyManagers(certificate, key, "RSA", "", null, null);
+      client.setKeyManagers(keyManagers);
+    } catch (NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException | KeyStoreException | InvalidKeySpecException | IOException e) {
+      log.warn("Could not create key manager for Client Certificate authentication.", e);
+    }
+  }
+}
diff --git a/util/src/main/java/io/kubernetes/client/util/credentials/CredentialProvider.java b/util/src/main/java/io/kubernetes/client/util/credentials/CredentialProvider.java
@@ -0,0 +1,9 @@
+package io.kubernetes.client.util.credentials;
+
+import io.kubernetes.client.ApiClient;
+
+public interface CredentialProvider {
+
+  void provide(ApiClient client);
+
+}
diff --git a/util/src/main/java/io/kubernetes/client/util/credentials/KubeconfigCredentialProvider.java b/util/src/main/java/io/kubernetes/client/util/credentials/KubeconfigCredentialProvider.java
@@ -0,0 +1,36 @@
+package io.kubernetes.client.util.credentials;
+
+import io.kubernetes.client.ApiClient;
+import io.kubernetes.client.util.KubeConfig;
+import java.io.IOException;
+
+public class KubeconfigCredentialProvider implements CredentialProvider {
+
+  private final String username;
+  private final String password;
+  private final String token;
+  private final byte[] clientCert;
+  private final byte[] clientKey;
+
+  public KubeconfigCredentialProvider(final KubeConfig config) throws IOException {
+    this.clientCert = KubeConfig.getDataOrFile(config.getClientCertificateData(), config.getClientCertificateFile());
+    this.clientKey = KubeConfig.getDataOrFile(config.getClientKeyData(), config.getClientKeyFile());
+    this.username = config.getUsername();
+    this.password = config.getPassword();
+    this.token = config.getAccessToken();
+  }
+
+  @Override public void provide(ApiClient client) {
+    if(clientCert != null && clientKey != null) {
+      new ClientCertificateCredentialProvider(clientCert, clientKey);
+    }
+
+    if(username != null && password != null) {
+      new UsernamePasswordCredentialProvider(username, password).provide(client);
+    }
+
+    if(token != null) {
+      new AccessTokenCredentialProvider(token).provide(client);
+    }
+  }
+}
diff --git a/util/src/main/java/io/kubernetes/client/util/credentials/UsernamePasswordCredentialProvider.java b/util/src/main/java/io/kubernetes/client/util/credentials/UsernamePasswordCredentialProvider.java
@@ -0,0 +1,21 @@
+package io.kubernetes.client.util.credentials;
+
+import io.kubernetes.client.ApiClient;
+import java.nio.charset.Charset;
+import okio.ByteString;
+
+public class UsernamePasswordCredentialProvider implements CredentialProvider {
+  private final String username;
+  private final String password;
+
+  public UsernamePasswordCredentialProvider(final String username, final String password) {
+    this.username = username;
+    this.password = password;
+  }
+
+  @Override public void provide(ApiClient client) {
+    final String usernameAndPassword = username + ":" + password;
+    client.setApiKeyPrefix("Basic");
+    client.setApiKey(ByteString.of(usernameAndPassword.getBytes(Charset.forName("ISO-8859-1"))).base64());
+  }
+}
diff --git a/util/src/test/java/io/kubernetes/client/util/ClientBuilderTest.java b/util/src/test/java/io/kubernetes/client/util/ClientBuilderTest.java
diff --git a/util/src/test/resources/.kube/config b/util/src/test/resources/.kube/config
diff --git a/util/src/test/resources/kubeconfig b/util/src/test/resources/kubeconfig
