mirror of
https://github.com/Azure/k8s-set-context.git
synced 2026-06-29 02:39:27 +08:00
changed action for arc cluster to use az connectedk8s proxy
This commit is contained in:
Atharva Mulmuley
+45
-42
@@ -12,6 +12,10 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
||||
const core = require("@actions/core");
|
||||
const client_1 = require("./client");
|
||||
const querystring = require("querystring");
|
||||
const az_login = require("./main");
|
||||
const path = require("path");
|
||||
const child_process_1 = require("child_process");
|
||||
const fs = require("fs");
|
||||
function getAzureAccessToken(servicePrincipalId, servicePrincipalKey, tenantId, authorityUrl, managementEndpointUrl) {
|
||||
return __awaiter(this, void 0, void 0, function* () {
|
||||
if (!servicePrincipalId || !servicePrincipalKey || !tenantId || !authorityUrl) {
|
||||
@@ -52,51 +56,47 @@ function getAzureAccessToken(servicePrincipalId, servicePrincipalKey, tenantId,
|
||||
function getArcKubeconfig() {
|
||||
return __awaiter(this, void 0, void 0, function* () {
|
||||
try {
|
||||
let creds = core.getInput('creds');
|
||||
let credsObject;
|
||||
try {
|
||||
credsObject = JSON.parse(creds);
|
||||
let method = core.getInput('method');
|
||||
if (method != 'service-account' && method != 'spn') {
|
||||
throw Error("Supported methods for arc cluster are 'service-account' and 'spn'.");
|
||||
}
|
||||
catch (ex) {
|
||||
throw new Error('Credentials object is not a valid JSON: ' + ex);
|
||||
}
|
||||
let servicePrincipalId = credsObject["clientId"];
|
||||
let servicePrincipalKey = credsObject["clientSecret"];
|
||||
let tenantId = credsObject["tenantId"];
|
||||
let authorityUrl = credsObject["activeDirectoryEndpointUrl"] || "https://login.microsoftonline.com";
|
||||
let managementEndpointUrl = credsObject["resourceManagerEndpointUrl"] || "https://management.azure.com/";
|
||||
let subscriptionId = credsObject["subscriptionId"];
|
||||
let azureSessionToken = yield getAzureAccessToken(servicePrincipalId, servicePrincipalKey, tenantId, authorityUrl, managementEndpointUrl).catch(ex => {
|
||||
throw new Error('Could not fetch the azure access token: ' + ex);
|
||||
});
|
||||
let resourceGroupName = core.getInput('resource-group');
|
||||
let clusterName = core.getInput('cluster-name');
|
||||
let saToken = core.getInput('token');
|
||||
return new Promise((resolve, reject) => {
|
||||
var webRequest = new client_1.WebRequest();
|
||||
webRequest.method = 'POST';
|
||||
webRequest.uri = `${managementEndpointUrl}/subscriptions/${subscriptionId}/resourceGroups/${resourceGroupName}/providers/Microsoft.Kubernetes/connectedClusters/${clusterName}/listClusterUserCredentials?api-version=2020-01-01-preview`;
|
||||
webRequest.headers = {
|
||||
'Authorization': 'Bearer ' + azureSessionToken,
|
||||
'Content-Type': 'application/json; charset=utf-8'
|
||||
};
|
||||
webRequest.body = JSON.stringify({
|
||||
authenticationMethod: "Token",
|
||||
value: {
|
||||
token: saToken
|
||||
}
|
||||
});
|
||||
client_1.sendRequest(webRequest).then((response) => {
|
||||
let kubeconfigs = response.body.kubeconfigs;
|
||||
if (kubeconfigs && kubeconfigs.length > 0) {
|
||||
var kubeconfig = Buffer.from(kubeconfigs[0].value, 'base64');
|
||||
resolve(kubeconfig.toString());
|
||||
}
|
||||
else {
|
||||
reject(JSON.stringify(response.body));
|
||||
}
|
||||
}).catch(reject);
|
||||
});
|
||||
if (!resourceGroupName) {
|
||||
throw Error("'resourceGroupName' is not passed for arc cluster.");
|
||||
}
|
||||
if (!clusterName) {
|
||||
throw Error("'clusterName' is not passed for arc cluster.");
|
||||
}
|
||||
yield az_login.main();
|
||||
yield az_login.executeAzCliCommand(`account show`, false);
|
||||
yield az_login.executeAzCliCommand(`extension add -n connectedk8s`, false);
|
||||
yield az_login.executeAzCliCommand(`extension list`, false);
|
||||
const runnerTempDirectory = process.env['RUNNER_TEMP']; // Using process.env until the core libs are updated
|
||||
const kubeconfigPath = path.join(runnerTempDirectory, `kubeconfig_${Date.now()}`);
|
||||
if (method == 'service-account') {
|
||||
let saToken = core.getInput('token');
|
||||
if (!saToken) {
|
||||
throw Error("'saToken' is not passed for 'service-account' method.");
|
||||
}
|
||||
console.log('using service account method for authenticating to arc cluster.');
|
||||
child_process_1.spawn('az', ['connectedk8s', 'proxy', '-n', clusterName, '-g', resourceGroupName, '-f', kubeconfigPath, '--token', saToken], {
|
||||
detached: true,
|
||||
stdio: 'ignore'
|
||||
}).unref();
|
||||
}
|
||||
else {
|
||||
console.log('using spn method for authenticating to arc cluster.');
|
||||
child_process_1.spawn('az', ['connectedk8s', 'proxy', '-n', clusterName, '-g', resourceGroupName, '-f', kubeconfigPath], {
|
||||
detached: true,
|
||||
stdio: 'ignore'
|
||||
}).unref();
|
||||
}
|
||||
console.log('started proxy');
|
||||
yield sleep(120000); //sleeping for a minute to allow kubeconfig to be merged
|
||||
fs.chmodSync(kubeconfigPath, '600');
|
||||
core.exportVariable('KUBECONFIG', kubeconfigPath);
|
||||
console.log('KUBECONFIG environment variable is set');
|
||||
}
|
||||
catch (ex) {
|
||||
return Promise.reject(ex);
|
||||
@@ -104,3 +104,6 @@ function getArcKubeconfig() {
|
||||
});
|
||||
}
|
||||
exports.getArcKubeconfig = getArcKubeconfig;
|
||||
function sleep(ms) {
|
||||
return new Promise(resolve => setTimeout(resolve, ms));
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user