69 lines
1.7 KiB
Go
69 lines
1.7 KiB
Go
package cmd
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
|
|
"github.com/spf13/cobra"
|
|
)
|
|
|
|
func newCredentialCmd() *cobra.Command {
|
|
var (
|
|
server string
|
|
noKerberos bool
|
|
noCache bool
|
|
debugFlag bool
|
|
)
|
|
|
|
cmd := &cobra.Command{
|
|
Use: "credential",
|
|
Short: "kubectl exec credential plugin — serve a cached ExecCredential to kubectl",
|
|
Long: `Acts as a kubectl exec credential plugin. Returns a cached ExecCredential
|
|
JSON to kubectl. On a cache miss, silently attempts Kerberos SPNEGO; if that
|
|
also fails, exits with an error directing the user to run 'ward login'.
|
|
|
|
Run 'ward login' once to authenticate and populate the cache. After that,
|
|
kubectl works silently until the credential expires.
|
|
|
|
Debug output goes to stderr (kubectl surfaces this to the terminal):
|
|
|
|
WARD_DEBUG=1 kubectl get nodes`,
|
|
RunE: func(cmd *cobra.Command, args []string) error {
|
|
if server == "" {
|
|
return fmt.Errorf("--server is required")
|
|
}
|
|
|
|
server = normalizeServer(server)
|
|
|
|
logf := func(format string, a ...any) {
|
|
if debugFlag {
|
|
fmt.Fprintf(os.Stderr, "[ward] "+format+"\n", a...)
|
|
}
|
|
}
|
|
|
|
if !noCache {
|
|
if ec, ok := credReadCache(server, logf); ok {
|
|
return credPrint(ec)
|
|
}
|
|
}
|
|
|
|
ec, err := credFetch(server, noKerberos, logf)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if !noCache {
|
|
credWriteCache(server, ec, logf)
|
|
}
|
|
return credPrint(ec)
|
|
},
|
|
}
|
|
|
|
cmd.Flags().StringVar(&server, "server", "", "ward server URL (required)")
|
|
cmd.Flags().BoolVar(&noKerberos, "no-kerberos", false, "skip Kerberos SPNEGO")
|
|
cmd.Flags().BoolVar(&noCache, "no-cache", false, "bypass local cache; always fetch a fresh credential")
|
|
cmd.Flags().BoolVar(&debugFlag, "debug", os.Getenv("WARD_DEBUG") != "", "verbose debug output to stderr (also: $WARD_DEBUG=1)")
|
|
|
|
return cmd
|
|
}
|