anroots · May 31, 2018 07:40
diff --git a/openshift-username-auth.py b/openshift-username-auth.py
 # Example on how to use openshift-restclient-python
 # (https://github.com/openshift/openshift-restclient-python)
 # without having a local ~/.kube/config file - all params
 # are in Python code.
 #
 # We needed a way to connect to an Openshift3 cluster from Python,
 # without external dependencies (config file), but couldn't find
 # a way to do this (to get a token using username/password) from the library documentation.
 #
 # Note #1: Logout is not implemented, the token stays valid
 #          after the code executes (default time 24h?)
 #
 # Note #2: It would be Epic, if the library implemented/documented
 #          a way to request a new token with user/pass using native library methods,
 #          unfortunately, as of now, it's not possible/well documented.
 #
 # Ando Roots <[email protected]> 2018

 from openshift.client import ApiClient, Configuration
 from openshift.dynamic import DynamicClient
 import requests
 from requests.auth import HTTPBasicAuth
 import urlparse
 import sys

 # Openshift cluster connection settings
 # Refactor this however you need - for example, use an environment
 # variable to insert the password
 config = Configuration()
 config.host = 'https://os3-cluster.atlantis:8443'
 config.username = 'rodney.mckay'
 config.password = 'cartermckay'
 config.ssl_ca_cert = '/etc/ssl/ca/atlantis.crt'

 try:
    # Request a new access token
    token_response = requests.get(
        '%s/oauth/authorize' % config.host,
        allow_redirects=False,
        verify=config.ssl_ca_cert,
        auth=HTTPBasicAuth(config.username, config.password),
        params={'client_id': 'openshift-challenging-client', 'response_type': 'token'},
        headers={'X-CSRF-Token': 'x'}
    )

 except requests.exceptions.ConnectionError as e:
    print("Unable to connect to OS3 cluster at %s: %s", (config.host, str(e)))
    sys.exit(1)

 if token_response.status_code != 302:
    print("Failed to get a Token from OS3: HTTP %s" % token_response.status_code)
    sys.exit(1)

 # Extract received token from Location header Fragment
 parsed = urlparse.urlparse(token_response.headers.get('Location'))
 token = urlparse.parse_qs(parsed.fragment).get('access_token', []).pop()

 # Set received token to OS3 library Config - we are now authenticated
 config.api_key_prefix['authorization'] = 'Bearer'
 config.api_key['authorization'] = token

 client = ApiClient(configuration=config)
 dyn_client = DynamicClient(client)

 # Do whatever OS3 queries you want, using the library
 v1_projects = dyn_client.resources.get(api_version='v1', kind='Project')
 print(v1_projects.get())
	# Example on how to use openshift-restclient-python
	# (https://github.com/openshift/openshift-restclient-python)
	# without having a local ~/.kube/config file - all params
	# are in Python code.
	#
	# We needed a way to connect to an Openshift3 cluster from Python,
	# without external dependencies (config file), but couldn't find
	# a way to do this (to get a token using username/password) from the library documentation.
	#
	# Note #1: Logout is not implemented, the token stays valid
	# after the code executes (default time 24h?)
	#
	# Note #2: It would be Epic, if the library implemented/documented
	# a way to request a new token with user/pass using native library methods,
	# unfortunately, as of now, it's not possible/well documented.
	#
	# Ando Roots <[email protected]> 2018

	from openshift.client import ApiClient, Configuration
	from openshift.dynamic import DynamicClient
	import requests
	from requests.auth import HTTPBasicAuth
	import urlparse
	import sys

	# Openshift cluster connection settings
	# Refactor this however you need - for example, use an environment
	# variable to insert the password
	config = Configuration()
	config.host = 'https://os3-cluster.atlantis:8443'
	config.username = 'rodney.mckay'
	config.password = 'cartermckay'
	config.ssl_ca_cert = '/etc/ssl/ca/atlantis.crt'

	try:
	# Request a new access token
	token_response = requests.get(
	'%s/oauth/authorize' % config.host,
	allow_redirects=False,
	verify=config.ssl_ca_cert,
	auth=HTTPBasicAuth(config.username, config.password),
	params={'client_id': 'openshift-challenging-client', 'response_type': 'token'},
	headers={'X-CSRF-Token': 'x'}
	)

	except requests.exceptions.ConnectionError as e:
	print("Unable to connect to OS3 cluster at %s: %s", (config.host, str(e)))
	sys.exit(1)

	if token_response.status_code != 302:
	print("Failed to get a Token from OS3: HTTP %s" % token_response.status_code)
	sys.exit(1)

	# Extract received token from Location header Fragment
	parsed = urlparse.urlparse(token_response.headers.get('Location'))
	token = urlparse.parse_qs(parsed.fragment).get('access_token', []).pop()

	# Set received token to OS3 library Config - we are now authenticated
	config.api_key_prefix['authorization'] = 'Bearer'
	config.api_key['authorization'] = token

	client = ApiClient(configuration=config)
	dyn_client = DynamicClient(client)

	# Do whatever OS3 queries you want, using the library
	v1_projects = dyn_client.resources.get(api_version='v1', kind='Project')
	print(v1_projects.get())