peteristhegreat · April 8, 2020 17:23
diff --git a/Readme.md b/Readme.md
diff --git a/kuber_utils.jl b/kuber_utils.jl
 # # usage from inside a K8S docker container that has julia and has Kuber.jl added to the Project
 #
 # include("kuber_utils.jl")
 # ctx = my_get_kuber_context()
 # collect(item.metadata.name for item in (get(ctx, :Pod)).items)

 using MbedTLS
 using Kuber
 #using JSON
 using Base64

 config_dict = Dict{String,Any}(
 	"uri" => "https://kubernetes.default:443",
 	"namespace" => "/var/run/secrets/kubernetes.io/serviceaccount/namespace",
 	"auth" => Dict{String,Any}(
 		"token" => "/var/run/secrets/kubernetes.io/serviceaccount/token",
 		"certificate-authority-data" => "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt",
 		"type" => "token"
 		)
 	)
 function get_tls_config(;verify=true, cacrt=nothing, clientcrt=nothing, clientkey=nothing)
    conf = MbedTLS.SSLConfig()
    MbedTLS.config_defaults!(conf)
    entropy = MbedTLS.Entropy()
    rng = MbedTLS.CtrDrbg()
    MbedTLS.seed!(rng, entropy)
    MbedTLS.rng!(conf, rng)
    MbedTLS.authmode!(conf, verify ? MbedTLS.MBEDTLS_SSL_VERIFY_REQUIRED : MbedTLS.MBEDTLS_SSL_VERIFY_NONE)
    MbedTLS.dbg!(conf, MbedTLS.tls_dbg)
    #MbedTLS.set_dbg_level(MbedTLS.DebugThreshold(4))
    (cacrt === nothing) || MbedTLS.ca_chain!(conf, cacrt)
    (clientcrt === nothing) || (clientkey === nothing) || MbedTLS.own_cert!(conf, clientcrt, clientkey)
    conf
 end
 function get_auth_config(auth_cfg::Dict{String,Any} = config_dict["auth"])
    authtype = get(auth_cfg, "type", "none")
    kwargs = Dict{Symbol,Any}()
    #info("Auth type: ", authtype)
    if authtype != "none"
        tlsconf = Dict{Symbol,Any}()
 	if haskey(auth_cfg, "certificate-authority-data")
 	   val = auth_cfg["certificate-authority-data"]
 	   if isfile(val)
 	       tlsconf[:cacrt] = MbedTLS.crt_parse(read(val, String))
 	   else
 	       tlsconf[:cacrt] = MbedTLS.crt_parse(base64decode(auth_cfg["certificate-authority-data"]))
 	   end
        end
        if authtype == "token"
            val = auth_cfg["token"]
            if isfile(val)
                val = read(val, String)
            else
                val = String(base64decode(val))
            end
            kwargs[:headers] = Dict{String,String}("Authorization" => "Bearer " * val)
        elseif authtype == "cert"
            tlsconf[:clientcrt] = MbedTLS.crt_parse(base64decode(auth_cfg["client-certificate-data"]))
            tlsconf[:clientkey] = MbedTLS.PKContext()
            MbedTLS.parse_key!(tlsconf[:clientkey], base64decode(auth_cfg["client-key-data"]))
        end
        if !isempty(tlsconf)
 	    # https://github.com/JuliaComputing/Swagger.jl/blob/master/src/client.jl#L70
 	    # clntoptions = Dict{Symbol,Any}(:status_exception=>false, :retries=>0, :require_ssl_verification=>require_ssl_verification)
            tlsconf[:verify] = parse(Bool, get(auth_cfg, "cert-verify", "false"))
            kwargs[:sslconfig] = get_tls_config(; tlsconf...)
        end
    end
    kwargs
 end

 function my_get_kuber_context()
    ctx = KuberContext()
    kwargs = get_auth_config()
    set_server(ctx, config_dict["uri"]; kwargs...)
    return ctx
 end
	# # usage from inside a K8S docker container that has julia and has Kuber.jl added to the Project
	#
	# include("kuber_utils.jl")
	# ctx = my_get_kuber_context()
	# collect(item.metadata.name for item in (get(ctx, :Pod)).items)

	using MbedTLS
	using Kuber
	#using JSON
	using Base64

	config_dict = Dict{String,Any}(
	"uri" => "https://kubernetes.default:443",
	"namespace" => "/var/run/secrets/kubernetes.io/serviceaccount/namespace",
	"auth" => Dict{String,Any}(
	"token" => "/var/run/secrets/kubernetes.io/serviceaccount/token",
	"certificate-authority-data" => "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt",
	"type" => "token"
	)
	)
	function get_tls_config(;verify=true, cacrt=nothing, clientcrt=nothing, clientkey=nothing)
	conf = MbedTLS.SSLConfig()
	MbedTLS.config_defaults!(conf)
	entropy = MbedTLS.Entropy()
	rng = MbedTLS.CtrDrbg()
	MbedTLS.seed!(rng, entropy)
	MbedTLS.rng!(conf, rng)
	MbedTLS.authmode!(conf, verify ? MbedTLS.MBEDTLS_SSL_VERIFY_REQUIRED : MbedTLS.MBEDTLS_SSL_VERIFY_NONE)
	MbedTLS.dbg!(conf, MbedTLS.tls_dbg)
	#MbedTLS.set_dbg_level(MbedTLS.DebugThreshold(4))
	(cacrt === nothing) \|\| MbedTLS.ca_chain!(conf, cacrt)
	(clientcrt === nothing) \|\| (clientkey === nothing) \|\| MbedTLS.own_cert!(conf, clientcrt, clientkey)
	conf
	end
	function get_auth_config(auth_cfg::Dict{String,Any} = config_dict["auth"])
	authtype = get(auth_cfg, "type", "none")
	kwargs = Dict{Symbol,Any}()
	#info("Auth type: ", authtype)
	if authtype != "none"
	tlsconf = Dict{Symbol,Any}()
	if haskey(auth_cfg, "certificate-authority-data")
	val = auth_cfg["certificate-authority-data"]
	if isfile(val)
	tlsconf[:cacrt] = MbedTLS.crt_parse(read(val, String))
	else
	tlsconf[:cacrt] = MbedTLS.crt_parse(base64decode(auth_cfg["certificate-authority-data"]))
	end
	end
	if authtype == "token"
	val = auth_cfg["token"]
	if isfile(val)
	val = read(val, String)
	else
	val = String(base64decode(val))
	end
	kwargs[:headers] = Dict{String,String}("Authorization" => "Bearer " * val)
	elseif authtype == "cert"
	tlsconf[:clientcrt] = MbedTLS.crt_parse(base64decode(auth_cfg["client-certificate-data"]))
	tlsconf[:clientkey] = MbedTLS.PKContext()
	MbedTLS.parse_key!(tlsconf[:clientkey], base64decode(auth_cfg["client-key-data"]))
	end
	if !isempty(tlsconf)
	# https://github.com/JuliaComputing/Swagger.jl/blob/master/src/client.jl#L70
	# clntoptions = Dict{Symbol,Any}(:status_exception=>false, :retries=>0, :require_ssl_verification=>require_ssl_verification)
	tlsconf[:verify] = parse(Bool, get(auth_cfg, "cert-verify", "false"))
	kwargs[:sslconfig] = get_tls_config(; tlsconf...)
	end
	end
	kwargs
	end

	function my_get_kuber_context()
	ctx = KuberContext()
	kwargs = get_auth_config()
	set_server(ctx, config_dict["uri"]; kwargs...)
	return ctx
	end