Skip to content

Commit

Permalink
Merge pull request #72 from weaveworks/fix-authenticator-profile
Browse files Browse the repository at this point in the history 
Use authenticator with existing STS client
  • Loading branch information
@errordeveloper
errordeveloper committed Jun 21, 2018
2 parents b01d17e + 9a8351c commit a8c9e46
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 14 deletions.
6 changes: 3 additions & 3 deletions Gopkg.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 3 additions & 2 deletions Gopkg.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,10 @@ required = [
name = "k8s.io/kops"
version = "1.9.1"

[[constraint]]
version = "v0.3.0"
[[override]]
name = "github.com/heptio/authenticator"
source = "github.com/heptio/aws-iam-authenticator"
revision = "d9bfef19b2b89518465d4fd0bc9a75bd4a8b715e"

[[constraint]]
name = "k8s.io/client-go"
Expand Down
14 changes: 5 additions & 9 deletions pkg/eks/auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/ec2"
"github.com/aws/aws-sdk-go/service/sts"

"github.com/heptio/authenticator/pkg/token"
"github.com/kubicorn/kubicorn/pkg/logger"
Expand Down Expand Up @@ -78,6 +79,7 @@ type ClientConfig struct {
Client *clientcmdapi.Config
Cluster *ClusterConfig
roleARN string
sts *sts.STS
}

// based on "k8s.io/kubernetes/cmd/kubeadm/app/util/kubeconfig"
Expand Down Expand Up @@ -107,14 +109,15 @@ func (c *ClusterProvider) NewClientConfig() (*ClientConfig, error) {
CurrentContext: contextName,
},
roleARN: c.svc.arn,
sts: c.svc.sts,
}

return clientConfig, nil
}

func (c *ClientConfig) WithExecHeptioAuthenticator() *ClientConfig {

clientConfigCopy := *c

x := clientConfigCopy.Client.AuthInfos[c.Client.CurrentContext]
x.Exec = &clientcmdapi.ExecConfig{
APIVersion: "client.authentication.k8s.io/v1alpha1",
Expand All @@ -141,14 +144,7 @@ func (c *ClientConfig) WithEmbeddedToken() (*ClientConfig, error) {
return nil, errors.Wrap(err, "could not get token generator")
}

// could not get token: AccessDenied: User <ARN> is not authorized to perform: sts:AssumeRole on resource: <ARN>
/*
tok, err := gen.GetWithRole(c.Cluster.ClusterName, c.roleARN)
if err != nil {
return nil, errors.Wrap(err, "could not get token")
}
*/
tok, err := gen.Get(c.Cluster.ClusterName)
tok, err := gen.GetWithSTS(c.Cluster.ClusterName, c.sts)
if err != nil {
return nil, errors.Wrap(err, "could not get token")
}
Expand Down
15 changes: 15 additions & 0 deletions vendor/github.com/heptio/authenticator/pkg/token/token.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit a8c9e46

Please sign in to comment.