登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
开源项目 > 服务器应用 > 容器/虚拟机 &&
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
37 Star 403 Fork 75

GVPrancher/rancher

代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
azure_client.go 4.06 KB
一键复制 编辑 原始数据 按行查看 历史
Dan Ramich 提交于 2018-06-25 12:48 . Store providers tokens as secrets
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156
package azure



import (

	"encoding/base64"

	"encoding/json"

	"strings"



	"github.com/Azure/azure-sdk-for-go/services/graphrbac/1.6/graphrbac"

	"github.com/Azure/go-autorest/autorest"

	"github.com/Azure/go-autorest/autorest/adal"

	"github.com/rancher/norman/httperror"

	"github.com/rancher/types/apis/management.cattle.io/v3"

)



type azureClient struct {

	servicePrincipal *adal.ServicePrincipalToken

	userClient       graphrbac.UsersClient

	groupClient      graphrbac.GroupsClient

}



// newClientCode sets up the SPT, user and group client using a code

func newClientCode(code string, config *v3.AzureADConfig) (*azureClient, error) {

	ac := &azureClient{}



	oauthConfig, err := adal.NewOAuthConfig(config.Endpoint, config.TenantID)

	if err != nil {

		return nil, err

	}



	// The tenantID should not be in the endpoint, drop /tenantID

	tenant := config.TenantID

	if strings.Contains(config.GraphEndpoint, tenant) {

		i := strings.Index(config.GraphEndpoint, tenant)

		config.GraphEndpoint = config.GraphEndpoint[:i-1]

	}



	spt, err := adal.NewServicePrincipalTokenFromAuthorizationCode(

		*oauthConfig,

		config.ApplicationID,

		config.ApplicationSecret,

		code,

		config.RancherURL,

		config.GraphEndpoint,

		nil,

	)

	if err != nil {

		return nil, err

	}



	// The refresh is required, call above just creates the struct

	spt.SetRefreshCallbacks(nil)

	err = spt.Refresh()

	if err != nil {

		return nil, err

	}



	ac.servicePrincipal = spt



	// Create the required bearer token

	bearer := autorest.NewBearerAuthorizer(spt)



	// Setup the user client

	userClient := graphrbac.NewUsersClientWithBaseURI(config.GraphEndpoint, config.TenantID)

	userClient.Authorizer = bearer



	ac.userClient = userClient



	// Setup the group client

	groupClient := graphrbac.NewGroupsClientWithBaseURI(config.GraphEndpoint, config.TenantID)

	groupClient.Authorizer = bearer



	ac.groupClient = groupClient

	return ac, nil

}



// newClientToken sets up the SPT, user and group client using a current Token

func newClientToken(token v3.Token, config *v3.AzureADConfig, azureToken adal.Token) (*azureClient, error) {

	ac := &azureClient{}



	oauthConfig, err := adal.NewOAuthConfig(config.Endpoint, config.TenantID)

	if err != nil {

		return nil, err

	}



	secret := &adal.ServicePrincipalAuthorizationCodeSecret{

		ClientSecret: config.ApplicationSecret,

	}



	spt, err := adal.NewServicePrincipalTokenFromManualTokenSecret(

		*oauthConfig,

		config.ApplicationID,

		config.GraphEndpoint,

		azureToken,

		secret,

		nil)



	if err != nil {

		return nil, err

	}



	spt.SetRefreshCallbacks(nil)



	ac.servicePrincipal = spt



	// Create the required bearer token

	bearer := autorest.NewBearerAuthorizer(spt)



	// Setup the user client

	userClient := graphrbac.NewUsersClientWithBaseURI(config.GraphEndpoint, config.TenantID)

	userClient.Authorizer = bearer



	ac.userClient = userClient



	// Setup the group client

	groupClient := graphrbac.NewGroupsClientWithBaseURI(config.GraphEndpoint, config.TenantID)

	groupClient.Authorizer = bearer



	ac.groupClient = groupClient



	return ac, nil

}



// accessToken returns the OAuthToken from the underlying SPT

func (ac *azureClient) accessToken() string {

	return ac.servicePrincipal.OAuthToken()

}



// marshalTokenJSON returns a JSON of the underlying Token

func (ac *azureClient) marshalTokenJSON() ([]byte, error) {

	return ac.servicePrincipal.MarshalTokenJSON()

}



// parseJWTforField will parse the claims in a token for the field requested

func parseJWTforField(tokenString string, fieldID string) (string, error) {

	pieces := strings.Split(tokenString, ".")

	if len(pieces) != 3 {

		return "", httperror.NewAPIError(httperror.InvalidFormat, "invalid token")

	}



	decoded, err := base64.RawStdEncoding.DecodeString(pieces[1])

	if err != nil {

		return "", httperror.NewAPIError(httperror.InvalidFormat, "invalid token")

	}



	var dat map[string]interface{}



	err = json.Unmarshal([]byte(decoded), &dat)

	if err != nil {

		return "", httperror.NewAPIError(httperror.InvalidFormat, "invalid token")

	}



	if _, ok := dat[fieldID]; !ok {

		return "", httperror.NewAPIError(httperror.InvalidFormat, "invalid token")

	}

	return dat[fieldID].(string), nil

}
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
Go
1
https://gitee.com/rancher/rancher.git
git@gitee.com:rancher/rancher.git
rancher
rancher
rancher
v2.0.14-rc1
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部