actions/k8s-set-context
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adding arc set context support

Browse Source
This commit is contained in:
Shivam Gupta
2020-09-24 17:32:50 +05:30
parent 163908311f
commit ebc225eb44
8 changed files with 475 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

106
lib/arc-login.js Normal file
View File

@ -0,0 +1,106 @@
"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
Object.defineProperty(exports, "__esModule", { value: true });
const core = require("@actions/core");
const client_1 = require("./client");
const querystring = require("querystring");
function getAzureAccessToken(servicePrincipalId, servicePrincipalKey, tenantId, authorityUrl, managementEndpointUrl) {
return __awaiter(this, void 0, void 0, function* () {
if (!servicePrincipalId || !servicePrincipalKey || !tenantId || !authorityUrl) {
throw new Error("Not all values are present in the creds object. Ensure appId, password and tenant are supplied");
}
return new Promise((resolve, reject) => {
let webRequest = new client_1.WebRequest();
webRequest.method = "POST";
webRequest.uri = `${authorityUrl}/${tenantId}/oauth2/token/`;
webRequest.body = querystring.stringify({
resource: managementEndpointUrl,
client_id: servicePrincipalId,
grant_type: "client_credentials",
client_secret: servicePrincipalKey
});
webRequest.headers = {
"Content-Type": "application/x-www-form-urlencoded; charset=utf-8"
};
let webRequestOptions = {
retriableStatusCodes: [400, 408, 409, 500, 502, 503, 504],
};
client_1.sendRequest(webRequest, webRequestOptions).then((response) => {
if (response.statusCode == 200) {
resolve(response.body.access_token);
}
else if ([400, 401, 403].indexOf(response.statusCode) != -1) {
reject('ExpiredServicePrincipal');
}
else {
reject('CouldNotFetchAccessTokenforAzureStatusCode');
}
}, (error) => {
reject(error);
});
});
});
}
function getArcKubeconfig() {
return __awaiter(this, void 0, void 0, function* () {
try {
let creds = core.getInput('creds');
let credsObject;
try {
credsObject = JSON.parse(creds);
}
catch (ex) {
throw new Error('Credentials object is not a valid JSON: ' + ex);
}
let servicePrincipalId = credsObject["clientId"];
let servicePrincipalKey = credsObject["clientSecret"];
let tenantId = credsObject["tenantId"];
let authorityUrl = credsObject["activeDirectoryEndpointUrl"] || "https://login.microsoftonline.com";
let managementEndpointUrl = credsObject["resourceManagerEndpointUrl"] || "https://management.azure.com/";
let subscriptionId = credsObject["subscriptionId"];
let azureSessionToken = yield getAzureAccessToken(servicePrincipalId, servicePrincipalKey, tenantId, authorityUrl, managementEndpointUrl).catch(ex => {
throw new Error('Could not fetch the azure access token: ' + ex);
});
let resourceGroupName = core.getInput('resource-group');
let clusterName = core.getInput('cluster-name');
let saToken = core.getInput('token');
return new Promise((resolve, reject) => {
var webRequest = new client_1.WebRequest();
webRequest.method = 'POST';
webRequest.uri = `${managementEndpointUrl}/subscriptions/${subscriptionId}/resourceGroups/${resourceGroupName}/providers/Microsoft.Kubernetes/connectedClusters/${clusterName}/listClusterUserCredentials?api-version=2020-01-01-preview`;
webRequest.headers = {
'Authorization': 'Bearer ' + azureSessionToken,
'Content-Type': 'application/json; charset=utf-8'
};
webRequest.body = JSON.stringify({
authenticationMethod: "Token",
value: {
token: saToken
}
});
client_1.sendRequest(webRequest).then((response) => {
let kubeconfigs = response.body.kubeconfigs;
if (kubeconfigs && kubeconfigs.length > 0) {
var kubeconfig = Buffer.from(kubeconfigs[0].value, 'base64');
resolve(kubeconfig.toString());
}
else {
reject(JSON.stringify(response.body));
}
}).catch(reject);
});
}
catch (ex) {
return Promise.reject(ex);
}
});
}
exports.getArcKubeconfig = getArcKubeconfig;

99
lib/client.js Normal file
View File

@ -0,0 +1,99 @@
"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
Object.defineProperty(exports, "__esModule", { value: true });
const util = require("util");
const fs = require("fs");
const httpClient = require("typed-rest-client/HttpClient");
const core = require("@actions/core");
var httpCallbackClient = new httpClient.HttpClient('GITHUB_RUNNER', null, {});
class WebRequest {
}
exports.WebRequest = WebRequest;
class WebResponse {
}
exports.WebResponse = WebResponse;
class WebRequestOptions {
}
exports.WebRequestOptions = WebRequestOptions;
function sendRequest(request, options) {
return __awaiter(this, void 0, void 0, function* () {
let i = 0;
let retryCount = options && options.retryCount ? options.retryCount : 5;
let retryIntervalInSeconds = options && options.retryIntervalInSeconds ? options.retryIntervalInSeconds : 2;
let retriableErrorCodes = options && options.retriableErrorCodes ? options.retriableErrorCodes : ["ETIMEDOUT", "ECONNRESET", "ENOTFOUND", "ESOCKETTIMEDOUT", "ECONNREFUSED", "EHOSTUNREACH", "EPIPE", "EA_AGAIN"];
let retriableStatusCodes = options && options.retriableStatusCodes ? options.retriableStatusCodes : [408, 409, 500, 502, 503, 504];
let timeToWait = retryIntervalInSeconds;
while (true) {
try {
if (request.body && typeof (request.body) !== 'string' && !request.body["readable"]) {
request.body = fs.createReadStream(request.body["path"]);
}
let response = yield sendRequestInternal(request);
if (retriableStatusCodes.indexOf(response.statusCode) != -1 && ++i < retryCount) {
core.debug(util.format("Encountered a retriable status code: %s. Message: '%s'.", response.statusCode, response.statusMessage));
yield sleepFor(timeToWait);
timeToWait = timeToWait * retryIntervalInSeconds + retryIntervalInSeconds;
continue;
}
return response;
}
catch (error) {
if (retriableErrorCodes.indexOf(error.code) != -1 && ++i < retryCount) {
core.debug(util.format("Encountered a retriable error:%s. Message: %s.", error.code, error.message));
yield sleepFor(timeToWait);
timeToWait = timeToWait * retryIntervalInSeconds + retryIntervalInSeconds;
}
else {
if (error.code) {
core.debug("error code =" + error.code);
}
throw error;
}
}
}
});
}
exports.sendRequest = sendRequest;
function sleepFor(sleepDurationInSeconds) {
return new Promise((resolve, reject) => {
setTimeout(resolve, sleepDurationInSeconds * 1000);
});
}
exports.sleepFor = sleepFor;
function sendRequestInternal(request) {
return __awaiter(this, void 0, void 0, function* () {
core.debug(util.format("[%s]%s", request.method, request.uri));
var response = yield httpCallbackClient.request(request.method, request.uri, request.body, request.headers);
return yield toWebResponse(response);
});
}
function toWebResponse(response) {
return __awaiter(this, void 0, void 0, function* () {
var res = new WebResponse();
if (response) {
res.statusCode = response.message.statusCode;
res.statusMessage = response.message.statusMessage;
res.headers = response.message.headers;
var body = yield response.readBody();
if (body) {
try {
res.body = JSON.parse(body);
}
catch (error) {
core.debug("Could not parse response: " + JSON.stringify(error));
core.debug("Response: " + JSON.stringify(res.body));
res.body = body;
}
}
}
return res;
});
}

31
lib/login.js
View File

@ -19,6 +19,7 @@ const os = require("os");
const toolrunner_1 = require("@actions/exec/lib/toolrunner");
const jsyaml = require("js-yaml");
const util = require("util");
const arc_login_1 = require("./arc-login");
function getKubeconfig() {
const method = core.getInput('method', { required: true });
if (method == 'kubeconfig') {
@ -107,14 +108,28 @@ function setContext(kubeconfigPath) {
}
function run() {
return __awaiter(this, void 0, void 0, function* () {
let kubeconfig = getKubeconfig();
const runnerTempDirectory = process.env['RUNNER_TEMP']; // Using process.env until the core libs are updated
const kubeconfigPath = path.join(runnerTempDirectory, `kubeconfig_${Date.now()}`);
core.debug(`Writing kubeconfig contents to ${kubeconfigPath}`);
fs.writeFileSync(kubeconfigPath, kubeconfig);
command_1.issueCommand('set-env', { name: 'KUBECONFIG' }, kubeconfigPath);
console.log('KUBECONFIG environment variable is set');
yield setContext(kubeconfigPath);
try {
let kubeconfig = '';
const cluster_type = core.getInput('cluster-type', { required: true });
if (cluster_type == 'arc') {
kubeconfig = yield arc_login_1.getArcKubeconfig().catch(ex => {
throw new Error('Error: Could not get the KUBECONFIG for arc cluster: ' + ex);
});
}
else {
kubeconfig = getKubeconfig();
}
const runnerTempDirectory = process.env['RUNNER_TEMP']; // Using process.env until the core libs are updated
const kubeconfigPath = path.join(runnerTempDirectory, `kubeconfig_${Date.now()}`);
core.debug(`Writing kubeconfig contents to ${kubeconfigPath}`);
fs.writeFileSync(kubeconfigPath, kubeconfig);
command_1.issueCommand('set-env', { name: 'KUBECONFIG' }, kubeconfigPath);
console.log('KUBECONFIG environment variable is set');
yield setContext(kubeconfigPath);
}
catch (ex) {
return Promise.reject(ex);
}
});
}
run().catch(core.setFailed);