Skip to content

Commit

Permalink
Merge pull request #165 from akrejcir/improve-api
Browse files Browse the repository at this point in the history
API: Improve API and increase version to v1
  • Loading branch information
kubevirt-bot authored Jul 29, 2024
2 parents 0dfcc6e + 490ed97 commit 4df4c85
Show file tree
Hide file tree
Showing 25 changed files with 229 additions and 1,937 deletions.
4 changes: 2 additions & 2 deletions api/v1alpha1/constants.go → api/v1/constants.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
package v1alpha1
package v1

const (
Group = "token.kubevirt.io"
Version = "v1alpha1"
Version = "v1"
)
31 changes: 31 additions & 0 deletions api/v1/types.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
package v1

import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

// TokenResponse is the response object from /token endpoint.
type TokenResponse struct {
Token string `json:"token"`
ExpirationTimestamp metav1.Time `json:"expirationTimestamp"`
}

// TlsProfile is the TLS configuration for the proxy.
type TlsProfile struct {
Ciphers []string `json:"ciphers,omitempty"`
MinTLSVersion TLSProtocolVersion `json:"minTLSVersion,omitempty"`
}

// TLSProtocolVersion is a way to specify the protocol version used for TLS connections.
type TLSProtocolVersion string

const (
// VersionTLS10 is version 1.0 of the TLS security protocol.
VersionTLS10 TLSProtocolVersion = "VersionTLS10"
// VersionTLS11 is version 1.1 of the TLS security protocol.
VersionTLS11 TLSProtocolVersion = "VersionTLS11"
// VersionTLS12 is version 1.2 of the TLS security protocol.
VersionTLS12 TLSProtocolVersion = "VersionTLS12"
// VersionTLS13 is version 1.3 of the TLS security protocol.
VersionTLS13 TLSProtocolVersion = "VersionTLS13"
)
13 changes: 0 additions & 13 deletions api/v1alpha1/types.go

This file was deleted.

4 changes: 2 additions & 2 deletions docs/api.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

A temporary token can be generated using:
```
GET /apis/token.kubevirt.io/v1alpha1/namespaces/${VMI_NAMESPACE}/virtualmachines/${VMI_NAME}/vnc
GET /apis/token.kubevirt.io/v1/namespaces/${VMI_NAMESPACE}/virtualmachines/${VMI_NAME}/vnc
```
Where `${VMI_NAMESPACE}` and `${VMI_NAME}` are the namespace
and name of a running VMI.
Expand All @@ -28,7 +28,7 @@ Result is a JSON object containing the token:
### Example
```bash
curl --header "Authorization: Bearer ${KUBERNETES_USER_TOKEN}" \
"https://${K8S_API_URL}/apis/token.kubevirt.io/v1alpha1/namespaces/${VMI_NAMESPACE}/virtualmachines/${VMI_NAME}/vnc?duration=${DURATION}"
"https://${K8S_API_URL}/apis/token.kubevirt.io/v1/namespaces/${VMI_NAMESPACE}/virtualmachines/${VMI_NAME}/vnc?duration=${DURATION}"
```

In this example, we use a bearer token to authenticate the user with the Kubernetes API server.
Expand Down
4 changes: 1 addition & 3 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,6 @@ require (
github.com/golang/mock v1.6.0
github.com/onsi/ginkgo/v2 v2.19.0
github.com/onsi/gomega v1.33.1
github.com/openshift/api v0.0.0-20240717221938-8da8de571496 // release-4.17
github.com/openshift/library-go v0.0.0-20240715191351-e0aa70d55678 // release-4.17
k8s.io/api v0.30.3
k8s.io/apimachinery v0.30.3
k8s.io/client-go v0.30.3
Expand Down Expand Up @@ -51,6 +49,7 @@ require (
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
github.com/openshift/api v0.0.0-20240717221938-8da8de571496 // indirect
github.com/openshift/client-go v0.0.0-20240528061634-b054aa794d87 // indirect
github.com/openshift/custom-resource-status v1.1.2 // indirect
github.com/pkg/errors v0.9.1 // indirect
Expand All @@ -68,7 +67,6 @@ require (
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/apiextensions-apiserver v0.30.3 // indirect
k8s.io/apiserver v0.30.3 // indirect
k8s.io/klog/v2 v2.130.1 // indirect
k8s.io/kube-openapi v0.30.1 // indirect
kubevirt.io/containerized-data-importer-api v1.59.0 // indirect
Expand Down
4 changes: 0 additions & 4 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -290,8 +290,6 @@ github.com/openshift/client-go v0.0.0-20240528061634-b054aa794d87 h1:JtLhaGpSEco
github.com/openshift/client-go v0.0.0-20240528061634-b054aa794d87/go.mod h1:3IPD4U0qyovZS4EFady2kqY32m8lGcbs/Wx+yprg9z8=
github.com/openshift/custom-resource-status v1.1.2 h1:C3DL44LEbvlbItfd8mT5jWrqPfHnSOQoQf/sypqA6A4=
github.com/openshift/custom-resource-status v1.1.2/go.mod h1:DB/Mf2oTeiAmVVX1gN+NEqweonAPY0TKUwADizj8+ZA=
github.com/openshift/library-go v0.0.0-20240715191351-e0aa70d55678 h1:H08EzrqjY63m1jlZ+D4sTy9fSGlHsPwViyxFrWTIh4A=
github.com/openshift/library-go v0.0.0-20240715191351-e0aa70d55678/go.mod h1:PdASVamWinll2BPxiUpXajTwZxV8A1pQbWEsCN1od7I=
github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0=
github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
Expand Down Expand Up @@ -683,8 +681,6 @@ k8s.io/apimachinery v0.19.0/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlm
k8s.io/apimachinery v0.23.3/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM=
k8s.io/apimachinery v0.30.3 h1:q1laaWCmrszyQuSQCfNB8cFgCuDAoPszKY4ucAjDwHc=
k8s.io/apimachinery v0.30.3/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
k8s.io/apiserver v0.30.3 h1:QZJndA9k2MjFqpnyYv/PH+9PE0SHhx3hBho4X0vE65g=
k8s.io/apiserver v0.30.3/go.mod h1:6Oa88y1CZqnzetd2JdepO0UXzQX4ZnOekx2/PtEjrOg=
k8s.io/client-go v0.19.0/go.mod h1:H9E/VT95blcFQnlyShFgnFT9ZnJOAceiUHM3MlRC+mU=
k8s.io/client-go v0.30.3 h1:bHrJu3xQZNXIi8/MoxYtZBBWQQXwy16zqJwloXXfD3k=
k8s.io/client-go v0.30.3/go.mod h1:8d4pf8vYu665/kUbsxWAQ/JDBNWqfFeZnvFiVdmx89U=
Expand Down
4 changes: 2 additions & 2 deletions manifests/api_service.yaml
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
name: v1alpha1.token.kubevirt.io
name: v1.token.kubevirt.io
annotations:
service.beta.openshift.io/inject-cabundle: "true"
spec:
group: token.kubevirt.io
version: v1alpha1
version: v1
groupPriorityMinimum: 2000
versionPriority: 10
service:
Expand Down
4 changes: 1 addition & 3 deletions manifests/config_map.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,4 @@ kind: ConfigMap
metadata:
name: vm-console-proxy
data:
tls-profile-v1alpha1.yaml: |
type: Intermediate
intermediate: {}
tls-profile-v1.yaml: "{}"
4 changes: 2 additions & 2 deletions pkg/console/console.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ import (
"net/http"

"github.com/emicklei/go-restful/v3"
api "github.com/kubevirt/vm-console-proxy/api/v1alpha1"
api "github.com/kubevirt/vm-console-proxy/api/v1"
"github.com/kubevirt/vm-console-proxy/pkg/console/authConfig"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"kubevirt.io/client-go/kubecli"
Expand All @@ -26,7 +26,7 @@ const (
keyName = "tls.key"

configDir = "/config"
TlsProfileFile = "tls-profile-v1alpha1.yaml"
TlsProfileFile = "tls-profile-v1.yaml"
)

func Run() error {
Expand Down
15 changes: 8 additions & 7 deletions pkg/console/service/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ import (
kubevirtv1 "kubevirt.io/api/core/v1"
"kubevirt.io/client-go/kubecli"

"github.com/kubevirt/vm-console-proxy/api/v1alpha1"
"github.com/kubevirt/vm-console-proxy/api/v1"
"github.com/kubevirt/vm-console-proxy/pkg/console/authConfig"
)

Expand Down Expand Up @@ -79,14 +79,15 @@ func (s *service) TokenHandler(request *restful.Request, response *restful.Respo
return
}

token, err := s.requestToken(request.Request.Context(), vm.Namespace, resourceName, params.duration)
tokenRequestStatus, err := s.requestToken(request.Request.Context(), vm.Namespace, resourceName, params.duration)
if err != nil {
_ = response.WriteError(http.StatusInternalServerError, fmt.Errorf("failed to request token: %w", err))
return
}

_ = response.WriteAsJson(&v1alpha1.TokenResponse{
Token: token,
_ = response.WriteAsJson(&v1.TokenResponse{
Token: tokenRequestStatus.Token,
ExpirationTimestamp: tokenRequestStatus.ExpirationTimestamp,
})
}

Expand Down Expand Up @@ -272,7 +273,7 @@ func (s *service) createResources(ctx context.Context, name string, vm *kubevirt
return nil
}

func (s *service) requestToken(ctx context.Context, serviceAccountNamespace string, serviceAccountName string, duration time.Duration) (string, error) {
func (s *service) requestToken(ctx context.Context, serviceAccountNamespace string, serviceAccountName string, duration time.Duration) (*authnv1.TokenRequestStatus, error) {
durationSeconds := int64(duration.Seconds())
tokenRequest := &authnv1.TokenRequest{
Spec: authnv1.TokenRequestSpec{
Expand All @@ -289,9 +290,9 @@ func (s *service) requestToken(ctx context.Context, serviceAccountNamespace stri
metav1.CreateOptions{},
)
if err != nil {
return "", err
return nil, err
}
return tokenRequest.Status.Token, nil
return &tokenRequest.Status, nil
}

type tokenRequestParams struct {
Expand Down
10 changes: 9 additions & 1 deletion pkg/console/service/service_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"net/http/httptest"
"net/url"
"testing"
"time"

. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
Expand All @@ -24,7 +25,7 @@ import (
v1 "kubevirt.io/api/core/v1"
"kubevirt.io/client-go/kubecli"

api "github.com/kubevirt/vm-console-proxy/api/v1alpha1"
api "github.com/kubevirt/vm-console-proxy/api/v1"
"github.com/kubevirt/vm-console-proxy/pkg/console/authConfig"
fakeAuth "github.com/kubevirt/vm-console-proxy/pkg/console/authConfig/fake"
)
Expand All @@ -51,6 +52,8 @@ var _ = Describe("Service", func() {
request *restful.Request
response *restful.Response
recorder *httptest.ResponseRecorder

testExpirationTimestamp metav1.Time
)

BeforeEach(func() {
Expand Down Expand Up @@ -103,10 +106,14 @@ var _ = Describe("Service", func() {
return true, sar, nil
})

testExpirationTimestamp = metav1.Date(2024, 7, 1, 0, 0, 0, 0, time.UTC)

apiClient.Fake.PrependReactor("create", "serviceaccounts/token", func(action k8stesting.Action) (bool, runtime.Object, error) {
createAction := action.(k8stesting.CreateAction)
tokenRequest := createAction.GetObject().(*authnv1.TokenRequest)
tokenRequest.Status.Token = testToken
tokenRequest.Status.ExpirationTimestamp = testExpirationTimestamp

return true, tokenRequest, nil
})

Expand Down Expand Up @@ -281,6 +288,7 @@ var _ = Describe("Service", func() {
Expect(json.NewDecoder(recorder.Body).Decode(tokenResponse)).To(Succeed())

Expect(tokenResponse.Token).To(Equal(testToken))
Expect(&tokenResponse.ExpirationTimestamp).To(Satisfy(testExpirationTimestamp.Equal))
})

It("should fail if duration parameter fails to parse", func() {
Expand Down
Loading

0 comments on commit 4df4c85

Please sign in to comment.