[Configuration]

1. Authentication provider plugin framework

2. An instance of authentication provider plugin for OIDC (OpenID Connect)

examples/Makefile

@@ -4,6 +4,7 @@ all:
 	cd list_pod_incluster; make
 	cd exec_provider; make
 	cd generic; make
+	cd auth_provider; make
 
 clean:
 	cd create_pod; make clean
@@ -11,3 +12,4 @@ clean:
 	cd list_pod_incluster; make clean
 	cd exec_provider; make clean
 	cd generic; make clean
+	cd auth_provider; make clean

examples/auth_provider/.gitignore

@@ -0,0 +1,3 @@
+list_pod_by_auth_provider_bin
+config_with_auth_provider
+config_with_auth_provider.*

examples/auth_provider/Makefile

@@ -0,0 +1,8 @@
+INCLUDE:=-I../../kubernetes/include -I../../kubernetes/model -I../../kubernetes/api -I../../kubernetes/config
+LIBS:=-L../../kubernetes/build -lkubernetes -lcurl -lyaml -lpthread -lssl -lz
+CFLAGS:=-g
+
+all:
+	gcc main.c $(CFLAGS) $(INCLUDE) $(LIBS) -o list_pod_by_auth_provider_bin
+clean:
+	rm ./list_pod_by_auth_provider_bin

examples/auth_provider/config_with_auth_provider_sample

@@ -0,0 +1,32 @@
+---
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: 
+    server: https://host:6443
+  name: kubernetes
+contexts:
+- context:
+    cluster: kubernetes
+    user: kubernetes-admin
+  name: kubernetes-admin@kubernetes
+- context:
+    cluster: kubernetes
+    namespace: default
+    user: theone
+  name: theone@kubernetes
+current-context: theone@kubernetes
+kind: Config
+preferences: {}
+users:
+- name: theone
+  user:
+    auth-provider:
+      name: oidc
+      config:
+        client-id: 
+        client-secret: 
+        id-token: 
+        idp-certificate-authority: 
+        idp-issuer-url: 
+        refresh-token: 

examples/auth_provider/main.c

@@ -0,0 +1,64 @@
+#include <kube_config.h>
+#include <apiClient.h>
+#include <CoreV1API.h>
+#include <malloc.h>
+#include <stdio.h>
+#include <errno.h>
+
+void list_pod(apiClient_t * apiClient)
+{
+    v1_pod_list_t *pod_list = NULL;
+    pod_list = CoreV1API_listNamespacedPod(apiClient, "default",    /*namespace */
+                                           NULL,    /* pretty */
+                                           0,   /* allowWatchBookmarks */
+                                           NULL,    /* continue */
+                                           NULL,    /* fieldSelector */
+                                           NULL,    /* labelSelector */
+                                           0,   /* limit */
+                                           NULL,    /* resourceVersion */
+                                           0,   /* timeoutSeconds */
+                                           0    /* watch */
+        );
+    printf("The return code of HTTP request=%ld\n", apiClient->response_code);
+    if (pod_list) {
+        printf("Get pod list:\n");
+        listEntry_t *listEntry = NULL;
+        v1_pod_t *pod = NULL;
+        list_ForEach(listEntry, pod_list->items) {
+            pod = listEntry->data;
+            printf("\tThe pod name: %s\n", pod->metadata->name);
+        }
+        v1_pod_list_free(pod_list);
+        pod_list = NULL;
+    } else {
+        printf("Cannot get any pod.\n");
+    }
+}
+
+int main(int argc, char *argv[])
+{
+    char *basePath = NULL;
+    sslConfig_t *sslConfig = NULL;
+    list_t *apiKeys = NULL;
+    int rc = load_kube_config(&basePath, &sslConfig, &apiKeys, "./config_with_auth_provider");
+    if (rc != 0) {
+        printf("Cannot load kubernetes configuration.\n");
+        return -1;
+    }
+    apiClient_t *apiClient = apiClient_create_with_base_path(basePath, sslConfig, apiKeys);
+    if (!apiClient) {
+        printf("Cannot create a kubernetes client.\n");
+        return -1;
+    }
+
+    list_pod(apiClient);
+
+    apiClient_free(apiClient);
+    apiClient = NULL;
+    free_client_config(basePath, sslConfig, apiKeys);
+    basePath = NULL;
+    sslConfig = NULL;
+    apiKeys = NULL;
+
+    return 0;
+}