kubernetes-client/haskell
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove partial application chains

Browse Source
This commit is contained in:
Akshay Mankar
2019-08-28 17:06:15 +01:00
parent 08303c57a6
commit a30745f7e9
2 changed files with 22 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
kubernetes-client/src/Kubernetes/Client/Auth/OIDC.hs
View File

@@ -72,13 +72,14 @@ getToken auth@(OIDCAuth{..}) = do
case maybeIdToken of case maybeIdToken of
Nothing -> fetchToken auth Nothing -> fetchToken auth
Just idToken -> do Just idToken -> do
let maybeExp = decodeClaims (Text.encodeUtf8 idToken) let maybeExpiry = do
(_, claims) <- decodeClaims (Text.encodeUtf8 idToken)
& rightToMaybe & rightToMaybe
& fmap snd jwtExp claims
& (>>= jwtExp) case maybeExpiry of
case maybeExp of
Nothing -> fetchToken auth Nothing -> fetchToken auth
Just (IntDate expiryDate) -> if now < expiryDate Just (IntDate expiryDate) ->
if now < expiryDate
then pure idToken then pure idToken
else fetchToken auth else fetchToken auth
@@ -178,7 +179,6 @@ parseCAData :: TLS.ClientParams -> Map Text Text -> Maybe (IO (Either ParseCertE
parseCAData tlsParams authInfo = do parseCAData tlsParams authInfo = do
caBase64 <- Map.lookup "idp-certificate-authority-data" authInfo caBase64 <- Map.lookup "idp-certificate-authority-data" authInfo
Just $ pure $ do Just $ pure $ do
caText <- Text.encodeUtf8 caBase64 caText <- B64.decode (Text.encodeUtf8 caBase64)
& B64.decode
& mapLeft Base64ParsingFailed & mapLeft Base64ParsingFailed
updateClientParams tlsParams caText updateClientParams tlsParams caText

19
kubernetes-client/src/Kubernetes/Client/Config.hs
View File

@@ -68,17 +68,13 @@ mkKubeClientConfig
-> KubeConfigSource -> KubeConfigSource
-> IO (NH.Manager, K.KubernetesClientConfig) -> IO (NH.Manager, K.KubernetesClientConfig)
mkKubeClientConfig oidcCache (KubeConfigFile f) = do mkKubeClientConfig oidcCache (KubeConfigFile f) = do
kubeConfigFile <- decodeFileThrow f kubeConfig <- decodeFileThrow f
masterURI <- getCluster kubeConfigFile masterURI <- server <$> getCluster kubeConfig
& fmap server
& either (const $ pure "localhost:8080") return & either (const $ pure "localhost:8080") return
tlsParams <- defaultTLSClientParams tlsParams <- configureTLSParams kubeConfig (takeDirectory f)
& fmap (tlsValidation kubeConfigFile)
& (>>= (addCACertData kubeConfigFile))
& (>>= addCACertFile kubeConfigFile (takeDirectory f))
clientConfig <- K.newConfig & fmap (setMasterURI masterURI) clientConfig <- K.newConfig & fmap (setMasterURI masterURI)
(tlsParamsWithAuth, clientConfigWithAuth) <- (tlsParamsWithAuth, clientConfigWithAuth) <-
case getAuthInfo kubeConfigFile of case getAuthInfo kubeConfig of
Left _ -> return (tlsParams,clientConfig) Left _ -> return (tlsParams,clientConfig)
Right (_, auth) -> applyAuthSettings oidcCache auth (tlsParams, clientConfig) Right (_, auth) -> applyAuthSettings oidcCache auth (tlsParams, clientConfig)
mgr <- newManager tlsParamsWithAuth mgr <- newManager tlsParamsWithAuth
@@ -112,6 +108,13 @@ newManager cp = NH.newManager (mkManagerSettings (TLSSettings cp) Nothing)
serviceAccountDir :: FilePath serviceAccountDir :: FilePath
serviceAccountDir = "/var/run/secrets/kubernetes.io/serviceaccount" serviceAccountDir = "/var/run/secrets/kubernetes.io/serviceaccount"
configureTLSParams :: Config -> FilePath -> IO TLS.ClientParams
configureTLSParams cfg dir = do
defaultTLS <- defaultTLSClientParams
withCACertData <- addCACertData cfg defaultTLS
withCACertFile <- addCACertFile cfg dir withCACertData
return $ tlsValidation cfg withCACertFile
tlsValidation :: Config -> TLS.ClientParams -> TLS.ClientParams tlsValidation :: Config -> TLS.ClientParams -> TLS.ClientParams
tlsValidation cfg tlsParams = tlsValidation cfg tlsParams =
case getCluster cfg of case getCluster cfg of