Remove partial application chains

2019-08-28 17:06:15 +01:00
parent 08303c57a6
commit a30745f7e9
2 changed files with 22 additions and 19 deletions
--- a/kubernetes-client/src/Kubernetes/Client/Auth/OIDC.hs
+++ b/kubernetes-client/src/Kubernetes/Client/Auth/OIDC.hs
@@ -72,15 +72,16 @@ getToken auth@(OIDCAuth{..}) = do
  case maybeIdToken of
    Nothing -> fetchToken auth
    Just idToken -> do
-      let maybeExp = decodeClaims (Text.encodeUtf8 idToken)
-                   & rightToMaybe
-                   & fmap snd
-                   & (>>= jwtExp)
-      case maybeExp of
+      let maybeExpiry = do
+            (_, claims) <- decodeClaims (Text.encodeUtf8 idToken)
+                           & rightToMaybe
+            jwtExp claims
+      case maybeExpiry of
        Nothing -> fetchToken auth
-        Just (IntDate expiryDate) -> if now < expiryDate
-                                     then pure idToken
-                                     else fetchToken auth
+        Just (IntDate expiryDate) ->
+          if now < expiryDate
+          then pure idToken
+          else fetchToken auth

 fetchToken :: OIDCAuth -> IO Text
 fetchToken auth@(OIDCAuth{..}) = do
@@ -178,7 +179,6 @@ parseCAData :: TLS.ClientParams -> Map Text Text -> Maybe (IO (Either ParseCertE
 parseCAData tlsParams authInfo = do
  caBase64 <- Map.lookup "idp-certificate-authority-data" authInfo
  Just $ pure $ do
-    caText <- Text.encodeUtf8 caBase64
-              & B64.decode
+    caText <- B64.decode (Text.encodeUtf8 caBase64)
              & mapLeft Base64ParsingFailed
    updateClientParams tlsParams caText
--- a/kubernetes-client/src/Kubernetes/Client/Config.hs
+++ b/kubernetes-client/src/Kubernetes/Client/Config.hs
@@ -68,17 +68,13 @@ mkKubeClientConfig
  -> KubeConfigSource
  -> IO (NH.Manager, K.KubernetesClientConfig)
 mkKubeClientConfig oidcCache (KubeConfigFile f) = do
-  kubeConfigFile <- decodeFileThrow f
-  masterURI <- getCluster kubeConfigFile
-         & fmap server
-         & either (const $ pure "localhost:8080") return
-  tlsParams <- defaultTLSClientParams
-               & fmap (tlsValidation kubeConfigFile)
-               & (>>= (addCACertData kubeConfigFile))
-               & (>>= addCACertFile kubeConfigFile (takeDirectory f))
+  kubeConfig <- decodeFileThrow f
+  masterURI <-  server <$> getCluster kubeConfig
+                & either (const $ pure "localhost:8080") return
+  tlsParams <- configureTLSParams kubeConfig (takeDirectory f)
  clientConfig <- K.newConfig & fmap (setMasterURI masterURI)
  (tlsParamsWithAuth, clientConfigWithAuth) <-
-    case getAuthInfo kubeConfigFile of
+    case getAuthInfo kubeConfig of
      Left _          -> return (tlsParams,clientConfig)
      Right (_, auth) -> applyAuthSettings oidcCache auth (tlsParams, clientConfig)
  mgr <- newManager tlsParamsWithAuth
@@ -112,6 +108,13 @@ newManager cp = NH.newManager (mkManagerSettings (TLSSettings cp) Nothing)
 serviceAccountDir :: FilePath
 serviceAccountDir = "/var/run/secrets/kubernetes.io/serviceaccount"

+configureTLSParams :: Config -> FilePath -> IO TLS.ClientParams
+configureTLSParams cfg dir = do
+  defaultTLS <- defaultTLSClientParams
+  withCACertData <- addCACertData cfg defaultTLS
+  withCACertFile <- addCACertFile cfg dir withCACertData
+  return $ tlsValidation cfg withCACertFile
+
 tlsValidation :: Config -> TLS.ClientParams -> TLS.ClientParams
 tlsValidation cfg tlsParams =
  case getCluster cfg of