feat: Use passed in credentials to deploy instead of getting the loca…

…l kube config (#524) * This adds the ability to pass the username, password and apiServer values to the openshift rest client. * Doing so will allow a user to authenticate against a cluster without needing to do an `oc login` first Co-authored-by: Helio Frota <00hf11@gmail.com>
nodeshift · Jan 8, 2021 · 7612ef8 · 7612ef8
1 parent 9027eea
commit 7612ef8
Show file tree

Hide file tree

Showing 7 changed files with 419 additions and 372 deletions.
diff --git a/README.md b/README.md
@@ -162,6 +162,17 @@ Nodeshift expects that your code has a Dockerfile in its root directory.  Then d
 
 This connect to Minikubes docker server, create a new container and then deploy and expose that container with a `Deployment` and `Service`
 
+#### Openshift Rest Client Configuration
+
+Nodeshift uses the [Openshift Rest Client](https://github.com/nodeshift/openshift-rest-client) under the hood to make all REST calls to the cluster.  By default, the rest client will look at your `~/.kube/config` file to authenticate you.  This file will be created when you do an `oc login`.
+
+If you don't want to use `oc` to login first, you can pass in a username, password, and the apiServer of the cluster to authenticate against.  If you are using a cluster with a self-signed certificate(like code ready containers), then you will need to add the `insecure` flag.
+
+Also note, that when accessing the cluster this way,  the namespace will default to `default`.  If you need to target another namespace,  use the `namespace.name` flag.  Just make sure the user you use has the appropriate permissions.
+
+An example of this might look something like this:
+
+`npx nodeshift --username developer --password developer --apiServer https://apiserver_for_cluster --insecure --namespace.name nodejs-examples`
 
 
 ## Advanced Options
@@ -177,6 +188,18 @@ Changes the default location of where to look for your project. Defaults to your
 #### configLocation
 This option is passed through to the [Openshift Rest Client](https://www.npmjs.com/package/openshift-rest-client).  Defaults to the `~/.kube/config`
 
+#### username
+username to pass into the openshift rest client for logging in with the API Server.
+
+#### password
+password to pass into the openshift rest client for logging in with the API Server.
+
+#### apiServer
+apiServer to pass into the openshift rest client for logging in with the API Server.
+
+#### insecure
+flag to pass into the openshift rest client for logging in with a self signed cert.  Only used with apiServer login.  default to false.
+
 #### imageTag
 Specify the tag of the docker image to use for the deployed application. defaults to latest.
 These version tags correspond to the RHSCL tags of the [ubi8/nodejs s2i images](https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/nodejs-10)
@@ -255,6 +278,15 @@ Shows the below help
                            cluster.  At the moment only Minikube is supported.
                                                                                  [boolean]
             --configLocation         change the default location of the config    [string]
+            --username               username to pass into the openshift rest client for
+                                     logging in                                   [string]
+            --password               password to pass into the openshift rest client for
+                                     logging in                                   [string]
+            --apiServer              server address to pass into the openshift rest client
+                                     for logging in                               [string]
+            --insecure               flag to pass into the openshift rest client for
+                                     logging in with a self signed cert.  Only used with
+                                     apiServer login                             [boolean]
             --imageTag           The tag of the docker image to use for the deployed
                                 application.                 [string] [default: "latest"]
             --web-app                flag to automatically set the appropriate docker image

diff --git a/bin/nodeshift b/bin/nodeshift
@@ -50,6 +50,22 @@ yargs
     describe: 'change the default location of the config',
     type: 'string'
   })
+  .options('username', {
+    describe: 'username to pass into the openshift rest client for logging in',
+    type: 'string'
+  })
+  .options('password', {
+    describe: 'password to pass into the openshift rest client for logging in',
+    type: 'string'
+  })
+  .options('apiServer', {
+    describe: 'server address to pass into the openshift rest client for logging in',
+    type: 'string'
+  })
+  .options('insecure', {
+    describe: 'flag to pass into the openshift rest client for logging in with a self signed cert.  Only used with apiServer login',
+    type: 'boolean'
+  })
   .options('dockerImage', {
     describe: 'the s2i image to use, defaults to registry.access.redhat.com/ubi8/nodejs-10',
     type: 'string'
@@ -188,6 +204,12 @@ function createOptions (argv) {
 
   options.useDeployment = argv.useDeployment;
 
+  // Not sure about storing these
+  options.username = argv.username;
+  options.password = argv.password;
+  options.apiServer = argv.apiServer;
+  options.insecure = argv.insecure === true || argv.insecure === 'true';
+
   options.knative = argv.knative === true || argv.knative === 'true';
 
   options.kube = argv.kube === true || argv.kube === 'true';

diff --git a/index.js b/index.js
@@ -12,6 +12,10 @@ const cli = require('./bin/cli');
 
   @param {object} [options] - Options object for the deploy function
   @param {string} [options.projectLocation] - the location(directory) of your projects package.json. Defaults to `process.cwd`
+  @param {string} [options.username] - username to pass into the openshift rest client for logging in with the API Server
+  @param {string} [options.password] - password to pass into the openshift rest client for logging in with the API Server
+  @param {string} [options.apiServer] - apiServer to pass into the openshift rest client for logging in with the API Server
+  @param {string} [options.insecure] - flag to pass into the openshift rest client for logging in with a self signed cert.  Only used with apiServer login.  default to false
   @param {boolean} [options.expose] - Set to true to create a default Route and expose the default service.  defaults to false
   @param {object} [options.namespace] -
   @param {string} [options.namespace.displayName] - flag to specify the project namespace display name to build/deploy into.  Overwrites any namespace settings in your OpenShift or Kubernetes configuration files
@@ -47,6 +51,10 @@ function deploy (options = {}) {
 
   @param {object} [options] - Options object for the resource function
   @param {string} [options.projectLocation] - the location(directory) of your projects package.json. Defaults to `process.cwd`
+  @param {string} [options.username] - username to pass into the openshift rest client for logging in with the API Server
+  @param {string} [options.password] - password to pass into the openshift rest client for logging in with the API Server
+  @param {string} [options.apiServer] - apiServer to pass into the openshift rest client for logging in with the API Server
+  @param {string} [options.insecure] - flag to pass into the openshift rest client for logging in with a self signed cert.  Only used with apiServer login.  default to false
   @param {boolean} [options.expose] - Set to true to create a default Route and expose the default service.  defaults to false
   @param {object} [options.namespace] -
   @param {string} [options.namespace.displayName] - flag to specify the project namespace display name to build/deploy into.  Overwrites any namespace settings in your OpenShift or Kubernetes configuration files
@@ -75,6 +83,10 @@ function resource (options = {}) {
 
   @param {object} [options] - Options object for the apply-resource function
   @param {string} [options.projectLocation] - the location(directory) of your projects package.json. Defaults to `process.cwd`
+  @param {string} [options.username] - username to pass into the openshift rest client for logging in with the API Server
+  @param {string} [options.password] - password to pass into the openshift rest client for logging in with the API Server
+  @param {string} [options.apiServer] - apiServer to pass into the openshift rest client for logging in with the API Server
+  @param {string} [options.insecure] - flag to pass into the openshift rest client for logging in with a self signed cert.  Only used with apiServer login.  default to false
   @param {boolean} [options.expose] - Set to true to create a default Route and expose the default service.  defaults to false
   @param {object} [options.namespace] -
   @param {string} [options.namespace.displayName] - flag to specify the project namespace display name to build/deploy into.  Overwrites any namespace settings in your OpenShift or Kubernetes configuration files
@@ -107,6 +119,10 @@ function applyResource (options = {}) {
 
   @param {object} [options] - Options object for the undeploy function
   @param {string} [options.projectLocation] - the location(directory) of your projects package.json. Defaults to `process.cwd`
+  @param {string} [options.username] - username to pass into the openshift rest client for logging in with the API Server
+  @param {string} [options.password] - password to pass into the openshift rest client for logging in with the API Server
+  @param {string} [options.apiServer] - apiServer to pass into the openshift rest client for logging in with the API Server
+  @param {string} [options.insecure] - flag to pass into the openshift rest client for logging in with a self signed cert.  Only used with apiServer login.  default to false
   @param {object} [options.namespace] -
   @param {string} [options.namespace.displayName] - flag to specify the project namespace display name to build/deploy into.  Overwrites any namespace settings in your OpenShift or Kubernetes configuration files
   @param {boolean} [options.namespace.remove] - flag to remove the user created namespace.  Only applicable for the undeploy command.  Must be used with namespace.name
@@ -139,6 +155,10 @@ function undeploy (options = {}) {
 
   @param {object} [options] - Options object for the build function
   @param {string} [options.projectLocation] - the location(directory) of your projects package.json. Defaults to `process.cwd`
+  @param {string} [options.username] - username to pass into the openshift rest client for logging in with the API Server
+  @param {string} [options.password] - password to pass into the openshift rest client for logging in with the API Server
+  @param {string} [options.apiServer] - apiServer to pass into the openshift rest client for logging in with the API Server
+  @param {string} [options.insecure] - flag to pass into the openshift rest client for logging in with a self signed cert.  Only used with apiServer login.  default to false
   @param {object} [options.namespace] -
   @param {string} [options.namespace.displayName] - flag to specify the project namespace display name to build/deploy into.  Overwrites any namespace settings in your OpenShift or Kubernetes configuration files
   @param {boolean} [options.namespace.create] - flag to create the namespace if it does not exist. Only applicable for the build and deploy command. Must be used with namespace.name

diff --git a/lib/config/nodeshift-config.js b/lib/config/nodeshift-config.js
@@ -37,8 +37,34 @@ async function setup (options = {}) {
 
   logger.info('loading configuration');
   const projectPackage = JSON.parse(await readFile(`${options.projectLocation}/package.json`, { encoding: 'utf8' }));
+  let restClientConfig;
+
   // If there is a configLocation string, pass it in
-  const restClient = await openshiftRestClient({ config: options.configLocation, loadSpecFromCluster: options.knative });
+  if (options.configLocation) {
+    restClientConfig = options.configLocation;
+  } else if (options.apiServer) {
+    // pass in the apiServer, username and password if one is specified
+    /*
+      should look a little like this:
+      const config = {
+        url: '',
+        auth: {
+          username: '',
+          password: ''
+        }
+      }
+    */
+    restClientConfig = {
+      url: options.apiServer,
+      auth: {
+        username: options.username,
+        password: options.password
+      },
+      insecureSkipTlsVerify: options.insecure
+    };
+  }
+
+  const restClient = await openshiftRestClient({ config: restClientConfig, loadSpecFromCluster: options.knative });
 
   // TODO(lholmquist): If knative is flagged, lets check that they have the API we need to use
 
@@ -50,7 +76,7 @@ async function setup (options = {}) {
   const currentCluster = contexts.find(context => context.name === currentContext);
   const config = {
     namespace: {
-      name: currentCluster.namespace
+      name: currentCluster.namespace || 'default'
     }
   };
 
@@ -74,9 +100,6 @@ async function setup (options = {}) {
   if (options.kube) {
     logger.info('Using the kubernetes flag.');
 
-    // Assume Default namespace for now
-    config.namespace.name = 'default';
-
     // Assume minikube for now
     // TODO(lholmquist): other kube flavors
     const kubeEnvVars = await kubernetesConfig();