Merge pull request openshift#1507 from squat/federation_list_clusters

server: list federation clusters
jeremyary · May 19, 2017 · b5bc2c6 · b5bc2c6
2 parents b3f1a10 + cbb3ff8
commit b5bc2c6
Show file tree

Hide file tree

Showing 4 changed files with 91 additions and 0 deletions.
diff --git a/server/context.go b/server/context.go
@@ -0,0 +1,44 @@
+package server
+
+import (
+ "context"
+ "errors"
+ "net/http"
+ "net/url"
+)
+
+type contextKey int
+
+const federationConfigKey = contextKey(0)
+
+// federationConfigFromContext returns the federation configuration from a given context.
+func federationConfigFromContext(ctx context.Context) (*federationConfig, error) {
+ f, ok := ctx.Value(federationConfigKey).(*federationConfig)
+ if !ok {
+ return nil, errors.New("the given context has no federation config value")
+ }
+ return f, nil
+}
+
+// withFederationConfig returns a copy of the given context with the federation configuration added.
+func withFederationConfig(ctx context.Context, r *http.Request) (context.Context, error) {
+ urlString := r.Header.Get("X-Tectonic-Federation-Url")
+ if urlString == "" {
+ return nil, errors.New("request must include a url")
+ }
+
+ u, err := url.Parse(urlString)
+ if err != nil {
+ return nil, errors.New("failed to parse federation apiserver url")
+ }
+
+ token := r.Header.Get("X-Tectonic-Federation-Token")
+ if token == "" {
+ return nil, errors.New("request must include a token")
+ }
+ f := federationConfig{
+ token: token,
+ url: u,
+ }
+ return context.WithValue(ctx, federationConfigKey, &f), nil
+}
diff --git a/server/federation.go b/server/federation.go
@@ -0,0 +1,33 @@
+package server
+
+import (
+ "crypto/tls"
+ "fmt"
+ "net/http"
+ "net/url"
+
+ "github.com/coreos-inc/bridge/pkg/proxy"
+)
+
+// federationConfig holds the configuration values needed to proxy requests to
+// a federation API server.
+type federationConfig struct {
+ token string
+ url *url.URL
+}
+
+var federationProxyConfig = &proxy.Config{
+ TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+ Director: func(r *http.Request) {
+ f, err := federationConfigFromContext(r.Context())
+ if err != nil {
+ plog.Errorf("failed to get federation config from context: %v", err)
+ return
+ }
+ r.Host = f.url.Host
+ r.URL.Host = f.url.Host
+ r.URL.Path = proxy.SingleJoiningSlash(f.url.Path, r.URL.Path)
+ r.URL.Scheme = f.url.Scheme
+ r.Header.Add("Authorization", fmt.Sprintf("bearer %s", f.token))
+ },
+}
diff --git a/server/middleware.go b/server/middleware.go
@@ -29,3 +29,15 @@ func authMiddleware(a *auth.Authenticator, hdlr http.Handler) http.HandlerFunc {
  hdlr.ServeHTTP(w, r)
  }
 }
+
+// federationMiddleware wraps the given handler and adds a federation configuration to the contexts of all served requests.
+func federationMiddleware(h http.Handler) http.HandlerFunc {
+ return func(w http.ResponseWriter, r *http.Request) {
+ ctx, err := withFederationConfig(r.Context(), r)
+ if err != nil {
+ sendError(w, http.StatusBadRequest, err)
+ return
+ }
+ h.ServeHTTP(w, r.WithContext(ctx))
+ }
+}
diff --git a/server/server.go b/server/server.go
@@ -87,12 +87,14 @@ func (s *Server) HTTPHandler() http.Handler {
  if !s.AuthDisabled() {
  k8sHandler = authMiddleware(s.Auther, k8sHandler)
  }
+ var federationHandler http.Handler = proxy.NewProxy(federationProxyConfig)
  handle := func(path string, handler http.Handler) {
  mux.Handle(proxy.SingleJoiningSlash(s.BaseURL.Path, path), handler)
  }
  handleFunc := func(path string, handler http.HandlerFunc) { handle(path, handler) }
 
  handle("/api/kubernetes/", http.StripPrefix(proxy.SingleJoiningSlash(s.BaseURL.Path, "/api/kubernetes/"), k8sHandler))
+ handle("/api/federation/", federationMiddleware(http.StripPrefix(proxy.SingleJoiningSlash(s.BaseURL.Path, "/api/federation/"), federationHandler)))
 
  if !s.AuthDisabled() {
  handleFunc(AuthLoginEndpoint, s.Auther.LoginFunc)