Skip to content
Snippets Groups Projects

keystone authn script

  • Clone with SSH
  • Clone with HTTPS
  • Embed
  • Share
    The snippet can be accessed without any authentication.
    Authored by John-Paul Robinson
    Edited
    app_cred_auth.sh 1.14 KiB
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41 
    #!/bin/bash

# this is a auth client that expectes keystone app creds loaded into the env
# it will be used by kubectl and automatically get user tokens
# see following for infomation on how to use external authenticator
# https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins

get_keystone_token () 
{ 
    data='{
    "auth": {
        "identity": {
            "methods": [
                "application_credential"
            ],
            "application_credential": {
                "id": "'"${OS_APPLICATION_CREDENTIAL_ID}"'",
                "secret": "'"${OS_APPLICATION_CREDENTIAL_SECRET}"'"
            }
        }
    }
}';
    token=$(curl -k -s -i -H "Content-Type: application/json" -d "${data}" "${OS_AUTH_URL}/auth/tokens" |grep 'X-Subject-Token');
    if [ -z "$token" ]; then
        echo "Invalid authentication information";
    else
        echo $(echo ${token} | awk -F ': ' '{print $2}' | sed -e 's/[[:space:]]*$//');
    fi
}

token=`get_keystone_token`

cat << EOF
{
  "apiVersion": "client.authentication.k8s.io/v1",
  "kind": "ExecCredential",
  "status": {
    "token": "$token"
  }
}
EOF
    0% or .
    You are about to add 0 people to the discussion. Proceed with caution.
    Finish editing this message first!
    Please register or to comment