Merge pull request #1583 from powerkimhub/enhance/kubeconfig-csp-cli-free

[K8S] Support kubeconfig with dynamic token types

Author: cb-spider

api-runtime/common-runtime/ClusterManager.go

@@ -972,6 +972,16 @@ func ListCluster(connectionName string, rsType string) ([]*cres.ClusterInfo, err
 		// set ResourceInfo
 		info.IId = getUserIID(cres.IID{NameId: iidInfo.NameId, SystemId: iidInfo.SystemId})
 
+		// Replace placeholders in kubeconfig with actual values
+		if info.AccessInfo.Kubeconfig != "" {
+			if strings.Contains(info.AccessInfo.Kubeconfig, "CONNECTION_NAME_PLACEHOLDER") {
+				info.AccessInfo.Kubeconfig = strings.ReplaceAll(info.AccessInfo.Kubeconfig, "CONNECTION_NAME_PLACEHOLDER", connectionName)
+			}
+			if strings.Contains(info.AccessInfo.Kubeconfig, "CLUSTER_NAME_PLACEHOLDER") {
+				info.AccessInfo.Kubeconfig = strings.ReplaceAll(info.AccessInfo.Kubeconfig, "CLUSTER_NAME_PLACEHOLDER", iidInfo.NameId)
+			}
+		}
+
 		// set used Resources's userIID
 		err = setResourcesNameId(connectionName, &info)
 		if err != nil {
@@ -1064,6 +1074,16 @@ func GetCluster(connectionName string, rsType string, clusterName string) (*cres
 	// set ResourceInfo
 	info.IId = getUserIID(cres.IID{NameId: iidInfo.NameId, SystemId: iidInfo.SystemId})
 
+	// Replace placeholders in kubeconfig with actual values
+	if info.AccessInfo.Kubeconfig != "" {
+		if strings.Contains(info.AccessInfo.Kubeconfig, "CONNECTION_NAME_PLACEHOLDER") {
+			info.AccessInfo.Kubeconfig = strings.ReplaceAll(info.AccessInfo.Kubeconfig, "CONNECTION_NAME_PLACEHOLDER", connectionName)
+		}
+		if strings.Contains(info.AccessInfo.Kubeconfig, "CLUSTER_NAME_PLACEHOLDER") {
+			info.AccessInfo.Kubeconfig = strings.ReplaceAll(info.AccessInfo.Kubeconfig, "CLUSTER_NAME_PLACEHOLDER", clusterName)
+		}
+	}
+
 	// set used Resources's userIID
 	err = setResourcesNameId(connectionName, &info)
 	if err != nil {
@@ -1074,6 +1094,84 @@ func GetCluster(connectionName string, rsType string, clusterName string) (*cres
 	return &info, nil
 }
 
+// Generate Token for Cluster Authentication
+// (1) get IID(NameId)
+// (2) generate token using driver
+func GenerateClusterToken(connectionName string, clusterName string) (string, error) {
+	cblog.Info("call GenerateClusterToken()")
+
+	// check empty and trim user inputs
+	connectionName, err := EmptyCheckAndTrim("connectionName", connectionName)
+	if err != nil {
+		cblog.Error(err)
+		return "", err
+	}
+
+	if err := checkCapability(connectionName, CLUSTER_HANDLER); err != nil {
+		return "", err
+	}
+
+	clusterName, err = EmptyCheckAndTrim("clusterName", clusterName)
+	if err != nil {
+		cblog.Error(err)
+		return "", err
+	}
+
+	cldConn, err := ccm.GetCloudConnection(connectionName)
+	if err != nil {
+		cblog.Error(err)
+		return "", err
+	}
+
+	handler, err := cldConn.CreateClusterHandler()
+	if err != nil {
+		cblog.Error(err)
+		return "", err
+	}
+
+	clusterSPLock.RLock(connectionName, clusterName)
+	defer clusterSPLock.RUnlock(connectionName, clusterName)
+
+	// (1) get IID(NameId)
+	var iidInfoList []*ClusterIIDInfo
+	if os.Getenv("PERMISSION_BASED_CONTROL_MODE") != "" {
+		err = getAuthIIDInfoList(connectionName, &iidInfoList)
+		if err != nil {
+			cblog.Error(err)
+			return "", err
+		}
+	} else {
+		err = infostore.ListByCondition(&iidInfoList, CONNECTION_NAME_COLUMN, connectionName)
+		if err != nil {
+			cblog.Error(err)
+			return "", err
+		}
+	}
+	var iidInfo *ClusterIIDInfo
+	var bool_ret = false
+	for _, OneIIdInfo := range iidInfoList {
+		if OneIIdInfo.NameId == clusterName {
+			iidInfo = OneIIdInfo
+			bool_ret = true
+			break
+		}
+	}
+	if bool_ret == false {
+		err := fmt.Errorf("The cluster '%s' does not exist!", clusterName)
+		cblog.Error(err)
+		return "", err
+	}
+
+	// (2) generate token using driver
+	token, err := handler.GenerateClusterToken(getDriverIID(cres.IID{NameId: iidInfo.NameId, SystemId: iidInfo.SystemId}))
+	if err != nil {
+		cblog.Error(err)
+		return "", err
+	}
+
+	return token, nil
+}
+
 // (1) check exist(NameID)
 // (2) add NodeGroup
 // (3) Get ClusterInfo

api-runtime/rest-runtime/CBSpiderRuntime.go

@@ -431,6 +431,7 @@ func RunServer() {
 		{"GET", "/cluster", ListCluster},
 		{"GET", "/cluster/:Name", GetCluster},
 		{"DELETE", "/cluster/:Name", DeleteCluster},
+		{"GET", "/cluster/:Name/token", GetClusterToken},
 		//-- for NodeGroup
 		{"POST", "/cluster/:Name/nodegroup", AddNodeGroup},
 		{"DELETE", "/cluster/:Name/nodegroup/:NodeGroupName", RemoveNodeGroup},

api-runtime/rest-runtime/ClusterRest.go

@@ -742,3 +742,60 @@ func convertNodeGroup(ngReq ClusterNodeGroupRequest) cres.NodeGroupInfo {
 	}
 	return nodeGroupInfo
 }
+
+// ClusterTokenResponse represents the response for EKS token
+type ClusterTokenResponse struct {
+	ApiVersion string             `json:"apiVersion" example:"client.authentication.k8s.io/v1"`
+	Kind       string             `json:"kind" example:"ExecCredential"`
+	Status     ClusterTokenStatus `json:"status"`
+}
+
+type ClusterTokenStatus struct {
+	Token string `json:"token" example:"k8s-aws-v1.aHR0cHM6Ly9zdHMuYXA..."`
+}
+
+// getClusterToken godoc
+// @ID get-cluster-token
+// @Summary Get Cluster Token
+// @Description Get a temporary token for accessing EKS cluster (for kubectl exec auth)
+// @Tags [Cluster Management]
+// @Accept  json
+// @Produce  json
+// @Param Name path string true "The name of the Cluster to get token for"
+// @Param ConnectionName query string true "The name of the Connection to use"
+// @Success 200 {object} ClusterTokenResponse "Temporary token for cluster access"
+// @Failure 400 {object} SimpleMsg "Bad Request, missing required parameters"
+// @Failure 404 {object} SimpleMsg "Resource Not Found"
+// @Failure 500 {object} SimpleMsg "Internal Server Error"
+// @Router /cluster/{Name}/token [get]
+func GetClusterToken(c echo.Context) error {
+	cblog.Info("call GetClusterToken()")
+
+	// Get parameters from path and query
+	clusterName := c.Param("Name")
+	if clusterName == "" {
+		return echo.NewHTTPError(http.StatusBadRequest, "clusterName is required")
+	}
+
+	connectionName := c.QueryParam("ConnectionName")
+	if connectionName == "" {
+		return echo.NewHTTPError(http.StatusBadRequest, "ConnectionName is required")
+	}
+
+	// Get cluster info first to validate cluster exists and get token
+	token, err := cmrt.GenerateClusterToken(connectionName, clusterName)
+	if err != nil {
+		return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
+	}
+
+	// Return in kubectl exec credential format
+	response := ClusterTokenResponse{
+		ApiVersion: "client.authentication.k8s.io/v1",
+		Kind:       "ExecCredential",
+		Status: ClusterTokenStatus{
+			Token: token,
+		},
+	}
+
+	return c.JSON(http.StatusOK, response)
+}

api-runtime/rest-runtime/admin-web/html/cluster.html

@@ -1894,10 +1894,38 @@ <h2>System ID (Managed by CSP)</h2>
         }
 
         function copyKubeconfigToClipboard(button) {
-            const kubeconfigText = button.previousElementSibling.textContent; // Grab the kubeconfig value
+            let kubeconfigText = button.previousElementSibling.textContent; // Grab the kubeconfig value
+            
+            // Remove leading/trailing whitespace and normalize line breaks
+            kubeconfigText = kubeconfigText.trim();
+            
+            // Remove excessive leading whitespace from each line while preserving YAML structure
+            const lines = kubeconfigText.split('\n');
+            const cleanLines = [];
+            let minIndent = Infinity;
+            
+            // Find minimum indentation (excluding empty lines)
+            lines.forEach(line => {
+                if (line.trim()) {
+                    const leadingSpaces = line.match(/^\s*/)[0].length;
+                    minIndent = Math.min(minIndent, leadingSpaces);
+                }
+            });
+            
+            // Remove the minimum indentation from all lines
+            lines.forEach(line => {
+                if (line.trim()) {
+                    cleanLines.push(line.substring(minIndent));
+                } else {
+                    cleanLines.push('');
+                }
+            });
+            
+            const cleanKubeconfigText = cleanLines.join('\n').trim();
+            
             const tempInput = document.createElement('textarea'); // Use textarea to handle multi-line text
             document.body.appendChild(tempInput);
-            tempInput.value = kubeconfigText; // Set its value to the kubeconfig YAML text
+            tempInput.value = cleanKubeconfigText; // Set its value to the cleaned kubeconfig YAML text
             tempInput.select(); // Select the text
             document.execCommand('copy'); // Execute the copy command
             document.body.removeChild(tempInput); // Remove the temporary input element            

api/docs.go

@@ -1481,6 +1481,64 @@ const docTemplate = `{
                 }
             }
         },
+        "/cluster/{Name}/token": {
+            "get": {
+                "description": "Get a temporary token for accessing EKS cluster (for kubectl exec auth)",
+                "consumes": [
+                    "application/json"
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "[Cluster Management]"
+                ],
+                "summary": "Get Cluster Token",
+                "operationId": "get-cluster-token",
+                "parameters": [
+                    {
+                        "type": "string",
+                        "description": "The name of the Cluster to get token for",
+                        "name": "Name",
+                        "in": "path",
+                        "required": true
+                    },
+                    {
+                        "type": "string",
+                        "description": "The name of the Connection to use",
+                        "name": "ConnectionName",
+                        "in": "query",
+                        "required": true
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "Temporary token for cluster access",
+                        "schema": {
+                            "$ref": "#/definitions/spider.ClusterTokenResponse"
+                        }
+                    },
+                    "400": {
+                        "description": "Bad Request, missing required parameters",
+                        "schema": {
+                            "$ref": "#/definitions/spider.SimpleMsg"
+                        }
+                    },
+                    "404": {
+                        "description": "Resource Not Found",
+                        "schema": {
+                            "$ref": "#/definitions/spider.SimpleMsg"
+                        }
+                    },
+                    "500": {
+                        "description": "Internal Server Error",
+                        "schema": {
+                            "$ref": "#/definitions/spider.SimpleMsg"
+                        }
+                    }
+                }
+            }
+        },
         "/cluster/{Name}/upgrade": {
             "put": {
                 "description": "Upgrade a Cluster to a specified version.",
@@ -11581,6 +11639,31 @@ const docTemplate = `{
                 }
             }
         },
+        "spider.ClusterTokenResponse": {
+            "type": "object",
+            "properties": {
+                "apiVersion": {
+                    "type": "string",
+                    "example": "client.authentication.k8s.io/v1"
+                },
+                "kind": {
+                    "type": "string",
+                    "example": "ExecCredential"
+                },
+                "status": {
+                    "$ref": "#/definitions/spider.ClusterTokenStatus"
+                }
+            }
+        },
+        "spider.ClusterTokenStatus": {
+            "type": "object",
+            "properties": {
+                "token": {
+                    "type": "string",
+                    "example": "k8s-aws-v1.aHR0cHM6Ly9zdHMuYXA..."
+                }
+            }
+        },
         "spider.ClusterUpgradeRequest": {
             "type": "object",
             "required": [