Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add login command #3

Closed
bjwswang opened this issue Apr 24, 2023 · 4 comments · Fixed by #15
Closed

add login command #3

bjwswang opened this issue Apr 24, 2023 · 4 comments · Fixed by #15
Assignees
@Abirdcfly
Labels
enhancement New feature or request medium

Comments

@bjwswang
Copy link
Member

bjwswang commented Apr 24, 2023
edited
Loading

  1. bc-cli login命令成功后, 生成config文件 ~/.bestchains/config
apiVersion: v1beta1
cluster:
    server: https://172.22.96.133:6443
     name: xxx
user:
  name: xxx
  idtoken: `xxxxx`
saas:
  depository:
      auth: xxx
      server: https://xxxxx:xxx
  1. 后续所有的CLI调用的参数解析按照如下流程:

1) 首先读取config文件,获取本地配置
2) 读取CLI flags,覆盖本地配置

  1. 如果.authoidc,则需要将idtoken加载到http request header中
@bjwswang bjwswang added enhancement New feature or request medium labels Apr 24, 2023
@Abirdcfly Abirdcfly mentioned this issue May 5, 2023
Merged
@Abirdcfly
Copy link
Member

Abirdcfly commented May 6, 2023
edited
Loading

配置文件:

默认路径 ~/.bestchains/config.yaml,可以通过--config参数修改
样例如下:

auth:
    enable: false  # 是否启用oidc验证,也可通过 --enable-auth 参数修改
    expiry: 1683428084  # oidc token过期时间unix时间戳
    idtoken: eyJhbGciOiJSUzI1NiIsImtpZCI6ImVlZWIyZWUyNzA4ZjU0ZDRkODhjMTMyMzllY2EwYzc2NjM1ODE4NDgifQ.eyJpc3MiOiJodHRwczovL3BvcnRhbC4xNzIuMjIuOTYuMjA5Lm5pcC5pby9vaWRjIiwic3ViIjoiQ2doaWFuZHpkMkZ1WnhJR2F6aHpZM0prIiwiYXVkIjoiYmMtY2xpIiwiZXhwIjoxNjgzNDI3ODY2LCJpYXQiOjE2ODMzNDE0NjYsImF0X2hhc2giOiJxdGhPcmgwa2t1VzRUMDY0MDZwZ1pRIiwiY19oYXNoIjoiejBhczN6MW9QcFJOallvM1JtVWpPZyIsImVtYWlsIjoiYWRtaW5AdGVueGNsb3VkLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJncm91cHMiOlsiaWFtLnRlbnhjbG91ZC5jb20iLCJvYnNldmFiaWxpdHkiLCJyZXNvdXJjZS1yZWFkZXIiLCJiZXN0Y2hhaW5zIl0sIm5hbWUiOiJiandzd2FuZyIsInByZWZlcnJlZF91c2VybmFtZSI6ImJqd3N3YW5nIiwicGhvbmUiOiIiLCJ1c2VyaWQiOiJiandzd2FuZyJ9.OoRvS8lTV5T7hX6IXTIzt9Ne-A44ix10-sYbKOg1Bfk7VX3_WaueMDFjALC7qJ5PZG-m6k_iQZn8dSOgMihwMQAfzJxxpoRbWABSJBS72UZSB18zZKK4mLPKAcEtZUYPFcuQhbR9r12FnokvNnEdd6BrWaIIEGQaYrJgix2HQRdDd6t8s-V3et0dvuWrYLv8HiD06KBUUYNnt1SCI6kuzbzpTLNQFNU86mS7Uq58PmXwXp_MwXZ_PnvmV_GDmg5eEgNLPRmXXryvc4o6Bp_FY5GR8amDqKMwt0m6MWhMOPH2ucYppCi7cUsns-z5068vhDrmTDjguQ6lmwC1m8k-0w
    issuerurl: https://portal.172.22.96.209.nip.io/oidc
    refreshtoken: ChllY3N2a2d6dTM3d2Qzc2F6dnhxb3Q0NHIzEhlhaTZiYnQ0eWZoN3NzcGpjamIyZ2N6eWZ1
saas:
    depository:
        server: https://bc-saas.172.22.96.209.nip.io

使用展示

1. 无验证

option1

2. 有验证,第一次登陆

option2

3. 有验证,但是token未失效。

option3

@bjwswang
Copy link
Member Author

bjwswang commented May 6, 2023

@Abirdcfly 如果我们需要访问k8s资源应该怎么使用这个config?比如,bc-cli get orgs

@Abirdcfly
Copy link
Member

@Abirdcfly 如果我们需要访问 k8s 资源应该怎么使用这个 config?比如,bc-cli get orgs

目前没有这个功能,需要配置里加cluster的地址。安全考虑的话,可能还需要配置证书,因为k8s的证书大部分情况下是自签的。

@bjwswang
Copy link
Member Author

bjwswang commented May 6, 2023

@Abirdcfly 如果我们需要访问 k8s 资源应该怎么使用这个 config?比如,bc-cli get orgs

目前没有这个功能,需要配置里加cluster的地址。安全考虑的话,可能还需要配置证书,因为k8s的证书大部分情况下是自签的。

👌🏻

@bjwswang bjwswang mentioned this issue May 11, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Abirdcfly Abirdcfly

Labels
enhancement New feature or request medium
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: add oidc auth Abirdcfly/bc-cli
2 participants
@Abirdcfly @bjwswang