github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 19:56:01 +00:00
Code Issues Projects Releases Wiki Activity

fix get-kube authorization headers

Browse Source
This commit is contained in:
Benjamin Elder 2020-02-20 14:07:14 -08:00
parent afa72e93cd
commit f90726a6a6
2 changed files with 4 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
cluster/get-kube-binaries.sh
View File

@ -143,17 +143,6 @@ function sha1sum_file() {
fi fi
} }
# Get default service account credentials of the VM.
GCE_METADATA_INTERNAL="http://metadata.google.internal/computeMetadata/v1/instance"
function get-credentials {
curl "${GCE_METADATA_INTERNAL}/service-accounts/default/token" -H "Metadata-Flavor: Google" -s | python -c \
'import sys; import json; print(json.loads(sys.stdin.read())["access_token"])'
}
function valid-storage-scope {
curl "${GCE_METADATA_INTERNAL}/service-accounts/default/scopes" -H "Metadata-Flavor: Google" -s | grep -E "auth/devstorage|auth/cloud-platform"
}
function download_tarball() { function download_tarball() {
local -r download_path="$1" local -r download_path="$1"
local -r file="$2" local -r file="$2"
@ -168,8 +157,8 @@ function download_tarball() {
# if the url belongs to GCS API we should use oauth2_token in the headers # if the url belongs to GCS API we should use oauth2_token in the headers
curl_headers="" curl_headers=""
if { [[ "${KUBERNETES_PROVIDER:-gce}" == "gce" ]] || [[ "${KUBERNETES_PROVIDER}" == "gke" ]] ; } && if { [[ "${KUBERNETES_PROVIDER:-gce}" == "gce" ]] || [[ "${KUBERNETES_PROVIDER}" == "gke" ]] ; } &&
[[ "$url" =~ ^https://storage.googleapis.com.* ]] && valid-storage-scope ; then [[ "$url" =~ ^https://storage.googleapis.com.* ]]; then
curl_headers="Authorization: Bearer $(get-credentials)" curl_headers="Authorization: Bearer $(gcloud auth print-access-token)"
fi fi
curl ${curl_headers:+-H "${curl_headers}"} -fL --retry 3 --keepalive-time 2 "${url}" -o "${download_path}/${file}" curl ${curl_headers:+-H "${curl_headers}"} -fL --retry 3 --keepalive-time 2 "${url}" -o "${download_path}/${file}"
elif [[ $(which wget) ]]; then elif [[ $(which wget) ]]; then

11
cluster/get-kube.sh
View File

@ -122,13 +122,6 @@ function create_cluster {
) )
} }
# Get default service account credentials of the VM.
GCE_METADATA_INTERNAL="http://metadata.google.internal/computeMetadata/v1/instance"
function get-credentials {
curl "${GCE_METADATA_INTERNAL}/service-accounts/default/token" -H "Metadata-Flavor: Google" -s | python -c \
'import sys; import json; print(json.loads(sys.stdin.read())["access_token"])'
}
function valid-storage-scope { function valid-storage-scope {
curl "${GCE_METADATA_INTERNAL}/service-accounts/default/scopes" -H "Metadata-Flavor: Google" -s | grep -E "auth/devstorage|auth/cloud-platform" curl "${GCE_METADATA_INTERNAL}/service-accounts/default/scopes" -H "Metadata-Flavor: Google" -s | grep -E "auth/devstorage|auth/cloud-platform"
} }
@ -242,8 +235,8 @@ if "${need_download}"; then
# if the url belongs to GCS API we should use oauth2_token in the headers # if the url belongs to GCS API we should use oauth2_token in the headers
curl_headers="" curl_headers=""
if { [[ "${KUBERNETES_PROVIDER:-gce}" == "gce" ]] || [[ "${KUBERNETES_PROVIDER}" == "gke" ]] ; } && if { [[ "${KUBERNETES_PROVIDER:-gce}" == "gce" ]] || [[ "${KUBERNETES_PROVIDER}" == "gke" ]] ; } &&
[[ "$kubernetes_tar_url" =~ ^https://storage.googleapis.com.* ]] && valid-storage-scope ; then [[ "$kubernetes_tar_url" =~ ^https://storage.googleapis.com.* ]] ; then
curl_headers="Authorization: Bearer $(get-credentials)" curl_headers="Authorization: Bearer $(gcloud auth print-access-token)"
fi fi
curl ${curl_headers:+-H "${curl_headers}"} -fL --retry 3 --keepalive-time 2 "${kubernetes_tar_url}" -o "${file}" curl ${curl_headers:+-H "${curl_headers}"} -fL --retry 3 --keepalive-time 2 "${kubernetes_tar_url}" -o "${file}"
elif [[ $(which wget) ]]; then elif [[ $(which wget) ]]; then