anroots/openshift-username-auth.py

## openshift-username-auth.py
# Example on how to use openshift-restclient-python
# (https://github.com/openshift/openshift-restclient-python)
# without having a local ~/.kube/config file - all params
# are in Python code.
#
# We needed a way to connect to an Openshift3 cluster from Python,
# without external dependencies (config file), but couldn't find
# a way to do this (to get a token using username/password) from the library documentation.
#
# Note #1: Logout is not implemented, the token stays valid
#          after the code executes (default time 24h?)
#
# Note #2: It would be Epic, if the library implemented/documented
#          a way to request a new token with user/pass using native library methods,
#          unfortunately, as of now, it's not possible/well documented.
#
# Ando Roots <ando@sqroot.eu> 2018

from openshift.client import ApiClient, Configuration
from openshift.dynamic import DynamicClient
import requests
from requests.auth import HTTPBasicAuth
import urlparse
import sys

# Openshift cluster connection settings
# Refactor this however you need - for example, use an environment
# variable to insert the password
config = Configuration()
config.host = 'https://os3-cluster.atlantis:8443'
config.username = 'rodney.mckay'
config.password = 'cartermckay'
config.ssl_ca_cert = '/etc/ssl/ca/atlantis.crt'

try:
    # Request a new access token
    token_response = requests.get(
        '%s/oauth/authorize' % config.host,
        allow_redirects=False,
        verify=config.ssl_ca_cert,
        auth=HTTPBasicAuth(config.username, config.password),
        params={'client_id': 'openshift-challenging-client', 'response_type': 'token'},
        headers={'X-CSRF-Token': 'x'}
    )

except requests.exceptions.ConnectionError as e:
    print("Unable to connect to OS3 cluster at %s: %s", (config.host, str(e)))
    sys.exit(1)

if token_response.status_code != 302:
    print("Failed to get a Token from OS3: HTTP %s" % token_response.status_code)
    sys.exit(1)

# Extract received token from Location header Fragment
parsed = urlparse.urlparse(token_response.headers.get('Location'))
token = urlparse.parse_qs(parsed.fragment).get('access_token', []).pop()

# Set received token to OS3 library Config - we are now authenticated
config.api_key_prefix['authorization'] = 'Bearer'
config.api_key['authorization'] = token

client = ApiClient(configuration=config)
dyn_client = DynamicClient(client)

# Do whatever OS3 queries you want, using the library
v1_projects = dyn_client.resources.get(api_version='v1', kind='Project')
print(v1_projects.get())
	# Example on how to use openshift-restclient-python
	# (https://github.com/openshift/openshift-restclient-python)
	# without having a local ~/.kube/config file - all params
	# are in Python code.
	#
	# We needed a way to connect to an Openshift3 cluster from Python,
	# without external dependencies (config file), but couldn't find
	# a way to do this (to get a token using username/password) from the library documentation.
	#
	# Note #1: Logout is not implemented, the token stays valid
	# after the code executes (default time 24h?)
	#
	# Note #2: It would be Epic, if the library implemented/documented
	# a way to request a new token with user/pass using native library methods,
	# unfortunately, as of now, it's not possible/well documented.
	#
	# Ando Roots <ando@sqroot.eu> 2018

	from openshift.client import ApiClient, Configuration
	from openshift.dynamic import DynamicClient
	import requests
	from requests.auth import HTTPBasicAuth
	import urlparse
	import sys

	# Openshift cluster connection settings
	# Refactor this however you need - for example, use an environment
	# variable to insert the password
	config = Configuration()
	config.host = 'https://os3-cluster.atlantis:8443'
	config.username = 'rodney.mckay'
	config.password = 'cartermckay'
	config.ssl_ca_cert = '/etc/ssl/ca/atlantis.crt'

	try:
	# Request a new access token
	token_response = requests.get(
	'%s/oauth/authorize' % config.host,
	allow_redirects=False,
	verify=config.ssl_ca_cert,
	auth=HTTPBasicAuth(config.username, config.password),
	params={'client_id': 'openshift-challenging-client', 'response_type': 'token'},
	headers={'X-CSRF-Token': 'x'}
	)

	except requests.exceptions.ConnectionError as e:
	print("Unable to connect to OS3 cluster at %s: %s", (config.host, str(e)))
	sys.exit(1)

	if token_response.status_code != 302:
	print("Failed to get a Token from OS3: HTTP %s" % token_response.status_code)
	sys.exit(1)

	# Extract received token from Location header Fragment
	parsed = urlparse.urlparse(token_response.headers.get('Location'))
	token = urlparse.parse_qs(parsed.fragment).get('access_token', []).pop()

	# Set received token to OS3 library Config - we are now authenticated
	config.api_key_prefix['authorization'] = 'Bearer'
	config.api_key['authorization'] = token

	client = ApiClient(configuration=config)
	dyn_client = DynamicClient(client)

	# Do whatever OS3 queries you want, using the library
	v1_projects = dyn_client.resources.get(api_version='v1', kind='Project')
	print(v1_projects.get())