Created
January 22, 2021 01:19
-
-
Save mlbiam/3543c4a9be2b24cff2d0098e03ce7de6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import logging | |
| from urllib.parse import urlparse | |
| from urllib.parse import parse_qs | |
| import json | |
| from os import system | |
| from kubernetes import client, config | |
| #logging.basicConfig(level=logging.DEBUG) | |
| def get_openunison_token_from_okta(okta_domain,username,password,openunison_host): | |
| s = requests.Session() | |
| # initiate the request | |
| response = s.get("https://" + openunison_host + "/k8stoken/token/user") | |
| # get the url from the okta login page | |
| parsed_url = urlparse(response.url) | |
| query_string = parsed_url.query | |
| query = parse_qs(query_string) | |
| # generate a redirect | |
| full_redirect_url = "https://" + okta_domain + query['fromURI'][0] | |
| # login to Okta | |
| okta_url = "https://" + okta_domain + "/api/v1/authn" | |
| payload = json.dumps({ | |
| "password": password , | |
| "username": username , | |
| "options": { | |
| "warnBeforePasswordExpired": True, | |
| "multiOptionalFactorEnroll": False | |
| } | |
| }) | |
| headers = { | |
| 'Accept': 'application/json', | |
| 'Content-Type': 'application/json' | |
| } | |
| response = s.post(okta_url, headers=headers, data = payload) | |
| okta_token = response.json()["sessionToken"] | |
| # finish login, redirect to token page | |
| finish_login_url = "https://" + okta_domain + "/login/sessionCookieRedirect?checkAccountSetupComplete=true&token=" + okta_token + "&redirectUrl=" + full_redirect_url | |
| response = s.get(finish_login_url) | |
| return json.loads(response.content) | |
| # Load the token from openunison | |
| openunison_token = get_openunison_token_from_okta("xyz.okta.com","user@domain.com","password","k8sou.apps.domain.com") | |
| # get the command that will generate a full kubectl configuration file | |
| kubectl_cmd = openunison_token['token']['kubectl Command'] | |
| # create the kubectl configuration | |
| system(kubectl_cmd) | |
| # do something with the python client | |
| config.load_kube_config() | |
| v1 = client.CoreV1Api() | |
| print("Listing pods with their IPs:") | |
| ret = v1.list_pod_for_all_namespaces(watch=False) | |
| for i in ret.items: | |
| print("%s\t%s\t%s" % (i.status.pod_ip, i.metadata.namespace, i.metadata.name)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment