Initial commit
This commit is contained in:
Zhongwei Li
68
skills/oc-auth/curl_with_token.sh
Executable file
68
skills/oc-auth/curl_with_token.sh
Executable file
@@ -0,0 +1,68 @@
|
||||
#!/bin/bash
|
||||
# Curl wrapper that automatically adds OAuth token from specified cluster
|
||||
# Usage: curl_with_token.sh <cluster_api_url> [curl arguments...]
|
||||
# cluster_api_url: Full API server URL (e.g., https://api.ci.l2s4.p1.openshiftapps.com:6443)
|
||||
#
|
||||
# The token is retrieved and added as "Authorization: Bearer <token>" header
|
||||
# automatically, so it never appears in output or command history.
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
if [ $# -lt 2 ]; then
|
||||
echo "Usage: $0 <cluster_api_url> [curl arguments...]" >&2
|
||||
echo "cluster_api_url: Full API server URL" >&2
|
||||
echo "Example: $0 https://api.ci.l2s4.p1.openshiftapps.com:6443 -X GET https://api.example.com/endpoint" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
CLUSTER_API_URL="$1"
|
||||
shift # Remove cluster_api_url from arguments
|
||||
|
||||
# Extract the cluster API server without protocol for matching
|
||||
CLUSTER_SERVER=$(echo "$CLUSTER_API_URL" | sed -E 's|^https?://||')
|
||||
|
||||
# Find the context for the specified cluster by matching the server URL
|
||||
CONTEXT=$(oc config get-contexts -o name 2>/dev/null | while read -r ctx; do
|
||||
server=$(oc config view -o jsonpath="{.clusters[?(@.name=='$(oc config view -o jsonpath="{.contexts[?(@.name=='$ctx')].context.cluster}" 2>/dev/null)')].cluster.server}" 2>/dev/null || echo "")
|
||||
# Extract server without protocol for comparison
|
||||
server_clean=$(echo "$server" | sed -E 's|^https?://||')
|
||||
if [ "$server_clean" = "$CLUSTER_SERVER" ]; then
|
||||
echo "$ctx"
|
||||
break
|
||||
fi
|
||||
done)
|
||||
|
||||
if [ -z "$CONTEXT" ]; then
|
||||
# Generate console URL from API URL
|
||||
# Transform: https://api.{subdomain}.{domain}:6443 -> https://console-openshift-console.apps.{subdomain}.{domain}/
|
||||
CONSOLE_URL=$(echo "$CLUSTER_API_URL" | sed -E 's|https://api\.(.*):6443|https://console-openshift-console.apps.\1/|')
|
||||
|
||||
echo "Error: No oc context found for cluster with API server: $CLUSTER_API_URL" >&2
|
||||
echo "" >&2
|
||||
echo "Please authenticate first:" >&2
|
||||
echo "1. Visit the cluster's console URL in your browser:" >&2
|
||||
echo " $CONSOLE_URL" >&2
|
||||
echo "2. Log in through the browser with your credentials" >&2
|
||||
echo "3. Click on username → 'Copy login command'" >&2
|
||||
echo "4. Paste and execute the 'oc login' command in terminal" >&2
|
||||
echo "" >&2
|
||||
echo "Verify authentication with:" >&2
|
||||
echo " oc config get-contexts" >&2
|
||||
echo " oc cluster-info" >&2
|
||||
echo "" >&2
|
||||
echo "The oc login command should connect to: $CLUSTER_API_URL" >&2
|
||||
exit 2
|
||||
fi
|
||||
|
||||
# Get token from the context
|
||||
TOKEN=$(oc whoami -t --context="$CONTEXT" 2>/dev/null || echo "")
|
||||
|
||||
if [ -z "$TOKEN" ]; then
|
||||
echo "Error: Failed to retrieve token from context $CONTEXT" >&2
|
||||
echo "Please re-authenticate to the cluster: $CLUSTER_API_URL" >&2
|
||||
exit 3
|
||||
fi
|
||||
|
||||
# Execute curl with the Authorization header and all provided arguments
|
||||
exec curl -H "Authorization: Bearer $TOKEN" "$@"
|
||||
|
||||
Reference in New Issue
Block a user