Merge pull request #19 from observatorium/apiserver_query_parameter

API: handle API server query parameter
observatorium · Jun 12, 2024 · bd86c2c · bd86c2c
2 parents 57e2544 + 0efcd78
commit bd86c2c
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 2 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -67,6 +67,8 @@ jobs:
         kubectl --kubeconfig kubeconfig get pods
         sleep 5
         [ $(kubectl get ns | grep np- | wc -l) -eq 0 ]
+        ! curl localhost:8080/api/v1/namespace?server=foo -X POST -H "Authorization: bearer PASSWORD" --fail
+        curl localhost:8080/api/v1/namespace?server=https://example.com -X POST -H "Authorization: bearer PASSWORD" | grep --quiet --fixed-strings "server: https://example.com"
     - name: Debug failure
       if: failure()
       run: |

diff --git a/README.md b/README.md
@@ -31,7 +31,7 @@ The Namespace Provisioner runs an API server over HTTP that exposes two API endp
 The Namespace creation endpoint accepts the following optional query parameters:
 1. `ttl`: the duration, e.g. `30s`, `5m`, `1h`, that the Namespace should exist in the Kubernetes cluster; if 0 is given, then the Namespace Provisioner’s default lifetime is applied.
 All provisioned Namespaces will be labeled with a Unix timestamp equal to the current time plus this duration; and
-1. `url`; the URL of the Kubernetes API that the generated Kubeconfig should use.
+1. `server`; the URL of the Kubernetes API that the generated Kubeconfig should use.
 
 The Namespace creation endpoint responds with the following data:
 1. A Kubeconfig with scoped privileges for the provisioned Namespace using the provided RBAC Role and the Kubernetes API URL provided in the creation request.

diff --git a/server.go b/server.go
@@ -108,6 +108,14 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
+	server := h.apiServerURL
+	if r.URL.Query().Has("server") {
+		if server, err = url.Parse(r.URL.Query().Get("server")); err != nil {
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+	}
+
 	namespace := fmt.Sprintf("%s-%s", h.prefix, uuid.Must(uuid.NewUUID()).String())
 	ns := &v1.Namespace{
 		ObjectMeta: metav1.ObjectMeta{
@@ -217,7 +225,7 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) {
 	config.APIVersion = apiv1.SchemeGroupVersion.Version
 	config.Kind = "Config"
 	config.Clusters[np] = &api.Cluster{
-		Server:                   h.apiServerURL.String(),
+		Server:                   server.String(),
 		CertificateAuthorityData: caCert,
 	}
 	config.AuthInfos[np] = &api.AuthInfo{