package authenticator import ( "strings" "github.com/k3s-io/k3s/pkg/authenticator/basicauth" "github.com/k3s-io/k3s/pkg/authenticator/passwordfile" "k8s.io/apiserver/pkg/authentication/authenticator" "k8s.io/apiserver/pkg/authentication/group" "k8s.io/apiserver/pkg/authentication/request/union" "k8s.io/apiserver/pkg/authentication/request/x509" "k8s.io/apiserver/pkg/server/dynamiccertificates" ) func FromArgs(args []string) (authenticator.Request, error) { var authenticators []authenticator.Request basicFile := getArg("--basic-auth-file", args) if basicFile != "" { basicAuthenticator, err := passwordfile.NewCSV(basicFile) if err != nil { return nil, err } authenticators = append(authenticators, basicauth.New(basicAuthenticator)) } clientCA := getArg("--client-ca-file", args) if clientCA != "" { ca, err := dynamiccertificates.NewDynamicCAContentFromFile("client-ca", clientCA) if err != nil { return nil, err } authenticators = append(authenticators, x509.NewDynamic(ca.VerifyOptions, x509.CommonNameUserConversion)) } return Combine(authenticators...), nil } func getArg(key string, args []string) string { for _, arg := range args { if !strings.HasPrefix(arg, key) { continue } return strings.SplitN(arg, "=", 2)[1] } return "" } func Combine(auths ...authenticator.Request) authenticator.Request { var authenticators []authenticator.Request for _, auth := range auths { if auth != nil { authenticators = append(authenticators, auth) } } return group.NewAuthenticatedGroupAdder(union.New(authenticators...)) }