Openshift 需要通过bearer token的方式和API进行调用,比如基于Postman就可以了解到,输入bearer token后

1.如何获取Bearer Token

但Bearer Token如何获取是个巨大的问题,一般来说有两种方式

1.基于oc命令行,如

[root@master ~]# oc login -u admin

Logged into "https://master.example.com:8443" as "admin" using existing credentials.

You have access to the following projects and can switch between them with 'oc project <projectname>':

  * default

    kube-public

    kube-service-catalog

    kube-system

    management-infra

    openshift

    openshift-ansible-service-broker

    openshift-console

    openshift-infra

    openshift-logging

    openshift-monitoring

    openshift-node

    openshift-sdn

    openshift-template-service-broker

    openshift-web-console

    scdf

Using project "default".

[root@master ~]# oc whoami -t

9GLqCn9yL61TyzRjidM2GRgL-S10z0JSato9Puie70I

2.基于curl命令

[root@node1 ~]# curl -u admin:welcome1 -kv  -H "X-CSRF-Token: xxx" 'https://master.example.com:8443/oauth/authorize?client_id=openshift-challenging-client&response_type=token'

* About to connect() to master.example.com port  (#)

*   Trying 192.168.56.103...

* Connected to master.example.com (192.168.56.103) port  (#)

* Initializing NSS with certpath: sql:/etc/pki/nssdb

* skipping SSL peer certificate verification

* NSS: client certificate not found (nickname not specified)

* SSL connection using TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

* Server certificate:

*     subject: CN=172.30.0.1

*     start date: Nov  ::  GMT

*     expire date: Nov  ::  GMT

*     common name: 172.30.0.1

*     issuer: CN=openshift-signer@

* Server auth using Basic with user 'admin'

> GET /oauth/authorize?client_id=openshift-challenging-client&response_type=token HTTP/1.1

> Authorization: Basic YWRtaW46d2VsY29tZTE=

> User-Agent: curl/7.29.

> Host: master.example.com:

> Accept: */*

> X-CSRF-Token: xxx

>

< HTTP/1.1 302 Found

< Cache-Control: no-cache, no-store, max-age=0, must-revalidate

< Expires: Fri, 01 Jan 1990 00:00:00 GMT

< Location: https://master.example.com:8443/oauth/token/implicit#access_token=iVwykQc-qqsO245VJ9TIZq_lIL31G1mTM2GJHTPFfkI&expires_in=86400&scope=user%3Afull&token_type=Bearer

< Pragma: no-cache

< Set-Cookie: ssn=MTU0NDAyNDU1OXxnZV9UaWN5QlpFZ2RULW5vY3o2dVp4SU5WVWZkbWxNd0xfUnFCVzlmRndBSS1Wb2JzY3ZJZHFYb1BPWDNqTWVMV2FjbkJ0bmtlemRMMnpDZ3FSLWUtb0lieVBJQjF0dS1nSWJiZUJrYlFLSngxYVZBa085MUN3VVJkZHJyM2FiNjU1MWkwa3RwcGtHdmJvSmhreWpfRW1MQlFuanYyeEdTcTAybDVuREtEcl9mMHhlXzVYdE5LdG5vNHpKa2QxeGMzczRKRHhzOXzT_k_wyIvwJz72RH5SJor7WYJ3lasYsoVFcdQ6phk75g==; Path=/; HttpOnly; Secure

< Date: Wed, 05 Dec 2018 15:42:39 GMT

< Content-Length: 0

<

* Connection #0 to host master.example.com left intact

一直想通过rest去掉通,尝试很久,最后得到的是如下错误

You have reached this page by following a redirect Location header from an OAuth authorize request.

If a response_type=token parameter was passed to the /authorize endpoint, that requested an

"Implicit Grant" OAuth flow (see https://tools.ietf.org/html/rfc6749#section-4.2).

That flow requires the access token to be returned in the fragment portion of a redirect header.

Rather than following the redirect here, you can obtain the access token from the Location header

(see https://tools.ietf.org/html/rfc6749#section-4.2.2):

  . Parse the URL in the Location header and extract the fragment portion

  . Parse the fragment using the "application/x-www-form-urlencoded" format

  . The access_token parameter contains the granted OAuth access token

解决办法:

通过运行一个java程序,通过后端的shell去获取,代码如下:

import java.io.InputStreamReader;

public class getToken {

    public void getocpToken() {

        try {

        //Process process = Runtime.getRuntime().exec("curl -u admin:welcome1 -kv -H \"X-CSRF-Token: xxx\" 'https://master.example.com:8443/oauth/authorize?client_id=openshift-challenging-client&response_type=token'");

        Process process = Runtime.getRuntime().exec("/root/curl.sh");

        BufferedReader input = new BufferedReader(new InputStreamReader(process.getInputStream()));

        String line = "";

        while ((line = input.readLine()) != null) {

            System.out.println(line);

        }

        input.close();

        } catch (Exception e){

            e.printStackTrace();

        }

    }

    public static void main(String[] args) {

        // TODO Auto-generated method stub

        getToken sample = new getToken();

        sample.getocpToken();

    }

}

简单说就是调用了curl.sh脚本,这个脚本是长下面这个样的

[root@master ~]# cat curl.sh

curl -u admin:welcome1 -kv --silent -H "X-CSRF-Token: xxx" 'https://master.example.com:8443/oauth/authorize?client_id=openshift-challenging-client&response_type=token' >& | grep access_token | awk -F '=' '{print $2}' | awk -F '&' '{print $1}'

运行结果如下:

[root@master ~]# java getToken

oWcKCjuSfbDaJqbLNeLCP67GuR-lAXmjSPyBplWRbvE

这种方式最大的好处是通过http去获取,这样不需要依赖于oc等命令和环境变量,正是因为通过http,而且用curl,所以也可以进行容器化,在容器中运行。

2.通过代码去删除Pod

需要注意事项

  • 搞定免证书的SSL调用
  • 传入bearer token

一切就很顺利了,贴一下代码

HttpDemo.java

import java.io.BufferedReader;

import java.io.IOException;

import java.io.InputStream;

import java.io.InputStreamReader;

import java.io.UnsupportedEncodingException;

import java.net.HttpURLConnection;

import java.net.MalformedURLException;

import java.net.URL;

import java.util.LinkedHashMap;

import java.util.Map;

import javax.net.ssl.HttpsURLConnection;

import org.apache.commons.codec.binary.Base64;

public class HttpDemo {

    private static final String SYS_VULLN_URL_JSON="https://master.example.com:8443/api/v1/namespaces/scdf/pods/kafka-broker-1-9qdqn";

    public static void httpGet(){

        StringBuffer tempStr = new StringBuffer();

        String responseContent="";

       HttpURLConnection conn = null;

        try {

            URL url = new URL(SYS_VULLN_URL_JSON);

            if("https".equalsIgnoreCase(url.getProtocol())){

                SslUtils.ignoreSsl();

            }

            HttpsURLConnection https = (HttpsURLConnection)url.openConnection();

            https.setRequestMethod("DELETE");

            https.setRequestProperty("Authorization", "Bearer 9GLqCn9yL61TyzRjidM2GRgL-S10z0JSato9Puie70I");

            String result = getReturn(https);

            System.out.println(result);

         } catch (UnsupportedEncodingException e) {

            e.printStackTrace();

        } catch (MalformedURLException e) {

            e.printStackTrace();

        } catch (IOException e) {

            e.printStackTrace();

        } catch(Exception e){

            e.printStackTrace();

        }

    }

    /**

 * Trust every server - dont check for any certificate

 */

    public static String getReturn(HttpURLConnection connection) throws IOException{

        StringBuffer buffer = new StringBuffer();

        try(InputStream inputStream = connection.getInputStream();

            InputStreamReader inputStreamReader = new InputStreamReader(inputStream, "UTF-8");

            BufferedReader bufferedReader = new BufferedReader(inputStreamReader);){

            String str = null;

            while ((str = bufferedReader.readLine()) != null) {

                buffer.append(str);

            }

            String result = buffer.toString();

            return result;

        }

    }

    private static void printResponseHeader(HttpURLConnection http) throws UnsupportedEncodingException {

        Map<String, String> header = getHttpResponseHeader(http);

        for (Map.Entry<String, String> entry : header.entrySet()) {

            String key = entry.getKey() != null ? entry.getKey() + ":" : "";

            System.out.println(key + entry.getValue());

        }

    }

    private static Map<String, String> getHttpResponseHeader(

            HttpURLConnection http) throws UnsupportedEncodingException {

        Map<String, String> header = new LinkedHashMap<String, String>();

        for (int i = ;; i++) {

            String mine = http.getHeaderField(i);

            if (mine == null)

                break;

            header.put(http.getHeaderFieldKey(i), mine);

        }

        return header;

    }

    public static void main(String[] args) {

        httpGet();

    }

}

SslUtils.java

import java.security.cert.CertificateException;

import java.security.cert.X509Certificate;

import javax.net.ssl.HostnameVerifier;

import javax.net.ssl.HttpsURLConnection;

import javax.net.ssl.SSLContext;

import javax.net.ssl.SSLSession;

import javax.net.ssl.TrustManager;

import javax.net.ssl.X509TrustManager;

public class SslUtils {

    private static void trustAllHttpsCertificates() throws Exception {

        TrustManager[] trustAllCerts = new TrustManager[];

        TrustManager tm = new miTM();

        trustAllCerts[] = tm;

        SSLContext sc = SSLContext.getInstance("SSL");

        sc.init(null, trustAllCerts, null);

        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

    }

    static class miTM implements TrustManager,X509TrustManager {

        public X509Certificate[] getAcceptedIssuers() {

            return null;

        }

        public boolean isServerTrusted(X509Certificate[] certs) {

            return true;

        }

        public boolean isClientTrusted(X509Certificate[] certs) {

            return true;

        }

        public void checkServerTrusted(X509Certificate[] certs, String authType)

                throws CertificateException {

            return;

        }

        public void checkClientTrusted(X509Certificate[] certs, String authType)

                throws CertificateException {

            return;

        }

    }

    /**

     * 忽略HTTPS请求的SSL证书,必须在openConnection之前调用

     * @throws Exception

     */

    public static void ignoreSsl() throws Exception{

        HostnameVerifier hv = new HostnameVerifier() {

            public boolean verify(String urlHostName, SSLSession session) {

                return true;

            }

        };

        trustAllHttpsCertificates();

        HttpsURLConnection.setDefaultHostnameVerifier(hv);

    }

}

好了,有了token,又不需要证书,大家就可以愉快的玩耍了。

OpenShift 如何获取bearer Token以便进行各种API调用的更多相关文章

  1. OAuth 2.0: Bearer Token Usage

    Bearer Token (RFC 6750) 用于HTTP请求授权访问OAuth 2.0资源,任何Bearer持有者都可以无差别地用它来访问相关的资源,而无需证明持有加密key.一个Bearer代表 ...

  2. SharePoint Online 使用 adal js 获取access token

    最近在写一些SharePoint 的sample code, 有兴趣的小伙伴可以查看我的GitHub. 今天给大家介绍SharePoint Framework (SPFx  )web part 当中怎 ...

  3. 接口认证方式:Bearer Token

    因为HTTP协议是开放的,可以任人调用.所以,如果接口不希望被随意调用,就需要做访问权限的控制,认证是好的用户,才允许调用API. 目前主流的访问权限控制/认证模式有以下几种: 1),Bearer T ...

  4. 接口认证:Bearer Token(Token 令牌)

    因为HTTP协议是开放的,可以任人调用.所以,如果接口不希望被随意调用,就需要做访问权限的控制,认证是好的用户,才允许调用API. 目前主流的访问权限控制/认证模式有以下几种: 1)Bearer To ...

  5. asp.net core使用identity+jwt保护你的webapi(二)——获取jwt token

    前言 上一篇已经介绍了identity在web api中的基本配置,本篇来完成用户的注册,登录,获取jwt token. 开始 开始之前先配置一下jwt相关服务. 配置JWT 首先NuGet安装包: ...

  6. 基于DotNetOpenAuth的OAuth实现示例代码: 获取access token

    1. 场景 根据OAuth 2.0规范,该场景发生于下面的流程图中的(D)(E)节点,根据已经得到的authorization code获取access token. 2. 实现环境 DotNetOp ...

  7. Authentication with SignalR and OAuth Bearer Token

    Authentication with SignalR and OAuth Bearer Token Authenticating connections to SignalR is not as e ...

  8. ASP.NET Core Web API 集成测试中使用 Bearer Token

    在 ASP.NET Core Web API 集成测试一文中, 我介绍了ASP.NET Core Web API的集成测试. 在那里我使用了测试专用的Startup类, 里面的配置和开发时有一些区别, ...

  9. 工作笔记—新浪微博Oauth2.0授权 获取Access Token (java)

    java发送新浪微博,一下博客从注册到发布第一条微博很详细 利用java语言在eclipse下实现在新浪微博开发平台发微博:http://blog.csdn.net/michellehsiao/art ...

随机推荐

  1. jmeter----计数器

    在测试过程中,往往需要一些有一定规则的数字,这个时候,可以使用配置元件中的计数器去实现. 一.界面显示 二.配置说明 1.名称:标识 2.注释:备注 3.启动:是指计数器开始的值 4.递增:每次增加的 ...

  2. Typecho-反序列化漏洞学习

    目录 Typecho-反序列化漏洞学习 0x00 前言 0x01 分析过程 0x02 调试 0x03 总结 0xFF 参考 Typecho-反序列化漏洞学习 0x00 前言 补丁: https://g ...

  3. rsync: chroot No such file or directory (2)

    rsync: ) 查了N多资料,均未解决,最终发现是因为report后面多了个空格...

  4. loadrunner中controller 中scenario-> rendezvous灰色不可用的解决方法:

    1.首先确保lr_rendezvous("login");函数添加成功  Action() { web_set_max_html_param_len("2048" ...

  5. loadrunner参数取值方法总结

    在参数设置位置有两个地方:Select next row –下一行的取值方式(针对用户)Sequential 顺序的,即所有用户都是按照同一种方式取值(都是按照Update value on方式取值, ...

  6. spring+atomikos+mybatis 多数据源事务(动态切换)

    注:自动切换,是为不同的数据源,却要对应相同的dao层: 1.与无事务版的一样,创建DynamicDataSource类,继承AbstractRoutingDataSource package com ...

  7. 美团offer面经

    美团offer面经 2017北京美团金融服务平台,java后台研发方向,一共3面技术面+HR面,前两轮技术面在酒店面的,第三面和HR面在总部. 一面(重复问的部分就写一次了)(40分钟) 1.自我介绍 ...

  8. python 计算md5

    import hashlib src = "afnjanflkas" m2 = hashlib.md5() m2.update(src) print m2.hexdigest() ...

  9. python中对list去重的多种方法

    今天遇到一个问题,用了 itertools.groupby 这个函数.不过这个东西最终还是没用上. 问题就是对一个list中的新闻id进行去重,去重之后要保证顺序不变. 直观方法 最简单的思路就是: ...

  10. Dalvik 虚拟机 jvm 区别

    韩梦飞沙  韩亚飞  313134555@qq.com  yue31313  han_meng_fei_sha dalvik 基于 寄存器, jvm基于 栈. 寄存器,编译时间会更短. dalvik ...