Openshift 需要通过bearer token的方式和API进行调用,比如基于Postman就可以了解到,输入bearer token后

1.如何获取Bearer Token

但Bearer Token如何获取是个巨大的问题,一般来说有两种方式

1.基于oc命令行,如

[root@master ~]# oc login -u admin

Logged into "https://master.example.com:8443" as "admin" using existing credentials.

You have access to the following projects and can switch between them with 'oc project <projectname>':

  * default

    kube-public

    kube-service-catalog

    kube-system

    management-infra

    openshift

    openshift-ansible-service-broker

    openshift-console

    openshift-infra

    openshift-logging

    openshift-monitoring

    openshift-node

    openshift-sdn

    openshift-template-service-broker

    openshift-web-console

    scdf

Using project "default".

[root@master ~]# oc whoami -t

9GLqCn9yL61TyzRjidM2GRgL-S10z0JSato9Puie70I

2.基于curl命令

[root@node1 ~]# curl -u admin:welcome1 -kv  -H "X-CSRF-Token: xxx" 'https://master.example.com:8443/oauth/authorize?client_id=openshift-challenging-client&response_type=token'

* About to connect() to master.example.com port  (#)

*   Trying 192.168.56.103...

* Connected to master.example.com (192.168.56.103) port  (#)

* Initializing NSS with certpath: sql:/etc/pki/nssdb

* skipping SSL peer certificate verification

* NSS: client certificate not found (nickname not specified)

* SSL connection using TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

* Server certificate:

*     subject: CN=172.30.0.1

*     start date: Nov  ::  GMT

*     expire date: Nov  ::  GMT

*     common name: 172.30.0.1

*     issuer: CN=openshift-signer@

* Server auth using Basic with user 'admin'

> GET /oauth/authorize?client_id=openshift-challenging-client&response_type=token HTTP/1.1

> Authorization: Basic YWRtaW46d2VsY29tZTE=

> User-Agent: curl/7.29.

> Host: master.example.com:

> Accept: */*

> X-CSRF-Token: xxx

>

< HTTP/1.1 302 Found

< Cache-Control: no-cache, no-store, max-age=0, must-revalidate

< Expires: Fri, 01 Jan 1990 00:00:00 GMT

< Location: https://master.example.com:8443/oauth/token/implicit#access_token=iVwykQc-qqsO245VJ9TIZq_lIL31G1mTM2GJHTPFfkI&expires_in=86400&scope=user%3Afull&token_type=Bearer

< Pragma: no-cache

< Set-Cookie: ssn=MTU0NDAyNDU1OXxnZV9UaWN5QlpFZ2RULW5vY3o2dVp4SU5WVWZkbWxNd0xfUnFCVzlmRndBSS1Wb2JzY3ZJZHFYb1BPWDNqTWVMV2FjbkJ0bmtlemRMMnpDZ3FSLWUtb0lieVBJQjF0dS1nSWJiZUJrYlFLSngxYVZBa085MUN3VVJkZHJyM2FiNjU1MWkwa3RwcGtHdmJvSmhreWpfRW1MQlFuanYyeEdTcTAybDVuREtEcl9mMHhlXzVYdE5LdG5vNHpKa2QxeGMzczRKRHhzOXzT_k_wyIvwJz72RH5SJor7WYJ3lasYsoVFcdQ6phk75g==; Path=/; HttpOnly; Secure

< Date: Wed, 05 Dec 2018 15:42:39 GMT

< Content-Length: 0

<

* Connection #0 to host master.example.com left intact

一直想通过rest去掉通,尝试很久,最后得到的是如下错误

You have reached this page by following a redirect Location header from an OAuth authorize request.

If a response_type=token parameter was passed to the /authorize endpoint, that requested an

"Implicit Grant" OAuth flow (see https://tools.ietf.org/html/rfc6749#section-4.2).

That flow requires the access token to be returned in the fragment portion of a redirect header.

Rather than following the redirect here, you can obtain the access token from the Location header

(see https://tools.ietf.org/html/rfc6749#section-4.2.2):

  . Parse the URL in the Location header and extract the fragment portion

  . Parse the fragment using the "application/x-www-form-urlencoded" format

  . The access_token parameter contains the granted OAuth access token

解决办法:

通过运行一个java程序,通过后端的shell去获取,代码如下:

import java.io.InputStreamReader;

public class getToken {

    public void getocpToken() {

        try {

        //Process process = Runtime.getRuntime().exec("curl -u admin:welcome1 -kv -H \"X-CSRF-Token: xxx\" 'https://master.example.com:8443/oauth/authorize?client_id=openshift-challenging-client&response_type=token'");

        Process process = Runtime.getRuntime().exec("/root/curl.sh");

        BufferedReader input = new BufferedReader(new InputStreamReader(process.getInputStream()));

        String line = "";

        while ((line = input.readLine()) != null) {

            System.out.println(line);

        }

        input.close();

        } catch (Exception e){

            e.printStackTrace();

        }

    }

    public static void main(String[] args) {

        // TODO Auto-generated method stub

        getToken sample = new getToken();

        sample.getocpToken();

    }

}

简单说就是调用了curl.sh脚本,这个脚本是长下面这个样的

[root@master ~]# cat curl.sh

curl -u admin:welcome1 -kv --silent -H "X-CSRF-Token: xxx" 'https://master.example.com:8443/oauth/authorize?client_id=openshift-challenging-client&response_type=token' >& | grep access_token | awk -F '=' '{print $2}' | awk -F '&' '{print $1}'

运行结果如下:

[root@master ~]# java getToken

oWcKCjuSfbDaJqbLNeLCP67GuR-lAXmjSPyBplWRbvE

这种方式最大的好处是通过http去获取,这样不需要依赖于oc等命令和环境变量,正是因为通过http,而且用curl,所以也可以进行容器化,在容器中运行。

2.通过代码去删除Pod

需要注意事项

  • 搞定免证书的SSL调用
  • 传入bearer token

一切就很顺利了,贴一下代码

HttpDemo.java

import java.io.BufferedReader;

import java.io.IOException;

import java.io.InputStream;

import java.io.InputStreamReader;

import java.io.UnsupportedEncodingException;

import java.net.HttpURLConnection;

import java.net.MalformedURLException;

import java.net.URL;

import java.util.LinkedHashMap;

import java.util.Map;

import javax.net.ssl.HttpsURLConnection;

import org.apache.commons.codec.binary.Base64;

public class HttpDemo {

    private static final String SYS_VULLN_URL_JSON="https://master.example.com:8443/api/v1/namespaces/scdf/pods/kafka-broker-1-9qdqn";

    public static void httpGet(){

        StringBuffer tempStr = new StringBuffer();

        String responseContent="";

       HttpURLConnection conn = null;

        try {

            URL url = new URL(SYS_VULLN_URL_JSON);

            if("https".equalsIgnoreCase(url.getProtocol())){

                SslUtils.ignoreSsl();

            }

            HttpsURLConnection https = (HttpsURLConnection)url.openConnection();

            https.setRequestMethod("DELETE");

            https.setRequestProperty("Authorization", "Bearer 9GLqCn9yL61TyzRjidM2GRgL-S10z0JSato9Puie70I");

            String result = getReturn(https);

            System.out.println(result);

         } catch (UnsupportedEncodingException e) {

            e.printStackTrace();

        } catch (MalformedURLException e) {

            e.printStackTrace();

        } catch (IOException e) {

            e.printStackTrace();

        } catch(Exception e){

            e.printStackTrace();

        }

    }

    /**

 * Trust every server - dont check for any certificate

 */

    public static String getReturn(HttpURLConnection connection) throws IOException{

        StringBuffer buffer = new StringBuffer();

        try(InputStream inputStream = connection.getInputStream();

            InputStreamReader inputStreamReader = new InputStreamReader(inputStream, "UTF-8");

            BufferedReader bufferedReader = new BufferedReader(inputStreamReader);){

            String str = null;

            while ((str = bufferedReader.readLine()) != null) {

                buffer.append(str);

            }

            String result = buffer.toString();

            return result;

        }

    }

    private static void printResponseHeader(HttpURLConnection http) throws UnsupportedEncodingException {

        Map<String, String> header = getHttpResponseHeader(http);

        for (Map.Entry<String, String> entry : header.entrySet()) {

            String key = entry.getKey() != null ? entry.getKey() + ":" : "";

            System.out.println(key + entry.getValue());

        }

    }

    private static Map<String, String> getHttpResponseHeader(

            HttpURLConnection http) throws UnsupportedEncodingException {

        Map<String, String> header = new LinkedHashMap<String, String>();

        for (int i = ;; i++) {

            String mine = http.getHeaderField(i);

            if (mine == null)

                break;

            header.put(http.getHeaderFieldKey(i), mine);

        }

        return header;

    }

    public static void main(String[] args) {

        httpGet();

    }

}

SslUtils.java

import java.security.cert.CertificateException;

import java.security.cert.X509Certificate;

import javax.net.ssl.HostnameVerifier;

import javax.net.ssl.HttpsURLConnection;

import javax.net.ssl.SSLContext;

import javax.net.ssl.SSLSession;

import javax.net.ssl.TrustManager;

import javax.net.ssl.X509TrustManager;

public class SslUtils {

    private static void trustAllHttpsCertificates() throws Exception {

        TrustManager[] trustAllCerts = new TrustManager[];

        TrustManager tm = new miTM();

        trustAllCerts[] = tm;

        SSLContext sc = SSLContext.getInstance("SSL");

        sc.init(null, trustAllCerts, null);

        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

    }

    static class miTM implements TrustManager,X509TrustManager {

        public X509Certificate[] getAcceptedIssuers() {

            return null;

        }

        public boolean isServerTrusted(X509Certificate[] certs) {

            return true;

        }

        public boolean isClientTrusted(X509Certificate[] certs) {

            return true;

        }

        public void checkServerTrusted(X509Certificate[] certs, String authType)

                throws CertificateException {

            return;

        }

        public void checkClientTrusted(X509Certificate[] certs, String authType)

                throws CertificateException {

            return;

        }

    }

    /**

     * 忽略HTTPS请求的SSL证书,必须在openConnection之前调用

     * @throws Exception

     */

    public static void ignoreSsl() throws Exception{

        HostnameVerifier hv = new HostnameVerifier() {

            public boolean verify(String urlHostName, SSLSession session) {

                return true;

            }

        };

        trustAllHttpsCertificates();

        HttpsURLConnection.setDefaultHostnameVerifier(hv);

    }

}

好了,有了token,又不需要证书,大家就可以愉快的玩耍了。

OpenShift 如何获取bearer Token以便进行各种API调用的更多相关文章

  1. OAuth 2.0: Bearer Token Usage

    Bearer Token (RFC 6750) 用于HTTP请求授权访问OAuth 2.0资源,任何Bearer持有者都可以无差别地用它来访问相关的资源,而无需证明持有加密key.一个Bearer代表 ...

  2. SharePoint Online 使用 adal js 获取access token

    最近在写一些SharePoint 的sample code, 有兴趣的小伙伴可以查看我的GitHub. 今天给大家介绍SharePoint Framework (SPFx  )web part 当中怎 ...

  3. 接口认证方式:Bearer Token

    因为HTTP协议是开放的,可以任人调用.所以,如果接口不希望被随意调用,就需要做访问权限的控制,认证是好的用户,才允许调用API. 目前主流的访问权限控制/认证模式有以下几种: 1),Bearer T ...

  4. 接口认证:Bearer Token(Token 令牌)

    因为HTTP协议是开放的,可以任人调用.所以,如果接口不希望被随意调用,就需要做访问权限的控制,认证是好的用户,才允许调用API. 目前主流的访问权限控制/认证模式有以下几种: 1)Bearer To ...

  5. asp.net core使用identity+jwt保护你的webapi(二)——获取jwt token

    前言 上一篇已经介绍了identity在web api中的基本配置,本篇来完成用户的注册,登录,获取jwt token. 开始 开始之前先配置一下jwt相关服务. 配置JWT 首先NuGet安装包: ...

  6. 基于DotNetOpenAuth的OAuth实现示例代码: 获取access token

    1. 场景 根据OAuth 2.0规范,该场景发生于下面的流程图中的(D)(E)节点,根据已经得到的authorization code获取access token. 2. 实现环境 DotNetOp ...

  7. Authentication with SignalR and OAuth Bearer Token

    Authentication with SignalR and OAuth Bearer Token Authenticating connections to SignalR is not as e ...

  8. ASP.NET Core Web API 集成测试中使用 Bearer Token

    在 ASP.NET Core Web API 集成测试一文中, 我介绍了ASP.NET Core Web API的集成测试. 在那里我使用了测试专用的Startup类, 里面的配置和开发时有一些区别, ...

  9. 工作笔记—新浪微博Oauth2.0授权 获取Access Token (java)

    java发送新浪微博,一下博客从注册到发布第一条微博很详细 利用java语言在eclipse下实现在新浪微博开发平台发微博:http://blog.csdn.net/michellehsiao/art ...

随机推荐

  1. Python 中for...esle和while...else语法

    Python的for...else和while...else语法,这是Python中最不常用,最为误解的语法特性之一. Python中的for.while循环都有一个可选的else分支(类似if语句和 ...

  2. jsonp原生js跨域拿新浪数据插件封装【可扩展】

    //修改了一个bug,增加了手动释放垃圾 <!DOCTYPE html> <html lang="en"> <head> <meta ch ...

  3. 【51nod】1594 Gcd and Phi

    题解 跟随小迪学姐的步伐,学习一下数论 小迪学姐太巨了! 这道题的式子很好推嘛 \(\sum_{i = 1}^{n} \sum_{j = 1}^{n} \sum_{d|\phi(i),\phi(j)} ...

  4. 【LOJ】#2544. 「JXOI2018」游戏

    题解 九条可怜还有那么善良的一面??? 显然有些数在这个区间里没有数是它的约数,它们其中的最后一个取的一定就是\(t(p)\)的值 这样我们只需要枚举\(t(p)\)的值,这个值就是"没有任 ...

  5. Python类总结-封装(私有属性,方法)

    封装基础 广义上面向对象的封装:代码的保护,面向对象的思想本身就是一种封装 只让自己的对象能调用自己类中的方法 狭义上的封装-面向对象三大特性之一(私有变量,用公有的方法封装私有属性,方法叫封装) 把 ...

  6. Android之 内容提供器(1)——使用内容提供器访问其它程序共享的数据

    (下面内容是阅读郭霖大神的<第一行代码>总结的) 1 概述 内容提供器是Android实现跨程序共享数据的标准方式. 内容提供器的的使用方法有两种, 一是使用已有的内容提供器对其他程序的数 ...

  7. python 学习笔记 - Queue & Pipes,进程间通讯

    上面写了Python如何创建多个进程,但是前面文章中创建的进程都是哑巴和聋子,自己顾自己执行,不会相互交流.那么如何让进程间相互说说话呢?Python为我们提供了一个函数multiprocessing ...

  8. C和指针之学习笔记(1)

    第1章 1.输入字符串 while((ch=getchar())!=EOF  &&  ch!=’\n’) ; ch=getchar() while(ch!=EOF  && ...

  9. 2017-2018-1 JAVA实验站 第二周作业

    2017-2018-1 JAVA实验站 第二周作业 小组成员: 组长 20162318张泰毓 成员 20162303石亚鑫 20162304张浩林 20162307张韵琪 20162321王彪 201 ...

  10. python3-开发进阶 django-rest framework 中的 版本操作(看源码解说)

    今天我们来说一说rest framework 中的 版本 操作的详解 首先我们先回顾一下 rest framework的流程: 请求进来走view ,然后view调用视图的dispath函数 为了演示 ...