mirror of
https://github.com/docker/compose.git
synced 2025-07-22 21:24:38 +02:00
commit
4dbb0df34c
@ -2,7 +2,7 @@ linters:
|
|||||||
run:
|
run:
|
||||||
concurrency: 2
|
concurrency: 2
|
||||||
skip-dirs:
|
skip-dirs:
|
||||||
- composefiles
|
- tests/composefiles
|
||||||
enable-all: false
|
enable-all: false
|
||||||
disable-all: true
|
disable-all: true
|
||||||
enable:
|
enable:
|
||||||
|
20
azure/aci.go
20
azure/aci.go
@ -6,14 +6,14 @@ import (
|
|||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/docker/api/azure/login"
|
||||||
|
|
||||||
"github.com/Azure/azure-sdk-for-go/profiles/2019-03-01/resources/mgmt/resources"
|
"github.com/Azure/azure-sdk-for-go/profiles/2019-03-01/resources/mgmt/resources"
|
||||||
"github.com/Azure/azure-sdk-for-go/profiles/preview/preview/subscription/mgmt/subscription"
|
"github.com/Azure/azure-sdk-for-go/profiles/preview/preview/subscription/mgmt/subscription"
|
||||||
"github.com/Azure/azure-sdk-for-go/services/containerinstance/mgmt/2018-10-01/containerinstance"
|
"github.com/Azure/azure-sdk-for-go/services/containerinstance/mgmt/2018-10-01/containerinstance"
|
||||||
"github.com/Azure/azure-sdk-for-go/services/keyvault/auth"
|
|
||||||
"github.com/Azure/go-autorest/autorest"
|
"github.com/Azure/go-autorest/autorest"
|
||||||
"github.com/Azure/go-autorest/autorest/to"
|
"github.com/Azure/go-autorest/autorest/to"
|
||||||
tm "github.com/buger/goterm"
|
tm "github.com/buger/goterm"
|
||||||
@ -24,14 +24,6 @@ import (
|
|||||||
"github.com/docker/api/context/store"
|
"github.com/docker/api/context/store"
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
|
||||||
// required to get auth.NewAuthorizerFromCLI() to work, otherwise getting "The access token has been obtained for wrong audience or resource 'https://vault.azure.net'."
|
|
||||||
err := os.Setenv("AZURE_KEYVAULT_RESOURCE", "https://management.azure.com")
|
|
||||||
if err != nil {
|
|
||||||
panic("unable to set environment variable AZURE_KEYVAULT_RESOURCE")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func createACIContainers(ctx context.Context, aciContext store.AciContext, groupDefinition containerinstance.ContainerGroup) error {
|
func createACIContainers(ctx context.Context, aciContext store.AciContext, groupDefinition containerinstance.ContainerGroup) error {
|
||||||
containerGroupsClient, err := getContainerGroupsClient(aciContext.SubscriptionID)
|
containerGroupsClient, err := getContainerGroupsClient(aciContext.SubscriptionID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -243,7 +235,7 @@ func getACIContainerLogs(ctx context.Context, aciContext store.AciContext, conta
|
|||||||
}
|
}
|
||||||
|
|
||||||
func getContainerGroupsClient(subscriptionID string) (containerinstance.ContainerGroupsClient, error) {
|
func getContainerGroupsClient(subscriptionID string) (containerinstance.ContainerGroupsClient, error) {
|
||||||
auth, err := auth.NewAuthorizerFromCLI()
|
auth, err := login.NewAuthorizerFromLogin()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return containerinstance.ContainerGroupsClient{}, err
|
return containerinstance.ContainerGroupsClient{}, err
|
||||||
}
|
}
|
||||||
@ -256,7 +248,7 @@ func getContainerGroupsClient(subscriptionID string) (containerinstance.Containe
|
|||||||
}
|
}
|
||||||
|
|
||||||
func getContainerClient(subscriptionID string) (containerinstance.ContainerClient, error) {
|
func getContainerClient(subscriptionID string) (containerinstance.ContainerClient, error) {
|
||||||
auth, err := auth.NewAuthorizerFromCLI()
|
auth, err := login.NewAuthorizerFromLogin()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return containerinstance.ContainerClient{}, err
|
return containerinstance.ContainerClient{}, err
|
||||||
}
|
}
|
||||||
@ -267,7 +259,7 @@ func getContainerClient(subscriptionID string) (containerinstance.ContainerClien
|
|||||||
|
|
||||||
func getSubscriptionsClient() subscription.SubscriptionsClient {
|
func getSubscriptionsClient() subscription.SubscriptionsClient {
|
||||||
subc := subscription.NewSubscriptionsClient()
|
subc := subscription.NewSubscriptionsClient()
|
||||||
authorizer, _ := auth.NewAuthorizerFromCLI()
|
authorizer, _ := login.NewAuthorizerFromLogin()
|
||||||
subc.Authorizer = authorizer
|
subc.Authorizer = authorizer
|
||||||
return subc
|
return subc
|
||||||
}
|
}
|
||||||
@ -275,7 +267,7 @@ func getSubscriptionsClient() subscription.SubscriptionsClient {
|
|||||||
// GetGroupsClient ...
|
// GetGroupsClient ...
|
||||||
func GetGroupsClient(subscriptionID string) resources.GroupsClient {
|
func GetGroupsClient(subscriptionID string) resources.GroupsClient {
|
||||||
groupsClient := resources.NewGroupsClient(subscriptionID)
|
groupsClient := resources.NewGroupsClient(subscriptionID)
|
||||||
authorizer, _ := auth.NewAuthorizerFromCLI()
|
authorizer, _ := login.NewAuthorizerFromLogin()
|
||||||
groupsClient.Authorizer = authorizer
|
groupsClient.Authorizer = authorizer
|
||||||
return groupsClient
|
return groupsClient
|
||||||
}
|
}
|
||||||
|
@ -8,13 +8,15 @@ import (
|
|||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"github.com/docker/api/context/cloud"
|
||||||
|
|
||||||
"github.com/Azure/azure-sdk-for-go/services/containerinstance/mgmt/2018-10-01/containerinstance"
|
"github.com/Azure/azure-sdk-for-go/services/containerinstance/mgmt/2018-10-01/containerinstance"
|
||||||
"github.com/Azure/go-autorest/autorest/azure/auth"
|
|
||||||
"github.com/compose-spec/compose-go/types"
|
"github.com/compose-spec/compose-go/types"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
"github.com/sirupsen/logrus"
|
"github.com/sirupsen/logrus"
|
||||||
|
|
||||||
"github.com/docker/api/azure/convert"
|
"github.com/docker/api/azure/convert"
|
||||||
|
"github.com/docker/api/azure/login"
|
||||||
"github.com/docker/api/backend"
|
"github.com/docker/api/backend"
|
||||||
"github.com/docker/api/compose"
|
"github.com/docker/api/compose"
|
||||||
"github.com/docker/api/containers"
|
"github.com/docker/api/containers"
|
||||||
@ -50,43 +52,48 @@ func New(ctx context.Context) (backend.Service, error) {
|
|||||||
}
|
}
|
||||||
aciContext, _ := metadata.Metadata.Data.(store.AciContext)
|
aciContext, _ := metadata.Metadata.Data.(store.AciContext)
|
||||||
|
|
||||||
auth, _ := auth.NewAuthorizerFromCLI()
|
auth, _ := login.NewAuthorizerFromLogin()
|
||||||
containerGroupsClient := containerinstance.NewContainerGroupsClient(aciContext.SubscriptionID)
|
containerGroupsClient := containerinstance.NewContainerGroupsClient(aciContext.SubscriptionID)
|
||||||
containerGroupsClient.Authorizer = auth
|
containerGroupsClient.Authorizer = auth
|
||||||
|
|
||||||
return getAciAPIService(containerGroupsClient, aciContext), nil
|
return getAciAPIService(containerGroupsClient, aciContext)
|
||||||
}
|
}
|
||||||
|
|
||||||
func getAciAPIService(cgc containerinstance.ContainerGroupsClient, aciCtx store.AciContext) *aciAPIService {
|
func getAciAPIService(cgc containerinstance.ContainerGroupsClient, aciCtx store.AciContext) (*aciAPIService, error) {
|
||||||
|
service, err := login.NewAzureLoginService()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
return &aciAPIService{
|
return &aciAPIService{
|
||||||
aciContainerService: aciContainerService{
|
aciContainerService: aciContainerService{
|
||||||
containerGroupsClient: cgc,
|
containerGroupsClient: cgc,
|
||||||
ctx: aciCtx,
|
ctx: aciCtx,
|
||||||
},
|
},
|
||||||
aciComposeService: aciComposeService{
|
aciComposeService: aciComposeService{
|
||||||
containerGroupsClient: cgc,
|
|
||||||
ctx: aciCtx,
|
ctx: aciCtx,
|
||||||
},
|
},
|
||||||
}
|
aciCloudService: aciCloudService{
|
||||||
|
loginService: service,
|
||||||
|
},
|
||||||
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
type aciAPIService struct {
|
type aciAPIService struct {
|
||||||
aciContainerService
|
aciContainerService
|
||||||
aciComposeService
|
aciComposeService
|
||||||
|
aciCloudService
|
||||||
}
|
}
|
||||||
|
|
||||||
func (a *aciAPIService) ContainerService() containers.Service {
|
func (a *aciAPIService) ContainerService() containers.Service {
|
||||||
return &aciContainerService{
|
return &a.aciContainerService
|
||||||
containerGroupsClient: a.aciContainerService.containerGroupsClient,
|
|
||||||
ctx: a.aciContainerService.ctx,
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (a *aciAPIService) ComposeService() compose.Service {
|
func (a *aciAPIService) ComposeService() compose.Service {
|
||||||
return &aciComposeService{
|
return &a.aciComposeService
|
||||||
containerGroupsClient: a.aciComposeService.containerGroupsClient,
|
|
||||||
ctx: a.aciComposeService.ctx,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (a *aciAPIService) CloudService() cloud.Service {
|
||||||
|
return &a.aciCloudService
|
||||||
}
|
}
|
||||||
|
|
||||||
type aciContainerService struct {
|
type aciContainerService struct {
|
||||||
@ -231,7 +238,6 @@ func (cs *aciContainerService) Delete(ctx context.Context, containerID string, _
|
|||||||
}
|
}
|
||||||
|
|
||||||
type aciComposeService struct {
|
type aciComposeService struct {
|
||||||
containerGroupsClient containerinstance.ContainerGroupsClient
|
|
||||||
ctx store.AciContext
|
ctx store.AciContext
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -266,3 +272,11 @@ func (cs *aciComposeService) Down(ctx context.Context, opts compose.ProjectOptio
|
|||||||
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type aciCloudService struct {
|
||||||
|
loginService login.AzureLoginService
|
||||||
|
}
|
||||||
|
|
||||||
|
func (cs *aciCloudService) Login(ctx context.Context, params map[string]string) error {
|
||||||
|
return cs.loginService.Login(ctx)
|
||||||
|
}
|
||||||
|
243
azure/login/login.go
Normal file
243
azure/login/login.go
Normal file
@ -0,0 +1,243 @@
|
|||||||
|
package login
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"encoding/json"
|
||||||
|
"fmt"
|
||||||
|
"log"
|
||||||
|
"math/rand"
|
||||||
|
"net/url"
|
||||||
|
"os/exec"
|
||||||
|
"path/filepath"
|
||||||
|
"runtime"
|
||||||
|
"strconv"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/docker/api/errdefs"
|
||||||
|
|
||||||
|
"github.com/Azure/go-autorest/autorest"
|
||||||
|
"github.com/Azure/go-autorest/autorest/adal"
|
||||||
|
"github.com/Azure/go-autorest/autorest/azure/cli"
|
||||||
|
"github.com/Azure/go-autorest/autorest/date"
|
||||||
|
"golang.org/x/oauth2"
|
||||||
|
|
||||||
|
"github.com/pkg/errors"
|
||||||
|
)
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
rand.Seed(time.Now().Unix())
|
||||||
|
}
|
||||||
|
|
||||||
|
//go login process, derived from code sample provided by MS at https://github.com/devigned/go-az-cli-stuff
|
||||||
|
const (
|
||||||
|
authorizeFormat = "https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?response_type=code&client_id=%s&redirect_uri=%s&state=%s&prompt=select_account&response_mode=query&scope=%s"
|
||||||
|
tokenEndpoint = "https://login.microsoftonline.com/%s/oauth2/v2.0/token"
|
||||||
|
authorizationURL = "https://management.azure.com/tenants?api-version=2019-11-01"
|
||||||
|
// scopes for a multi-tenant app works for openid, email, other common scopes, but fails when trying to add a token
|
||||||
|
// v1 scope like "https://management.azure.com/.default" for ARM access
|
||||||
|
scopes = "offline_access https://management.azure.com/.default"
|
||||||
|
clientID = "04b07795-8ddb-461a-bbee-02f9e1bf7b46" // Azure CLI client id
|
||||||
|
)
|
||||||
|
|
||||||
|
type (
|
||||||
|
azureToken struct {
|
||||||
|
Type string `json:"token_type"`
|
||||||
|
Scope string `json:"scope"`
|
||||||
|
ExpiresIn int `json:"expires_in"`
|
||||||
|
ExtExpiresIn int `json:"ext_expires_in"`
|
||||||
|
AccessToken string `json:"access_token"`
|
||||||
|
RefreshToken string `json:"refresh_token"`
|
||||||
|
Foci string `json:"foci"`
|
||||||
|
}
|
||||||
|
|
||||||
|
tenantResult struct {
|
||||||
|
Value []tenantValue `json:"value"`
|
||||||
|
}
|
||||||
|
tenantValue struct {
|
||||||
|
TenantID string `json:"tenantId"`
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
// AzureLoginService Service to log into azure and get authentifier for azure APIs
|
||||||
|
type AzureLoginService struct {
|
||||||
|
tokenStore tokenStore
|
||||||
|
apiHelper apiHelper
|
||||||
|
}
|
||||||
|
|
||||||
|
const tokenStoreFilename = "dockerAccessToken.json"
|
||||||
|
|
||||||
|
// NewAzureLoginService creates a NewAzureLoginService
|
||||||
|
func NewAzureLoginService() (AzureLoginService, error) {
|
||||||
|
return newAzureLoginServiceFromPath(getTokenStorePath(), azureAPIHelper{})
|
||||||
|
}
|
||||||
|
|
||||||
|
func newAzureLoginServiceFromPath(tokenStorePath string, helper apiHelper) (AzureLoginService, error) {
|
||||||
|
store, err := newTokenStore(tokenStorePath)
|
||||||
|
if err != nil {
|
||||||
|
return AzureLoginService{}, err
|
||||||
|
}
|
||||||
|
return AzureLoginService{
|
||||||
|
tokenStore: store,
|
||||||
|
apiHelper: helper,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
//Login perform azure login through browser
|
||||||
|
func (login AzureLoginService) Login(ctx context.Context) error {
|
||||||
|
queryCh := make(chan url.Values, 1)
|
||||||
|
serverPort, err := startLoginServer(queryCh)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
redirectURL := "http://localhost:" + strconv.Itoa(serverPort)
|
||||||
|
login.apiHelper.openAzureLoginPage(redirectURL)
|
||||||
|
|
||||||
|
select {
|
||||||
|
case <-ctx.Done():
|
||||||
|
return nil
|
||||||
|
case qsValues := <-queryCh:
|
||||||
|
errorMsg, hasError := qsValues["error"]
|
||||||
|
if hasError {
|
||||||
|
return fmt.Errorf("login failed : %s", errorMsg)
|
||||||
|
}
|
||||||
|
code, hasCode := qsValues["code"]
|
||||||
|
if !hasCode {
|
||||||
|
return errdefs.ErrLoginFailed
|
||||||
|
}
|
||||||
|
data := url.Values{
|
||||||
|
"grant_type": []string{"authorization_code"},
|
||||||
|
"client_id": []string{clientID},
|
||||||
|
"code": code,
|
||||||
|
"scope": []string{scopes},
|
||||||
|
"redirect_uri": []string{redirectURL},
|
||||||
|
}
|
||||||
|
token, err := login.apiHelper.queryToken(data, "organizations")
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrap(err, "Access token request failed")
|
||||||
|
}
|
||||||
|
|
||||||
|
bits, statusCode, err := login.apiHelper.queryAuthorizationAPI(authorizationURL, fmt.Sprintf("Bearer %s", token.AccessToken))
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrap(err, "login failed")
|
||||||
|
}
|
||||||
|
|
||||||
|
if statusCode == 200 {
|
||||||
|
var tenantResult tenantResult
|
||||||
|
if err := json.Unmarshal(bits, &tenantResult); err != nil {
|
||||||
|
return errors.Wrap(err, "login failed")
|
||||||
|
}
|
||||||
|
tenantID := tenantResult.Value[0].TenantID
|
||||||
|
tenantToken, err := login.refreshToken(token.RefreshToken, tenantID)
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrap(err, "login failed")
|
||||||
|
}
|
||||||
|
loginInfo := TokenInfo{TenantID: tenantID, Token: tenantToken}
|
||||||
|
|
||||||
|
err = login.tokenStore.writeLoginInfo(loginInfo)
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrap(err, "login failed")
|
||||||
|
}
|
||||||
|
fmt.Println("Login Succeeded")
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
return fmt.Errorf("login failed : " + string(bits))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func getTokenStorePath() string {
|
||||||
|
cliPath, _ := cli.AccessTokensPath()
|
||||||
|
return filepath.Join(filepath.Dir(cliPath), tokenStoreFilename)
|
||||||
|
}
|
||||||
|
|
||||||
|
func toOAuthToken(token azureToken) oauth2.Token {
|
||||||
|
expireTime := time.Now().Add(time.Duration(token.ExpiresIn) * time.Second)
|
||||||
|
oauthToken := oauth2.Token{
|
||||||
|
RefreshToken: token.RefreshToken,
|
||||||
|
AccessToken: token.AccessToken,
|
||||||
|
Expiry: expireTime,
|
||||||
|
TokenType: token.Type,
|
||||||
|
}
|
||||||
|
return oauthToken
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewAuthorizerFromLogin creates an authorizer based on login access token
|
||||||
|
func NewAuthorizerFromLogin() (autorest.Authorizer, error) {
|
||||||
|
login, err := NewAzureLoginService()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
oauthToken, err := login.GetValidToken()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
token := adal.Token{
|
||||||
|
AccessToken: oauthToken.AccessToken,
|
||||||
|
Type: oauthToken.TokenType,
|
||||||
|
ExpiresIn: json.Number(strconv.Itoa(int(time.Until(oauthToken.Expiry).Seconds()))),
|
||||||
|
ExpiresOn: json.Number(strconv.Itoa(int(oauthToken.Expiry.Sub(date.UnixEpoch()).Seconds()))),
|
||||||
|
RefreshToken: "",
|
||||||
|
Resource: "",
|
||||||
|
}
|
||||||
|
|
||||||
|
return autorest.NewBearerAuthorizer(&token), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetValidToken returns an access token. Refresh token if needed
|
||||||
|
func (login AzureLoginService) GetValidToken() (oauth2.Token, error) {
|
||||||
|
loginInfo, err := login.tokenStore.readToken()
|
||||||
|
if err != nil {
|
||||||
|
return oauth2.Token{}, err
|
||||||
|
}
|
||||||
|
token := loginInfo.Token
|
||||||
|
if token.Valid() {
|
||||||
|
return token, nil
|
||||||
|
}
|
||||||
|
tenantID := loginInfo.TenantID
|
||||||
|
token, err = login.refreshToken(token.RefreshToken, tenantID)
|
||||||
|
if err != nil {
|
||||||
|
return oauth2.Token{}, errors.Wrap(err, "access token request failed. Maybe you need to login to azure again.")
|
||||||
|
}
|
||||||
|
err = login.tokenStore.writeLoginInfo(TokenInfo{TenantID: tenantID, Token: token})
|
||||||
|
if err != nil {
|
||||||
|
return oauth2.Token{}, err
|
||||||
|
}
|
||||||
|
return token, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (login AzureLoginService) refreshToken(currentRefreshToken string, tenantID string) (oauth2.Token, error) {
|
||||||
|
data := url.Values{
|
||||||
|
"grant_type": []string{"refresh_token"},
|
||||||
|
"client_id": []string{clientID},
|
||||||
|
"scope": []string{scopes},
|
||||||
|
"refresh_token": []string{currentRefreshToken},
|
||||||
|
}
|
||||||
|
token, err := login.apiHelper.queryToken(data, tenantID)
|
||||||
|
if err != nil {
|
||||||
|
return oauth2.Token{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return toOAuthToken(token), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func openbrowser(url string) {
|
||||||
|
var err error
|
||||||
|
|
||||||
|
switch runtime.GOOS {
|
||||||
|
case "linux":
|
||||||
|
err = exec.Command("xdg-open", url).Start()
|
||||||
|
case "windows":
|
||||||
|
err = exec.Command("rundll32", "url.dll,FileProtocolHandler", url).Start()
|
||||||
|
case "darwin":
|
||||||
|
err = exec.Command("open", url).Start()
|
||||||
|
default:
|
||||||
|
err = fmt.Errorf("unsupported platform")
|
||||||
|
}
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
}
|
75
azure/login/loginHelper.go
Normal file
75
azure/login/loginHelper.go
Normal file
@ -0,0 +1,75 @@
|
|||||||
|
package login
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/json"
|
||||||
|
"fmt"
|
||||||
|
"io/ioutil"
|
||||||
|
"math/rand"
|
||||||
|
"net/http"
|
||||||
|
"net/url"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"github.com/pkg/errors"
|
||||||
|
)
|
||||||
|
|
||||||
|
type apiHelper interface {
|
||||||
|
queryToken(data url.Values, tenantID string) (azureToken, error)
|
||||||
|
openAzureLoginPage(redirectURL string)
|
||||||
|
queryAuthorizationAPI(authorizationURL string, authorizationHeader string) ([]byte, int, error)
|
||||||
|
}
|
||||||
|
|
||||||
|
type azureAPIHelper struct{}
|
||||||
|
|
||||||
|
func (helper azureAPIHelper) openAzureLoginPage(redirectURL string) {
|
||||||
|
state := randomString("", 10)
|
||||||
|
authURL := fmt.Sprintf(authorizeFormat, clientID, redirectURL, state, scopes)
|
||||||
|
openbrowser(authURL)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (helper azureAPIHelper) queryAuthorizationAPI(authorizationURL string, authorizationHeader string) ([]byte, int, error) {
|
||||||
|
req, err := http.NewRequest(http.MethodGet, authorizationURL, nil)
|
||||||
|
if err != nil {
|
||||||
|
return nil, 0, err
|
||||||
|
}
|
||||||
|
req.Header.Add("Authorization", authorizationHeader)
|
||||||
|
res, err := http.DefaultClient.Do(req)
|
||||||
|
if err != nil {
|
||||||
|
return nil, 0, err
|
||||||
|
}
|
||||||
|
bits, err := ioutil.ReadAll(res.Body)
|
||||||
|
if err != nil {
|
||||||
|
return nil, 0, err
|
||||||
|
}
|
||||||
|
return bits, res.StatusCode, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (helper azureAPIHelper) queryToken(data url.Values, tenantID string) (azureToken, error) {
|
||||||
|
res, err := http.Post(fmt.Sprintf(tokenEndpoint, tenantID), "application/x-www-form-urlencoded", strings.NewReader(data.Encode()))
|
||||||
|
if err != nil {
|
||||||
|
return azureToken{}, err
|
||||||
|
}
|
||||||
|
if res.StatusCode != 200 {
|
||||||
|
return azureToken{}, errors.Errorf("error while renewing access token, status : %s", res.Status)
|
||||||
|
}
|
||||||
|
bits, err := ioutil.ReadAll(res.Body)
|
||||||
|
if err != nil {
|
||||||
|
return azureToken{}, err
|
||||||
|
}
|
||||||
|
token := azureToken{}
|
||||||
|
if err := json.Unmarshal(bits, &token); err != nil {
|
||||||
|
return azureToken{}, err
|
||||||
|
}
|
||||||
|
return token, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
var (
|
||||||
|
letterRunes = []rune("abcdefghijklmnopqrstuvwxyz123456789")
|
||||||
|
)
|
||||||
|
|
||||||
|
func randomString(prefix string, length int) string {
|
||||||
|
b := make([]rune, length)
|
||||||
|
for i := range b {
|
||||||
|
b[i] = letterRunes[rand.Intn(len(letterRunes))]
|
||||||
|
}
|
||||||
|
return prefix + string(b)
|
||||||
|
}
|
240
azure/login/login_test.go
Normal file
240
azure/login/login_test.go
Normal file
@ -0,0 +1,240 @@
|
|||||||
|
package login
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"errors"
|
||||||
|
"io/ioutil"
|
||||||
|
"net/http"
|
||||||
|
"net/url"
|
||||||
|
"os"
|
||||||
|
"path/filepath"
|
||||||
|
"reflect"
|
||||||
|
"testing"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/mock"
|
||||||
|
"github.com/stretchr/testify/suite"
|
||||||
|
|
||||||
|
"golang.org/x/oauth2"
|
||||||
|
|
||||||
|
. "github.com/onsi/gomega"
|
||||||
|
)
|
||||||
|
|
||||||
|
type LoginSuiteTest struct {
|
||||||
|
suite.Suite
|
||||||
|
dir string
|
||||||
|
mockHelper *MockAzureHelper
|
||||||
|
azureLogin AzureLoginService
|
||||||
|
}
|
||||||
|
|
||||||
|
func (suite *LoginSuiteTest) BeforeTest(suiteName, testName string) {
|
||||||
|
dir, err := ioutil.TempDir("", "test_store")
|
||||||
|
Expect(err).To(BeNil())
|
||||||
|
|
||||||
|
suite.dir = dir
|
||||||
|
suite.mockHelper = &MockAzureHelper{}
|
||||||
|
suite.azureLogin, err = newAzureLoginServiceFromPath(filepath.Join(dir, tokenStoreFilename), suite.mockHelper)
|
||||||
|
Expect(err).To(BeNil())
|
||||||
|
}
|
||||||
|
|
||||||
|
func (suite *LoginSuiteTest) AfterTest(suiteName, testName string) {
|
||||||
|
err := os.RemoveAll(suite.dir)
|
||||||
|
Expect(err).To(BeNil())
|
||||||
|
}
|
||||||
|
|
||||||
|
func (suite *LoginSuiteTest) TestRefreshInValidToken() {
|
||||||
|
data := refreshTokenData("refreshToken")
|
||||||
|
suite.mockHelper.On("queryToken", data, "123456").Return(azureToken{
|
||||||
|
RefreshToken: "newRefreshToken",
|
||||||
|
AccessToken: "newAccessToken",
|
||||||
|
ExpiresIn: 3600,
|
||||||
|
Foci: "1",
|
||||||
|
}, nil)
|
||||||
|
|
||||||
|
//nolint copylocks
|
||||||
|
azureLogin, err := newAzureLoginServiceFromPath(filepath.Join(suite.dir, tokenStoreFilename), suite.mockHelper)
|
||||||
|
Expect(err).To(BeNil())
|
||||||
|
suite.azureLogin = azureLogin
|
||||||
|
err = suite.azureLogin.tokenStore.writeLoginInfo(TokenInfo{
|
||||||
|
TenantID: "123456",
|
||||||
|
Token: oauth2.Token{
|
||||||
|
AccessToken: "accessToken",
|
||||||
|
RefreshToken: "refreshToken",
|
||||||
|
Expiry: time.Now().Add(-1 * time.Hour),
|
||||||
|
TokenType: "Bearer",
|
||||||
|
},
|
||||||
|
})
|
||||||
|
Expect(err).To(BeNil())
|
||||||
|
|
||||||
|
token, _ := suite.azureLogin.GetValidToken()
|
||||||
|
|
||||||
|
Expect(token.AccessToken).To(Equal("newAccessToken"))
|
||||||
|
Expect(token.Expiry).To(BeTemporally(">", time.Now().Add(3500*time.Second)))
|
||||||
|
|
||||||
|
storedToken, _ := suite.azureLogin.tokenStore.readToken()
|
||||||
|
Expect(storedToken.Token.AccessToken).To(Equal("newAccessToken"))
|
||||||
|
Expect(storedToken.Token.RefreshToken).To(Equal("newRefreshToken"))
|
||||||
|
Expect(storedToken.Token.Expiry).To(BeTemporally(">", time.Now().Add(3500*time.Second)))
|
||||||
|
}
|
||||||
|
|
||||||
|
func (suite *LoginSuiteTest) TestDoesNotRefreshValidToken() {
|
||||||
|
expiryDate := time.Now().Add(1 * time.Hour)
|
||||||
|
err := suite.azureLogin.tokenStore.writeLoginInfo(TokenInfo{
|
||||||
|
TenantID: "123456",
|
||||||
|
Token: oauth2.Token{
|
||||||
|
AccessToken: "accessToken",
|
||||||
|
RefreshToken: "refreshToken",
|
||||||
|
Expiry: expiryDate,
|
||||||
|
TokenType: "Bearer",
|
||||||
|
},
|
||||||
|
})
|
||||||
|
Expect(err).To(BeNil())
|
||||||
|
|
||||||
|
token, _ := suite.azureLogin.GetValidToken()
|
||||||
|
|
||||||
|
Expect(suite.mockHelper.Calls).To(BeEmpty())
|
||||||
|
Expect(token.AccessToken).To(Equal("accessToken"))
|
||||||
|
}
|
||||||
|
|
||||||
|
func (suite *LoginSuiteTest) TestInvalidLogin() {
|
||||||
|
suite.mockHelper.On("openAzureLoginPage", mock.AnythingOfType("string")).Run(func(args mock.Arguments) {
|
||||||
|
redirectURL := args.Get(0).(string)
|
||||||
|
err := queryKeyValue(redirectURL, "error", "access denied")
|
||||||
|
Expect(err).To(BeNil())
|
||||||
|
})
|
||||||
|
|
||||||
|
//nolint copylocks
|
||||||
|
azureLogin, err := newAzureLoginServiceFromPath(filepath.Join(suite.dir, tokenStoreFilename), suite.mockHelper)
|
||||||
|
Expect(err).To(BeNil())
|
||||||
|
|
||||||
|
err = azureLogin.Login(context.TODO())
|
||||||
|
Expect(err).To(MatchError(errors.New("login failed : [access denied]")))
|
||||||
|
}
|
||||||
|
|
||||||
|
func (suite *LoginSuiteTest) TestValidLogin() {
|
||||||
|
var redirectURL string
|
||||||
|
suite.mockHelper.On("openAzureLoginPage", mock.AnythingOfType("string")).Run(func(args mock.Arguments) {
|
||||||
|
redirectURL = args.Get(0).(string)
|
||||||
|
err := queryKeyValue(redirectURL, "code", "123456879")
|
||||||
|
Expect(err).To(BeNil())
|
||||||
|
})
|
||||||
|
|
||||||
|
suite.mockHelper.On("queryToken", mock.MatchedBy(func(data url.Values) bool {
|
||||||
|
//Need a matcher here because the value of redirectUrl is not known until executing openAzureLoginPage
|
||||||
|
return reflect.DeepEqual(data, url.Values{
|
||||||
|
"grant_type": []string{"authorization_code"},
|
||||||
|
"client_id": []string{clientID},
|
||||||
|
"code": []string{"123456879"},
|
||||||
|
"scope": []string{scopes},
|
||||||
|
"redirect_uri": []string{redirectURL},
|
||||||
|
})
|
||||||
|
}), "organizations").Return(azureToken{
|
||||||
|
RefreshToken: "firstRefreshToken",
|
||||||
|
AccessToken: "firstAccessToken",
|
||||||
|
ExpiresIn: 3600,
|
||||||
|
Foci: "1",
|
||||||
|
}, nil)
|
||||||
|
|
||||||
|
authBody := `{"value":[{"id":"/tenants/12345a7c-c56d-43e8-9549-dd230ce8a038","tenantId":"12345a7c-c56d-43e8-9549-dd230ce8a038"}]}`
|
||||||
|
|
||||||
|
suite.mockHelper.On("queryAuthorizationAPI", authorizationURL, "Bearer firstAccessToken").Return([]byte(authBody), 200, nil)
|
||||||
|
data := refreshTokenData("firstRefreshToken")
|
||||||
|
suite.mockHelper.On("queryToken", data, "12345a7c-c56d-43e8-9549-dd230ce8a038").Return(azureToken{
|
||||||
|
RefreshToken: "newRefreshToken",
|
||||||
|
AccessToken: "newAccessToken",
|
||||||
|
ExpiresIn: 3600,
|
||||||
|
Foci: "1",
|
||||||
|
}, nil)
|
||||||
|
//nolint copylocks
|
||||||
|
azureLogin, err := newAzureLoginServiceFromPath(filepath.Join(suite.dir, tokenStoreFilename), suite.mockHelper)
|
||||||
|
Expect(err).To(BeNil())
|
||||||
|
|
||||||
|
err = azureLogin.Login(context.TODO())
|
||||||
|
Expect(err).To(BeNil())
|
||||||
|
|
||||||
|
loginToken, err := suite.azureLogin.tokenStore.readToken()
|
||||||
|
Expect(err).To(BeNil())
|
||||||
|
Expect(loginToken.Token.AccessToken).To(Equal("newAccessToken"))
|
||||||
|
Expect(loginToken.Token.RefreshToken).To(Equal("newRefreshToken"))
|
||||||
|
Expect(loginToken.Token.Expiry).To(BeTemporally(">", time.Now().Add(3500*time.Second)))
|
||||||
|
Expect(loginToken.TenantID).To(Equal("12345a7c-c56d-43e8-9549-dd230ce8a038"))
|
||||||
|
Expect(loginToken.Token.Type()).To(Equal("Bearer"))
|
||||||
|
}
|
||||||
|
|
||||||
|
func (suite *LoginSuiteTest) TestLoginAuthorizationFailed() {
|
||||||
|
var redirectURL string
|
||||||
|
suite.mockHelper.On("openAzureLoginPage", mock.AnythingOfType("string")).Run(func(args mock.Arguments) {
|
||||||
|
redirectURL = args.Get(0).(string)
|
||||||
|
err := queryKeyValue(redirectURL, "code", "123456879")
|
||||||
|
Expect(err).To(BeNil())
|
||||||
|
})
|
||||||
|
|
||||||
|
suite.mockHelper.On("queryToken", mock.MatchedBy(func(data url.Values) bool {
|
||||||
|
//Need a matcher here because the value of redirectUrl is not known until executing openAzureLoginPage
|
||||||
|
return reflect.DeepEqual(data, url.Values{
|
||||||
|
"grant_type": []string{"authorization_code"},
|
||||||
|
"client_id": []string{clientID},
|
||||||
|
"code": []string{"123456879"},
|
||||||
|
"scope": []string{scopes},
|
||||||
|
"redirect_uri": []string{redirectURL},
|
||||||
|
})
|
||||||
|
}), "organizations").Return(azureToken{
|
||||||
|
RefreshToken: "firstRefreshToken",
|
||||||
|
AccessToken: "firstAccessToken",
|
||||||
|
ExpiresIn: 3600,
|
||||||
|
Foci: "1",
|
||||||
|
}, nil)
|
||||||
|
|
||||||
|
authBody := `[access denied]`
|
||||||
|
|
||||||
|
suite.mockHelper.On("queryAuthorizationAPI", authorizationURL, "Bearer firstAccessToken").Return([]byte(authBody), 400, nil)
|
||||||
|
|
||||||
|
azureLogin, err := newAzureLoginServiceFromPath(filepath.Join(suite.dir, tokenStoreFilename), suite.mockHelper)
|
||||||
|
Expect(err).To(BeNil())
|
||||||
|
|
||||||
|
err = azureLogin.Login(context.TODO())
|
||||||
|
Expect(err).To(MatchError(errors.New("login failed : [access denied]")))
|
||||||
|
}
|
||||||
|
|
||||||
|
func refreshTokenData(refreshToken string) url.Values {
|
||||||
|
return url.Values{
|
||||||
|
"grant_type": []string{"refresh_token"},
|
||||||
|
"client_id": []string{clientID},
|
||||||
|
"scope": []string{scopes},
|
||||||
|
"refresh_token": []string{refreshToken},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func queryKeyValue(redirectURL string, key string, value string) error {
|
||||||
|
req, err := http.NewRequest("GET", redirectURL, nil)
|
||||||
|
Expect(err).To(BeNil())
|
||||||
|
q := req.URL.Query()
|
||||||
|
q.Add(key, value)
|
||||||
|
req.URL.RawQuery = q.Encode()
|
||||||
|
client := &http.Client{}
|
||||||
|
_, err = client.Do(req)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestLoginSuite(t *testing.T) {
|
||||||
|
RegisterTestingT(t)
|
||||||
|
suite.Run(t, new(LoginSuiteTest))
|
||||||
|
}
|
||||||
|
|
||||||
|
type MockAzureHelper struct {
|
||||||
|
mock.Mock
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *MockAzureHelper) queryToken(data url.Values, tenantID string) (token azureToken, err error) {
|
||||||
|
args := s.Called(data, tenantID)
|
||||||
|
return args.Get(0).(azureToken), args.Error(1)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *MockAzureHelper) queryAuthorizationAPI(authorizationURL string, authorizationHeader string) ([]byte, int, error) {
|
||||||
|
args := s.Called(authorizationURL, authorizationHeader)
|
||||||
|
return args.Get(0).([]byte), args.Int(1), args.Error(2)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *MockAzureHelper) openAzureLoginPage(redirectURL string) {
|
||||||
|
s.Called(redirectURL)
|
||||||
|
}
|
83
azure/login/logingLocalServer.go
Normal file
83
azure/login/logingLocalServer.go
Normal file
@ -0,0 +1,83 @@
|
|||||||
|
package login
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"net"
|
||||||
|
"net/http"
|
||||||
|
"net/url"
|
||||||
|
)
|
||||||
|
|
||||||
|
const loginFailedHTML = `
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8" />
|
||||||
|
<title>Login failed</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h4>Some failures occurred during the authentication</h4>
|
||||||
|
<p>You can log an issue at <a href="https://github.com/azure/azure-cli/issues">Azure CLI GitHub Repository</a> and we will assist you in resolving it.</p>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
`
|
||||||
|
|
||||||
|
const successfullLoginHTML = `
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8" />
|
||||||
|
<meta http-equiv="refresh" content="10;url=https://docs.microsoft.com/cli/azure/">
|
||||||
|
<title>Login successfully</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h4>You have logged into Microsoft Azure!</h4>
|
||||||
|
<p>You can close this window, or we will redirect you to the <a href="https://docs.microsoft.com/cli/azure/">Azure CLI documents</a> in 10 seconds.</p>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
`
|
||||||
|
|
||||||
|
func startLoginServer(queryCh chan url.Values) (int, error) {
|
||||||
|
mux := http.NewServeMux()
|
||||||
|
mux.HandleFunc("/", queryHandler(queryCh))
|
||||||
|
listener, err := net.Listen("tcp", ":0")
|
||||||
|
if err != nil {
|
||||||
|
return 0, err
|
||||||
|
}
|
||||||
|
|
||||||
|
availablePort := listener.Addr().(*net.TCPAddr).Port
|
||||||
|
server := &http.Server{Handler: mux}
|
||||||
|
go func() {
|
||||||
|
if err := server.Serve(listener); err != nil {
|
||||||
|
queryCh <- url.Values{
|
||||||
|
"error": []string{fmt.Sprintf("error starting http server with: %v", err)},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
return availablePort, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func queryHandler(queryCh chan url.Values) func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
queryHandler := func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
_, hasCode := r.URL.Query()["code"]
|
||||||
|
if hasCode {
|
||||||
|
_, err := w.Write([]byte(successfullLoginHTML))
|
||||||
|
if err != nil {
|
||||||
|
queryCh <- url.Values{
|
||||||
|
"error": []string{err.Error()},
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
queryCh <- r.URL.Query()
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
_, err := w.Write([]byte(loginFailedHTML))
|
||||||
|
if err != nil {
|
||||||
|
queryCh <- url.Values{
|
||||||
|
"error": []string{err.Error()},
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
queryCh <- r.URL.Query()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return queryHandler
|
||||||
|
}
|
62
azure/login/tokenStore.go
Normal file
62
azure/login/tokenStore.go
Normal file
@ -0,0 +1,62 @@
|
|||||||
|
package login
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
|
"io/ioutil"
|
||||||
|
"os"
|
||||||
|
"path/filepath"
|
||||||
|
|
||||||
|
"golang.org/x/oauth2"
|
||||||
|
)
|
||||||
|
|
||||||
|
type tokenStore struct {
|
||||||
|
filePath string
|
||||||
|
}
|
||||||
|
|
||||||
|
// TokenInfo data stored in tokenStore
|
||||||
|
type TokenInfo struct {
|
||||||
|
Token oauth2.Token `json:"oauthToken"`
|
||||||
|
TenantID string `json:"tenantId"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func newTokenStore(path string) (tokenStore, error) {
|
||||||
|
parentFolder := filepath.Dir(path)
|
||||||
|
dir, err := os.Stat(parentFolder)
|
||||||
|
if os.IsNotExist(err) {
|
||||||
|
err = os.MkdirAll(parentFolder, 0700)
|
||||||
|
if err != nil {
|
||||||
|
return tokenStore{}, err
|
||||||
|
}
|
||||||
|
dir, err = os.Stat(parentFolder)
|
||||||
|
}
|
||||||
|
if err != nil {
|
||||||
|
return tokenStore{}, err
|
||||||
|
}
|
||||||
|
if !dir.Mode().IsDir() {
|
||||||
|
return tokenStore{}, errors.New("cannot use path " + path + " ; " + parentFolder + " already exists and is not a directory")
|
||||||
|
}
|
||||||
|
return tokenStore{
|
||||||
|
filePath: path,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (store tokenStore) writeLoginInfo(info TokenInfo) error {
|
||||||
|
bytes, err := json.MarshalIndent(info, "", " ")
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return ioutil.WriteFile(store.filePath, bytes, 0644)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (store tokenStore) readToken() (TokenInfo, error) {
|
||||||
|
bytes, err := ioutil.ReadFile(store.filePath)
|
||||||
|
if err != nil {
|
||||||
|
return TokenInfo{}, err
|
||||||
|
}
|
||||||
|
loginInfo := TokenInfo{}
|
||||||
|
if err := json.Unmarshal(bytes, &loginInfo); err != nil {
|
||||||
|
return TokenInfo{}, err
|
||||||
|
}
|
||||||
|
return loginInfo, nil
|
||||||
|
}
|
54
azure/login/tokenStore_test.go
Normal file
54
azure/login/tokenStore_test.go
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
package login
|
||||||
|
|
||||||
|
import (
|
||||||
|
"errors"
|
||||||
|
"io/ioutil"
|
||||||
|
"os"
|
||||||
|
"path/filepath"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
. "github.com/onsi/gomega"
|
||||||
|
"github.com/stretchr/testify/suite"
|
||||||
|
)
|
||||||
|
|
||||||
|
type tokenStoreTestSuite struct {
|
||||||
|
suite.Suite
|
||||||
|
}
|
||||||
|
|
||||||
|
func (suite *tokenStoreTestSuite) TestCreateStoreFromExistingFolder() {
|
||||||
|
existingDir, err := ioutil.TempDir("", "test_store")
|
||||||
|
Expect(err).To(BeNil())
|
||||||
|
|
||||||
|
storePath := filepath.Join(existingDir, tokenStoreFilename)
|
||||||
|
store, err := newTokenStore(storePath)
|
||||||
|
Expect(err).To(BeNil())
|
||||||
|
Expect((store.filePath)).To(Equal(storePath))
|
||||||
|
}
|
||||||
|
|
||||||
|
func (suite *tokenStoreTestSuite) TestCreateStoreFromNonExistingFolder() {
|
||||||
|
existingDir, err := ioutil.TempDir("", "test_store")
|
||||||
|
Expect(err).To(BeNil())
|
||||||
|
|
||||||
|
storePath := filepath.Join(existingDir, "new", tokenStoreFilename)
|
||||||
|
store, err := newTokenStore(storePath)
|
||||||
|
Expect(err).To(BeNil())
|
||||||
|
Expect((store.filePath)).To(Equal(storePath))
|
||||||
|
|
||||||
|
newDir, err := os.Stat(filepath.Join(existingDir, "new"))
|
||||||
|
Expect(err).To(BeNil())
|
||||||
|
Expect(newDir.Mode().IsDir()).To(BeTrue())
|
||||||
|
}
|
||||||
|
|
||||||
|
func (suite *tokenStoreTestSuite) TestErrorIfParentFolderIsAFile() {
|
||||||
|
existingDir, err := ioutil.TempFile("", "test_store")
|
||||||
|
Expect(err).To(BeNil())
|
||||||
|
|
||||||
|
storePath := filepath.Join(existingDir.Name(), tokenStoreFilename)
|
||||||
|
_, err = newTokenStore(storePath)
|
||||||
|
Expect(err).To(MatchError(errors.New("cannot use path " + storePath + " ; " + existingDir.Name() + " already exists and is not a directory")))
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestTokenStoreSuite(t *testing.T) {
|
||||||
|
RegisterTestingT(t)
|
||||||
|
suite.Run(t, new(tokenStoreTestSuite))
|
||||||
|
}
|
@ -9,6 +9,7 @@ import (
|
|||||||
|
|
||||||
"github.com/docker/api/compose"
|
"github.com/docker/api/compose"
|
||||||
"github.com/docker/api/containers"
|
"github.com/docker/api/containers"
|
||||||
|
"github.com/docker/api/context/cloud"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
@ -33,6 +34,7 @@ var backends = struct {
|
|||||||
type Service interface {
|
type Service interface {
|
||||||
ContainerService() containers.Service
|
ContainerService() containers.Service
|
||||||
ComposeService() compose.Service
|
ComposeService() compose.Service
|
||||||
|
CloudService() cloud.Service
|
||||||
}
|
}
|
||||||
|
|
||||||
// Register adds a typed backend to the registry
|
// Register adds a typed backend to the registry
|
||||||
|
@ -30,6 +30,8 @@ package context
|
|||||||
import (
|
import (
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
|
|
||||||
|
"github.com/docker/api/cli/cmd/context/login"
|
||||||
|
|
||||||
cliopts "github.com/docker/api/cli/options"
|
cliopts "github.com/docker/api/cli/options"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -45,6 +47,7 @@ func Command(opts *cliopts.GlobalOpts) *cobra.Command {
|
|||||||
listCommand(),
|
listCommand(),
|
||||||
removeCommand(),
|
removeCommand(),
|
||||||
useCommand(opts),
|
useCommand(opts),
|
||||||
|
login.Command(),
|
||||||
)
|
)
|
||||||
|
|
||||||
return cmd
|
return cmd
|
||||||
|
37
cli/cmd/context/login/login.go
Normal file
37
cli/cmd/context/login/login.go
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
package login
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/pkg/errors"
|
||||||
|
"github.com/spf13/cobra"
|
||||||
|
|
||||||
|
"github.com/docker/api/client"
|
||||||
|
apicontext "github.com/docker/api/context"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Command returns the compose command with its child commands
|
||||||
|
func Command() *cobra.Command {
|
||||||
|
command := &cobra.Command{
|
||||||
|
Short: "Cloud login for docker contexts",
|
||||||
|
Use: "login",
|
||||||
|
}
|
||||||
|
command.AddCommand(
|
||||||
|
azureLoginCommand(),
|
||||||
|
)
|
||||||
|
return command
|
||||||
|
}
|
||||||
|
|
||||||
|
func azureLoginCommand() *cobra.Command {
|
||||||
|
azureLoginCmd := &cobra.Command{
|
||||||
|
Use: "azure",
|
||||||
|
RunE: func(cmd *cobra.Command, args []string) error {
|
||||||
|
ctx := apicontext.WithCurrentContext(cmd.Context(), "aci")
|
||||||
|
c, err := client.New(ctx)
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrap(err, "cannot connect to backend")
|
||||||
|
}
|
||||||
|
return c.CloudService().Login(ctx, nil)
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
return azureLoginCmd
|
||||||
|
}
|
@ -30,6 +30,8 @@ package client
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
|
||||||
|
"github.com/docker/api/context/cloud"
|
||||||
|
|
||||||
"github.com/docker/api/backend"
|
"github.com/docker/api/backend"
|
||||||
backendv1 "github.com/docker/api/backend/v1"
|
backendv1 "github.com/docker/api/backend/v1"
|
||||||
cliv1 "github.com/docker/api/cli/v1"
|
cliv1 "github.com/docker/api/cli/v1"
|
||||||
@ -84,3 +86,8 @@ func (c *Client) ContainerService() containers.Service {
|
|||||||
func (c *Client) ComposeService() compose.Service {
|
func (c *Client) ComposeService() compose.Service {
|
||||||
return c.bs.ComposeService()
|
return c.bs.ComposeService()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// CloudService returns the backend service for the current context
|
||||||
|
func (c *Client) CloudService() cloud.Service {
|
||||||
|
return c.bs.CloudService()
|
||||||
|
}
|
||||||
|
9
context/cloud/api.go
Normal file
9
context/cloud/api.go
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
package cloud
|
||||||
|
|
||||||
|
import "context"
|
||||||
|
|
||||||
|
// Service cloud specific services
|
||||||
|
type Service interface {
|
||||||
|
// Login login to cloud provider
|
||||||
|
Login(ctx context.Context, params map[string]string) error
|
||||||
|
}
|
@ -40,6 +40,8 @@ var (
|
|||||||
ErrForbidden = errors.New("forbidden")
|
ErrForbidden = errors.New("forbidden")
|
||||||
// ErrUnknown is returned when the error type is unmapped
|
// ErrUnknown is returned when the error type is unmapped
|
||||||
ErrUnknown = errors.New("unknown")
|
ErrUnknown = errors.New("unknown")
|
||||||
|
// ErrLoginFailed is returned when login failed
|
||||||
|
ErrLoginFailed = errors.New("login failed")
|
||||||
)
|
)
|
||||||
|
|
||||||
// IsNotFoundError returns true if the unwrapped error is ErrNotFound
|
// IsNotFoundError returns true if the unwrapped error is ErrNotFound
|
||||||
|
@ -5,6 +5,8 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
|
|
||||||
|
"github.com/docker/api/context/cloud"
|
||||||
|
|
||||||
"github.com/docker/api/backend"
|
"github.com/docker/api/backend"
|
||||||
"github.com/docker/api/compose"
|
"github.com/docker/api/compose"
|
||||||
"github.com/docker/api/containers"
|
"github.com/docker/api/containers"
|
||||||
@ -23,6 +25,10 @@ func (a *apiService) ComposeService() compose.Service {
|
|||||||
return &a.composeService
|
return &a.composeService
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (a *apiService) CloudService() cloud.Service {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
backend.Register("example", "example", func(ctx context.Context) (backend.Service, error) {
|
backend.Register("example", "example", func(ctx context.Context) (backend.Service, error) {
|
||||||
return &apiService{}, nil
|
return &apiService{}, nil
|
||||||
|
4
go.mod
4
go.mod
@ -6,7 +6,10 @@ require (
|
|||||||
github.com/Azure/azure-sdk-for-go v42.0.0+incompatible
|
github.com/Azure/azure-sdk-for-go v42.0.0+incompatible
|
||||||
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect
|
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect
|
||||||
github.com/Azure/go-autorest/autorest v0.10.0
|
github.com/Azure/go-autorest/autorest v0.10.0
|
||||||
|
github.com/Azure/go-autorest/autorest/adal v0.8.2
|
||||||
github.com/Azure/go-autorest/autorest/azure/auth v0.4.2
|
github.com/Azure/go-autorest/autorest/azure/auth v0.4.2
|
||||||
|
github.com/Azure/go-autorest/autorest/azure/cli v0.3.1
|
||||||
|
github.com/Azure/go-autorest/autorest/date v0.2.0
|
||||||
github.com/Azure/go-autorest/autorest/to v0.3.0
|
github.com/Azure/go-autorest/autorest/to v0.3.0
|
||||||
github.com/Azure/go-autorest/autorest/validation v0.2.0 // indirect
|
github.com/Azure/go-autorest/autorest/validation v0.2.0 // indirect
|
||||||
github.com/Microsoft/go-winio v0.4.14 // indirect
|
github.com/Microsoft/go-winio v0.4.14 // indirect
|
||||||
@ -35,6 +38,7 @@ require (
|
|||||||
github.com/spf13/pflag v1.0.5
|
github.com/spf13/pflag v1.0.5
|
||||||
github.com/stretchr/testify v1.5.1
|
github.com/stretchr/testify v1.5.1
|
||||||
golang.org/x/net v0.0.0-20200425230154-ff2c4b7c35a0
|
golang.org/x/net v0.0.0-20200425230154-ff2c4b7c35a0
|
||||||
|
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be
|
||||||
golang.org/x/text v0.3.2 // indirect
|
golang.org/x/text v0.3.2 // indirect
|
||||||
google.golang.org/grpc v1.29.1
|
google.golang.org/grpc v1.29.1
|
||||||
google.golang.org/protobuf v1.21.0
|
google.golang.org/protobuf v1.21.0
|
||||||
|
5
go.sum
5
go.sum
@ -3,10 +3,12 @@ github.com/Azure/azure-sdk-for-go v42.0.0+incompatible h1:yz6sFf5bHZ+gEOQVuK5JhP
|
|||||||
github.com/Azure/azure-sdk-for-go v42.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
|
github.com/Azure/azure-sdk-for-go v42.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
|
||||||
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8=
|
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8=
|
||||||
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
|
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
|
||||||
|
github.com/Azure/go-autorest v14.1.0+incompatible h1:qROrS0rWxAXGfFdNOI33we8553d7T8v78jXf/8tjLBM=
|
||||||
github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI=
|
github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI=
|
||||||
github.com/Azure/go-autorest/autorest v0.9.3/go.mod h1:GsRuLYvwzLjjjRoWEIyMUaYq8GNUx2nRB378IPt/1p0=
|
github.com/Azure/go-autorest/autorest v0.9.3/go.mod h1:GsRuLYvwzLjjjRoWEIyMUaYq8GNUx2nRB378IPt/1p0=
|
||||||
github.com/Azure/go-autorest/autorest v0.10.0 h1:mvdtztBqcL8se7MdrUweNieTNi4kfNG6GOJuurQJpuY=
|
github.com/Azure/go-autorest/autorest v0.10.0 h1:mvdtztBqcL8se7MdrUweNieTNi4kfNG6GOJuurQJpuY=
|
||||||
github.com/Azure/go-autorest/autorest v0.10.0/go.mod h1:/FALq9T/kS7b5J5qsQ+RSTUdAmGFqi0vUdVNNx8q630=
|
github.com/Azure/go-autorest/autorest v0.10.0/go.mod h1:/FALq9T/kS7b5J5qsQ+RSTUdAmGFqi0vUdVNNx8q630=
|
||||||
|
github.com/Azure/go-autorest/autorest v0.10.1 h1:uaB8A32IZU9YKs9v50+/LWIWTDHJk2vlGzbfd7FfESI=
|
||||||
github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0=
|
github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0=
|
||||||
github.com/Azure/go-autorest/autorest/adal v0.8.0/go.mod h1:Z6vX6WXXuyieHAXwMj0S6HY6e6wcHn37qQMBQlvY3lc=
|
github.com/Azure/go-autorest/autorest/adal v0.8.0/go.mod h1:Z6vX6WXXuyieHAXwMj0S6HY6e6wcHn37qQMBQlvY3lc=
|
||||||
github.com/Azure/go-autorest/autorest/adal v0.8.1/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q=
|
github.com/Azure/go-autorest/autorest/adal v0.8.1/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q=
|
||||||
@ -235,6 +237,7 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
|
|||||||
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
|
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
|
||||||
github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
|
github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
|
||||||
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||||
|
github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A=
|
||||||
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||||
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
|
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
|
||||||
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
|
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
|
||||||
@ -275,6 +278,7 @@ golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR
|
|||||||
golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||||
golang.org/x/net v0.0.0-20200425230154-ff2c4b7c35a0 h1:Jcxah/M+oLZ/R4/z5RzfPzGbPXnVDPkEDtf2JnuxN+U=
|
golang.org/x/net v0.0.0-20200425230154-ff2c4b7c35a0 h1:Jcxah/M+oLZ/R4/z5RzfPzGbPXnVDPkEDtf2JnuxN+U=
|
||||||
golang.org/x/net v0.0.0-20200425230154-ff2c4b7c35a0/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
|
golang.org/x/net v0.0.0-20200425230154-ff2c4b7c35a0/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
|
||||||
|
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be h1:vEDujvNQGv4jgYKudGeI/+DAX4Jffq6hpD55MmoEvKs=
|
||||||
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||||
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||||
@ -310,6 +314,7 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
|
|||||||
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
|
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
|
||||||
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||||
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
|
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
|
||||||
|
google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508=
|
||||||
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
|
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
|
||||||
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
|
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
|
||||||
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 h1:gSJIx1SDwno+2ElGhA4+qG2zF97qiUzTM+rQ0klBOcE=
|
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 h1:gSJIx1SDwno+2ElGhA4+qG2zF97qiUzTM+rQ0klBOcE=
|
||||||
|
@ -4,6 +4,8 @@ import (
|
|||||||
"context"
|
"context"
|
||||||
"io"
|
"io"
|
||||||
|
|
||||||
|
"github.com/docker/api/context/cloud"
|
||||||
|
|
||||||
"github.com/docker/docker/api/types"
|
"github.com/docker/docker/api/types"
|
||||||
"github.com/docker/docker/api/types/container"
|
"github.com/docker/docker/api/types/container"
|
||||||
"github.com/docker/docker/client"
|
"github.com/docker/docker/client"
|
||||||
@ -45,6 +47,10 @@ func (ms *mobyService) ComposeService() compose.Service {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (ms *mobyService) CloudService() cloud.Service {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
func (ms *mobyService) List(ctx context.Context) ([]containers.Container, error) {
|
func (ms *mobyService) List(ctx context.Context) ([]containers.Container, error) {
|
||||||
css, err := ms.apiClient.ContainerList(ctx, types.ContainerListOptions{
|
css, err := ms.apiClient.ContainerList(ctx, types.ContainerListOptions{
|
||||||
All: false,
|
All: false,
|
||||||
|
Loading…
x
Reference in New Issue
Block a user