#!/bin/bash usage(){ if [ -z $1 ]; then cat << EOF USAGE: $0 [options] Available Options: -t, --token-issuer='': Token Issuer application URL (required if TOKEN_ISSUER is not defined) -t, --idp='': The identity provider to be used (optional) -c, --curl-opts='': curl(1) options to use when invoking the executable, default is '-s' -p, --poll-time='': Defines the maximum token poll time in seconds (default 30) EOF exit -1 fi } bailout(){ echo "ERROR: $@" exit -1 } CURL_OPTS='-s' POLL_TIME='30' if [ $# -le 1 ]; then usage exit 255 fi while [[ $# -gt 1 ]]; do KEY="$1" case $KEY in -t|--token-issuer) TOKEN_ISSUER="$2" shift; shift ;; -i|--idp) IDP="$2" shift; shift ;; -c|--curl-opts) CURL_OPTS="$2" shift; shift ;; -p|--poll-time) POLL_TIME="$2" shift; shift ;; *) usage exit 255 ;; esac done API_URL="$1" OC=$(which oc) JQ=$(which jq) if [ -z "$API_URL" ]; then bailout "API URL is not defined" fi if [ -z "$TOKEN_ISSUER" ]; then bailout "Token Issuer URL is not defined" fi if [ -z "$OC" ]; then bailout "OpenShift client (oc) binary is missing" fi if [ -z "$JQ" ]; then bailout "JQ binary is missing" fi if [ "$IDP" != "" ]; then IDP_QUERYSTRING="?idp=$IDP" else IDP_QUERYSTRING="" fi OID_DATA=$(curl $CURL_OPTS ${TOKEN_ISSUER}/login/cli${IDP_QUERYSTRING}) AUTH_URL=$(echo $OID_DATA | $JQ -r .authorization_url) AUTH_STATE=$(echo $OID_DATA | $JQ -r .state) echo "Please visit the following URL in order to authenticate:" echo echo "$AUTH_URL" echo spin='-\|/' n=0; i=0; c=0 until [ "$n" -ge $POLL_TIME ] do if [ $(( c%10 )) -eq 0 ]; then TOKEN_RESP=$(curl --fail $CURL_OPTS ${TOKEN_ISSUER}/token/${AUTH_STATE}) && break n=$(( n+1 )) fi c=$(( c+1 )) i=$(( (i+1) %4 )) printf "\r${spin:$i:1}" sleep .1 done if [ "$TOKEN_RESP" == "" ]; then echo "Failure getting the token" exit 255 fi EXPIRES=$(echo $TOKEN_RESP | $JQ -r .expires_in) TOKEN=$(echo $TOKEN_RESP | $JQ -r .access_token) echo echo "Token retrieved, will expire in $EXPIRES seconds" $OC login --token "$TOKEN" $API_URL