exchange Metal API key for LB OAuth tokenbefore making LB API requests

cprivitere · Sep 27, 2023 · dd0453d · dd0453d
1 parent 0f93671
commit dd0453d
Show file tree

Hide file tree

Showing 2 changed files with 93 additions and 0 deletions.
diff --git a/metal/loadbalancers/emlb/emlb.go b/metal/loadbalancers/emlb/emlb.go
@@ -21,10 +21,46 @@ func NewLB(k8sclient kubernetes.Interface, config string) *LB {
 }
 
 func (l *LB) AddService(ctx context.Context, svcNamespace, svcName, ip string, nodes []loadbalancers.Node) error {
+	tokenExchanger := &MetalTokenExchanger{
+		metalAPIKey: "", // TODO pass this in somehow (maybe add it to the context?)
+		client:      l.client.GetConfig().HTTPClient,
+	}
+	ctx = context.WithValue(ctx, lbaas.ContextOAuth2, tokenExchanger)
+
+	lbCreateRequest := lbaas.LoadBalancerCreate{
+		Name:       "", // TODO generate from service definition.  Maybe "svcNamespace:svcName"?  Do we need to know the cluster name here?
+		LocationId: "", // TODO In the first pass, this comes from the config string?  Or an annotation
+		ProviderId: "", // TODO I have a working value for this (same as what the portal uses) but waiting on feedback from LBaaS team
+	}
+
+	// TODO lb, resp, err :=
+	_, _, err := l.client.ProjectsApi.CreateLoadBalancer(ctx, "TODO: project ID").LoadBalancerCreate(lbCreateRequest).Execute()
+	if err != nil {
+		return err
+	}
+
+	// TODO create other resources
+
 	return nil
 }
 
 func (l *LB) RemoveService(ctx context.Context, svcNamespace, svcName, ip string) error {
+	tokenExchanger := &MetalTokenExchanger{
+		metalAPIKey: "TODO",
+		client:      l.client.GetConfig().HTTPClient,
+	}
+	ctx = context.WithValue(ctx, lbaas.ContextOAuth2, tokenExchanger)
+
+	loadBalancerId := "TODO"
+
+	// TODO delete other resources
+
+	// TODO lb, resp, err :=
+	_, err := l.client.LoadBalancersApi.DeleteLoadBalancer(ctx, loadBalancerId).Execute()
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
 

diff --git a/metal/loadbalancers/emlb/metal_token_exchanger.go b/metal/loadbalancers/emlb/metal_token_exchanger.go
@@ -0,0 +1,57 @@
+package emlb
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"time"
+
+	"golang.org/x/oauth2"
+)
+
+type MetalTokenExchanger struct {
+	metalAPIKey string
+	client      *http.Client
+}
+
+func (m *MetalTokenExchanger) Token() (*oauth2.Token, error) {
+	tokenExchangeURL := "https://iam.metalctrl.io/api-keys/exchange"
+	tokenExchangeRequest, err := http.NewRequest("POST", tokenExchangeURL, nil)
+	if err != nil {
+		return nil, err
+	}
+	tokenExchangeRequest.Header.Add("Authorization", fmt.Sprintf("Bearer %v", m.metalAPIKey))
+
+	resp, err := m.client.Do(tokenExchangeRequest)
+	if err != nil {
+		return nil, err
+	}
+
+	body, err := io.ReadAll(resp.Body)
+	resp.Body.Close()
+	if err != nil {
+		return nil, err
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("token exchange request failed with status %v, body %v", resp.StatusCode, body)
+	}
+
+	token := oauth2.Token{}
+	err = json.Unmarshal(body, &token)
+	if err != nil {
+		fmt.Println(len(body))
+		fmt.Println(token)
+		fmt.Println(err)
+		return nil, err
+	}
+
+	expiresIn := token.Extra("expires_in")
+	if expiresIn != nil {
+		expiresInSeconds := expiresIn.(int)
+		token.Expiry = time.Now().Add(time.Second * time.Duration(expiresInSeconds))
+	}
+
+	return &token, nil
+}