adjust login

Author: mjudeikis

backend/auth/handler.go

@@ -93,7 +93,6 @@ func (ah *AuthHandler) HandleAuthorize(w http.ResponseWriter, r *http.Request) {
 
 func (ah *AuthHandler) HandleCallback(w http.ResponseWriter, r *http.Request) {
 	logger := klog.FromContext(r.Context()).WithValues("method", r.Method, "url", r.URL.String())
-
 	if errMsg := r.Form.Get("error"); errMsg != "" {
 		logger.Error(errors.New(errMsg), "failed to authorize")
 		http.Error(w, errMsg+": "+r.Form.Get("error_description"), http.StatusBadRequest)

cli/pkg/kubectl/bind-apiservice/plugin/binder.go

@@ -151,7 +151,7 @@ func (b *Binder) BindFromFile(ctx context.Context) ([]*kubebindv1alpha2.APIServi
 
 // BindFromResponse processes a BindingResourceResponse and creates all necessary bindings
 func (b *Binder) BindFromResponse(ctx context.Context, response *kubebindv1alpha2.BindingResourceResponse) ([]*kubebindv1alpha2.APIServiceBinding, error) {
-	if response.Authentication.OAuth2CodeGrant == nil {
+	if response == nil || response.Authentication.OAuth2CodeGrant == nil {
 		return nil, fmt.Errorf("unexpected response: authentication.oauth2CodeGrant is nil")
 	}
 

cli/pkg/kubectl/bind-login/plugin/login.go

@@ -103,14 +103,7 @@ func (o *LoginOptions) Complete(args []string) error {
 		return err
 	}
 
-	o.loginClient = &http.Client{
-		Transport: &http.Transport{
-			DialContext: (&net.Dialer{
-				Timeout:   5 * time.Second,
-				KeepAlive: 30 * time.Second,
-			}).DialContext,
-		},
-	}
+	o.loginClient = http.DefaultClient
 
 	return nil
 }
@@ -134,19 +127,20 @@ func (o *LoginOptions) Run(ctx context.Context, authURLCh chan<- string) error {
 	tokenCh := make(chan *TokenResponse, 1)
 	errCh := make(chan error, 1)
 
-	server, localCallbackURL, err := o.startCallbackServerWithRandomPort(sessionID, tokenCh, errCh)
-	if err != nil {
-		return fmt.Errorf("failed to start callback server: %w", err)
-	}
-	defer server.Close()
-
 	// Get provider information
 	fmt.Fprintf(o.Streams.ErrOut, "Connecting to kube-bind server %s...\n", o.Options.Server)
 	provider, err := o.getProvider(ctx)
 	if err != nil {
 		return fmt.Errorf("failed to get provider information: %w", err)
 	}
 
+	server, localCallbackURL, err := o.startCallbackServerWithRandomPort(tokenCh, errCh)
+	if err != nil {
+		return fmt.Errorf("failed to start callback server: %w", err)
+	}
+	defer server.Close()
+	fmt.Fprintf(o.Streams.ErrOut, "Started local callback server at %s\n", localCallbackURL)
+
 	// Start authentication flow
 	authURL, err := o.buildAuthURL(provider, localCallbackURL, sessionID)
 	if err != nil {
@@ -156,7 +150,6 @@ func (o *LoginOptions) Run(ctx context.Context, authURLCh chan<- string) error {
 		authURLCh <- authURL
 	}
 
-	fmt.Fprintf(o.Streams.ErrOut, "\nStarted callback server at %s\n", localCallbackURL)
 	if !o.SkipBrowser {
 		fmt.Fprintf(o.Streams.ErrOut, "Opening browser for authentication... %s\n", authURL)
 		err = base.OpenBrowser(authURL)
@@ -308,25 +301,20 @@ func (o *LoginOptions) buildAuthURL(provider *kubebindv1alpha2.BindingProvider,
 	return u.String(), nil
 }
 
-func (o *LoginOptions) startCallbackServerWithRandomPort(sessionID string, tokenCh chan<- *TokenResponse, errCh chan<- error) (*http.Server, string, error) {
-	expectedSessionID := sessionID
+func (o *LoginOptions) startCallbackServerWithRandomPort(tokenCh chan<- *TokenResponse, errCh chan<- error) (*http.Server, string, error) {
 	listener, err := net.Listen("tcp", "127.0.0.1:0")
 	if err != nil {
 		return nil, "", fmt.Errorf("failed to find available port: %w", err)
 	}
 
 	port := listener.Addr().(*net.TCPAddr).Port
+	listener.Close()
 
 	callbackURL := fmt.Sprintf("http://127.0.0.1:%d/callback", port)
 
 	// Setup HTTP handler
 	mux := http.NewServeMux()
 	mux.HandleFunc("/callback", func(w http.ResponseWriter, r *http.Request) {
-		receivedSessionID := r.URL.Query().Get("session_id")
-		if receivedSessionID != expectedSessionID {
-			http.Error(w, "Invalid session", http.StatusBadRequest)
-			return
-		}
 		token := &TokenResponse{
 			Error:        r.URL.Query().Get("error"),
 			ErrorMessage: r.URL.Query().Get("error_description"),
@@ -361,7 +349,8 @@ func (o *LoginOptions) startCallbackServerWithRandomPort(sessionID string, token
         <p>You can now close this window and return to the CLI.</p>
     </div>
 </body>
-</html>`, map[bool]string{true: "success", false: "error"}[token.Error == ""],
+</html>`,
+			map[bool]string{true: "success", false: "error"}[token.Error == ""],
 			map[bool]string{true: "Authentication Successful!", false: "Authentication Failed"}[token.Error == ""])
 
 		select {
@@ -371,9 +360,8 @@ func (o *LoginOptions) startCallbackServerWithRandomPort(sessionID string, token
 	})
 
 	server := &http.Server{
-		ReadTimeout: 5 * time.Minute,
-		Addr:        fmt.Sprintf(":%d", port),
-		Handler:     mux,
+		Addr:    fmt.Sprintf(":%d", port),
+		Handler: mux,
 	}
 
 	go func() {

cli/pkg/kubectl/bind/plugin/bind.go

@@ -27,7 +27,6 @@ import (
 	"net/url"
 	"os/exec"
 	"strconv"
-	"time"
 
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
@@ -158,11 +157,7 @@ func (b *BindOptions) runWithCallback(ctx context.Context, _ chan<- string) erro
 	if err != nil {
 		return fmt.Errorf("failed to start callback server: %w", err)
 	}
-	defer func() {
-		shutdownCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
-		defer cancel()
-		_ = callbackServer.Shutdown(shutdownCtx)
-	}()
+	defer callbackServer.Close()
 
 	// Build the UI URL with callback parameters
 	uiURL, err := b.buildUIURL(callbackPort, sessionID, b.Cluster)
@@ -360,9 +355,8 @@ func (b *BindOptions) startCallbackServer(resultCh chan<- *BindResult, errCh cha
 	})
 
 	server := &http.Server{
-		ReadTimeout: time.Minute * 5,
-		Addr:        fmt.Sprintf(":%d", port),
-		Handler:     mux,
+		Addr:    fmt.Sprintf(":%d", port),
+		Handler: mux,
 	}
 
 	go func() {

contrib/kcp/README.md

@@ -124,15 +124,16 @@ kubectl ws create consumer --enter
 10. Bind the thing:
 
 ```bash
-./bin/kubectl-bind http://127.0.0.1:8080/clusters/n9enfzyxpqujqqwk/exports --dry-run -o yaml > apiserviceexport.yaml
+./bin/kubectl-bind login http://127.0.0.1:8080 --cluster qs427lvg0y86m0ka
+./bin/kubectl-bind --dry-run -o yaml > apiserviceexport.yaml
 
 # Extract secret for binding process. Note that secret name is not the same as output from command above. Check secret
 # name by running `kubectl get secret -n kube-bind`
 kubectl get secrets -n kube-bind -o jsonpath='{.items[0].data.kubeconfig}' | base64 -d > remote.kubeconfig
 
 namespace=$(yq '.contexts[0].context.namespace' remote.kubeconfig)
 
-./bin/kubectl-bind apiservice -v 6 --remote-kubeconfig remote.kubeconfig -f apiserviceexport.yaml  --skip-konnector --remote-namespace "$namespace"
+./bin/kubectl-bind apiservice -v 6 --remote-kubeconfig remote.kubeconfig -f apiserviceexport.yaml --skip-konnector --remote-namespace "$namespace"
 ```
 
 This will keep running, so switch to a new terminal.