package login import ( "errors" "fmt" "io" "github.com/spf13/cobra" "k8s.io/kubernetes/pkg/client/restclient" kclientcmd "k8s.io/kubernetes/pkg/client/unversioned/clientcmd" kclientcmdapi "k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api" kcmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util" "github.com/openshift/origin/pkg/client" "github.com/openshift/origin/pkg/cmd/cli/config" "github.com/openshift/origin/pkg/cmd/templates" osclientcmd "github.com/openshift/origin/pkg/cmd/util/clientcmd" ) type LogoutOptions struct { StartingKubeConfig *kclientcmdapi.Config Config *restclient.Config Out io.Writer PathOptions *kclientcmd.PathOptions } var ( logoutLong = templates.LongDesc(` Log out of the active session out by clearing saved tokens An authentication token is stored in the config file after login - this command will delete that token on the server, and then remove the token from the configuration file. If you are using an alternative authentication method like Kerberos or client certificates, your ticket or client certificate will not be removed from the current system since these are typically managed by other programs. Instead, you can delete your config file to remove the local copy of that certificate or the record of your server login. After logging out, if you want to log back into the server use '%[1]s'.`) logoutExample = templates.Examples(` # Logout %[1]s`) ) // NewCmdLogout implements the OpenShift cli logout command func NewCmdLogout(name, fullName, ocLoginFullCommand string, f *osclientcmd.Factory, reader io.Reader, out io.Writer) *cobra.Command { options := &LogoutOptions{ Out: out, } cmds := &cobra.Command{ Use: name, Short: "End the current server session", Long: fmt.Sprintf(logoutLong, ocLoginFullCommand), Example: fmt.Sprintf(logoutExample, fullName), Run: func(cmd *cobra.Command, args []string) { if err := options.Complete(f, cmd, args); err != nil { kcmdutil.CheckErr(err) } if err := options.Validate(args); err != nil { kcmdutil.CheckErr(err) } if err := options.RunLogout(); err != nil { kcmdutil.CheckErr(err) } }, } // TODO: support --all which performs the same logic on all users in your config file. return cmds } func (o *LogoutOptions) Complete(f *osclientcmd.Factory, cmd *cobra.Command, args []string) error { kubeconfig, err := f.OpenShiftClientConfig.RawConfig() o.StartingKubeConfig = &kubeconfig if err != nil { return err } o.Config, err = f.OpenShiftClientConfig.ClientConfig() if err != nil { return err } o.PathOptions = config.NewPathOptions(cmd) return nil } func (o LogoutOptions) Validate(args []string) error { if len(args) > 0 { return errors.New("No arguments are allowed") } if o.StartingKubeConfig == nil { return errors.New("Must have a config file already created") } if len(o.Config.BearerToken) == 0 { return errors.New("You must have a token in order to logout.") } return nil } func (o LogoutOptions) RunLogout() error { token := o.Config.BearerToken client, err := client.New(o.Config) if err != nil { return err } userInfo, err := whoAmI(o.Config) if err != nil { return err } if err := client.OAuthAccessTokens().Delete(token); err != nil { return err } newConfig := *o.StartingKubeConfig for key, value := range newConfig.AuthInfos { if value.Token == token { value.Token = "" newConfig.AuthInfos[key] = value // don't break, its possible that more than one user stanza has the same token. } } if err := kclientcmd.ModifyConfig(o.PathOptions, newConfig, true); err != nil { return err } fmt.Fprintf(o.Out, "Logged %q out on %q\n", userInfo.Name, o.Config.Host) return nil }