diff --git a/cmd/vcluster/cmd/start.go b/cmd/vcluster/cmd/start.go index 910e244ca..cede221fd 100644 --- a/cmd/vcluster/cmd/start.go +++ b/cmd/vcluster/cmd/start.go @@ -81,18 +81,8 @@ func ExecuteStart(ctx context.Context, options *StartOptions) error { }() // initialize feature gate from environment - err = pro.LicenseInit(ctx, vConfig) - if err != nil { - return fmt.Errorf("init license: %w", err) - } - - // set features for plugins to recognize - plugin.DefaultManager.SetProFeatures(pro.LicenseFeatures()) - - // connect to vCluster platform if configured - startPlatformServersAndControllers, err := pro.ConnectToPlatform(ctx, vConfig) - if err != nil { - return fmt.Errorf("connect to platform: %w", err) + if err := pro.LicenseInit(ctx, vConfig); err != nil { + return fmt.Errorf("license init: %w", err) } err = setup.Initialize(ctx, vConfig) @@ -100,15 +90,19 @@ func ExecuteStart(ctx context.Context, options *StartOptions) error { return fmt.Errorf("initialize: %w", err) } + // set features for plugins to recognize + plugin.DefaultManager.SetProFeatures(pro.LicenseFeatures()) + // build controller context controllerCtx, err := setup.NewControllerContext(ctx, vConfig) if err != nil { return fmt.Errorf("create controller context: %w", err) } - err = startPlatformServersAndControllers(controllerCtx.VirtualManager) + // start license loader + err = pro.LicenseStart(controllerCtx) if err != nil { - return fmt.Errorf("start platform controllers: %w", err) + return fmt.Errorf("start license loader: %w", err) } // start integrations diff --git a/pkg/authentication/platformauthenticator/platformauthenticator.go b/pkg/authentication/platformauthenticator/platformauthenticator.go new file mode 100644 index 000000000..b012bc4d3 --- /dev/null +++ b/pkg/authentication/platformauthenticator/platformauthenticator.go @@ -0,0 +1,36 @@ +package platformauthenticator + +import ( + "net/http" + "sync" + + "k8s.io/apiserver/pkg/authentication/authenticator" +) + +var Default = &PlatformAuthenticator{} + +var _ authenticator.Request = &PlatformAuthenticator{} + +type PlatformAuthenticator struct { + m sync.RWMutex + + delegate authenticator.Request +} + +func (p *PlatformAuthenticator) SetDelegate(delegate authenticator.Request) { + p.m.Lock() + defer p.m.Unlock() + + p.delegate = delegate +} + +func (p *PlatformAuthenticator) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error) { + p.m.RLock() + defer p.m.RUnlock() + + if p.delegate == nil { + return nil, false, nil + } + + return p.delegate.AuthenticateRequest(req) +} diff --git a/pkg/pro/license.go b/pkg/pro/license.go index f18546680..68b1f6d47 100644 --- a/pkg/pro/license.go +++ b/pkg/pro/license.go @@ -4,14 +4,20 @@ import ( "context" "github.com/loft-sh/vcluster/pkg/config" + "github.com/loft-sh/vcluster/pkg/syncer/synccontext" ) -// LicenseInit is used to initialize the license reader +// LicenseInit is used to initialize the license loader var LicenseInit = func(_ context.Context, _ *config.VirtualClusterConfig) error { return nil } -// LicenseFeatures is used to retrieve all enabled features +// LicenseStart is used to start license loader +var LicenseStart = func(_ *synccontext.ControllerContext) error { + return nil +} + +// LicenseFeatures returns a map of featureName: enabled / disabled var LicenseFeatures = func() map[string]bool { return make(map[string]bool) } diff --git a/pkg/pro/platform.go b/pkg/pro/platform.go deleted file mode 100644 index 4674f3ee5..000000000 --- a/pkg/pro/platform.go +++ /dev/null @@ -1,12 +0,0 @@ -package pro - -import ( - "context" - - "github.com/loft-sh/vcluster/pkg/config" - "sigs.k8s.io/controller-runtime/pkg/manager" -) - -var ConnectToPlatform = func(context.Context, *config.VirtualClusterConfig) (func(mgr manager.Manager) error, error) { - return func(_ manager.Manager) error { return nil }, nil -} diff --git a/pkg/server/server.go b/pkg/server/server.go index 6e8e41d9f..5fe67d7e3 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -10,6 +10,7 @@ import ( "time" "github.com/loft-sh/vcluster/pkg/authentication/delegatingauthenticator" + "github.com/loft-sh/vcluster/pkg/authentication/platformauthenticator" "github.com/loft-sh/vcluster/pkg/authorization/allowall" "github.com/loft-sh/vcluster/pkg/authorization/delegatingauthorizer" "github.com/loft-sh/vcluster/pkg/authorization/impersonationauthorizer" @@ -52,9 +53,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" ) -// ExtraAuthenticators are extra authenticators that should be added to the server -var ExtraAuthenticators []authenticator.Request - // Server is a http.Handler which proxies Kubernetes APIs to remote API server. type Server struct { uncachedVirtualClient client.Client @@ -232,7 +230,7 @@ func (s *Server) ServeOnListenerTLS(address string, port int, stopChan <-chan st // 3. last is the certificate authenticator authenticators := []authenticator.Request{} authenticators = append(authenticators, delegatingauthenticator.New(s.uncachedVirtualClient)) - authenticators = append(authenticators, ExtraAuthenticators...) + authenticators = append(authenticators, platformauthenticator.Default) authenticators = append(authenticators, serverConfig.Authentication.Authenticator) serverConfig.Authentication.Authenticator = unionauthentication.NewFailOnError(authenticators...)