Cleans up command options package

Signed-off-by: JoshVanL <[email protected]>

Author: JoshVanL

cmd/app/options/kube_oidc_proxy.go renamed to cmd/app/options/app.go

@@ -5,14 +5,15 @@ import (
 	"github.com/spf13/pflag"
 
 	"github.com/jetstack/kube-oidc-proxy/pkg/util/flags"
+	cliflag "k8s.io/component-base/cli/flag"
 )
 
 type KubeOIDCProxyOptions struct {
 	DisableImpersonation bool
 	ReadinessProbePort   int
 
-	TokenPassthrough   TokenPassthroughOptions
 	ExtraHeaderOptions ExtraHeaderOptions
+	TokenPassthrough   TokenPassthroughOptions
 }
 
 type TokenPassthroughOptions struct {
@@ -26,7 +27,11 @@ type ExtraHeaderOptions struct {
 	ExtraUserHeaders map[string][]string
 }
 
-func (k *KubeOIDCProxyOptions) AddFlags(fs *pflag.FlagSet) {
+func NewKubeOIDCProxyOptions(nfs *cliflag.NamedFlagSets) *KubeOIDCProxyOptions {
+	return new(KubeOIDCProxyOptions).AddFlags(nfs.FlagSet("Kube-OIDC-Proxy"))
+}
+
+func (k *KubeOIDCProxyOptions) AddFlags(fs *pflag.FlagSet) *KubeOIDCProxyOptions {
 	fs.BoolVar(&k.DisableImpersonation, "disable-impersonation", k.DisableImpersonation,
 		"(Alpha) Disable the impersonation of authenticated requests. All "+
 			"authenticated requests will be forwarded as is.")
@@ -36,6 +41,8 @@ func (k *KubeOIDCProxyOptions) AddFlags(fs *pflag.FlagSet) {
 
 	k.TokenPassthrough.AddFlags(fs)
 	k.ExtraHeaderOptions.AddFlags(fs)
+
+	return k
 }
 
 func (t *TokenPassthroughOptions) AddFlags(fs *pflag.FlagSet) {

cmd/app/options/audit.go

@@ -0,0 +1,25 @@
+// Copyright Jetstack Ltd. See LICENSE for details.
+package options
+
+import (
+	"github.com/spf13/pflag"
+	apiserveroptions "k8s.io/apiserver/pkg/server/options"
+	cliflag "k8s.io/component-base/cli/flag"
+)
+
+type AuditOptions struct {
+	*apiserveroptions.AuditOptions
+}
+
+func NewAuditOptions(nfs *cliflag.NamedFlagSets) *AuditOptions {
+	a := &AuditOptions{
+		AuditOptions: apiserveroptions.NewAuditOptions(),
+	}
+
+	return a.AddFlags(nfs.FlagSet("Audit"))
+}
+
+func (a *AuditOptions) AddFlags(fs *pflag.FlagSet) *AuditOptions {
+	a.AuditOptions.AddFlags(fs)
+	return a
+}

cmd/app/options/client.go

@@ -5,20 +5,29 @@ import (
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 	"k8s.io/cli-runtime/pkg/genericclioptions"
+	cliflag "k8s.io/component-base/cli/flag"
 )
 
 type ClientOptions struct {
 	*genericclioptions.ConfigFlags
 }
 
-func NewClientFlags() *ClientOptions {
-	return &ClientOptions{
+func NewClientOptions(nfs *cliflag.NamedFlagSets) *ClientOptions {
+	c := &ClientOptions{
 		ConfigFlags: genericclioptions.NewConfigFlags(true),
 	}
+
+	// Disable unwanted options
+	c.CacheDir = nil
+	c.Impersonate = nil
+	c.ImpersonateGroup = nil
+
+	return c.AddFlags(nfs.FlagSet("Client"))
 }
 
-func (c *ClientOptions) AddFlags(flags *pflag.FlagSet) {
-	c.ConfigFlags.AddFlags(flags)
+func (c *ClientOptions) AddFlags(fs *pflag.FlagSet) *ClientOptions {
+	c.ConfigFlags.AddFlags(fs)
+	return c
 }
 
 func (c *ClientOptions) ClientFlagsChanged(cmd *cobra.Command) bool {

cmd/app/options/misc.go

@@ -0,0 +1,70 @@
+// Copyright Jetstack Ltd. See LICENSE for details.
+package options
+
+import (
+	"fmt"
+	"os"
+	"runtime"
+
+	"github.com/spf13/pflag"
+	apimachineryversion "k8s.io/apimachinery/pkg/version"
+	cliflag "k8s.io/component-base/cli/flag"
+	"k8s.io/component-base/cli/globalflag"
+)
+
+type MiscOptions struct {
+	gitMajor     string // major version, always numeric
+	gitMinor     string // minor version, numeric possibly followed by "+"
+	gitVersion   string
+	gitCommit    string // sha1 from git, output of $(git rev-parse HEAD)
+	gitTreeState string // state of git tree, either "clean" or "dirty"
+
+	buildDate string // build date in ISO8601 format, output of $(date -u +'%Y-%m-%dT%H:%M:%SZ')
+}
+
+var (
+	gitMajor     string // major version, always numeric
+	gitMinor     string // minor version, numeric possibly followed by "+"
+	gitVersion   = "v0.0.0-master+$Format:%h$"
+	gitCommit    = "$Format:%H$" // sha1 from git, output of $(git rev-parse HEAD)
+	gitTreeState = ""            // state of git tree, either "clean" or "dirty"
+
+	buildDate = "1970-01-01T00:00:00Z" // build date in ISO8601 format, output of $(date -u +'%Y-%m-%dT%H:%M:%SZ')
+)
+
+func NewMiscOptions(nfs *cliflag.NamedFlagSets) *MiscOptions {
+	m := &MiscOptions{
+		gitMajor:     gitMajor,
+		gitMinor:     gitMinor,
+		gitVersion:   gitVersion,
+		gitCommit:    gitCommit,
+		gitTreeState: gitTreeState,
+		buildDate:    buildDate,
+	}
+
+	return m.AddFlags(nfs.FlagSet("Misc"))
+}
+
+func (m *MiscOptions) AddFlags(fs *pflag.FlagSet) *MiscOptions {
+	globalflag.AddGlobalFlags(fs, AppName)
+	fs.Bool("version", false, "Print version information and quit")
+	return m
+}
+
+func (m *MiscOptions) PrintVersionAndExit() {
+	fmt.Printf("%s version: %#v\n", AppName,
+		apimachineryversion.Info{
+			Major:        m.gitMajor,
+			Minor:        m.gitMinor,
+			GitVersion:   m.gitVersion,
+			GitCommit:    m.gitCommit,
+			GitTreeState: m.gitTreeState,
+			BuildDate:    m.buildDate,
+			GoVersion:    runtime.Version(),
+			Compiler:     runtime.Compiler,
+			Platform:     fmt.Sprintf("%s/%s", runtime.GOOS, runtime.GOARCH),
+		},
+	)
+
+	os.Exit(0)
+}

cmd/app/options/oidc.go

@@ -22,6 +22,10 @@ type OIDCAuthenticationOptions struct {
 	RequiredClaims map[string]string
 }
 
+func NewOIDCAuthenticationOptions(nfs *cliflag.NamedFlagSets) *OIDCAuthenticationOptions {
+	return new(OIDCAuthenticationOptions).AddFlags(nfs.FlagSet("OIDC"))
+}
+
 func (o *OIDCAuthenticationOptions) Validate() error {
 	if o != nil && (len(o.IssuerURL) > 0) != (len(o.ClientID) > 0) {
 		return fmt.Errorf("oidc-issuer-url and oidc-client-id should be specified together")
@@ -30,7 +34,7 @@ func (o *OIDCAuthenticationOptions) Validate() error {
 	return nil
 }
 
-func (o *OIDCAuthenticationOptions) AddFlags(fs *pflag.FlagSet) {
+func (o *OIDCAuthenticationOptions) AddFlags(fs *pflag.FlagSet) *OIDCAuthenticationOptions {
 	fs.StringSliceVar(&o.APIAudiences, "api-audiences", o.APIAudiences, ""+
 		"Identifiers of the API. This can be used as an additional list of "+
 		"identifiers that exist in the target audiences of requests when "+
@@ -72,4 +76,6 @@ func (o *OIDCAuthenticationOptions) AddFlags(fs *pflag.FlagSet) {
 		"A key=value pair that describes a required claim in the ID Token. "+
 		"If set, the claim is verified to be present in the ID Token with a matching value. "+
 		"Repeat this flag to specify multiple claims.")
+
+	return o
 }

cmd/app/options/options.go

@@ -0,0 +1,89 @@
+// Copyright Jetstack Ltd. See LICENSE for details.
+package options
+
+import (
+	"errors"
+	"fmt"
+
+	"github.com/spf13/cobra"
+	"k8s.io/apiserver/pkg/util/term"
+	cliflag "k8s.io/component-base/cli/flag"
+
+	"github.com/jetstack/kube-oidc-proxy/pkg/util"
+)
+
+const (
+	AppName = "kube-oidc-proxy"
+)
+
+type Options struct {
+	OIDCAuthentication *OIDCAuthenticationOptions
+	SecureServing      *SecureServingOptions
+	Client             *ClientOptions
+	App                *KubeOIDCProxyOptions
+	Misc               *MiscOptions
+
+	nfs *cliflag.NamedFlagSets
+}
+
+func New() *Options {
+	nfs := new(cliflag.NamedFlagSets)
+
+	// Add flags to command sets
+	return &Options{
+		OIDCAuthentication: NewOIDCAuthenticationOptions(nfs),
+		SecureServing:      NewSecureServingOptions(nfs),
+		Client:             NewClientOptions(nfs),
+		App:                NewKubeOIDCProxyOptions(nfs),
+		Misc:               NewMiscOptions(nfs),
+
+		nfs: nfs,
+	}
+}
+
+func (o *Options) AddFlags(cmd *cobra.Command) {
+	// pretty output from kube-apiserver
+	usageFmt := "Usage:\n  %s\n"
+	cols, _, _ := term.TerminalSize(cmd.OutOrStdout())
+	cmd.SetUsageFunc(func(cmd *cobra.Command) error {
+		fmt.Fprintf(cmd.OutOrStderr(), usageFmt, cmd.UseLine())
+		cliflag.PrintSections(cmd.OutOrStderr(), *o.nfs, cols)
+		return nil
+	})
+
+	cmd.SetHelpFunc(func(cmd *cobra.Command, args []string) {
+		fmt.Fprintf(cmd.OutOrStdout(), "%s\n\n"+usageFmt, cmd.Long, cmd.UseLine())
+		cliflag.PrintSections(cmd.OutOrStdout(), *o.nfs, cols)
+	})
+
+	fs := cmd.Flags()
+	for _, f := range o.nfs.FlagSets {
+		fs.AddFlagSet(f)
+	}
+}
+
+func (o *Options) Validate(cmd *cobra.Command) error {
+	if cmd.Flag("version").Value.String() == "true" {
+		o.Misc.PrintVersionAndExit()
+	}
+
+	var errs []error
+
+	if err := o.OIDCAuthentication.Validate(); err != nil {
+		errs = append(errs, err)
+	}
+
+	if err := o.SecureServing.Validate(); len(err) > 0 {
+		errs = append(errs, err...)
+	}
+
+	if o.SecureServing.BindPort == o.App.ReadinessProbePort {
+		errs = append(errs, errors.New("unable to securely serve on port 8080 (used by readiness probe)"))
+	}
+
+	if len(errs) > 0 {
+		return util.JoinErrors(errs)
+	}
+
+	return nil
+}

cmd/app/options/serving.go

@@ -0,0 +1,35 @@
+// Copyright Jetstack Ltd. See LICENSE for details.
+package options
+
+import (
+	"net"
+
+	"github.com/spf13/pflag"
+	apiserveroptions "k8s.io/apiserver/pkg/server/options"
+	cliflag "k8s.io/component-base/cli/flag"
+)
+
+type SecureServingOptions struct {
+	*apiserveroptions.SecureServingOptions
+}
+
+func NewSecureServingOptions(nfs *cliflag.NamedFlagSets) *SecureServingOptions {
+	s := &SecureServingOptions{
+		SecureServingOptions: &apiserveroptions.SecureServingOptions{
+			BindAddress: net.ParseIP("0.0.0.0"),
+			BindPort:    6443,
+			Required:    true,
+			ServerCert: apiserveroptions.GeneratableKeyCert{
+				PairName:      AppName,
+				CertDirectory: "/var/run/kubernetes",
+			},
+		},
+	}
+
+	return s.AddFlags(nfs.FlagSet("Secure Serving"))
+}
+
+func (s *SecureServingOptions) AddFlags(fs *pflag.FlagSet) *SecureServingOptions {
+	s.SecureServingOptions.AddFlags(fs)
+	return s
+}