feat(Session cookie support for Auth to Admin Server)

.gitignore

@@ -24,6 +24,9 @@ _testmain.go
 *.test
 *.prof
 
+#IDE ignore
+.idea
+
 # for this repo only
 deck
 dist/

cmd/root.go

@@ -123,6 +123,13 @@ func init() {
 	viper.BindPFlag("skip-workspace-crud",
 		rootCmd.PersistentFlags().Lookup("skip-workspace-crud"))
 
+	// Support for Session Cookie
+	rootCmd.PersistentFlags().String("kong-session-cookie-path", "",
+		"Absolute path for the session-cookie file for auth with Admin Server.\n"+
+			"You may also need to pass in as header the User-Agent that was used to create the session.")
+	viper.BindPFlag("kong-session-cookie-path",
+		rootCmd.PersistentFlags().Lookup("kong-session-cookie-path"))
+
 	// konnect-specific flags
 	rootCmd.PersistentFlags().String("konnect-email", "",
 		"Email address associated with your Konnect account.")
@@ -207,6 +214,13 @@ func initConfig() {
 	rootConfig.Debug = (viper.GetInt("verbose") >= 1)
 	rootConfig.Timeout = (viper.GetInt("timeout"))
 
+	// Session cookie support
+	rootConfig.SessionFilePath = viper.GetString("kong-session-cookie-path")
+	if rootConfig.SessionFilePath != "" {
+		rootConfig.ISSessionClient = true
+	} else {
+		rootConfig.ISSessionClient = false
+	}
 	color.NoColor = (color.NoColor || viper.GetBool("no-color"))
 
 	if err := initKonnectConfig(); err != nil {

go.mod

@@ -26,6 +26,7 @@ require (
 	github.com/yudai/gojsondiff v1.0.0
 	github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 // indirect
 	github.com/yudai/pp v2.0.1+incompatible // indirect
+	golang.org/x/net v0.0.0-20210520170846-37e1c6afe023 // indirect
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
 	k8s.io/code-generator v0.22.4
 )

utils/cookiejarparser.go

@@ -0,0 +1,114 @@
+package utils
+
+// Code from https://github.com/ssgelm/cookiejarparser under MIT License
+import (
+	"bufio"
+	"fmt"
+	"net/http"
+	"net/http/cookiejar"
+	"net/url"
+	"os"
+	"strconv"
+	"strings"
+	"time"
+
+	"golang.org/x/net/publicsuffix"
+)
+
+const (
+	httpOnlyPrefix = "#HttpOnly_"
+	maxEntriesLen  = 7
+)
+
+func parseCookieLine(cookieLine string, lineNum int) (*http.Cookie, error) {
+	var err error
+	cookieLineHTTPOnly := false
+	if strings.HasPrefix(cookieLine, httpOnlyPrefix) {
+		cookieLineHTTPOnly = true
+		cookieLine = strings.TrimPrefix(cookieLine, httpOnlyPrefix)
+	}
+
+	if strings.HasPrefix(cookieLine, "#") || cookieLine == "" {
+		return nil, nil
+	}
+
+	cookieFields := strings.Split(cookieLine, "\t")
+
+	if len(cookieFields) < 6 || len(cookieFields) > 7 {
+		return nil, fmt.Errorf("incorrect number of fields in line %d.  Expected 6 or 7, got %d", lineNum, len(cookieFields))
+	}
+
+	for i, v := range cookieFields {
+		cookieFields[i] = strings.TrimSpace(v)
+	}
+
+	cookie := &http.Cookie{
+		Domain:   cookieFields[0],
+		Path:     cookieFields[2],
+		Name:     cookieFields[5],
+		HttpOnly: cookieLineHTTPOnly,
+	}
+	cookie.Secure, err = strconv.ParseBool(cookieFields[3])
+	if err != nil {
+		return nil, err
+	}
+	expiresInt, err := strconv.ParseInt(cookieFields[4], 10, 64)
+	if err != nil {
+		return nil, err
+	}
+	if expiresInt > 0 {
+		cookie.Expires = time.Unix(expiresInt, 0)
+	}
+
+	if len(cookieFields) == maxEntriesLen {
+		cookie.Value = cookieFields[6]
+	}
+
+	return cookie, nil
+}
+
+// LoadCookieJarFile takes a path to a curl (netscape) cookie jar file and crates a go http.CookieJar with the contents
+func LoadCookieJarFile(path string) (http.CookieJar, error) {
+	jar, err := cookiejar.New(&cookiejar.Options{PublicSuffixList: publicsuffix.List})
+	if err != nil {
+		return nil, err
+	}
+
+	file, err := os.Open(path)
+	if err != nil {
+		return nil, err
+	}
+	defer file.Close()
+
+	lineNum := 1
+	scanner := bufio.NewScanner(file)
+	for scanner.Scan() {
+		cookieLine := scanner.Text()
+		cookie, err := parseCookieLine(cookieLine, lineNum)
+		if cookie == nil {
+			continue
+		}
+		if err != nil {
+			return nil, err
+		}
+
+		var cookieScheme string
+		if cookie.Secure {
+			cookieScheme = "https"
+		} else {
+			cookieScheme = "http"
+		}
+		cookieURL := &url.URL{
+			Scheme: cookieScheme,
+			Host:   cookie.Domain,
+		}
+
+		cookies := jar.Cookies(cookieURL)
+		cookies = append(cookies, cookie)
+		jar.SetCookies(cookieURL, cookies)
+
+		lineNum++
+	}
+
+	return jar, nil
+}

utils/cookiejarparser_test.go

@@ -0,0 +1,105 @@
+package utils
+
+// Code from https://github.com/ssgelm/cookiejarparser under MIT License
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/http/cookiejar"
+	"net/url"
+	"reflect"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"golang.org/x/net/publicsuffix"
+)
+
+func TestParseCookieLine(t *testing.T) {
+	// normal
+	cookie, err := parseCookieLine("example.com	FALSE	/	FALSE	0	test_cookie	1", 1)
+	sampleCookie := &http.Cookie{
+		Domain:   "example.com",
+		Path:     "/",
+		Name:     "test_cookie",
+		Value:    "1",
+		HttpOnly: false,
+		Secure:   false,
+	}
+
+	if !reflect.DeepEqual(cookie, sampleCookie) || err != nil {
+		c1, _ := json.Marshal(cookie)
+		c2, _ := json.Marshal(sampleCookie)
+
+		t.Errorf("Parsing normal cookie failed.  Expected:\n  "+
+			"cookie: %s err: nil,\ngot:\n  cookie: %s err: %s", c2, c1, err)
+	}
+	// httponly
+	cookieHTTP, err := parseCookieLine("#HttpOnly_example.com	FALSE	/	FALSE	0	test_cookie_httponly	1", 1)
+	sampleCookieHTTP := &http.Cookie{
+		Domain:   "example.com",
+		Path:     "/",
+		Name:     "test_cookie_httponly",
+		Value:    "1",
+		HttpOnly: true,
+		Secure:   false,
+	}
+
+	if !reflect.DeepEqual(cookieHTTP, sampleCookieHTTP) || err != nil {
+		c1, _ := json.Marshal(cookieHTTP)
+		c2, _ := json.Marshal(sampleCookieHTTP)
+
+		t.Errorf("Parsing httpOnly cookie failed. Expected:\n  "+
+			"cookie: %s err: nil,\ngot:\n  cookie: %s err: %s", c2, c1, err)
+	}
+
+	// comment
+	cookieComment, err := parseCookieLine("# This is a comment", 1)
+	if cookieComment != nil || err != nil {
+		t.Errorf("Parsing comment failed.  Expected cookie: nil err: nil, "+
+			"got cookie: %s err: %s", cookie, err)
+	}
+
+	cookieBlank, err := parseCookieLine("", 1)
+	if cookieBlank != nil || err != nil {
+		t.Errorf("Parsing blank line failed.  Expected cookie: nil err: nil, "+
+			"got cookie: %s err: %s", cookie, err)
+	}
+}
+
+func TestLoadCookieJarFile(t *testing.T) {
+	exampleURL := &url.URL{
+		Scheme: "http",
+		Host:   "example.com",
+	}
+	sampleCookies := []*http.Cookie{
+		{
+			Domain:   "example.com",
+			Path:     "/",
+			Name:     "test_cookie",
+			Value:    "1",
+			HttpOnly: false,
+			Secure:   false,
+		},
+		{
+			Domain:   "example.com",
+			Path:     "/",
+			Name:     "test_cookie_httponly",
+			Value:    "1",
+			HttpOnly: true,
+			Secure:   false,
+		},
+	}
+	sampleCookieJar, _ := cookiejar.New(&cookiejar.Options{PublicSuffixList: publicsuffix.List})
+	sampleCookieJar.SetCookies(exampleURL, sampleCookies)
+
+	cookieJar, err := LoadCookieJarFile("testdata/cookies.txt")
+	require.NoError(t, err)
+
+	c1, _ := json.Marshal(cookieJar.Cookies(exampleURL))
+	c2, _ := json.Marshal(sampleCookieJar.Cookies(exampleURL))
+
+	if !reflect.DeepEqual(c1, c2) || err != nil {
+		t.Errorf("Cookie jar creation failed.  Expected:\n  "+
+			"cookieJar: %s err: nil,\ngot:\n  cookieJar: %s err: %s", c2, c1, err)
+	}
+}

utils/testdata/cookies.txt

@@ -0,0 +1,4 @@
+# Test cookie file
+
+example.com	FALSE	/	FALSE	0	test_cookie	1
+#HttpOnly_example.com	FALSE	/	FALSE	0	test_cookie_httponly	1

utils/types.go

@@ -94,6 +94,11 @@ type KongClientConfig struct {
 	HTTPClient *http.Client
 
 	Timeout int
+
+	SessionFilePath string
+
+	// Whether to initialize the Http client with a cookie jar or not
+	ISSessionClient bool
 }
 
 type KonnectConfig struct {
@@ -153,6 +158,14 @@ func GetKongClient(opt KongClientConfig) (*kong.Client, error) {
 	if opt.Workspace != "" {
 		url.Path = path.Join(url.Path, opt.Workspace)
 	}
+	// Add Session Cookie support if required
+	if opt.ISSessionClient {
+		jar, err := LoadCookieJarFile(opt.SessionFilePath)
+		if err != nil {
+			return nil, fmt.Errorf("failed to initialize session jar:%w", err)
+		}
+		c.Jar = jar
+	}
 
 	kongClient, err := kong.NewClient(kong.String(url.String()), c)
 	if err != nil {