Add support for EKS

To add support for EKS we need two new functions:

- AWSGetClusters returns all EKS clusters including there name,
certificate authority data and the Kubernetes API endpoint.
- AWSGetToken returns a bearer token for Kubernetes API requests.

Makefile

@@ -13,6 +13,7 @@ bindings-ios:
 
 dependencies:
 	GO111MODULE=off go get -u golang.org/x/mobile/cmd/gomobile
+	GO111MODULE=off go get -u github.com/aws/aws-sdk-go/...
 
 release-major:
 	$(eval MAJORVERSION=$(shell git describe --tags --abbrev=0 | sed s/v// | awk -F. '{print $$1+1".0.0"}'))

request/request.go

@@ -4,12 +4,19 @@ import (
 	"bytes"
 	"crypto/tls"
 	"crypto/x509"
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"net"
 	"net/http"
 	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/eks"
+	"github.com/aws/aws-sdk-go/service/sts"
 )
 
 type APIError struct {
@@ -113,3 +120,78 @@ func httpClientForRootCAs(certificateAuthorityData, clientCertificateData, clien
 
 	return &tlsConfig, nil
 }
+
+// AWSGetClusters returns all EKS clusters from AWS.
+func AWSGetClusters(accessKeyId, secretAccessKey, region string) (string, error) {
+	var clusters []*eks.Cluster
+	var names []*string
+	var nextToken *string
+
+	cred := credentials.NewStaticCredentials(accessKeyId, secretAccessKey, "")
+
+	sess, err := session.NewSession(&aws.Config{Region: aws.String(region), Credentials: cred})
+	if err != nil {
+		return "", err
+	}
+
+	eksClient := eks.New(sess)
+
+	for {
+		c, err := eksClient.ListClusters(&eks.ListClustersInput{NextToken: nextToken})
+		if err != nil {
+			return "", err
+		}
+
+		names = append(names, c.Clusters...)
+
+		if c.NextToken == nil {
+			break
+		}
+
+		nextToken = c.NextToken
+	}
+
+	for _, name := range names {
+		cluster, err := eksClient.DescribeCluster(&eks.DescribeClusterInput{Name: name})
+		if err != nil {
+			return "", err
+		}
+
+		if *cluster.Cluster.Status == eks.ClusterStatusActive {
+			clusters = append(clusters, cluster.Cluster)
+		}
+	}
+
+	if clusters != nil {
+		b, err := json.Marshal(clusters)
+		if err != nil {
+			return "", err
+		}
+
+		return string(b), nil
+	}
+
+	return "", nil
+}
+
+// AWSGetToken returns a bearer token for Kubernetes API requests.
+// See: https://github.com/kubernetes-sigs/aws-iam-authenticator/blob/7547c74e660f8d34d9980f2c69aa008eed1f48d0/pkg/token/token.go#L310
+func AWSGetToken(accessKeyId, secretAccessKey, region, clusterID string) (string, error) {
+	cred := credentials.NewStaticCredentials(accessKeyId, secretAccessKey, "")
+
+	sess, err := session.NewSession(&aws.Config{Region: aws.String(region), Credentials: cred})
+	if err != nil {
+		return "", err
+	}
+
+	stsClient := sts.New(sess)
+
+	request, _ := stsClient.GetCallerIdentityRequest(&sts.GetCallerIdentityInput{})
+	request.HTTPRequest.Header.Add("x-k8s-aws-id", clusterID)
+	presignedURLString, err := request.Presign(60)
+	if err != nil {
+		return "", err
+	}
+
+	return fmt.Sprintf(`{"token": "k8s-aws-v1.%s"}`, base64.RawURLEncoding.EncodeToString([]byte(presignedURLString))), nil
+}

request/request_test.go

@@ -50,3 +50,30 @@ func TestDoNonexistingResource(t *testing.T) {
 
 	t.Logf(err.Error())
 }
+
+func TestAWSGetClusters(t *testing.T) {
+	accessKeyId := os.Getenv("AWS_ACCESS_KEY_ID")
+	secretAccessKey := os.Getenv("AWS_SECRET_ACCESS_KEY")
+	region := os.Getenv("AWS_REGION")
+
+	data, err := AWSGetClusters(accessKeyId, secretAccessKey, region)
+	if err != nil {
+		t.Errorf("Could not get clusters: %s", err.Error())
+	}
+
+	t.Logf(data)
+}
+
+func TestAWSGetToken(t *testing.T) {
+	accessKeyId := os.Getenv("AWS_ACCESS_KEY_ID")
+	secretAccessKey := os.Getenv("AWS_SECRET_ACCESS_KEY")
+	region := os.Getenv("AWS_REGION")
+	clusterID := os.Getenv("AWS_CLUSTER_ID")
+
+	data, err := AWSGetToken(accessKeyId, secretAccessKey, region, clusterID)
+	if err != nil {
+		t.Errorf("Could not get token: %s", err.Error())
+	}
+
+	t.Logf(data)
+}