From 927ab509a1a911917bda08f50e2b35ac45377517 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 24 Dec 2020 13:20:47 +0100 Subject: [PATCH] outposts: validate kubeconfig before saving --- authentik/outposts/forms.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/authentik/outposts/forms.py b/authentik/outposts/forms.py index 812f7e5ac..ed4355574 100644 --- a/authentik/outposts/forms.py +++ b/authentik/outposts/forms.py @@ -1,7 +1,11 @@ """Outpost forms""" from django import forms +from django.core.exceptions import ValidationError from django.utils.translation import gettext_lazy as _ +from kubernetes.client.configuration import Configuration +from kubernetes.config.config_exception import ConfigException +from kubernetes.config.kube_config import load_kube_config_from_dict from authentik.admin.fields import CodeMirrorWidget, YAMLField from authentik.crypto.models import CertificateKeyPair @@ -71,6 +75,23 @@ class DockerServiceConnectionForm(forms.ModelForm): class KubernetesServiceConnectionForm(forms.ModelForm): """Kubernetes service-connection form""" + def clean_kubeconfig(self): + """Validate kubeconfig by attempting to load it""" + kubeconfig = self.cleaned_data["kubeconfig"] + if kubeconfig == {}: + if not self.cleaned_data["local"]: + raise ValidationError( + _("You can only use an empty kubeconfig when local is enabled.") + ) + # Empty kubeconfig is valid + return kubeconfig + config = Configuration() + try: + load_kube_config_from_dict(kubeconfig, client_configuration=config) + except ConfigException: + raise ValidationError(_("Invalid kubeconfig")) + return kubeconfig + class Meta: model = KubernetesServiceConnection