@ -15,7 +15,6 @@ import (
 
			
		
	
		
		
			
				
					
						"sync" 
	"sync" 
 
			
		
	
		
		
			
				
					
					
 
			
		
	
		
		
			
				
					
						"github.com/google/go-querystring/query" 
	"github.com/google/go-querystring/query" 
 
			
		
	
		
		
			
				
					
						"golang.org/x/oauth2" 
 
			
		
	
		
		
			
				
					
						"repository.basistech.ru/BASIS/decort-golang-sdk/config" 
	"repository.basistech.ru/BASIS/decort-golang-sdk/config" 
 
			
		
	
		
		
			
				
					
						"repository.basistech.ru/BASIS/decort-golang-sdk/pkg/cloudapi" 
	"repository.basistech.ru/BASIS/decort-golang-sdk/pkg/cloudapi" 
 
			
		
	
		
		
			
				
					
						k8s_ca  "repository.basistech.ru/BASIS/decort-golang-sdk/pkg/cloudapi/k8s" 
	k8s_ca  "repository.basistech.ru/BASIS/decort-golang-sdk/pkg/cloudapi/k8s" 
 
			
		
	
	
		
		
			
				
					
						
						
						
							
								 
						
					 
					@ -26,16 +25,9 @@ import (
 
			
		
	
		
		
			
				
					
					// HTTP-client for platform
 // HTTP-client for platform
  
			
		
	
		
		
			
				
					
					type  BVSDecortClient  struct  { type  BVSDecortClient  struct  {  
			
		
	
		
		
			
				
					
						client     * http . Client 
	client     * http . Client 
 
			
		
	
		
		
			
				
					
						cfg        * oauth2 . 
	cfg        config . BVS 
 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
						mutex      * sync . Mutex 
	mutex      * sync . Mutex 
 
			
		
	
		
		
			
				
					
						token      * oauth2 . Token 
 
			
		
	
		
		
			
				
					
						decortURL  string 
	decortURL  string 
 
			
		
	
		
		
			
				
					
						username   string 
 
			
		
	
		
		
			
				
					
						password   string 
 
			
		
	
		
		
			
				
					
					}  
			
		
	
		
		
			
				
					
					
 
			
		
	
		
		
			
				
					
					type  ProviderEndpoint  struct  {  
			
		
	
		
		
			
				
					
						TokenURL  string  ` json:"token_endpoint" ` 
 
			
		
	
		
		
			
				
					
					} }  
			
		
	
		
		
			
				
					
					
 
			
		
	
		
		
			
				
					
					// С  // С   
			
		
	
	
		
		
			
				
					
						
						
						
							
								 
						
					 
					@ -43,11 +35,6 @@ func NewBVS(cfg config.BVSConfig) *BVSDecortClient {
 
			
		
	
		
		
			
				
					
						if  cfg . Retries  ==  0  { 
	if  cfg . Retries  ==  0  { 
 
			
		
	
		
		
			
				
					
							cfg . Retries  =  5 
		cfg . Retries  =  5 
 
			
		
	
		
		
			
				
					
						} 
	} 
 
			
		
	
		
		
			
				
					
						// if cfg.Token.AccessToken != "" {
 
 
			
		
	
		
		
			
				
					
					
 
			
		
	
		
		
			
				
					
						// }
 
 
			
		
	
		
		
			
				
					
						ctx  :=  context . Background ( ) 
 
			
		
	
		
		
			
				
					
						providerEndpoint ,  _  :=  GetEndpoint ( ctx ,  cfg . SSOURL ,  cfg . Domain ,  cfg . SSLSkipVerify ) 
 
			
		
	
		
		
			
				
					
					
 
			
		
	
		
		
			
				
					
						return  & BVSDecortClient { 
	return  & BVSDecortClient { 
 
			
		
	
		
		
			
				
					
							decortURL :  cfg . DecortURL , 
		decortURL :  cfg . DecortURL , 
 
			
		
	
	
		
		
			
				
					
						
						
						
							
								 
						
					 
					@ -59,15 +46,8 @@ func NewBVS(cfg config.BVSConfig) *BVSDecortClient {
 
			
		
	
		
		
			
				
					
									} , 
				} , 
 
			
		
	
		
		
			
				
					
								} , 
			} , 
 
			
		
	
		
		
			
				
					
							} , 
		} , 
 
			
		
	
		
		
			
				
					
							cfg :  & oauth2 . Config { 
		cfg :    cfg , 
 
			
				
				
			
		
	
		
		
			
				
					
								ClientID :      cfg . AppID , 
		mutex :  & sync . Mutex { } , 
 
			
				
				
			
		
	
		
		
			
				
					
								ClientSecret :  cfg . AppSecret , 
 
			
		
	
		
		
			
				
					
								Endpoint :      providerEndpoint , 
 
			
		
	
		
		
			
				
					
							} , 
 
			
		
	
		
		
			
				
					
							mutex :     & sync . Mutex { } , 
 
			
		
	
		
		
			
				
					
							token :     & cfg . Token , 
 
			
		
	
		
		
			
				
					
							username :  cfg . Username , 
 
			
		
	
		
		
			
				
					
							password :  cfg . Password , 
 
			
		
	
		
		
	
		
		
	
		
		
			
				
					
						} 
	} 
 
			
		
	
		
		
			
				
					
					} }  
			
		
	
		
		
			
				
					
					
 
			
		
	
	
		
		
			
				
					
						
							
								 
						
						
							
								 
						
						
					 
					@ -131,14 +111,14 @@ func (bdc *BVSDecortClient) getToken(ctx context.Context) error {
 
			
		
	
		
		
			
				
					
						bdc . mutex . Lock ( ) 
	bdc . mutex . Lock ( ) 
 
			
		
	
		
		
			
				
					
						defer  bdc . mutex . Unlock ( ) 
	defer  bdc . mutex . Unlock ( ) 
 
			
		
	
		
		
			
				
					
					
 
			
		
	
		
		
			
				
					
						if  ! bdc . t oken. Valid ( )  { 
	if  ! bdc . cfg. T  oken. Valid ( )  { 
 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					
 
			
		
	
		
		
			
				
					
							body  :=  fmt . Sprintf ( "grant_type=password&client_id=%s&client_secret=%s&username=%s&password=%s&response_type=token ",  bdc . cfg . ClientID,  bdc . cfg . ClientSecret ,  bdc . username ,  bdc . p  assword) 
		body  :=  fmt . Sprintf ( "grant_type=password&client_id=%s&client_secret=%s&username=%s&password=%s&response_type=token &scope=openid ",  bdc . cfg . AppID,  bdc . cfg . AppSecret ,  bdc . cfg . Username ,  bdc . cfg . P  assword) 
 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
							bodyReader  :=  strings . NewReader ( body ) 
		bodyReader  :=  strings . NewReader ( body ) 
 
			
		
	
		
		
			
				
					
							// body := fmt.Sprintf("grant_type=client_credentials&client_id=%s&client_secret=%s&", bdc.cfg.ClientID, bdc.cfg.ClientSecret)
 
 
			
		
	
		
		
			
				
					
							// bodyReader := strings.NewReader(body)
 
 
			
		
	
		
		
			
				
					
							
		
 
			
		
	
		
		
			
				
					
							req ,  _  :=  http . NewRequestWithContext ( ctx ,  "POST" ,  bdc . cfg . Endpoint . TokenURL ,  bodyReader ) 
		bdc . cfg . SSOURL  =  strings . TrimSuffix ( bdc . cfg . SSOURL ,  "/" ) 
 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
					
 
			
		
	
		
		
			
				
					
							req ,  _  :=  http . NewRequestWithContext ( ctx ,  "POST" ,  bdc . cfg . SSOURL + "/realms/" + bdc . cfg . Domain + "/protocol/openid-connect/token" ,  bodyReader ) 
 
			
		
	
		
		
			
				
					
							req . Header . Add ( "Content-Type" ,  "application/x-www-form-urlencoded" ) 
		req . Header . Add ( "Content-Type" ,  "application/x-www-form-urlencoded" ) 
 
			
		
	
		
		
			
				
					
					
 
			
		
	
		
		
			
				
					
							resp ,  err  :=  bdc . client . Do ( req ) 
		resp ,  err  :=  bdc . client . Do ( req ) 
 
			
		
	
	
		
		
			
				
					
						
						
						
							
								 
						
					 
					@ -153,7 +133,7 @@ func (bdc *BVSDecortClient) getToken(ctx context.Context) error {
 
			
		
	
		
		
			
				
					
								return  fmt . Errorf ( "cannot get token: %s" ,  tokenBytes ) 
			return  fmt . Errorf ( "cannot get token: %s" ,  tokenBytes ) 
 
			
		
	
		
		
			
				
					
							} 
		} 
 
			
		
	
		
		
			
				
					
					
 
			
		
	
		
		
			
				
					
							err  =  json . Unmarshal ( tokenBytes ,  & bdc . t oken) 
		err  =  json . Unmarshal ( tokenBytes ,  & bdc . cfg. T  oken) 
 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
							if  err  !=  nil  { 
		if  err  !=  nil  { 
 
			
		
	
		
		
			
				
					
								return  fmt . Errorf ( "cannot unmarshal token: %s" ,  tokenBytes ) 
			return  fmt . Errorf ( "cannot unmarshal token: %s" ,  tokenBytes ) 
 
			
		
	
		
		
			
				
					
							} 
		} 
 
			
		
	
	
		
		
			
				
					
						
						
						
							
								 
						
					 
					@ -168,7 +148,7 @@ func (bdc *BVSDecortClient) do(req *http.Request, ctype string) (*http.Response,
 
			
		
	
		
		
			
				
					
						}  else  { 
	}  else  { 
 
			
		
	
		
		
			
				
					
							req . Header . Add ( "Content-Type" ,  "application/x-www-form-urlencoded" ) 
		req . Header . Add ( "Content-Type" ,  "application/x-www-form-urlencoded" ) 
 
			
		
	
		
		
			
				
					
						} 
	} 
 
			
		
	
		
		
			
				
					
						bdc . t oken. SetAuthHeader ( req ) 
	bdc . cfg. T  oken. SetAuthHeader ( req ) 
 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
						req . Header . Set ( "Accept" ,  "application/json" ) 
	req . Header . Set ( "Accept" ,  "application/json" ) 
 
			
		
	
		
		
			
				
					
					
 
			
		
	
		
		
			
				
					
						// var resp *http.Response
 
	// var resp *http.Response
 
 
			
		
	
	
		
		
			
				
					
						
						
						
							
								 
						
					 
					@ -180,7 +160,7 @@ func (bdc *BVSDecortClient) do(req *http.Request, ctype string) (*http.Response,
 
			
		
	
		
		
			
				
					
						req . Body  =  io . NopCloser ( bytes . NewBuffer ( buf ) ) 
	req . Body  =  io . NopCloser ( bytes . NewBuffer ( buf ) ) 
 
			
		
	
		
		
			
				
					
						resp ,  err  :=  bdc . client . Do ( req ) 
	resp ,  err  :=  bdc . client . Do ( req ) 
 
			
		
	
		
		
			
				
					
						// if err == nil {
 
	// if err == nil {
 
 
			
		
	
		
		
			
				
					
						if  resp . StatusCode  ! = 200  { 
	if  resp . StatusCode  = = 200  { 
 
			
				
				
			
		
	
		
		
	
		
		
			
				
					
							return  resp ,  err 
		return  resp ,  err 
 
			
		
	
		
		
			
				
					
						} 
	} 
 
			
		
	
		
		
			
				
					
						respBytes ,  _  :=  io . ReadAll ( resp . Body ) 
	respBytes ,  _  :=  io . ReadAll ( resp . Body ) 
 
			
		
	
	
		
		
			
				
					
						
							
								 
						
						
							
								 
						
						
					 
					@ -419,39 +399,3 @@ func createK8sCloudBrokerBVS(req k8s_cb.CreateRequest) (*bytes.Buffer, string) {
 
			
		
	
		
		
			
				
					
						writer . Close ( ) 
	writer . Close ( ) 
 
			
		
	
		
		
			
				
					
						return  reqBody ,  ct 
	return  reqBody ,  ct 
 
			
		
	
		
		
			
				
					
					} }  
			
		
	
		
		
			
				
					
					
 
			
		
	
		
		
			
				
					
					func  GetEndpoint ( ctx  context . Context ,  issuer  string ,  domain  string ,  skip  bool )  ( oauth2 . Endpoint ,  error )  {  
			
		
	
		
		
			
				
					
						wellKnown  :=  issuer  +  "/"  +  domain  +  "/.well-known/openid-configuration" 
 
			
		
	
		
		
			
				
					
						req ,  err  :=  http . NewRequestWithContext ( ctx ,  "GET" ,  wellKnown ,  nil ) 
 
			
		
	
		
		
			
				
					
						if  err  !=  nil  { 
 
			
		
	
		
		
			
				
					
							return  oauth2 . Endpoint { } ,  err 
 
			
		
	
		
		
			
				
					
						} 
 
			
		
	
		
		
			
				
					
					
 
			
		
	
		
		
			
				
					
						client  :=  & http . Client { 
 
			
		
	
		
		
			
				
					
							Transport :  & http . Transport { 
 
			
		
	
		
		
			
				
					
								TLSClientConfig :  & tls . Config { 
 
			
		
	
		
		
			
				
					
									//nolint:gosec
 
 
			
		
	
		
		
			
				
					
									InsecureSkipVerify :  skip , 
 
			
		
	
		
		
			
				
					
								} , 
 
			
		
	
		
		
			
				
					
							} , 
 
			
		
	
		
		
			
				
					
						} 
 
			
		
	
		
		
			
				
					
					
 
			
		
	
		
		
			
				
					
						resp ,  err  :=  client . Do ( req ) 
 
			
		
	
		
		
			
				
					
						if  err  !=  nil  { 
 
			
		
	
		
		
			
				
					
							return  oauth2 . Endpoint { } ,  err 
 
			
		
	
		
		
			
				
					
						} 
 
			
		
	
		
		
			
				
					
						defer  resp . Body . Close ( ) 
 
			
		
	
		
		
			
				
					
					
 
			
		
	
		
		
			
				
					
						body ,  err  :=  io . ReadAll ( resp . Body ) 
 
			
		
	
		
		
			
				
					
						if  err  !=  nil  { 
 
			
		
	
		
		
			
				
					
							return  oauth2 . Endpoint { } ,  fmt . Errorf ( "unable to read response body: %w" ,  err ) 
 
			
		
	
		
		
			
				
					
						} 
 
			
		
	
		
		
			
				
					
					
 
			
		
	
		
		
			
				
					
						var  p  ProviderEndpoint 
 
			
		
	
		
		
			
				
					
						err  =  json . Unmarshal ( body ,  & p ) 
 
			
		
	
		
		
			
				
					
						if  err  !=  nil  { 
 
			
		
	
		
		
			
				
					
							return  oauth2 . Endpoint { } ,  fmt . Errorf ( "cannot unmarshal endpoint: %s" ,  body ) 
 
			
		
	
		
		
			
				
					
						} 
 
			
		
	
		
		
			
				
					
					
 
			
		
	
		
		
			
				
					
						return  oauth2 . Endpoint { TokenURL :  p . TokenURL } ,  nil 
 
			
		
	
		
		
			
				
					
					}