From 97dc54ecc4f24cb8c30687e1185d0ece88b6d7ff Mon Sep 17 00:00:00 2001
From: Harry Bagdi <harrybagdi@gmail.com>
Date: Tue, 24 Dec 2019 15:25:01 -0800
Subject: [PATCH] feat(cli) implement --kong-admin-token flag

---
 cli/ingress-controller/flag_test.go |  6 ++++--
 cli/ingress-controller/flags.go     | 10 ++++++++++
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/cli/ingress-controller/flag_test.go b/cli/ingress-controller/flag_test.go
index e63362bf06..d4da2767f1 100644
--- a/cli/ingress-controller/flag_test.go
+++ b/cli/ingress-controller/flag_test.go
@@ -100,6 +100,7 @@ func TestOverrideViaCLIFlags(t *testing.T) {
 		"--kong-workspace", "yolo",
 		"--kong-admin-filter-tag", "foo-tag",
 		"--admin-header", "foo:bar",
+		"--kong-admin-token", "my-token",
 		"--admin-tls-skip-verify",
 		"--admin-tls-server-name", "kong-admin.example.com",
 		"--admin-ca-cert-file", "/path/to/ca-cert",
@@ -134,7 +135,7 @@ func TestOverrideViaCLIFlags(t *testing.T) {
 		KongAdminConcurrency:   1,
 		KongWorkspace:          "yolo",
 		KongAdminFilterTags:    []string{"foo-tag"},
-		KongAdminHeaders:       []string{"foo:bar"},
+		KongAdminHeaders:       []string{"foo:bar", "kong-admin-token:my-token"},
 		KongAdminTLSSkipVerify: true,
 		KongAdminTLSServerName: "kong-admin.example.com",
 		KongAdminCACertPath:    "/path/to/ca-cert",
@@ -176,6 +177,7 @@ func TestOverrideViaEnvVars(t *testing.T) {
 		"CONTROLLER_ADMISSION_WEBHOOK_KEY_FILE":  "/new-key-path",
 		"CONTROLLER_ANONYMOUS_REPORTS":           "false",
 		"CONTROLLER_KONG_ADMIN_CONCURRENCY":      "100",
+		"CONTROLLER_KONG_ADMIN_TOKEN":            "my-secret-token",
 	}
 	for k, v := range envs {
 		os.Setenv(k, v)
@@ -193,7 +195,7 @@ func TestOverrideViaEnvVars(t *testing.T) {
 		KongAdminURL:           "http://localhost:8001",
 		KongAdminConcurrency:   100,
 		KongWorkspace:          "",
-		KongAdminHeaders:       []string{},
+		KongAdminHeaders:       []string{"kong-admin-token:my-secret-token"},
 		KongAdminTLSSkipVerify: false,
 		KongAdminTLSServerName: "",
 		KongAdminCACertPath:    "",
diff --git a/cli/ingress-controller/flags.go b/cli/ingress-controller/flags.go
index f81b96f78a..fa90ce07d3 100644
--- a/cli/ingress-controller/flags.go
+++ b/cli/ingress-controller/flags.go
@@ -124,6 +124,10 @@ this flag can be used multiple times to specify multiple headers`)
 		`add a header (key:value) to every Admin API call,
 this flag can be used multiple times to specify multiple headers`)
 
+	flags.String("kong-admin-token", "",
+		`Sets the value of the 'kong-admin-token' header; useful for
+authentication/authorization for Kong Enterprise enviornments`)
+
 	// deprecated
 	flags.Bool("admin-tls-skip-verify", false,
 		`DEPRECATED, use --kong-admin-tls-skip-verify
@@ -251,6 +255,12 @@ func parseFlags() (cliConfig, error) {
 		config.KongAdminHeaders = kongAdminHeaders
 	}
 
+	kongAdminToken := viper.GetString("kong-admin-token")
+	if kongAdminToken != "" {
+		config.KongAdminHeaders = append(config.KongAdminHeaders,
+			"kong-admin-token:"+kongAdminToken)
+	}
+
 	config.KongAdminTLSSkipVerify = viper.GetBool("admin-tls-skip-verify")
 	kongAdminTLSSkipVerify := viper.GetBool("kong-admin-tls-skip-verify")
 	if kongAdminTLSSkipVerify {