Browse code
add localhost:9000 as a default redirect URL
Fixes: https://github.com/openshift/origin/issues/10885
This patch adds `https://localhost:9000` as a default redirect URI to
the webconsole oauthclient. This is done as a new `oc cluster up`
startup task.
```
$ oc cluster up
...
-- Finding server IP ...
Using <IP> as the server IP
-- Starting OpenShift container ...
Creating initial OpenShift configuration
Starting OpenShift using container 'origin'
Waiting for API server to start listening
OpenShift server started
-- Adding default oAuthClient redirect URIs ...
"openshift-web-console" patched
-- Installing registry ... OK
-- Installing router ... OK
-- Importing image streams ... OK
-- Importing templates ... OK
-- Login to server ... OK
-- Creating initial project "myproject" ... OK
...
```
```
$ oc login -u system:admin
$ oc get oauthclients
NAME WWW-CHALLENGE REDIRECT URIS
openshift-web-console FALSE https://localhost:9000
```
juanvallejo authored on 2016/09/14 06:03:59Showing 3 changed files
| ... | ... |
@@ -14,6 +14,7 @@ import ( |
| 14 | 14 |
"github.com/golang/glog" |
| 15 | 15 |
"github.com/spf13/cobra" |
| 16 | 16 |
|
| 17 |
+ kerrors "k8s.io/kubernetes/pkg/api/errors" |
|
| 17 | 18 |
kclient "k8s.io/kubernetes/pkg/client/unversioned" |
| 18 | 19 |
kclientcmd "k8s.io/kubernetes/pkg/client/unversioned/clientcmd" |
| 19 | 20 |
kcmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util" |
| ... | ... |
@@ -29,6 +30,7 @@ import ( |
| 29 | 29 |
osclientcmd "github.com/openshift/origin/pkg/cmd/util/clientcmd" |
| 30 | 30 |
dockerutil "github.com/openshift/origin/pkg/cmd/util/docker" |
| 31 | 31 |
"github.com/openshift/origin/pkg/cmd/util/variable" |
| 32 |
+ "k8s.io/kubernetes/pkg/util/sets" |
|
| 32 | 33 |
) |
| 33 | 34 |
|
| 34 | 35 |
const ( |
| ... | ... |
@@ -45,6 +47,9 @@ const ( |
| 45 | 45 |
initialProjectDisplay = "My Project" |
| 46 | 46 |
initialProjectDesc = "Initial developer project" |
| 47 | 47 |
|
| 48 |
+ defaultRedirectClient = "openshift-web-console" |
|
| 49 |
+ developmentRedirectURI = "https://localhost:9000" |
|
| 50 |
+ |
|
| 48 | 51 |
defaultImages = "openshift/origin-${component}:${version}"
|
| 49 | 52 |
defaultOpenShiftImage = "openshift/origin:${version}"
|
| 50 | 53 |
|
| ... | ... |
@@ -258,6 +263,9 @@ func (c *ClientStartConfig) Complete(f *osclientcmd.Factory, cmd *cobra.Command) |
| 258 | 258 |
// Create an OpenShift configuration and start a container that uses it. |
| 259 | 259 |
c.addTask("Starting OpenShift container", c.StartOpenShift)
|
| 260 | 260 |
|
| 261 |
+ // Add default redirect URI to config |
|
| 262 |
+ c.addTask("Adding default OAuthClient redirect URIs", c.EnsureDefaultRedirectURIs)
|
|
| 263 |
+ |
|
| 261 | 264 |
// Install a registry |
| 262 | 265 |
c.addTask("Installing registry", c.InstallRegistry)
|
| 263 | 266 |
|
| ... | ... |
@@ -511,6 +519,47 @@ func (c *ClientStartConfig) EnsureHostDirectories(io.Writer) error {
|
| 511 | 511 |
return c.HostHelper().EnsureVolumeShare() |
| 512 | 512 |
} |
| 513 | 513 |
|
| 514 |
+// EnsureDefaultRedirectURIs merges a default URL to an auth client's RedirectURIs array |
|
| 515 |
+func (c *ClientStartConfig) EnsureDefaultRedirectURIs(out io.Writer) error {
|
|
| 516 |
+ oc, _, err := c.Clients() |
|
| 517 |
+ if err != nil {
|
|
| 518 |
+ return nil |
|
| 519 |
+ } |
|
| 520 |
+ |
|
| 521 |
+ webConsoleOAuth, err := oc.OAuthClients().Get(defaultRedirectClient) |
|
| 522 |
+ if err != nil {
|
|
| 523 |
+ if kerrors.IsNotFound(err) {
|
|
| 524 |
+ fmt.Fprintf(out, "Unable to find OAuthClient %q\n", defaultRedirectClient) |
|
| 525 |
+ return nil |
|
| 526 |
+ } |
|
| 527 |
+ |
|
| 528 |
+ // announce fetch error without interrupting remaining tasks |
|
| 529 |
+ suggestedCmd := fmt.Sprintf("oc patch %s/%s -p '{%q:[%q]}'", "oauthclient", defaultRedirectClient, "redirectURIs", developmentRedirectURI)
|
|
| 530 |
+ errMsg := fmt.Sprintf("Unable to fetch OAuthClient %q.\nTo manually add a development redirect URI, run %q\n", defaultRedirectClient, suggestedCmd)
|
|
| 531 |
+ fmt.Fprintf(out, "%s\n", errMsg) |
|
| 532 |
+ return nil |
|
| 533 |
+ } |
|
| 534 |
+ |
|
| 535 |
+ // ensure the default redirect URI is not already present |
|
| 536 |
+ redirects := sets.NewString(webConsoleOAuth.RedirectURIs...) |
|
| 537 |
+ if redirects.Has(developmentRedirectURI) {
|
|
| 538 |
+ return nil |
|
| 539 |
+ } |
|
| 540 |
+ |
|
| 541 |
+ webConsoleOAuth.RedirectURIs = append(webConsoleOAuth.RedirectURIs, developmentRedirectURI) |
|
| 542 |
+ |
|
| 543 |
+ _, err = oc.OAuthClients().Update(webConsoleOAuth) |
|
| 544 |
+ if err != nil {
|
|
| 545 |
+ // announce error without interrupting remaining tasks |
|
| 546 |
+ suggestedCmd := fmt.Sprintf("oc patch %s/%s -p '{%q:[%q]}'", "oauthclient", defaultRedirectClient, "redirectURIs", developmentRedirectURI)
|
|
| 547 |
+ errMsg := fmt.Sprintf("Unable to add development redirect URI to the %q OAuthClient.\nTo manually add it, run %q\n", defaultRedirectClient, suggestedCmd)
|
|
| 548 |
+ fmt.Fprintf(out, "%s\n", errMsg) |
|
| 549 |
+ return nil |
|
| 550 |
+ } |
|
| 551 |
+ |
|
| 552 |
+ return nil |
|
| 553 |
+} |
|
| 554 |
+ |
|
| 514 | 555 |
// CheckAvailablePorts ensures that ports used by OpenShift are available on the Docker host |
| 515 | 556 |
func (c *ClientStartConfig) CheckAvailablePorts(out io.Writer) error {
|
| 516 | 557 |
err := c.OpenShiftHelper().TestPorts(openshift.DefaultPorts) |
| ... | ... |
@@ -17,6 +17,7 @@ type OAuthClientInterface interface {
|
| 17 | 17 |
Get(name string) (*oauthapi.OAuthClient, error) |
| 18 | 18 |
Delete(name string) error |
| 19 | 19 |
Watch(opts kapi.ListOptions) (watch.Interface, error) |
| 20 |
+ Update(client *oauthapi.OAuthClient) (*oauthapi.OAuthClient, error) |
|
| 20 | 21 |
} |
| 21 | 22 |
|
| 22 | 23 |
type oauthClients struct {
|
| ... | ... |
@@ -55,3 +56,9 @@ func (c *oauthClients) Delete(name string) (err error) {
|
| 55 | 55 |
func (c *oauthClients) Watch(opts kapi.ListOptions) (watch.Interface, error) {
|
| 56 | 56 |
return c.r.Get().Prefix("watch").Resource("oAuthClients").VersionedParams(&opts, kapi.ParameterCodec).Watch()
|
| 57 | 57 |
} |
| 58 |
+ |
|
| 59 |
+func (c *oauthClients) Update(client *oauthapi.OAuthClient) (result *oauthapi.OAuthClient, err error) {
|
|
| 60 |
+ result = &oauthapi.OAuthClient{}
|
|
| 61 |
+ err = c.r.Put().Resource("oAuthClients").Name(client.Name).Body(client).Do().Into(result)
|
|
| 62 |
+ return |
|
| 63 |
+} |
| ... | ... |
@@ -47,3 +47,12 @@ func (c *FakeOAuthClient) Delete(name string) error {
|
| 47 | 47 |
func (c *FakeOAuthClient) Watch(opts kapi.ListOptions) (watch.Interface, error) {
|
| 48 | 48 |
return c.Fake.InvokesWatch(ktestclient.NewRootWatchAction("oauthclients", opts))
|
| 49 | 49 |
} |
| 50 |
+ |
|
| 51 |
+func (c *FakeOAuthClient) Update(client *oauthapi.OAuthClient) (*oauthapi.OAuthClient, error) {
|
|
| 52 |
+ obj, err := c.Fake.Invokes(ktestclient.NewRootUpdateAction("oauthclients", client), &oauthapi.OAuthClient{})
|
|
| 53 |
+ if obj == nil {
|
|
| 54 |
+ return nil, err |
|
| 55 |
+ } |
|
| 56 |
+ |
|
| 57 |
+ return obj.(*oauthapi.OAuthClient), err |
|
| 58 |
+} |