Fixes: https://github.com/openshift/origin/issues/10885
This patch adds `https://localhost:9000` as a default redirect URI to
the webconsole oauthclient. This is done as a new `oc cluster up`
startup task.
```
$ oc cluster up
...
-- Finding server IP ...
Using <IP> as the server IP
-- Starting OpenShift container ...
Creating initial OpenShift configuration
Starting OpenShift using container 'origin'
Waiting for API server to start listening
OpenShift server started
-- Adding default oAuthClient redirect URIs ...
"openshift-web-console" patched
-- Installing registry ... OK
-- Installing router ... OK
-- Importing image streams ... OK
-- Importing templates ... OK
-- Login to server ... OK
-- Creating initial project "myproject" ... OK
...
```
```
$ oc login -u system:admin
$ oc get oauthclients
NAME WWW-CHALLENGE REDIRECT URIS
openshift-web-console FALSE https://localhost:9000
```
... | ... |
@@ -14,6 +14,7 @@ import ( |
14 | 14 |
"github.com/golang/glog" |
15 | 15 |
"github.com/spf13/cobra" |
16 | 16 |
|
17 |
+ kerrors "k8s.io/kubernetes/pkg/api/errors" |
|
17 | 18 |
kclient "k8s.io/kubernetes/pkg/client/unversioned" |
18 | 19 |
kclientcmd "k8s.io/kubernetes/pkg/client/unversioned/clientcmd" |
19 | 20 |
kcmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util" |
... | ... |
@@ -29,6 +30,7 @@ import ( |
29 | 29 |
osclientcmd "github.com/openshift/origin/pkg/cmd/util/clientcmd" |
30 | 30 |
dockerutil "github.com/openshift/origin/pkg/cmd/util/docker" |
31 | 31 |
"github.com/openshift/origin/pkg/cmd/util/variable" |
32 |
+ "k8s.io/kubernetes/pkg/util/sets" |
|
32 | 33 |
) |
33 | 34 |
|
34 | 35 |
const ( |
... | ... |
@@ -45,6 +47,9 @@ const ( |
45 | 45 |
initialProjectDisplay = "My Project" |
46 | 46 |
initialProjectDesc = "Initial developer project" |
47 | 47 |
|
48 |
+ defaultRedirectClient = "openshift-web-console" |
|
49 |
+ developmentRedirectURI = "https://localhost:9000" |
|
50 |
+ |
|
48 | 51 |
defaultImages = "openshift/origin-${component}:${version}" |
49 | 52 |
defaultOpenShiftImage = "openshift/origin:${version}" |
50 | 53 |
|
... | ... |
@@ -258,6 +263,9 @@ func (c *ClientStartConfig) Complete(f *osclientcmd.Factory, cmd *cobra.Command) |
258 | 258 |
// Create an OpenShift configuration and start a container that uses it. |
259 | 259 |
c.addTask("Starting OpenShift container", c.StartOpenShift) |
260 | 260 |
|
261 |
+ // Add default redirect URI to config |
|
262 |
+ c.addTask("Adding default OAuthClient redirect URIs", c.EnsureDefaultRedirectURIs) |
|
263 |
+ |
|
261 | 264 |
// Install a registry |
262 | 265 |
c.addTask("Installing registry", c.InstallRegistry) |
263 | 266 |
|
... | ... |
@@ -511,6 +519,47 @@ func (c *ClientStartConfig) EnsureHostDirectories(io.Writer) error { |
511 | 511 |
return c.HostHelper().EnsureVolumeShare() |
512 | 512 |
} |
513 | 513 |
|
514 |
+// EnsureDefaultRedirectURIs merges a default URL to an auth client's RedirectURIs array |
|
515 |
+func (c *ClientStartConfig) EnsureDefaultRedirectURIs(out io.Writer) error { |
|
516 |
+ oc, _, err := c.Clients() |
|
517 |
+ if err != nil { |
|
518 |
+ return nil |
|
519 |
+ } |
|
520 |
+ |
|
521 |
+ webConsoleOAuth, err := oc.OAuthClients().Get(defaultRedirectClient) |
|
522 |
+ if err != nil { |
|
523 |
+ if kerrors.IsNotFound(err) { |
|
524 |
+ fmt.Fprintf(out, "Unable to find OAuthClient %q\n", defaultRedirectClient) |
|
525 |
+ return nil |
|
526 |
+ } |
|
527 |
+ |
|
528 |
+ // announce fetch error without interrupting remaining tasks |
|
529 |
+ suggestedCmd := fmt.Sprintf("oc patch %s/%s -p '{%q:[%q]}'", "oauthclient", defaultRedirectClient, "redirectURIs", developmentRedirectURI) |
|
530 |
+ errMsg := fmt.Sprintf("Unable to fetch OAuthClient %q.\nTo manually add a development redirect URI, run %q\n", defaultRedirectClient, suggestedCmd) |
|
531 |
+ fmt.Fprintf(out, "%s\n", errMsg) |
|
532 |
+ return nil |
|
533 |
+ } |
|
534 |
+ |
|
535 |
+ // ensure the default redirect URI is not already present |
|
536 |
+ redirects := sets.NewString(webConsoleOAuth.RedirectURIs...) |
|
537 |
+ if redirects.Has(developmentRedirectURI) { |
|
538 |
+ return nil |
|
539 |
+ } |
|
540 |
+ |
|
541 |
+ webConsoleOAuth.RedirectURIs = append(webConsoleOAuth.RedirectURIs, developmentRedirectURI) |
|
542 |
+ |
|
543 |
+ _, err = oc.OAuthClients().Update(webConsoleOAuth) |
|
544 |
+ if err != nil { |
|
545 |
+ // announce error without interrupting remaining tasks |
|
546 |
+ suggestedCmd := fmt.Sprintf("oc patch %s/%s -p '{%q:[%q]}'", "oauthclient", defaultRedirectClient, "redirectURIs", developmentRedirectURI) |
|
547 |
+ errMsg := fmt.Sprintf("Unable to add development redirect URI to the %q OAuthClient.\nTo manually add it, run %q\n", defaultRedirectClient, suggestedCmd) |
|
548 |
+ fmt.Fprintf(out, "%s\n", errMsg) |
|
549 |
+ return nil |
|
550 |
+ } |
|
551 |
+ |
|
552 |
+ return nil |
|
553 |
+} |
|
554 |
+ |
|
514 | 555 |
// CheckAvailablePorts ensures that ports used by OpenShift are available on the Docker host |
515 | 556 |
func (c *ClientStartConfig) CheckAvailablePorts(out io.Writer) error { |
516 | 557 |
err := c.OpenShiftHelper().TestPorts(openshift.DefaultPorts) |
... | ... |
@@ -17,6 +17,7 @@ type OAuthClientInterface interface { |
17 | 17 |
Get(name string) (*oauthapi.OAuthClient, error) |
18 | 18 |
Delete(name string) error |
19 | 19 |
Watch(opts kapi.ListOptions) (watch.Interface, error) |
20 |
+ Update(client *oauthapi.OAuthClient) (*oauthapi.OAuthClient, error) |
|
20 | 21 |
} |
21 | 22 |
|
22 | 23 |
type oauthClients struct { |
... | ... |
@@ -55,3 +56,9 @@ func (c *oauthClients) Delete(name string) (err error) { |
55 | 55 |
func (c *oauthClients) Watch(opts kapi.ListOptions) (watch.Interface, error) { |
56 | 56 |
return c.r.Get().Prefix("watch").Resource("oAuthClients").VersionedParams(&opts, kapi.ParameterCodec).Watch() |
57 | 57 |
} |
58 |
+ |
|
59 |
+func (c *oauthClients) Update(client *oauthapi.OAuthClient) (result *oauthapi.OAuthClient, err error) { |
|
60 |
+ result = &oauthapi.OAuthClient{} |
|
61 |
+ err = c.r.Put().Resource("oAuthClients").Name(client.Name).Body(client).Do().Into(result) |
|
62 |
+ return |
|
63 |
+} |
... | ... |
@@ -47,3 +47,12 @@ func (c *FakeOAuthClient) Delete(name string) error { |
47 | 47 |
func (c *FakeOAuthClient) Watch(opts kapi.ListOptions) (watch.Interface, error) { |
48 | 48 |
return c.Fake.InvokesWatch(ktestclient.NewRootWatchAction("oauthclients", opts)) |
49 | 49 |
} |
50 |
+ |
|
51 |
+func (c *FakeOAuthClient) Update(client *oauthapi.OAuthClient) (*oauthapi.OAuthClient, error) { |
|
52 |
+ obj, err := c.Fake.Invokes(ktestclient.NewRootUpdateAction("oauthclients", client), &oauthapi.OAuthClient{}) |
|
53 |
+ if obj == nil { |
|
54 |
+ return nil, err |
|
55 |
+ } |
|
56 |
+ |
|
57 |
+ return obj.(*oauthapi.OAuthClient), err |
|
58 |
+} |