Merge pull request #79 from enj/enj/i/new_cli_config

openshift-merge-robot · web-flow · commit 64836d40bdd1 · 2019-02-28T10:33:13.000-08:00
Move to OsinServerConfig
diff --git a/pkg/operator2/console.go b/pkg/operator2/console.go
@@ -15,7 +15,7 @@ func (c *authOperator) handleConsoleConfig() *configv1.Console {
 	// technically this should be an observed config loop
 	consoleConfig, err := c.console.Get(globalConfigName, metav1.GetOptions{})
 	if err != nil {
-		// FIXME: fix when the console team starts using this
+		glog.Infof("error getting console config: %v", err)
 		return &configv1.Console{}
 	}
 	return consoleConfig
diff --git a/pkg/operator2/infrastructure.go b/pkg/operator2/infrastructure.go
@@ -0,0 +1,19 @@
+package operator2
+
+import (
+	"github.com/golang/glog"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	configv1 "github.com/openshift/api/config/v1"
+)
+
+func (c *authOperator) handleInfrastructureConfig() *configv1.Infrastructure {
+	infrastructureConfig, err := c.infrastructure.Get(globalConfigName, metav1.GetOptions{})
+	if err != nil {
+		glog.Infof("error getting infrastructure config: %v", err)
+		// have a placeholder that will at least look reasonable in the token request endpoint
+		return &configv1.Infrastructure{Status: configv1.InfrastructureStatus{APIServerURL: "<api_server_url>"}}
+	}
+	return infrastructureConfig
+}
diff --git a/pkg/operator2/oauth.go b/pkg/operator2/oauth.go
@@ -6,36 +6,23 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/serializer"
-	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 
 	"github.com/golang/glog"
 
 	configv1 "github.com/openshift/api/config/v1"
-	kubecontrolplanev1 "github.com/openshift/api/kubecontrolplane/v1"
 	operatorv1 "github.com/openshift/api/operator/v1"
 	osinv1 "github.com/openshift/api/osin/v1"
 	routev1 "github.com/openshift/api/route/v1"
 	"github.com/openshift/library-go/pkg/crypto"
 	"github.com/openshift/library-go/pkg/operator/resource/resourcemerge"
 )
 
-// TODO this code dies once we get our own CLI config
-var (
-	kubeControlplaneScheme  = runtime.NewScheme()
-	kubeControlplaneCodecs  = serializer.NewCodecFactory(kubeControlplaneScheme)
-	kubeControlplaneEncoder = kubeControlplaneCodecs.LegacyCodec(kubecontrolplanev1.GroupVersion) // TODO I think there is a better way to do this
-)
-
-func init() {
-	utilruntime.Must(kubecontrolplanev1.Install(kubeControlplaneScheme))
-}
-
 func (c *authOperator) handleOAuthConfig(
 	operatorConfig *operatorv1.Authentication,
 	route *routev1.Route,
 	service *corev1.Service,
 	consoleConfig *configv1.Console,
+	infrastructureConfig *configv1.Infrastructure,
 ) (
 	*configv1.OAuth,
 	*corev1.ConfigMap,
@@ -93,8 +80,7 @@ func (c *authOperator) handleOAuthConfig(
 
 	assetPublicURL, corsAllowedOrigins := consoleToDeploymentData(consoleConfig)
 
-	// TODO this pretends this is an OsinServerConfig
-	cliConfig := &kubecontrolplanev1.KubeAPIServerConfig{
+	cliConfig := &osinv1.OsinServerConfig{
 		GenericAPIServerConfig: configv1.GenericAPIServerConfig{
 			ServingInfo: configv1.HTTPServingInfo{
 				ServingInfo: configv1.ServingInfo{
@@ -123,15 +109,11 @@ func (c *authOperator) handleOAuthConfig(
 				},
 			},
 		},
-		OAuthConfig: &osinv1.OAuthConfig{
-			MasterCA: getMasterCA(), // we have valid serving certs provided by service-ca so we can use the service for loopback
-			// TODO osin's code needs to be updated to properly use these values
-			// it should use MasterURL in almost all places except the token request endpoint
-			// which needs to direct the user to the real public URL (MasterPublicURL)
-			// that means we still need to get that value from the installer's config
-			// TODO ask installer team to make it easier to get that URL
+		OAuthConfig: osinv1.OAuthConfig{
+			MasterCA:                    getMasterCA(), // we have valid serving certs provided by service-ca so we can use the service for loopback
 			MasterURL:                   fmt.Sprintf("https://%s.%s.svc", service.Name, service.Namespace),
 			MasterPublicURL:             fmt.Sprintf("https://%s", route.Spec.Host),
+			LoginURL:                    infrastructureConfig.Status.APIServerURL,
 			AssetPublicURL:              assetPublicURL, // set console route as valid 302 redirect for logout
 			AlwaysShowProviderSelection: false,
 			IdentityProviders:           identityProviders,
@@ -153,7 +135,7 @@ func (c *authOperator) handleOAuthConfig(
 		},
 	}
 
-	cliConfigBytes := encodeOrDieKubeControlplane(cliConfig)
+	cliConfigBytes := encodeOrDie(cliConfig)
 
 	completeConfigBytes, err := resourcemerge.MergeProcessConfig(nil, cliConfigBytes, operatorConfig.Spec.UnsupportedConfigOverrides.Raw)
 	if err != nil {
@@ -179,11 +161,3 @@ func getMasterCA() *string {
 	ca := serviceCAPath // need local var to be able to take address of it
 	return &ca
 }
-
-func encodeOrDieKubeControlplane(obj runtime.Object) []byte {
-	bytes, err := runtime.Encode(kubeControlplaneEncoder, obj)
-	if err != nil {
-		panic(err) // indicates static generated code is broken, unrecoverable
-	}
-	return bytes
-}
diff --git a/pkg/operator2/operator.go b/pkg/operator2/operator.go
@@ -90,6 +90,7 @@ type authOperator struct {
 	authentication configv1client.AuthenticationInterface
 	oauth          configv1client.OAuthInterface
 	console        configv1client.ConsoleInterface
+	infrastructure configv1client.InfrastructureInterface
 
 	resourceSyncer resourcesynccontroller.ResourceSyncer
 }
@@ -120,6 +121,7 @@ func NewAuthenticationOperator(
 		authentication: configClient.ConfigV1().Authentications(),
 		oauth:          configClient.ConfigV1().OAuths(),
 		console:        configClient.ConfigV1().Consoles(),
+		infrastructure: configClient.ConfigV1().Infrastructures(),
 
 		resourceSyncer: resourceSyncer,
 	}
@@ -143,6 +145,7 @@ func NewAuthenticationOperator(
 		operator.WithInformer(configV1Informers.Authentications(), configNameFilter),
 		operator.WithInformer(configV1Informers.OAuths(), configNameFilter),
 		operator.WithInformer(configV1Informers.Consoles(), configNameFilter, controller.WithNoSync()),
+		operator.WithInformer(configV1Informers.Infrastructures(), configNameFilter, controller.WithNoSync()),
 	)
 }
 
@@ -235,7 +238,10 @@ func (c *authOperator) handleSync(operatorConfig *operatorv1.Authentication) err
 	consoleConfig := c.handleConsoleConfig()
 	resourceVersions = append(resourceVersions, consoleConfig.GetResourceVersion())
 
-	oauthConfig, expectedCLIconfig, syncData, err := c.handleOAuthConfig(operatorConfig, route, service, consoleConfig)
+	infrastructureConfig := c.handleInfrastructureConfig()
+	resourceVersions = append(resourceVersions, infrastructureConfig.GetResourceVersion())
+
+	oauthConfig, expectedCLIconfig, syncData, err := c.handleOAuthConfig(operatorConfig, route, service, consoleConfig, infrastructureConfig)
 	if err != nil {
 		return err
 	}

Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ func (c authOperator) handleConsoleConfig() configv1.Console {`
`15`	`15`	`// technically this should be an observed config loop`
`16`	`16`	`consoleConfig, err := c.console.Get(globalConfigName, metav1.GetOptions{})`
`17`	`17`	`if err != nil {`
`18`		`- // FIXME: fix when the console team starts using this`
	`18`	`+ glog.Infof("error getting console config: %v", err)`
`19`	`19`	`return &configv1.Console{}`
`20`	`20`	`}`
`21`	`21`	`return consoleConfig`
Original file line number	Diff line number	Diff line change
`@@ -90,6 +90,7 @@ type authOperator struct {`
`90`	`90`	`authentication configv1client.AuthenticationInterface`
`91`	`91`	`oauth configv1client.OAuthInterface`
`92`	`92`	`console configv1client.ConsoleInterface`
	`93`	`+ infrastructure configv1client.InfrastructureInterface`
`93`	`94`
`94`	`95`	`resourceSyncer resourcesynccontroller.ResourceSyncer`
`95`	`96`	`}`
`@@ -120,6 +121,7 @@ func NewAuthenticationOperator(`
`120`	`121`	`authentication: configClient.ConfigV1().Authentications(),`
`121`	`122`	`oauth: configClient.ConfigV1().OAuths(),`
`122`	`123`	`console: configClient.ConfigV1().Consoles(),`
	`124`	`+ infrastructure: configClient.ConfigV1().Infrastructures(),`
`123`	`125`
`124`	`126`	`resourceSyncer: resourceSyncer,`
`125`	`127`	`}`
`@@ -143,6 +145,7 @@ func NewAuthenticationOperator(`
`143`	`145`	`operator.WithInformer(configV1Informers.Authentications(), configNameFilter),`
`144`	`146`	`operator.WithInformer(configV1Informers.OAuths(), configNameFilter),`
`145`	`147`	`operator.WithInformer(configV1Informers.Consoles(), configNameFilter, controller.WithNoSync()),`
	`148`	`+ operator.WithInformer(configV1Informers.Infrastructures(), configNameFilter, controller.WithNoSync()),`
`146`	`149`	`)`
`147`	`150`	`}`
`148`	`151`
`@@ -235,7 +238,10 @@ func (c authOperator) handleSync(operatorConfig operatorv1.Authentication) err`
`235`	`238`	`consoleConfig := c.handleConsoleConfig()`
`236`	`239`	`resourceVersions = append(resourceVersions, consoleConfig.GetResourceVersion())`
`237`	`240`
`238`		`- oauthConfig, expectedCLIconfig, syncData, err := c.handleOAuthConfig(operatorConfig, route, service, consoleConfig)`
	`241`	`+ infrastructureConfig := c.handleInfrastructureConfig()`
	`242`	`+ resourceVersions = append(resourceVersions, infrastructureConfig.GetResourceVersion())`
	`243`	`+`
	`244`	`+ oauthConfig, expectedCLIconfig, syncData, err := c.handleOAuthConfig(operatorConfig, route, service, consoleConfig, infrastructureConfig)`
`239`	`245`	`if err != nil {`
`240`	`246`	`return err`
`241`	`247`	`}`