Skip to content

Commit a90451b

Browse files
spadgettspadgett
committed
Bug 1679272 - Validate console can talk to OAuth token URL
Make sure we can successfully talk to the OAuth token URL after discovering metadata before marking the console pod as ready. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1679272
1 parent 9bfcbc6 commit a90451b

File tree

2 files changed

+20
-5
lines changed

2 files changed

+20
-5
lines changed

auth/auth.go

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -159,14 +159,15 @@ func NewAuthenticator(ctx context.Context, c *Config) (*Authenticator, error) {
159159
switch c.AuthSource {
160160
case AuthSourceOpenShift:
161161
// Use the k8s CA for OAuth metadata discovery.
162-
var client *http.Client
163-
client, err = newHTTPClient(c.DiscoveryCA, false)
162+
var k8sClient *http.Client
163+
k8sClient, err = newHTTPClient(c.DiscoveryCA, false)
164164
if err != nil {
165165
return nil, err
166166
}
167167

168168
endpoint, lm, err = newOpenShiftAuth(ctx, &openShiftConfig{
169-
client: client,
169+
k8sClient: k8sClient,
170+
oauthClient: a.client,
170171
issuerURL: c.IssuerURL,
171172
cookiePath: c.CookiePath,
172173
secureCookies: c.SecureCookies,

auth/auth_openshift.go

Lines changed: 16 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,8 @@ type openShiftAuth struct {
2323
}
2424

2525
type openShiftConfig struct {
26-
client *http.Client
26+
k8sClient *http.Client
27+
oauthClient *http.Client
2728
issuerURL string
2829
cookiePath string
2930
secureCookies bool
@@ -52,7 +53,7 @@ func newOpenShiftAuth(ctx context.Context, c *openShiftConfig) (oauth2.Endpoint,
5253
return oauth2.Endpoint{}, nil, err
5354
}
5455

55-
resp, err := c.client.Do(req.WithContext(ctx))
56+
resp, err := c.k8sClient.Do(req.WithContext(ctx))
5657
if err != nil {
5758
return oauth2.Endpoint{}, nil, err
5859
}
@@ -86,6 +87,19 @@ func newOpenShiftAuth(ctx context.Context, c *openShiftConfig) (oauth2.Endpoint,
8687
return oauth2.Endpoint{}, nil, err
8788
}
8889

90+
// Make sure we can talk to the token endpoint.
91+
req, err = http.NewRequest(http.MethodHead, metadata.Token, nil)
92+
if err != nil {
93+
return oauth2.Endpoint{}, nil, err
94+
}
95+
96+
resp, err = c.oauthClient.Do(req.WithContext(ctx))
97+
if err != nil {
98+
return oauth2.Endpoint{}, nil, fmt.Errorf("request to OAuth token endpoint %s failed: %v",
99+
metadata.Token, err)
100+
}
101+
defer resp.Body.Close()
102+
89103
kubeAdminLogoutURL := proxy.SingleJoiningSlash(metadata.Issuer, "/logout")
90104
return oauth2.Endpoint{
91105
AuthURL: metadata.Auth,

0 commit comments

Comments
 (0)