func CreateOrUpdateDefaultOAuthClients(masterPublicAddr string, assetPublicAddresses []string, clientRegistry clientregistry.Registry) { clientsToEnsure := []*oauthapi.OAuthClient{ { ObjectMeta: kapi.ObjectMeta{ Name: OSWebConsoleClientBase.Name, }, Secret: OSWebConsoleClientBase.Secret, RespondWithChallenges: OSWebConsoleClientBase.RespondWithChallenges, RedirectURIs: assetPublicAddresses, }, { ObjectMeta: kapi.ObjectMeta{ Name: OSBrowserClientBase.Name, }, Secret: OSBrowserClientBase.Secret, RespondWithChallenges: OSBrowserClientBase.RespondWithChallenges, RedirectURIs: []string{masterPublicAddr + path.Join(OpenShiftOAuthAPIPrefix, tokenrequest.DisplayTokenEndpoint)}, }, { ObjectMeta: kapi.ObjectMeta{ Name: OSCliClientBase.Name, }, Secret: OSCliClientBase.Secret, RespondWithChallenges: OSCliClientBase.RespondWithChallenges, RedirectURIs: []string{masterPublicAddr + path.Join(OpenShiftOAuthAPIPrefix, tokenrequest.DisplayTokenEndpoint)}, }, } ctx := kapi.NewContext() for _, currClient := range clientsToEnsure { existing, err := clientRegistry.GetClient(ctx, currClient.Name) if err == nil { // Update the existing resource version currClient.ResourceVersion = existing.ResourceVersion // Add in any redirects from the existing one // This preserves any additional customized redirects in the default clients redirects := util.NewStringSet(currClient.RedirectURIs...) for _, redirect := range existing.RedirectURIs { if !redirects.Has(redirect) { currClient.RedirectURIs = append(currClient.RedirectURIs, redirect) redirects.Insert(redirect) } } if _, err := clientRegistry.UpdateClient(ctx, currClient); err != nil { glog.Errorf("Error updating OAuthClient %v: %v", currClient.Name, err) } } else if kerrs.IsNotFound(err) { if _, err = clientRegistry.CreateClient(ctx, currClient); err != nil { glog.Errorf("Error creating OAuthClient %v: %v", currClient.Name, err) } } else { glog.Errorf("Error getting OAuthClient %v: %v", currClient.Name, err) } } }
func ensureOAuthClient(client oauthapi.OAuthClient, clientRegistry clientregistry.Registry, preserveExistingRedirects bool) error { ctx := kapi.NewContext() _, err := clientRegistry.CreateClient(ctx, &client) if err == nil || !kerrs.IsAlreadyExists(err) { return err } return unversioned.RetryOnConflict(unversioned.DefaultRetry, func() error { existing, err := clientRegistry.GetClient(ctx, client.Name) if err != nil { return err } // Ensure the correct challenge setting existing.RespondWithChallenges = client.RespondWithChallenges // Preserve an existing client secret if len(existing.Secret) == 0 { existing.Secret = client.Secret } // Preserve redirects for clients other than the CLI client // The CLI client doesn't care about the redirect URL, just the token or error fragment if preserveExistingRedirects { // Add in any redirects from the existing one // This preserves any additional customized redirects in the default clients redirects := sets.NewString(client.RedirectURIs...) for _, redirect := range existing.RedirectURIs { if !redirects.Has(redirect) { client.RedirectURIs = append(client.RedirectURIs, redirect) redirects.Insert(redirect) } } } existing.RedirectURIs = client.RedirectURIs // If the GrantMethod is present, keep it for compatibility // If it is empty, assign the requested strategy. if len(existing.GrantMethod) == 0 { existing.GrantMethod = client.GrantMethod } _, err = clientRegistry.UpdateClient(ctx, existing) return err }) }
func createClient(t *testing.T, clientRegistry clientregistry.Registry, client *oauthapi.OAuthClient) { if _, err := clientRegistry.CreateClient(kapi.NewContext(), client); err != nil { t.Errorf("Error creating client: %v due to %v\n", client, err) } }