func CreateOrUpdateDefaultOAuthClients(masterPublicAddr string, assetPublicAddresses []string, clientRegistry clientregistry.Registry) {
clientsToEnsure := []*oauthapi.OAuthClient{
{
ObjectMeta: kapi.ObjectMeta{
Name: OSWebConsoleClientBase.Name,
},
Secret: OSWebConsoleClientBase.Secret,
RespondWithChallenges: OSWebConsoleClientBase.RespondWithChallenges,
RedirectURIs: assetPublicAddresses,
},
{
ObjectMeta: kapi.ObjectMeta{
Name: OSBrowserClientBase.Name,
},
Secret: OSBrowserClientBase.Secret,
RespondWithChallenges: OSBrowserClientBase.RespondWithChallenges,
RedirectURIs: []string{masterPublicAddr + path.Join(OpenShiftOAuthAPIPrefix, tokenrequest.DisplayTokenEndpoint)},
},
{
ObjectMeta: kapi.ObjectMeta{
Name: OSCliClientBase.Name,
},
Secret: OSCliClientBase.Secret,
RespondWithChallenges: OSCliClientBase.RespondWithChallenges,
RedirectURIs: []string{masterPublicAddr + path.Join(OpenShiftOAuthAPIPrefix, tokenrequest.DisplayTokenEndpoint)},
},
}
ctx := kapi.NewContext()
for _, currClient := range clientsToEnsure {
existing, err := clientRegistry.GetClient(ctx, currClient.Name)
if err == nil {
// Update the existing resource version
currClient.ResourceVersion = existing.ResourceVersion
// Add in any redirects from the existing one
// This preserves any additional customized redirects in the default clients
redirects := util.NewStringSet(currClient.RedirectURIs...)
for _, redirect := range existing.RedirectURIs {
if !redirects.Has(redirect) {
currClient.RedirectURIs = append(currClient.RedirectURIs, redirect)
redirects.Insert(redirect)
}
}
if _, err := clientRegistry.UpdateClient(ctx, currClient); err != nil {
glog.Errorf("Error updating OAuthClient %v: %v", currClient.Name, err)
}
} else if kerrs.IsNotFound(err) {
if _, err = clientRegistry.CreateClient(ctx, currClient); err != nil {
glog.Errorf("Error creating OAuthClient %v: %v", currClient.Name, err)
}
} else {
glog.Errorf("Error getting OAuthClient %v: %v", currClient.Name, err)
}
}
}
func ensureOAuthClient(client oauthapi.OAuthClient, clientRegistry clientregistry.Registry, preserveExistingRedirects bool) error {
ctx := kapi.NewContext()
_, err := clientRegistry.CreateClient(ctx, &client)
if err == nil || !kerrs.IsAlreadyExists(err) {
return err
}
return unversioned.RetryOnConflict(unversioned.DefaultRetry, func() error {
existing, err := clientRegistry.GetClient(ctx, client.Name)
if err != nil {
return err
}
// Ensure the correct challenge setting
existing.RespondWithChallenges = client.RespondWithChallenges
// Preserve an existing client secret
if len(existing.Secret) == 0 {
existing.Secret = client.Secret
}
// Preserve redirects for clients other than the CLI client
// The CLI client doesn't care about the redirect URL, just the token or error fragment
if preserveExistingRedirects {
// Add in any redirects from the existing one
// This preserves any additional customized redirects in the default clients
redirects := sets.NewString(client.RedirectURIs...)
for _, redirect := range existing.RedirectURIs {
if !redirects.Has(redirect) {
client.RedirectURIs = append(client.RedirectURIs, redirect)
redirects.Insert(redirect)
}
}
}
existing.RedirectURIs = client.RedirectURIs
// If the GrantMethod is present, keep it for compatibility
// If it is empty, assign the requested strategy.
if len(existing.GrantMethod) == 0 {
existing.GrantMethod = client.GrantMethod
}
_, err = clientRegistry.UpdateClient(ctx, existing)
return err
})
}