Exemplo n.º 1
0
func CreateOrUpdateDefaultOAuthClients(masterPublicAddr string, assetPublicAddresses []string, clientRegistry clientregistry.Registry) {
	clientsToEnsure := []*oauthapi.OAuthClient{
		{
			ObjectMeta: kapi.ObjectMeta{
				Name: OSWebConsoleClientBase.Name,
			},
			Secret:                OSWebConsoleClientBase.Secret,
			RespondWithChallenges: OSWebConsoleClientBase.RespondWithChallenges,
			RedirectURIs:          assetPublicAddresses,
		},
		{
			ObjectMeta: kapi.ObjectMeta{
				Name: OSBrowserClientBase.Name,
			},
			Secret:                OSBrowserClientBase.Secret,
			RespondWithChallenges: OSBrowserClientBase.RespondWithChallenges,
			RedirectURIs:          []string{masterPublicAddr + path.Join(OpenShiftOAuthAPIPrefix, tokenrequest.DisplayTokenEndpoint)},
		},
		{
			ObjectMeta: kapi.ObjectMeta{
				Name: OSCliClientBase.Name,
			},
			Secret:                OSCliClientBase.Secret,
			RespondWithChallenges: OSCliClientBase.RespondWithChallenges,
			RedirectURIs:          []string{masterPublicAddr + path.Join(OpenShiftOAuthAPIPrefix, tokenrequest.DisplayTokenEndpoint)},
		},
	}

	ctx := kapi.NewContext()
	for _, currClient := range clientsToEnsure {
		existing, err := clientRegistry.GetClient(ctx, currClient.Name)
		if err == nil {
			// Update the existing resource version
			currClient.ResourceVersion = existing.ResourceVersion

			// Add in any redirects from the existing one
			// This preserves any additional customized redirects in the default clients
			redirects := util.NewStringSet(currClient.RedirectURIs...)
			for _, redirect := range existing.RedirectURIs {
				if !redirects.Has(redirect) {
					currClient.RedirectURIs = append(currClient.RedirectURIs, redirect)
					redirects.Insert(redirect)
				}
			}

			if _, err := clientRegistry.UpdateClient(ctx, currClient); err != nil {
				glog.Errorf("Error updating OAuthClient %v: %v", currClient.Name, err)
			}
		} else if kerrs.IsNotFound(err) {
			if _, err = clientRegistry.CreateClient(ctx, currClient); err != nil {
				glog.Errorf("Error creating OAuthClient %v: %v", currClient.Name, err)
			}
		} else {
			glog.Errorf("Error getting OAuthClient %v: %v", currClient.Name, err)
		}
	}
}
Exemplo n.º 2
0
func ensureOAuthClient(client oauthapi.OAuthClient, clientRegistry clientregistry.Registry, preserveExistingRedirects bool) error {
	ctx := kapi.NewContext()
	_, err := clientRegistry.CreateClient(ctx, &client)
	if err == nil || !kerrs.IsAlreadyExists(err) {
		return err
	}

	return unversioned.RetryOnConflict(unversioned.DefaultRetry, func() error {
		existing, err := clientRegistry.GetClient(ctx, client.Name)
		if err != nil {
			return err
		}

		// Ensure the correct challenge setting
		existing.RespondWithChallenges = client.RespondWithChallenges
		// Preserve an existing client secret
		if len(existing.Secret) == 0 {
			existing.Secret = client.Secret
		}

		// Preserve redirects for clients other than the CLI client
		// The CLI client doesn't care about the redirect URL, just the token or error fragment
		if preserveExistingRedirects {
			// Add in any redirects from the existing one
			// This preserves any additional customized redirects in the default clients
			redirects := sets.NewString(client.RedirectURIs...)
			for _, redirect := range existing.RedirectURIs {
				if !redirects.Has(redirect) {
					client.RedirectURIs = append(client.RedirectURIs, redirect)
					redirects.Insert(redirect)
				}
			}
		}
		existing.RedirectURIs = client.RedirectURIs

		// If the GrantMethod is present, keep it for compatibility
		// If it is empty, assign the requested strategy.
		if len(existing.GrantMethod) == 0 {
			existing.GrantMethod = client.GrantMethod
		}

		_, err = clientRegistry.UpdateClient(ctx, existing)
		return err
	})
}
Exemplo n.º 3
0
func createClient(t *testing.T, clientRegistry clientregistry.Registry, client *oauthapi.OAuthClient) {
	if _, err := clientRegistry.CreateClient(kapi.NewContext(), client); err != nil {
		t.Errorf("Error creating client: %v due to %v\n", client, err)
	}
}