From a869461f051838021095eede79cb35a2c8d593a7 Mon Sep 17 00:00:00 2001 From: Shoubhik Bose Date: Fri, 10 May 2019 14:21:31 -0400 Subject: [PATCH 1/5] Proxy to devconsole api --- cmd/bridge/main.go | 12 ++++++++++- server/server.go | 52 ++++++++++++++++++++++++++++++++++------------ 2 files changed, 50 insertions(+), 14 deletions(-) diff --git a/cmd/bridge/main.go b/cmd/bridge/main.go index 2e316ce359e..6f3504b5396 100644 --- a/cmd/bridge/main.go +++ b/cmd/bridge/main.go @@ -36,6 +36,10 @@ const ( // Well-known location of Alert Manager service for OpenShift. This is only accessible in-cluster. openshiftAlertManagerHost = "alertmanager-main.openshift-monitoring.svc:9094" + + // Well-known location of DevConsole App Service for OpenShift. This is only accessible in-cluster after + // the developer perspective is enabled using the operator. + openshiftDevConsoleAppServiceHost = "devconsole.openshift-operators.csv:8080" // TODO:use a different namespace? ) func main() { @@ -270,7 +274,6 @@ func main() { Endpoint: &url.URL{Scheme: "https", Host: openshiftAlertManagerHost, Path: "/api"}, } } - case "off-cluster": k8sEndpoint = validateFlagIsURL("k8s-mode-off-cluster-endpoint", *fK8sModeOffClusterEndpoint) @@ -281,6 +284,13 @@ func main() { HeaderBlacklist: []string{"Cookie", "X-CSRFToken"}, Endpoint: k8sEndpoint, } + srv.DevConsoleAppServiceProxyConfig = &proxy.Config{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: *fK8sModeOffClusterSkipVerifyTLS, + }, + HeaderBlacklist: []string{"Cookie", "X-CSRFToken"}, + Endpoint: &url.URL{Scheme: "http", Host: openshiftDevConsoleAppServiceHost, Path: ""}, + } default: flagFatalf("k8s-mode", "must be one of: in-cluster, off-cluster") } diff --git a/server/server.go b/server/server.go index 9163d3bbd39..b6abfbb2ef3 100644 --- a/server/server.go +++ b/server/server.go @@ -23,15 +23,16 @@ const ( indexPageTemplateName = "index.html" tokenizerPageTemplateName = "tokener.html" - authLoginEndpoint = "/auth/login" - AuthLoginCallbackEndpoint = "/auth/callback" - AuthLoginSuccessEndpoint = "/" - AuthLoginErrorEndpoint = "/error" - authLogoutEndpoint = "/auth/logout" - k8sProxyEndpoint = "/api/kubernetes/" - prometheusProxyEndpoint = "/api/prometheus" - prometheusTenancyProxyEndpoint = "/api/prometheus-tenancy" - alertManagerProxyEndpoint = "/api/alertmanager" + authLoginEndpoint = "/auth/login" + AuthLoginCallbackEndpoint = "/auth/callback" + AuthLoginSuccessEndpoint = "/" + AuthLoginErrorEndpoint = "/error" + authLogoutEndpoint = "/auth/logout" + k8sProxyEndpoint = "/api/kubernetes/" + prometheusProxyEndpoint = "/api/prometheus" + prometheusTenancyProxyEndpoint = "/api/prometheus-tenancy" + alertManagerProxyEndpoint = "/api/alertmanager" + devConsoleAppServiceProxyEndpoint = "/api/devconsole/" ) var ( @@ -57,6 +58,7 @@ type jsGlobals struct { DocumentationBaseURL string `json:"documentationBaseURL"` GoogleTagManagerID string `json:"googleTagManagerID"` LoadTestFactor int `json:"loadTestFactor"` + AppServiceBaseURL string `json:"appServiceBaseURL"` } type Server struct { @@ -76,16 +78,21 @@ type Server struct { LoadTestFactor int DexClient api.DexClient // A client with the correct TLS setup for communicating with the API server. - K8sClient *http.Client - PrometheusProxyConfig *proxy.Config - PrometheusTenancyProxyConfig *proxy.Config - AlertManagerProxyConfig *proxy.Config + K8sClient *http.Client + PrometheusProxyConfig *proxy.Config + PrometheusTenancyProxyConfig *proxy.Config + AlertManagerProxyConfig *proxy.Config + DevConsoleAppServiceProxyConfig *proxy.Config } func (s *Server) authDisabled() bool { return s.Auther == nil } +func (s *Server) devConsoleAppServiceProxyEnabled() bool { + return s.DevConsoleAppServiceProxyConfig != nil +} + func (s *Server) prometheusProxyEnabled() bool { return s.PrometheusProxyConfig != nil && s.PrometheusTenancyProxyConfig != nil } @@ -214,6 +221,20 @@ func (s *Server) HTTPHandler() http.Handler { ) } + if s.devConsoleAppServiceProxyEnabled() { + appServiceProxyAPIPath := devConsoleAppServiceProxyEndpoint + appServiceProxy := proxy.NewProxy(s.DevConsoleAppServiceProxyConfig) + + handle(appServiceProxyAPIPath, http.StripPrefix( + proxy.SingleJoiningSlash(s.BaseURL.Path, appServiceProxyAPIPath), + authHandlerWithUser(func(user *auth.User, w http.ResponseWriter, r *http.Request) { + r.Header.Set("Authorization", fmt.Sprintf("Bearer %s", user.Token)) + appServiceProxy.ServeHTTP(w, r) + })), + ) + fmt.Println("enabling proxy for " + proxy.SingleJoiningSlash(s.BaseURL.Path, appServiceProxyAPIPath)) + } + handle("/api/tectonic/version", authHandler(s.versionHandler)) mux.HandleFunc(s.BaseURL.Path, s.indexHandler) @@ -272,6 +293,11 @@ func (s *Server) indexHandler(w http.ResponseWriter, r *http.Request) { jsg.AlertManagerBaseURL = proxy.SingleJoiningSlash(s.BaseURL.Path, alertManagerProxyEndpoint) } + if s.devConsoleAppServiceProxyEnabled() { + jsg.AppServiceBaseURL = proxy.SingleJoiningSlash(s.BaseURL.Path, devConsoleAppServiceProxyEndpoint) + fmt.Println(jsg.AppServiceBaseURL) + } + if !s.authDisabled() { s.Auther.SetCSRFCookie(s.BaseURL.Path, &w) } From 00df1263f79cbaab665a636203fdce3668ac3038 Mon Sep 17 00:00:00 2001 From: Shoubhik Bose Date: Fri, 10 May 2019 15:30:18 -0400 Subject: [PATCH 2/5] make it in-cluster --- cmd/bridge/main.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/cmd/bridge/main.go b/cmd/bridge/main.go index 6f3504b5396..86e92955a0c 100644 --- a/cmd/bridge/main.go +++ b/cmd/bridge/main.go @@ -274,6 +274,15 @@ func main() { Endpoint: &url.URL{Scheme: "https", Host: openshiftAlertManagerHost, Path: "/api"}, } } + + srv.DevConsoleAppServiceProxyConfig = &proxy.Config{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: *fK8sModeOffClusterSkipVerifyTLS, + }, + HeaderBlacklist: []string{"Cookie", "X-CSRFToken"}, + Endpoint: &url.URL{Scheme: "http", Host: openshiftDevConsoleAppServiceHost, Path: ""}, + } + case "off-cluster": k8sEndpoint = validateFlagIsURL("k8s-mode-off-cluster-endpoint", *fK8sModeOffClusterEndpoint) @@ -284,6 +293,7 @@ func main() { HeaderBlacklist: []string{"Cookie", "X-CSRFToken"}, Endpoint: k8sEndpoint, } + // TODO: remove this later srv.DevConsoleAppServiceProxyConfig = &proxy.Config{ TLSClientConfig: &tls.Config{ InsecureSkipVerify: *fK8sModeOffClusterSkipVerifyTLS, From 92619a6049f6dfb2252df3f0e5800d4b2ae13045 Mon Sep 17 00:00:00 2001 From: Shoubhik Bose Date: Fri, 10 May 2019 15:59:47 -0400 Subject: [PATCH 3/5] fix service name --- cmd/bridge/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/bridge/main.go b/cmd/bridge/main.go index 86e92955a0c..5b5c2e95733 100644 --- a/cmd/bridge/main.go +++ b/cmd/bridge/main.go @@ -39,7 +39,7 @@ const ( // Well-known location of DevConsole App Service for OpenShift. This is only accessible in-cluster after // the developer perspective is enabled using the operator. - openshiftDevConsoleAppServiceHost = "devconsole.openshift-operators.csv:8080" // TODO:use a different namespace? + openshiftDevConsoleAppServiceHost = "devconsole.openshift-operators.svc:8080" // TODO:use a different namespace? ) func main() { From 68360b9cfbaeab888326023d7983c874609ff917 Mon Sep 17 00:00:00 2001 From: tinakurian Date: Tue, 14 May 2019 13:53:57 -0400 Subject: [PATCH 4/5] removing println --- cmd/bridge/main.go | 18 +++++++++------- server/server.go | 53 +++++++++++++++++++++++----------------------- 2 files changed, 36 insertions(+), 35 deletions(-) diff --git a/cmd/bridge/main.go b/cmd/bridge/main.go index 5b5c2e95733..7ba1414862d 100644 --- a/cmd/bridge/main.go +++ b/cmd/bridge/main.go @@ -283,24 +283,26 @@ func main() { Endpoint: &url.URL{Scheme: "http", Host: openshiftDevConsoleAppServiceHost, Path: ""}, } - case "off-cluster": - k8sEndpoint = validateFlagIsURL("k8s-mode-off-cluster-endpoint", *fK8sModeOffClusterEndpoint) - - srv.K8sProxyConfig = &proxy.Config{ + // TODO: remove this later + srv.DevConsoleAppServiceProxyConfig = &proxy.Config{ TLSClientConfig: &tls.Config{ InsecureSkipVerify: *fK8sModeOffClusterSkipVerifyTLS, }, HeaderBlacklist: []string{"Cookie", "X-CSRFToken"}, - Endpoint: k8sEndpoint, + Endpoint: &url.URL{Scheme: "http", Host: openshiftDevConsoleAppServiceHost, Path: ""}, } - // TODO: remove this later - srv.DevConsoleAppServiceProxyConfig = &proxy.Config{ + + case "off-cluster": + k8sEndpoint = validateFlagIsURL("k8s-mode-off-cluster-endpoint", *fK8sModeOffClusterEndpoint) + + srv.K8sProxyConfig = &proxy.Config{ TLSClientConfig: &tls.Config{ InsecureSkipVerify: *fK8sModeOffClusterSkipVerifyTLS, }, HeaderBlacklist: []string{"Cookie", "X-CSRFToken"}, - Endpoint: &url.URL{Scheme: "http", Host: openshiftDevConsoleAppServiceHost, Path: ""}, + Endpoint: k8sEndpoint, } + default: flagFatalf("k8s-mode", "must be one of: in-cluster, off-cluster") } diff --git a/server/server.go b/server/server.go index b6abfbb2ef3..af8cf6d4e95 100644 --- a/server/server.go +++ b/server/server.go @@ -40,25 +40,25 @@ var ( ) type jsGlobals struct { - ConsoleVersion string `json:"consoleVersion"` - AuthDisabled bool `json:"authDisabled"` - KubectlClientID string `json:"kubectlClientID"` - BasePath string `json:"basePath"` - LoginURL string `json:"loginURL"` - LoginSuccessURL string `json:"loginSuccessURL"` - LoginErrorURL string `json:"loginErrorURL"` - LogoutURL string `json:"logoutURL"` - LogoutRedirect string `json:"logoutRedirect"` - KubeAdminLogoutURL string `json:"kubeAdminLogoutURL"` - KubeAPIServerURL string `json:"kubeAPIServerURL"` - PrometheusBaseURL string `json:"prometheusBaseURL"` - PrometheusTenancyBaseURL string `json:"prometheusTenancyBaseURL"` - AlertManagerBaseURL string `json:"alertManagerBaseURL"` - Branding string `json:"branding"` - DocumentationBaseURL string `json:"documentationBaseURL"` - GoogleTagManagerID string `json:"googleTagManagerID"` - LoadTestFactor int `json:"loadTestFactor"` - AppServiceBaseURL string `json:"appServiceBaseURL"` + ConsoleVersion string `json:"consoleVersion"` + AuthDisabled bool `json:"authDisabled"` + KubectlClientID string `json:"kubectlClientID"` + BasePath string `json:"basePath"` + LoginURL string `json:"loginURL"` + LoginSuccessURL string `json:"loginSuccessURL"` + LoginErrorURL string `json:"loginErrorURL"` + LogoutURL string `json:"logoutURL"` + LogoutRedirect string `json:"logoutRedirect"` + KubeAdminLogoutURL string `json:"kubeAdminLogoutURL"` + KubeAPIServerURL string `json:"kubeAPIServerURL"` + PrometheusBaseURL string `json:"prometheusBaseURL"` + PrometheusTenancyBaseURL string `json:"prometheusTenancyBaseURL"` + AlertManagerBaseURL string `json:"alertManagerBaseURL"` + Branding string `json:"branding"` + DocumentationBaseURL string `json:"documentationBaseURL"` + GoogleTagManagerID string `json:"googleTagManagerID"` + LoadTestFactor int `json:"loadTestFactor"` + DevConsoleAppServiceBaseURL string `json:"devConsoleAppService"` } type Server struct { @@ -222,17 +222,17 @@ func (s *Server) HTTPHandler() http.Handler { } if s.devConsoleAppServiceProxyEnabled() { - appServiceProxyAPIPath := devConsoleAppServiceProxyEndpoint - appServiceProxy := proxy.NewProxy(s.DevConsoleAppServiceProxyConfig) + devConsoleAppServiceProxyAPIPath := devConsoleAppServiceProxyEndpoint + devConsoleAppServiceProxy := proxy.NewProxy(s.DevConsoleAppServiceProxyConfig) - handle(appServiceProxyAPIPath, http.StripPrefix( - proxy.SingleJoiningSlash(s.BaseURL.Path, appServiceProxyAPIPath), + handle(devConsoleAppServiceProxyAPIPath, http.StripPrefix( + proxy.SingleJoiningSlash(s.BaseURL.Path, devConsoleAppServiceProxyAPIPath), authHandlerWithUser(func(user *auth.User, w http.ResponseWriter, r *http.Request) { r.Header.Set("Authorization", fmt.Sprintf("Bearer %s", user.Token)) - appServiceProxy.ServeHTTP(w, r) + devConsoleAppServiceProxy.ServeHTTP(w, r) })), ) - fmt.Println("enabling proxy for " + proxy.SingleJoiningSlash(s.BaseURL.Path, appServiceProxyAPIPath)) + fmt.Println("enabling proxy for " + proxy.SingleJoiningSlash(s.BaseURL.Path, devConsoleAppServiceProxyAPIPath)) } handle("/api/tectonic/version", authHandler(s.versionHandler)) @@ -294,8 +294,7 @@ func (s *Server) indexHandler(w http.ResponseWriter, r *http.Request) { } if s.devConsoleAppServiceProxyEnabled() { - jsg.AppServiceBaseURL = proxy.SingleJoiningSlash(s.BaseURL.Path, devConsoleAppServiceProxyEndpoint) - fmt.Println(jsg.AppServiceBaseURL) + jsg.DevConsoleAppServiceBaseURL = proxy.SingleJoiningSlash(s.BaseURL.Path, devConsoleAppServiceProxyEndpoint) } if !s.authDisabled() { From e4dabc0bee78494cced5636dc0d3c78d96e69b62 Mon Sep 17 00:00:00 2001 From: tinakurian Date: Tue, 14 May 2019 14:01:21 -0400 Subject: [PATCH 5/5] removing addition --- cmd/bridge/main.go | 9 --------- 1 file changed, 9 deletions(-) diff --git a/cmd/bridge/main.go b/cmd/bridge/main.go index 7ba1414862d..7b3daf48a15 100644 --- a/cmd/bridge/main.go +++ b/cmd/bridge/main.go @@ -283,15 +283,6 @@ func main() { Endpoint: &url.URL{Scheme: "http", Host: openshiftDevConsoleAppServiceHost, Path: ""}, } - // TODO: remove this later - srv.DevConsoleAppServiceProxyConfig = &proxy.Config{ - TLSClientConfig: &tls.Config{ - InsecureSkipVerify: *fK8sModeOffClusterSkipVerifyTLS, - }, - HeaderBlacklist: []string{"Cookie", "X-CSRFToken"}, - Endpoint: &url.URL{Scheme: "http", Host: openshiftDevConsoleAppServiceHost, Path: ""}, - } - case "off-cluster": k8sEndpoint = validateFlagIsURL("k8s-mode-off-cluster-endpoint", *fK8sModeOffClusterEndpoint)