CONSOLE-2892: Allow dynamic plugins to proxy to services on the cluster

go.mod

@@ -9,21 +9,23 @@ require (
 	github.com/go-bindata/go-bindata v3.1.2+incompatible
 	github.com/go-test/deep v1.0.5
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/openshift/api v0.0.0-20210729103544-e4a0474d1519
+	github.com/openshift/api v0.0.0-20211103080632-8981c8822dfa
 	github.com/openshift/build-machinery-go v0.0.0-20210712174854-1bb7fd1518d3
-	github.com/openshift/client-go v0.0.0-20210112160336-8889f8b15bd6
+	github.com/openshift/client-go v0.0.0-20211104174419-390ab1a408da
 	github.com/openshift/library-go v0.0.0-20210330121117-68dd4a4c9d9e
 	github.com/pkg/profile v1.4.0 // indirect
-	github.com/spf13/cobra v1.1.1
+	github.com/spf13/cobra v1.1.3
 	github.com/spf13/pflag v1.0.5
 	gopkg.in/yaml.v2 v2.4.0
-	k8s.io/api v0.21.1
-	k8s.io/apiextensions-apiserver v0.21.0 // indirect
-	k8s.io/apimachinery v0.21.1
-	k8s.io/client-go v0.21.0
-	k8s.io/component-base v0.21.0
-	k8s.io/klog/v2 v2.8.0
+	k8s.io/api v0.22.1
+	k8s.io/apiextensions-apiserver v0.22.1 // indirect
+	k8s.io/apimachinery v0.22.1
+	k8s.io/client-go v0.22.1
+	k8s.io/component-base v0.22.1
+	k8s.io/klog/v2 v2.9.0
 )
 
-// points to temporary-watch-reduction-patch-1.21 to pick up k/k/pull/101102 - please remove it once the pr merges and a new Z release is cut
-replace k8s.io/apiserver => github.com/openshift/kubernetes-apiserver v0.0.0-20210419140141-620426e63a99
+replace (
+	github.com/openshift/api => github.com/jhadvig/api v0.0.0-20211101154927-473eacc76bdf
+	github.com/openshift/client-go => github.com/jhadvig/client-go v0.0.0-20211101145210-04457ae71f20
+)

pkg/console/operator/sync_v400.go

@@ -339,9 +339,9 @@ func (co *consoleOperator) SyncConfigMap(
 		}
 	}
 
-	pluginsEndpoingMap := co.GetPluginsEndpointMap(operatorConfig.Spec.Plugins)
+	availablePlugins := co.GetAvailablePlugins(operatorConfig.Spec.Plugins)
 
-	defaultConfigmap, _, err := configmapsub.DefaultConfigMap(operatorConfig, consoleConfig, managedConfig, infrastructureConfig, activeConsoleRoute, useDefaultCAFile, inactivityTimeoutSeconds, pluginsEndpoingMap)
+	defaultConfigmap, _, err := configmapsub.DefaultConfigMap(operatorConfig, consoleConfig, managedConfig, infrastructureConfig, activeConsoleRoute, useDefaultCAFile, inactivityTimeoutSeconds, availablePlugins)
 	if err != nil {
 		return nil, false, "FailedConsoleConfigBuilder", err
 	}
@@ -501,24 +501,15 @@ func (co *consoleOperator) ValidateCustomLogo(ctx context.Context, operatorConfi
 	return true, "", nil
 }
 
-func (co *consoleOperator) GetPluginsEndpointMap(enabledPluginsNames []string) map[string]string {
-	pluginsEndpointMap := map[string]string{}
+func (co *consoleOperator) GetAvailablePlugins(enabledPluginsNames []string) []*v1alpha1.ConsolePlugin {
+	var availablePlugins []*v1alpha1.ConsolePlugin
 	for _, pluginName := range enabledPluginsNames {
 		plugin, err := co.consolePluginLister.Get(pluginName)
 		if err != nil {
 			klog.Errorf("failed to get %q plugin: %v", pluginName, err)
 			continue
 		}
-		pluginsEndpointMap[pluginName] = getServiceHostname(plugin)
+		availablePlugins = append(availablePlugins, plugin)
 	}
-	return pluginsEndpointMap
-}
-
-func getServiceHostname(plugin *v1alpha1.ConsolePlugin) string {
-	pluginURL := &url.URL{
-		Scheme: "https",
-		Host:   fmt.Sprintf("%s.%s.svc.cluster.local:%d", plugin.Spec.Service.Name, plugin.Spec.Service.Namespace, plugin.Spec.Service.Port),
-		Path:   plugin.Spec.Service.BasePath,
-	}
-	return pluginURL.String()
+	return availablePlugins
 }

pkg/console/subresource/configmap/configmap.go

@@ -2,11 +2,13 @@ package configmap
 
 import (
 	"fmt"
+	"net/url"
 
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/klog/v2"
 
 	configv1 "github.com/openshift/api/config/v1"
+	"github.com/openshift/api/console/v1alpha1"
 	operatorv1 "github.com/openshift/api/operator/v1"
 	routev1 "github.com/openshift/api/route/v1"
 	"github.com/openshift/console-operator/pkg/api"
@@ -19,6 +21,7 @@ import (
 const (
 	consoleConfigYamlFile = "console-config.yaml"
 	defaultLogoutURL      = ""
+	pluginProxyEndpoint   = "/api/proxy/"
 )
 
 func getApiUrl(infrastructureConfig *configv1.Infrastructure) string {
@@ -43,7 +46,7 @@ func DefaultConfigMap(
 	activeConsoleRoute *routev1.Route,
 	useDefaultCAFile bool,
 	inactivityTimeoutSeconds int,
-	pluginsEndpoingMap map[string]string) (consoleConfigmap *corev1.ConfigMap, unsupportedOverridesHaveMerged bool, err error) {
+	availablePlugins []*v1alpha1.ConsolePlugin) (consoleConfigmap *corev1.ConfigMap, unsupportedOverridesHaveMerged bool, err error) {
 
 	defaultBuilder := &consoleserver.ConsoleServerCLIConfigBuilder{}
 	defaultConfig, err := defaultBuilder.Host(activeConsoleRoute.Spec.Host).
@@ -67,7 +70,8 @@ func DefaultConfigMap(
 		DocURL(operatorConfig.Spec.Customization.DocumentationBaseURL).
 		OAuthServingCert(useDefaultCAFile).
 		APIServerURL(getApiUrl(infrastructureConfig)).
-		Plugins(pluginsEndpoingMap).
+		Plugins(GetPluginsEndpointMap(availablePlugins)).
+		Proxy(GetPluginsProxyServices(availablePlugins)).
 		CustomLogoFile(operatorConfig.Spec.Customization.CustomLogoFile.Key).
 		CustomProductName(operatorConfig.Spec.Customization.CustomProductName).
 		CustomDeveloperCatalog(operatorConfig.Spec.Customization.DeveloperCatalog).
@@ -108,6 +112,51 @@ func DefaultConfigMap(
 	return configMap, willMergeConfigOverrides, nil
 }
 
+func GetPluginsEndpointMap(availablePlugins []*v1alpha1.ConsolePlugin) map[string]string {
+	pluginsEndpointMap := map[string]string{}
+	for _, plugin := range availablePlugins {
+		pluginsEndpointMap[plugin.Name] = getServiceURL(plugin)
+	}
+	return pluginsEndpointMap
+}
+
+func GetPluginsProxyServices(availablePlugins []*v1alpha1.ConsolePlugin) []consoleserver.ProxyService {
+	proxyServices := []consoleserver.ProxyService{}
+	for _, plugin := range availablePlugins {
+		for _, service := range plugin.Spec.Proxy.Services {
+			proxyService := consoleserver.ProxyService{
+				ConsoleAPIPath: getConsoleAPIPath(&service),
+				Endpoint:       getProxyServiceURL(&service),
+				CACertificate:  service.CACertificate,
+				Authorize:      service.Authorize,
+			}
+			proxyServices = append(proxyServices, proxyService)
+		}
+	}
+	return proxyServices
+}
+
+func getConsoleAPIPath(service *v1alpha1.ConsolePluginProxyService) string {
+	return fmt.Sprintf("%snamespace/%s/service/%s/", pluginProxyEndpoint, service.Namespace, fmt.Sprintf("%s:%d", service.Name, service.Port))
+}
+
+func getProxyServiceURL(service *v1alpha1.ConsolePluginProxyService) string {
+	pluginURL := &url.URL{
+		Scheme: "https",
+		Host:   fmt.Sprintf("%s.%s.svc.cluster.local:%d", service.Name, service.Namespace, service.Port),
+	}
+	return pluginURL.String()
+}
+
+func getServiceURL(plugin *v1alpha1.ConsolePlugin) string {
+	pluginURL := &url.URL{
+		Scheme: "https",
+		Host:   fmt.Sprintf("%s.%s.svc.cluster.local:%d", plugin.Spec.Service.Name, plugin.Spec.Service.Namespace, plugin.Spec.Service.Port),
+		Path:   plugin.Spec.Service.BasePath,
+	}
+	return pluginURL.String()
+}
+
 func isCustomRoute(activeRoute *routev1.Route) bool {
 	return activeRoute.GetName() == api.OpenshiftConsoleCustomRouteName
 }

pkg/console/subresource/configmap/configmap_test.go

@@ -13,6 +13,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	configv1 "github.com/openshift/api/config/v1"
+	"github.com/openshift/api/console/v1alpha1"
 	operatorv1 "github.com/openshift/api/operator/v1"
 	routev1 "github.com/openshift/api/route/v1"
 	"github.com/openshift/console-operator/pkg/api"
@@ -25,6 +26,23 @@ const (
 	mockConsoleURL     = "https://console-openshift-console.apps.some.cluster.openshift.com"
 	configKey          = "console-config.yaml"
 	mockOperatorDocURL = "https://operator.config/doc/link/"
+	test               = 123
+
+	validCertificate = `-----BEGIN CERTIFICATE-----
+MIICRzCCAfGgAwIBAgIJAIydTIADd+yqMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV
+BAYTAkdCMQ8wDQYDVQQIDAZMb25kb24xDzANBgNVBAcMBkxvbmRvbjEYMBYGA1UE
+CgwPR2xvYmFsIFNlY3VyaXR5MRYwFAYDVQQLDA1JVCBEZXBhcnRtZW50MRswGQYD
+VQQDDBJ0ZXN0LWNlcnRpZmljYXRlLTIwIBcNMTcwNDI2MjMyNDU4WhgPMjExNzA0
+MDIyMzI0NThaMH4xCzAJBgNVBAYTAkdCMQ8wDQYDVQQIDAZMb25kb24xDzANBgNV
+BAcMBkxvbmRvbjEYMBYGA1UECgwPR2xvYmFsIFNlY3VyaXR5MRYwFAYDVQQLDA1J
+VCBEZXBhcnRtZW50MRswGQYDVQQDDBJ0ZXN0LWNlcnRpZmljYXRlLTIwXDANBgkq
+hkiG9w0BAQEFAANLADBIAkEAuiRet28DV68Dk4A8eqCaqgXmymamUEjW/DxvIQqH
+3lbhtm8BwSnS9wUAajSLSWiq3fci2RbRgaSPjUrnbOHCLQIDAQABo1AwTjAdBgNV
+HQ4EFgQU0vhI4OPGEOqT+VAWwxdhVvcmgdIwHwYDVR0jBBgwFoAU0vhI4OPGEOqT
++VAWwxdhVvcmgdIwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAANBALNeJGDe
+nV5cXbp9W1bC12Tc8nnNXn4ypLE2JTQAvyp51zoZ8hQoSnRVx/VCY55Yu+br8gQZ
++tW+O/PoE7B3tuY=
+-----END CERTIFICATE-----`
 )
 
 // To manually run these tests: go test -v ./pkg/console/subresource/configmap/...
@@ -37,7 +55,7 @@ func TestDefaultConfigMap(t *testing.T) {
 		rt                       *routev1.Route
 		useDefaultCAFile         bool
 		inactivityTimeoutSeconds int
-		enabledPlugins           map[string]string
+		availablePlugins         []*v1alpha1.ConsolePlugin
 	}
 	tests := []struct {
 		name string
@@ -545,9 +563,9 @@ providers: {}
 				},
 				useDefaultCAFile:         true,
 				inactivityTimeoutSeconds: 0,
-				enabledPlugins: map[string]string{
-					"plugin1": "plugin1_url",
-					"plugin2": "plugin2_url",
+				availablePlugins: []*v1alpha1.ConsolePlugin{
+					testPlugins("plugin1", "serviceName1", "serviceNamespace1"),
+					testPluginsWithProxy("plugin2", "serviceName2", "serviceNamespace2"),
 				},
 			},
 			want: &corev1.ConfigMap{
@@ -575,8 +593,28 @@ servingInfo:
   keyFile: /var/serving-cert/tls.key
 providers: {}
 plugins:
-  plugin1: plugin1_url
-  plugin2: plugin2_url
+  plugin1: https://serviceName1.serviceNamespace1.svc.cluster.local:8443/
+  plugin2: https://serviceName2.serviceNamespace2.svc.cluster.local:8443/
+proxy:
+  services:
+  - authorize: true
+    caCertificate: '-----BEGIN CERTIFICATE-----` + "\n" + `
+MIICRzCCAfGgAwIBAgIJAIydTIADd+yqMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV` + "\n" + `
+BAYTAkdCMQ8wDQYDVQQIDAZMb25kb24xDzANBgNVBAcMBkxvbmRvbjEYMBYGA1UE` + "\n" + `
+CgwPR2xvYmFsIFNlY3VyaXR5MRYwFAYDVQQLDA1JVCBEZXBhcnRtZW50MRswGQYD` + "\n" + `
+VQQDDBJ0ZXN0LWNlcnRpZmljYXRlLTIwIBcNMTcwNDI2MjMyNDU4WhgPMjExNzA0` + "\n" + `
+MDIyMzI0NThaMH4xCzAJBgNVBAYTAkdCMQ8wDQYDVQQIDAZMb25kb24xDzANBgNV` + "\n" + `
+BAcMBkxvbmRvbjEYMBYGA1UECgwPR2xvYmFsIFNlY3VyaXR5MRYwFAYDVQQLDA1J` + "\n" + `
+VCBEZXBhcnRtZW50MRswGQYDVQQDDBJ0ZXN0LWNlcnRpZmljYXRlLTIwXDANBgkq` + "\n" + `
+hkiG9w0BAQEFAANLADBIAkEAuiRet28DV68Dk4A8eqCaqgXmymamUEjW/DxvIQqH` + "\n" + `
+3lbhtm8BwSnS9wUAajSLSWiq3fci2RbRgaSPjUrnbOHCLQIDAQABo1AwTjAdBgNV` + "\n" + `
+HQ4EFgQU0vhI4OPGEOqT+VAWwxdhVvcmgdIwHwYDVR0jBBgwFoAU0vhI4OPGEOqT` + "\n" + `
++VAWwxdhVvcmgdIwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAANBALNeJGDe` + "\n" + `
+nV5cXbp9W1bC12Tc8nnNXn4ypLE2JTQAvyp51zoZ8hQoSnRVx/VCY55Yu+br8gQZ` + "\n" + `
++tW+O/PoE7B3tuY=` + "\n" + `
+-----END CERTIFICATE-----'
+    consoleAPIPath: /api/proxy/namespace/proxy-serviceNamespace2/service/proxy-serviceName2:9991/
+    endpoint: https://proxy-serviceName2.proxy-serviceNamespace2.svc.cluster.local:9991
 `,
 				},
 			},
@@ -592,7 +630,7 @@ plugins:
 				tt.args.rt,
 				tt.args.useDefaultCAFile,
 				tt.args.inactivityTimeoutSeconds,
-				tt.args.enabledPlugins,
+				tt.args.availablePlugins,
 			)
 
 			// marshall the exampleYaml to map[string]interface{} so we can use it in diff below
@@ -601,7 +639,6 @@ plugins:
 			err := yaml.Unmarshal(exampleBytes, &exampleConfig)
 			if err != nil {
 				t.Error(err)
-				fmt.Printf("%v\n", exampleConfig)
 			}
 
 			// the reason we have to marshall blindly into map[string]interface{}
@@ -635,6 +672,38 @@ plugins:
 	}
 }
 
+func testPlugins(pluginName, serviceName, serviceNamespace string) *v1alpha1.ConsolePlugin {
+	return &v1alpha1.ConsolePlugin{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: pluginName,
+		},
+		Spec: v1alpha1.ConsolePluginSpec{
+			Service: v1alpha1.ConsolePluginService{
+				Name:      serviceName,
+				Namespace: serviceNamespace,
+				Port:      8443,
+				BasePath:  "/",
+			},
+		},
+	}
+}
+
+func testPluginsWithProxy(pluginName, serviceName, serviceNamespace string) *v1alpha1.ConsolePlugin {
+	plugin := testPlugins(pluginName, serviceName, serviceNamespace)
+	plugin.Spec.Proxy = v1alpha1.ConsolePluginProxy{
+		Services: []v1alpha1.ConsolePluginProxyService{
+			{
+				Name:          fmt.Sprintf("proxy-%s", serviceName),
+				Namespace:     fmt.Sprintf("proxy-%s", serviceNamespace),
+				Port:          9991,
+				CACertificate: validCertificate,
+				Authorize:     true,
+			},
+		},
+	}
+	return plugin
+}
+
 func TestStub(t *testing.T) {
 	tests := []struct {
 		name string

pkg/console/subresource/consoleserver/config_builder.go

@@ -45,6 +45,7 @@ type ConsoleServerCLIConfigBuilder struct {
 	customHostnameRedirectPort int
 	inactivityTimeoutSeconds   int
 	pluginsList                map[string]string
+	proxyServices              []ProxyService
 }
 
 func (b *ConsoleServerCLIConfigBuilder) Host(host string) *ConsoleServerCLIConfigBuilder {
@@ -126,6 +127,11 @@ func (b *ConsoleServerCLIConfigBuilder) Plugins(plugins map[string]string) *Cons
 	return b
 }
 
+func (b *ConsoleServerCLIConfigBuilder) Proxy(proxyServices []ProxyService) *ConsoleServerCLIConfigBuilder {
+	b.proxyServices = proxyServices
+	return b
+}
+
 func (b *ConsoleServerCLIConfigBuilder) Config() Config {
 	return Config{
 		Kind:          "ConsoleConfig",
@@ -136,6 +142,7 @@ func (b *ConsoleServerCLIConfigBuilder) Config() Config {
 		ServingInfo:   b.servingInfo(),
 		Providers:     b.providers(),
 		Plugins:       b.plugins(),
+		Proxy:         b.proxy(),
 	}
 }
 
@@ -270,3 +277,9 @@ func (b *ConsoleServerCLIConfigBuilder) providers() Providers {
 func (b *ConsoleServerCLIConfigBuilder) plugins() map[string]string {
 	return b.pluginsList
 }
+
+func (b *ConsoleServerCLIConfigBuilder) proxy() Proxy {
+	return Proxy{
+		Services: b.proxyServices,
+	}
+}

pkg/console/subresource/consoleserver/types.go

@@ -19,6 +19,18 @@ type Config struct {
 	Customization `yaml:"customization"`
 	Providers     `yaml:"providers"`
 	Plugins       map[string]string `yaml:"plugins,omitempty"`
+	Proxy         Proxy             `yaml:"proxy,omitempty"`
+}
+
+type Proxy struct {
+	Services []ProxyService `yaml:"services,omitempty"`
+}
+
+type ProxyService struct {
+	Endpoint       string `yaml:"endpoint"`
+	ConsoleAPIPath string `yaml:"consoleAPIPath"`
+	CACertificate  string `yaml:"caCertificate"`
+	Authorize      bool   `yaml:"authorize"`
 }
 
 // ServingInfo holds configuration for serving HTTP.