Add Authentication and OAuth crds

Gopkg.toml

@@ -82,7 +82,7 @@ ignored = [
 
 [[constraint]]
   name = "github.com/openshift/api"
-  revision = "8241b16bb46fe9bd7aebbbce92d7af84fb71be7f"
+  revision = "4703f3e71d833812a81e0fa3a2da1257e3efd85c"
 
 [[constraint]]
   name = "github.com/openshift/client-go"

data/data/manifests/openshift/cluster-authentication-crd.yaml

@@ -0,0 +1,18 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: authentications.config.openshift.io
+spec:
+  group: config.openshift.io
+  names:
+    kind: Authentication
+    listKind: AuthenticationList
+    plural: authentications
+    singular: authentication
+  scope: Cluster
+  subresources:
+    status: {}
+  versions:
+  - name: v1
+    served: true
+    storage: true

data/data/manifests/openshift/cluster-oauth-crd.yaml

@@ -0,0 +1,18 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: oauths.config.openshift.io
+spec:
+  group: config.openshift.io
+  names:
+    kind: OAuth
+    listKind: OAuthList
+    plural: oauths
+    singular: oauth
+  scope: Cluster
+  subresources:
+    status: {}
+  versions:
+  - name: v1
+    served: true
+    storage: true

pkg/asset/manifests/authentication.go

@@ -0,0 +1,90 @@
+package manifests
+
+import (
+	"path/filepath"
+
+	"github.com/ghodss/yaml"
+	"github.com/pkg/errors"
+
+	"github.com/openshift/installer/pkg/asset"
+	"github.com/openshift/installer/pkg/asset/installconfig"
+	"github.com/openshift/installer/pkg/asset/templates/content"
+
+	configv1 "github.com/openshift/api/config/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+var (
+	authCrdFilename = "cluster-authentication-crd.yaml"
+	authCfgFilename = filepath.Join(manifestDir, "cluster-authentication-config.yml")
+)
+
+// Authentication generates the authentication-*.yml files.
+type Authentication struct {
+	config   *configv1.Authentication
+	FileList []*asset.File
+}
+
+var _ asset.WritableAsset = (*Authentication)(nil)
+
+// Name returns a human friendly name for the asset.
+func (*Authentication) Name() string {
+	return "Authentication Config"
+}
+
+// Dependencies returns all of the dependencies directly needed to generate
+// the asset.
+func (*Authentication) Dependencies() []asset.Asset {
+	return []asset.Asset{
+		&installconfig.InstallConfig{},
+	}
+}
+
+// Generate generates the Authentication and its CRD.
+func (a *Authentication) Generate(dependencies asset.Parents) error {
+	installConfig := &installconfig.InstallConfig{}
+	dependencies.Get(installConfig)
+
+	a.config = &configv1.Authentication{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       "Authentication",
+			APIVersion: configv1.GroupVersion.String(),
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "cluster",
+		},
+	}
+
+	configData, err := yaml.Marshal(a.config)
+	if err != nil {
+		return errors.Wrapf(err, "failed to generate data for asset: %s", a.Name())
+	}
+
+	crdData, err := content.GetOpenshiftTemplate(authCrdFilename)
+	if err != nil {
+		return errors.Wrapf(err, "failed to get contentes of %s", authCrdFilename)
+	}
+
+	a.FileList = []*asset.File{
+		{
+			Filename: filepath.Join(manifestDir, authCrdFilename),
+			Data:     []byte(crdData),
+		},
+		{
+			Filename: authCfgFilename,
+			Data:     configData,
+		},
+	}
+
+	return nil
+}
+
+// Files returns the files generated by the asset.
+func (a *Authentication) Files() []*asset.File {
+	return a.FileList
+}
+
+// Load returns false since this asset is not written to disk by the installer.
+func (a *Authentication) Load(f asset.FileFetcher) (bool, error) {
+	return false, nil
+}

pkg/asset/manifests/oauth.go

@@ -0,0 +1,96 @@
+package manifests
+
+import (
+	"path/filepath"
+
+	"github.com/ghodss/yaml"
+	"github.com/pkg/errors"
+
+	"github.com/openshift/installer/pkg/asset"
+	"github.com/openshift/installer/pkg/asset/installconfig"
+	"github.com/openshift/installer/pkg/asset/templates/content"
+
+	configv1 "github.com/openshift/api/config/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+var (
+	oauthCrdFilename = "cluster-oauth-crd.yaml"
+	oauthCfgFilename = filepath.Join(manifestDir, "cluster-oauth-config.yml")
+)
+
+// OAuth generates the authentication-*.yml files.
+type OAuth struct {
+	config   *configv1.OAuth
+	FileList []*asset.File
+}
+
+var _ asset.WritableAsset = (*OAuth)(nil)
+
+// Name returns a human friendly name for the asset.
+func (*OAuth) Name() string {
+	return "OAuth Config"
+}
+
+// Dependencies returns all of the dependencies directly needed to generate
+// the asset.
+func (*OAuth) Dependencies() []asset.Asset {
+	return []asset.Asset{
+		&installconfig.InstallConfig{},
+	}
+}
+
+// Generate generates the OAuth and its CRD.
+func (o *OAuth) Generate(dependencies asset.Parents) error {
+	installConfig := &installconfig.InstallConfig{}
+	dependencies.Get(installConfig)
+
+	o.config = &configv1.OAuth{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       "OAuth",
+			APIVersion: configv1.GroupVersion.String(),
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "cluster",
+		},
+		Spec: configv1.OAuthSpec{
+			TokenConfig: configv1.TokenConfig{
+				AuthorizeTokenMaxAgeSeconds: 5 * 60,       // 5 minutes
+				AccessTokenMaxAgeSeconds:    24 * 60 * 60, // 1 day
+			},
+		},
+	}
+
+	configData, err := yaml.Marshal(o.config)
+	if err != nil {
+		return errors.Wrapf(err, "failed to generate data for asset: %s", o.Name())
+	}
+
+	crdData, err := content.GetOpenshiftTemplate(oauthCrdFilename)
+	if err != nil {
+		return errors.Wrapf(err, "failed to get contentes of %s", oauthCrdFilename)
+	}
+
+	o.FileList = []*asset.File{
+		{
+			Filename: filepath.Join(manifestDir, oauthCrdFilename),
+			Data:     []byte(crdData),
+		},
+		{
+			Filename: oauthCfgFilename,
+			Data:     configData,
+		},
+	}
+
+	return nil
+}
+
+// Files returns the files generated by the asset.
+func (o *OAuth) Files() []*asset.File {
+	return o.FileList
+}
+
+// Load returns false since this asset is not written to disk by the installer.
+func (o *OAuth) Load(f asset.FileFetcher) (bool, error) {
+	return false, nil
+}

pkg/asset/manifests/openshift.go

@@ -46,6 +46,8 @@ func (o *Openshift) Dependencies() []asset.Asset {
 	return []asset.Asset{
 		&installconfig.InstallConfig{},
 		&ClusterK8sIO{},
+		&Authentication{},
+		&OAuth{},
 		&machines.Worker{},
 		&machines.Master{},
 		&password.KubeadminPassword{},
@@ -62,9 +64,11 @@ func (o *Openshift) Generate(dependencies asset.Parents) error {
 	installConfig := &installconfig.InstallConfig{}
 	kubeadminPassword := &password.KubeadminPassword{}
 	clusterk8sio := &ClusterK8sIO{}
+	authentication := &Authentication{}
+	oauth := &OAuth{}
 	worker := &machines.Worker{}
 	master := &machines.Master{}
-	dependencies.Get(installConfig, clusterk8sio, worker, master, kubeadminPassword)
+	dependencies.Get(installConfig, clusterk8sio, authentication, oauth, worker, master, kubeadminPassword)
 	var cloudCreds cloudCredsSecretData
 	platform := installConfig.Config.Platform.Name()
 	switch platform {
@@ -143,6 +147,8 @@ func (o *Openshift) Generate(dependencies asset.Parents) error {
 			Data:     data,
 		})
 	}
+	o.FileList = append(o.FileList, authentication.Files()...)
+	o.FileList = append(o.FileList, oauth.Files()...)
 
 	return nil
 }