Merge pull request #295 from iamkirkbater/short-lived-auth-login-fixes

Allows passing in the ocm config for short-lived ocm token support
openshift · Jul 5, 2024 · 87a4ba7 · 87a4ba7
2 parents 2e5ef59 + 9a7a4c8
commit 87a4ba7
Show file tree

Hide file tree

Showing 5 changed files with 49 additions and 19 deletions.
diff --git a/pkg/ocm/ocm.go b/pkg/ocm/ocm.go
@@ -5,6 +5,9 @@ package ocm
 // creating the container
 
 import (
+	"os"
+	"path/filepath"
+
 	sdk "github.com/openshift-online/ocm-sdk-go"
 	cmv1 "github.com/openshift-online/ocm-sdk-go/clustersmgmt/v1"
 	"github.com/openshift/osdctl/pkg/utils"
@@ -106,3 +109,33 @@ func GetClusterId(ocmClient *sdk.Connection, key string) (string, error) {
 
 	return cluster.ID(), err
 }
+
+// Finds the OCM Configuration file and returns the path to it
+// Taken wholesale from	openshift-online/ocm-cli
+func GetOCMConfigLocation() (string, error) {
+	if ocmconfig := os.Getenv("OCM_CONFIG"); ocmconfig != "" {
+		return ocmconfig, nil
+	}
+
+	// Determine home directory to use for the legacy file path
+	home, err := os.UserHomeDir()
+	if err != nil {
+		return "", err
+	}
+
+	path := filepath.Join(home, ".ocm.json")
+
+	_, err = os.Stat(path)
+	if os.IsNotExist(err) {
+		// Determine standard config directory
+		configDir, err := os.UserConfigDir()
+		if err != nil {
+			return path, err
+		}
+
+		// Use standard config directory
+		path = filepath.Join(configDir, "/ocm/ocm.json")
+	}
+
+	return path, nil
+}
diff --git a/pkg/ocmcontainer/ocmcontainer.go b/pkg/ocmcontainer/ocmcontainer.go
@@ -125,6 +125,20 @@ func New(cmd *cobra.Command, args []string) (*ocmContainer, error) {
 	maps.Copy(c.Envs, backplaneConfig.Env)
 	c.Volumes = append(c.Volumes, backplaneConfig.Mounts...)
 
+	// Copy the ocm config into the container
+	ocmConfigLocation, err := ocm.GetOCMConfigLocation()
+	if err != nil {
+		return o, err
+	}
+
+	ocmVolume := engine.VolumeMount{
+		Source:       ocmConfigLocation,
+		Destination:  "/root/.config/ocm/ocm.json",
+		MountOptions: "ro",
+	}
+
+	c.Volumes = append(c.Volumes, ocmVolume)
+
 	ocmConfig, err := ocm.New(viper.GetString("ocm-url"))
 	if err != nil {
 		return o, err

diff --git a/utils/bashrc.d/09-ocm.bashrc → utils/bashrc.d/00-ocm.bashrc b/utils/bashrc.d/09-ocm.bashrc → utils/bashrc.d/00-ocm.bashrc
@@ -1,27 +1,15 @@
 #!/usr/bin/env bash
 
-if [ "x${OFFLINE_ACCESS_TOKEN}" == "x" ]
-then
-  echo "WARNING: must set env variable OFFLINE_ACCESS_TOKEN for automatic OCM login"
-  return
-fi
-
 if [ "$OCM_URL" == "" ]
 then
   OCM_URL="https://api.openshift.com"
 fi
 
-CLI="${CLI:-ocm}"
-if [[ "${CLI}" == "ocm" ]]
+if ! ocm whoami &> /dev/null
 then
-  LOGIN_ENV='--url'
-elif [[ "${CLI}" == "moactl" ]]
-then
-  LOGIN_ENV='--env'
+  ocm login --url=$OCM_URL --use-device-code
 fi
 
-"${CLI}" login --token=$OFFLINE_ACCESS_TOKEN ${LOGIN_ENV}=$OCM_URL
-
 # Wrap the ocm backplane console command to handle automation for
 # port mapping inside the container
 ocm() {

diff --git a/utils/bashrc.d/06-sre-utils.bashrc → utils/bashrc.d/06-sre-login.bashrc b/utils/bashrc.d/06-sre-utils.bashrc → utils/bashrc.d/06-sre-login.bashrc
diff --git a/utils/bin/sre-login b/utils/bin/sre-login
@@ -14,9 +14,6 @@ then
   exit 1
 fi
 
-# Login to OCM first
-ocm-login > /dev/null
-
 echo "Logging into cluster $1"
 
 function get_cluster_json {
@@ -62,6 +59,4 @@ cluster_id=$(jq -r '.id' <<< "$clusterjson")
 cluster_listening=$(jq -r '.api.listening' <<< "$clusterjson")
 
 # Login to the Cluster
-
-echo "Cluster ID: $cluster_id"
 exec ocm backplane login ${cluster_id}