diff --git a/cmd/hypershift/main.go b/cmd/hypershift/main.go index e80f60ddf59b..bdb940b1c49b 100644 --- a/cmd/hypershift/main.go +++ b/cmd/hypershift/main.go @@ -8,8 +8,6 @@ import ( "runtime" "time" - "github.com/openshift/origin/pkg/cmd/openshift-osinserver" - "github.com/spf13/cobra" "github.com/spf13/pflag" @@ -21,6 +19,7 @@ import ( "github.com/openshift/origin/pkg/cmd/openshift-apiserver" "github.com/openshift/origin/pkg/cmd/openshift-controller-manager" "github.com/openshift/origin/pkg/cmd/openshift-etcd" + "github.com/openshift/origin/pkg/cmd/openshift-integrated-oauth-server" "github.com/openshift/origin/pkg/cmd/openshift-kube-apiserver" "github.com/openshift/origin/pkg/cmd/openshift-network-controller" "github.com/openshift/origin/pkg/version" @@ -77,7 +76,8 @@ func NewHyperShiftCommand(stopCh <-chan struct{}) *cobra.Command { startOpenShiftNetworkController := openshift_network_controller.NewOpenShiftNetworkControllerCommand(openshift_network_controller.RecommendedStartNetworkControllerName, "hypershift", os.Stdout, os.Stderr) cmd.AddCommand(startOpenShiftNetworkController) - startOsin := openshift_osinserver.NewOpenShiftOsinServer(os.Stdout, os.Stderr, stopCh) + startOsin := openshift_integrated_oauth_server.NewOsinServer(os.Stdout, os.Stderr, stopCh) + startOsin.Use = "openshift-osinserver" startOsin.Deprecated = "will be removed in 4.0" startOsin.Hidden = true cmd.AddCommand(startOsin) diff --git a/cmd/openshift-integrated-oauth-server/OWNERS b/cmd/openshift-integrated-oauth-server/OWNERS new file mode 100644 index 000000000000..ce92b9f2d035 --- /dev/null +++ b/cmd/openshift-integrated-oauth-server/OWNERS @@ -0,0 +1,7 @@ +reviewers: + - enj + - ericavonb + - mrogers950 + - stlaz +approvers: + - enj diff --git a/cmd/openshift-integrated-oauth-server/main.go b/cmd/openshift-integrated-oauth-server/main.go new file mode 100644 index 000000000000..6b8ffb7af375 --- /dev/null +++ b/cmd/openshift-integrated-oauth-server/main.go @@ -0,0 +1,61 @@ +package main + +import ( + goflag "flag" + "fmt" + "math/rand" + "os" + "runtime" + "time" + + "github.com/spf13/cobra" + "github.com/spf13/pflag" + + genericapiserver "k8s.io/apiserver/pkg/server" + utilflag "k8s.io/apiserver/pkg/util/flag" + "k8s.io/apiserver/pkg/util/logs" + + "github.com/openshift/library-go/pkg/serviceability" + "github.com/openshift/origin/pkg/cmd/openshift-integrated-oauth-server" + "github.com/openshift/origin/pkg/version" +) + +func main() { + stopCh := genericapiserver.SetupSignalHandler() + + rand.Seed(time.Now().UTC().UnixNano()) + + pflag.CommandLine.SetNormalizeFunc(utilflag.WordSepNormalizeFunc) + pflag.CommandLine.AddGoFlagSet(goflag.CommandLine) + + logs.InitLogs() + defer logs.FlushLogs() + defer serviceability.BehaviorOnPanic(os.Getenv("OPENSHIFT_ON_PANIC"), version.Get())() + defer serviceability.Profile(os.Getenv("OPENSHIFT_PROFILE")).Stop() + + if len(os.Getenv("GOMAXPROCS")) == 0 { + runtime.GOMAXPROCS(runtime.NumCPU()) + } + + command := NewOpenshiftIntegratedOAuthServerCommand(stopCh) + if err := command.Execute(); err != nil { + fmt.Fprintf(os.Stderr, "%v\n", err) + os.Exit(1) + } +} + +func NewOpenshiftIntegratedOAuthServerCommand(stopCh <-chan struct{}) *cobra.Command { + cmd := &cobra.Command{ + Use: "openshift-integrated-oauth-server", + Short: "Command for the OpenShift integrated OAuth server", + Run: func(cmd *cobra.Command, args []string) { + cmd.Help() + os.Exit(1) + }, + } + + startOsin := openshift_integrated_oauth_server.NewOsinServer(os.Stdout, os.Stderr, stopCh) + cmd.AddCommand(startOsin) + + return cmd +} diff --git a/hack/import-restrictions.json b/hack/import-restrictions.json index 073ffd4d3f23..c1c5a394423a 100644 --- a/hack/import-restrictions.json +++ b/hack/import-restrictions.json @@ -151,6 +151,7 @@ "github.com/openshift/origin/pkg/apiserver/authentication/oauth", "github.com/openshift/origin/pkg/oauth/apis/oauth/validation", + "github.com/openshift/origin/pkg/cmd/openshift-integrated-oauth-server", "github.com/openshift/origin/pkg/cmd/openshift-kube-apiserver/openshiftkubeapiserver", "github.com/openshift/origin/pkg/cmd/server/origin", "github.com/openshift/origin/pkg/cmd/server/apis/config/validation", diff --git a/hack/lib/constants.sh b/hack/lib/constants.sh index e5c4c6cd32d6..aa64e2d8010b 100755 --- a/hack/lib/constants.sh +++ b/hack/lib/constants.sh @@ -39,6 +39,7 @@ readonly OS_IMAGE_COMPILE_TARGETS_LINUX=( cmd/openshift-sdn cmd/openshift-tests cmd/openshift + cmd/openshift-integrated-oauth-server vendor/k8s.io/kubernetes/cmd/hyperkube ) readonly OS_SCRATCH_IMAGE_COMPILE_TARGETS_LINUX=( diff --git a/pkg/cmd/openshift-integrated-oauth-server/OWNERS b/pkg/cmd/openshift-integrated-oauth-server/OWNERS new file mode 100644 index 000000000000..ce92b9f2d035 --- /dev/null +++ b/pkg/cmd/openshift-integrated-oauth-server/OWNERS @@ -0,0 +1,7 @@ +reviewers: + - enj + - ericavonb + - mrogers950 + - stlaz +approvers: + - enj diff --git a/pkg/cmd/openshift-osinserver/cmd.go b/pkg/cmd/openshift-integrated-oauth-server/cmd.go similarity index 55% rename from pkg/cmd/openshift-osinserver/cmd.go rename to pkg/cmd/openshift-integrated-oauth-server/cmd.go index 6359a7207320..4b30d5297631 100644 --- a/pkg/cmd/openshift-osinserver/cmd.go +++ b/pkg/cmd/openshift-integrated-oauth-server/cmd.go @@ -1,12 +1,12 @@ -package openshift_osinserver +package openshift_integrated_oauth_server import ( + "encoding/json" "errors" "fmt" "io" "io/ioutil" "os" - "path" "github.com/golang/glog" "github.com/spf13/cobra" @@ -15,29 +15,24 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/serializer" utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/client-go/tools/clientcmd/api" "k8s.io/kubernetes/pkg/api/legacyscheme" kcmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util" configv1 "github.com/openshift/api/config/v1" - kubecontrolplanev1 "github.com/openshift/api/kubecontrolplane/v1" osinv1 "github.com/openshift/api/osin/v1" - "github.com/openshift/library-go/pkg/config/helpers" "github.com/openshift/library-go/pkg/serviceability" "github.com/openshift/origin/pkg/api/legacy" - "github.com/openshift/origin/pkg/cmd/openshift-kube-apiserver/configdefault" - "github.com/openshift/origin/pkg/configconversion" ) -type OpenShiftOsinServer struct { +type OsinServer struct { ConfigFile string } -func NewOpenShiftOsinServer(out, errout io.Writer, stopCh <-chan struct{}) *cobra.Command { - options := &OpenShiftOsinServer{} +func NewOsinServer(out, errout io.Writer, stopCh <-chan struct{}) *cobra.Command { + options := &OsinServer{} cmd := &cobra.Command{ - Use: "openshift-osinserver", + Use: "osinserver", Short: "Launch OpenShift osin server", Run: func(c *cobra.Command, args []string) { legacy.InstallInternalLegacyAll(legacyscheme.Scheme) @@ -70,7 +65,7 @@ func NewOpenShiftOsinServer(out, errout io.Writer, stopCh <-chan struct{}) *cobr return cmd } -func (o *OpenShiftOsinServer) Validate() error { +func (o *OsinServer) Validate() error { if len(o.ConfigFile) == 0 { return errors.New("--config is required for this command") } @@ -78,9 +73,7 @@ func (o *OpenShiftOsinServer) Validate() error { return nil } -func (o *OpenShiftOsinServer) RunOsinServer(stopCh <-chan struct{}) error { - // try to decode into our new types first. right now there is no validation, no file path resolution. this unsticks the operator to start. - // TODO add those things +func (o *OsinServer) RunOsinServer(stopCh <-chan struct{}) error { configContent, err := ioutil.ReadFile(o.ConfigFile) if err != nil { return err @@ -88,26 +81,23 @@ func (o *OpenShiftOsinServer) RunOsinServer(stopCh <-chan struct{}) error { // TODO this probably needs to be updated to a container inside openshift/api/osin/v1 scheme := runtime.NewScheme() - utilruntime.Must(kubecontrolplanev1.Install(scheme)) + utilruntime.Must(osinv1.Install(scheme)) codecs := serializer.NewCodecFactory(scheme) - obj, err := runtime.Decode(codecs.UniversalDecoder(kubecontrolplanev1.GroupVersion, configv1.GroupVersion, osinv1.GroupVersion), configContent) + obj, err := runtime.Decode(codecs.UniversalDecoder(osinv1.GroupVersion, configv1.GroupVersion), configContent) if err != nil { - return err - } - - // Resolve relative to CWD - absoluteConfigFile, err := api.MakeAbs(o.ConfigFile, "") - if err != nil { - return err + // TODO drop this code once we remove the hypershift path + obj = &osinv1.OsinServerConfig{} + if jsonErr := json.Unmarshal(configContent, obj); jsonErr != nil { + glog.Errorf("osin config parse error: %v", jsonErr) + return err + } + // return err } - configFileLocation := path.Dir(absoluteConfigFile) - // TODO this is our pretend OsinServerConfig - config := obj.(*kubecontrolplanev1.KubeAPIServerConfig) - if err := helpers.ResolvePaths(configconversion.GetKubeAPIServerConfigFileReferences(config), configFileLocation); err != nil { - return err + config, ok := obj.(*osinv1.OsinServerConfig) + if !ok { + return fmt.Errorf("expected OsinServerConfig, got %T", config) } - configdefault.SetRecommendedKubeAPIServerConfigDefaults(config) - return RunOpenShiftOsinServer(config, stopCh) + return RunOsinServer(config, stopCh) } diff --git a/pkg/cmd/openshift-osinserver/server.go b/pkg/cmd/openshift-integrated-oauth-server/server.go similarity index 79% rename from pkg/cmd/openshift-osinserver/server.go rename to pkg/cmd/openshift-integrated-oauth-server/server.go index 20b7ddf00bae..c69fcca0da34 100644 --- a/pkg/cmd/openshift-osinserver/server.go +++ b/pkg/cmd/openshift-integrated-oauth-server/server.go @@ -1,4 +1,4 @@ -package openshift_osinserver +package openshift_integrated_oauth_server import ( "errors" @@ -6,7 +6,7 @@ import ( genericapiserver "k8s.io/apiserver/pkg/server" "k8s.io/kubernetes/pkg/api/legacyscheme" - kubecontrolplanev1 "github.com/openshift/api/kubecontrolplane/v1" + osinv1 "github.com/openshift/api/osin/v1" "github.com/openshift/library-go/pkg/config/helpers" "github.com/openshift/origin/pkg/cmd/openshift-apiserver/openshiftapiserver/configprocessing" "github.com/openshift/origin/pkg/oauthserver/oauthserver" @@ -15,8 +15,8 @@ import ( _ "k8s.io/kubernetes/pkg/client/metrics/prometheus" ) -func RunOpenShiftOsinServer(osinConfig *kubecontrolplanev1.KubeAPIServerConfig, stopCh <-chan struct{}) error { - if osinConfig == nil || osinConfig.OAuthConfig == nil { +func RunOsinServer(osinConfig *osinv1.OsinServerConfig, stopCh <-chan struct{}) error { + if osinConfig == nil { return errors.New("osin server requires non-empty oauthConfig") } @@ -35,7 +35,7 @@ func RunOpenShiftOsinServer(osinConfig *kubecontrolplanev1.KubeAPIServerConfig, return oauthServer.GenericAPIServer.PrepareRun().Run(stopCh) } -func newOAuthServerConfig(osinConfig *kubecontrolplanev1.KubeAPIServerConfig) (*oauthserver.OAuthServerConfig, error) { +func newOAuthServerConfig(osinConfig *osinv1.OsinServerConfig) (*oauthserver.OAuthServerConfig, error) { genericConfig := genericapiserver.NewRecommendedConfig(legacyscheme.Codecs) servingOptions, err := configprocessing.ToServingOptions(osinConfig.ServingInfo) @@ -52,7 +52,7 @@ func newOAuthServerConfig(osinConfig *kubecontrolplanev1.KubeAPIServerConfig) (* return nil, err } - oauthServerConfig, err := oauthserver.NewOAuthServerConfig(*osinConfig.OAuthConfig, kubeClientConfig) + oauthServerConfig, err := oauthserver.NewOAuthServerConfig(osinConfig.OAuthConfig, kubeClientConfig) if err != nil { return nil, err } diff --git a/pkg/oauthserver/oauthserver/auth.go b/pkg/oauthserver/oauthserver/auth.go index 16730b10b21e..2a5ff9bb3ce6 100644 --- a/pkg/oauthserver/oauthserver/auth.go +++ b/pkg/oauthserver/oauthserver/auth.go @@ -144,7 +144,12 @@ func (c *OAuthServerConfig) WithOAuth(handler http.Handler) (http.Handler, error ) server.Install(mux, urls.OpenShiftOAuthAPIPrefix) - tokenRequestEndpoints := tokenrequest.NewEndpoints(c.ExtraOAuthConfig.Options.MasterPublicURL, openShiftLogoutPrefix, c.getOsinOAuthClient, c.ExtraOAuthConfig.OAuthAccessTokenClient) + loginURL := c.ExtraOAuthConfig.Options.LoginURL + if len(loginURL) == 0 { + loginURL = c.ExtraOAuthConfig.Options.MasterPublicURL + } + + tokenRequestEndpoints := tokenrequest.NewEndpoints(loginURL, openShiftLogoutPrefix, c.getOsinOAuthClient, c.ExtraOAuthConfig.OAuthAccessTokenClient) tokenRequestEndpoints.Install(mux, urls.OpenShiftOAuthAPIPrefix) if session := c.ExtraOAuthConfig.SessionAuth; session != nil {