120 lines
3.3 KiB
Go
120 lines
3.3 KiB
Go
//
|
|
// Copyright (c) 2019-2021 Red Hat, Inc.
|
|
// This program and the accompanying materials are made
|
|
// available under the terms of the Eclipse Public License 2.0
|
|
// which is available at https://www.eclipse.org/legal/epl-2.0/
|
|
//
|
|
// SPDX-License-Identifier: EPL-2.0
|
|
//
|
|
// Contributors:
|
|
// Red Hat, Inc. - initial API and implementation
|
|
//
|
|
package identityprovider
|
|
|
|
import (
|
|
"strings"
|
|
|
|
"github.com/eclipse-che/che-operator/pkg/common/utils"
|
|
"sigs.k8s.io/controller-runtime/pkg/reconcile"
|
|
|
|
"github.com/eclipse-che/che-operator/pkg/common/chetypes"
|
|
"github.com/eclipse-che/che-operator/pkg/deploy"
|
|
"github.com/google/go-cmp/cmp/cmpopts"
|
|
oauth "github.com/openshift/api/oauth/v1"
|
|
"github.com/sirupsen/logrus"
|
|
)
|
|
|
|
const (
|
|
OAuthFinalizerName = "oauthclients.finalizers.che.eclipse.org"
|
|
)
|
|
|
|
var (
|
|
oAuthClientDiffOpts = cmpopts.IgnoreFields(oauth.OAuthClient{}, "TypeMeta", "ObjectMeta")
|
|
)
|
|
|
|
type IdentityProviderReconciler struct {
|
|
deploy.Reconcilable
|
|
}
|
|
|
|
func NewIdentityProviderReconciler() *IdentityProviderReconciler {
|
|
return &IdentityProviderReconciler{}
|
|
}
|
|
|
|
func (ip *IdentityProviderReconciler) Reconcile(ctx *chetypes.DeployContext) (reconcile.Result, bool, error) {
|
|
done, err := syncOAuthClient(ctx)
|
|
return reconcile.Result{Requeue: !done}, done, err
|
|
}
|
|
|
|
func (ip *IdentityProviderReconciler) Finalize(ctx *chetypes.DeployContext) bool {
|
|
oauthClients, err := FindAllEclipseCheOAuthClients(ctx)
|
|
if err != nil {
|
|
logrus.Errorf("Error getting OAuthClients: %v", err)
|
|
return false
|
|
}
|
|
|
|
for _, oauthClient := range oauthClients {
|
|
if _, err := deploy.DeleteClusterObject(ctx, oauthClient.Name, &oauth.OAuthClient{}); err != nil {
|
|
logrus.Errorf("Error deleting OAuthClient: %v", err)
|
|
return false
|
|
}
|
|
}
|
|
|
|
if err := deploy.DeleteFinalizer(ctx, OAuthFinalizerName); err != nil {
|
|
logrus.Errorf("Error deleting finalizer: %v", err)
|
|
return false
|
|
}
|
|
|
|
return true
|
|
}
|
|
|
|
func syncOAuthClient(ctx *chetypes.DeployContext) (bool, error) {
|
|
oauthClientName := ctx.CheCluster.Spec.Networking.Auth.OAuthClientName
|
|
oauthSecret := ctx.CheCluster.Spec.Networking.Auth.OAuthSecret
|
|
|
|
if oauthClientName == "" {
|
|
oauthClient, err := FindOAuthClient(ctx)
|
|
if err != nil {
|
|
logrus.Errorf("Error getting OAuthClients: %v", err)
|
|
return false, err
|
|
}
|
|
|
|
if oauthClient != nil {
|
|
oauthClientName = oauthClient.Name
|
|
if oauthSecret == "" {
|
|
oauthSecret = oauthClient.Secret
|
|
}
|
|
}
|
|
} else {
|
|
oauthClient := &oauth.OAuthClient{}
|
|
exists, _ := deploy.GetClusterObject(ctx, oauthClientName, oauthClient)
|
|
if exists {
|
|
if oauthSecret == "" {
|
|
oauthSecret = oauthClient.Secret
|
|
}
|
|
}
|
|
}
|
|
|
|
// Generate secret and name
|
|
oauthSecret = utils.GetValue(oauthSecret, utils.GeneratePassword(12))
|
|
oauthClientName = utils.GetValue(oauthClientName, ctx.CheCluster.Name+"-openshift-identity-provider-"+strings.ToLower(utils.GeneratePassword(6)))
|
|
|
|
redirectURIs := []string{"https://" + ctx.CheHost + "/oauth/callback"}
|
|
oauthClientSpec := GetOAuthClientSpec(
|
|
oauthClientName,
|
|
oauthSecret,
|
|
redirectURIs,
|
|
ctx.CheCluster.Spec.Networking.Auth.OAuthAccessTokenInactivityTimeoutSeconds,
|
|
ctx.CheCluster.Spec.Networking.Auth.OAuthAccessTokenMaxAgeSeconds)
|
|
done, err := deploy.Sync(ctx, oauthClientSpec, oAuthClientDiffOpts)
|
|
if !done {
|
|
return false, err
|
|
}
|
|
|
|
err = deploy.AppendFinalizer(ctx, OAuthFinalizerName)
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
|
|
return true, nil
|
|
}
|