Skip to content

Commit

Permalink
Use auth delegation to avoid oauth form parsing
Browse files Browse the repository at this point in the history 
Signed-off-by: Ruben Vargas <[email protected]>

Signed-off-by: Ruben Vargas <[email protected]>
  • Loading branch information
@rubenvp8510
rubenvp8510 committed Jan 14, 2020
1 parent 853b677 commit f100fc9
Show file tree
Hide file tree
Showing 6 changed files with 164 additions and 239 deletions.
6 changes: 0 additions & 6 deletions .ci/run-e2e-tests.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,12 +42,6 @@ then
elif [ "${TEST_GROUP}" = "es-token-propagation" ]
then
echo "Running token propagation tests"
oc create user user-test-token
oc adm policy add-cluster-role-to-user cluster-admin user-test-token
# for ocp 4.2
htpasswd -c -B -b users.htpasswd user-test-token any
oc delete secret htpass-secret -n openshift-config
oc create secret generic htpass-secret --from-file=htpasswd=./users.htpasswd -n openshift-config
make e2e-tests-token-propagation-es
else
echo "Unknown TEST_GROUP [${TEST_GROUP}]"; exit 1
Expand Down
4 changes: 4 additions & 0 deletions deploy/crds/jaegertracing.io_jaegers_crd.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9434,6 +9434,10 @@ spec:
sar:
type: string
type: object
options:
description: Options defines a common options parameter to the different
structs
type: object
resources:
description: ResourceRequirements describes the compute resource
requirements.
Expand Down
7 changes: 6 additions & 1 deletion pkg/apis/jaegertracing/v1/zz_generated.openapi.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1361,11 +1361,16 @@ func schema_pkg_apis_jaegertracing_v1_JaegerIngressSpec(ref common.ReferenceCall
Format: "",
},
},
"options": {
SchemaProps: spec.SchemaProps{
Ref: ref("./pkg/apis/jaegertracing/v1.Options"),
},
},
},
},
},
Dependencies: []string{
"./pkg/apis/jaegertracing/v1.JaegerIngressOpenShiftSpec", "./pkg/apis/jaegertracing/v1.JaegerIngressTLSSpec", "k8s.io/api/core/v1.Affinity", "k8s.io/api/core/v1.PodSecurityContext", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.Toleration", "k8s.io/api/core/v1.Volume", "k8s.io/api/core/v1.VolumeMount"},
"./pkg/apis/jaegertracing/v1.JaegerIngressOpenShiftSpec", "./pkg/apis/jaegertracing/v1.JaegerIngressTLSSpec", "./pkg/apis/jaegertracing/v1.Options", "k8s.io/api/core/v1.Affinity", "k8s.io/api/core/v1.PodSecurityContext", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.Toleration", "k8s.io/api/core/v1.Volume", "k8s.io/api/core/v1.VolumeMount"},
}
}

Expand Down
1 change: 1 addition & 0 deletions pkg/inject/oauth_proxy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (
"github.com/jaegertracing/jaeger-operator/pkg/util"
)

// #nosec G101 (CWE-798): Potential hardcoded credentials
const defaultProxySecret = "ncNDoqLGrayxXzxTn5ANbOXZp3qXd0LA"

// OAuthProxy injects an appropriate proxy into the given deployment
Expand Down
21 changes: 1 addition & 20 deletions pkg/strategy/production.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ import (
"github.com/jaegertracing/jaeger-operator/pkg/storage"
)

func newProductionStrategy(ctx context.Context, jaeger *v1.Jaeger) {
func newProductionStrategy(ctx context.Context, jaeger *v1.Jaeger) S {
tracer := global.TraceProvider().GetTracer(v1.ReconciliationTracer)
ctx, span := tracer.Start(ctx, "newProductionStrategy")
defer span.End()
Expand Down Expand Up @@ -115,25 +115,6 @@ func newProductionStrategy(ctx context.Context, jaeger *v1.Jaeger) {
}
for i := range esRollover {
jobs = append(jobs, &esRollover[i].Spec.JobTemplate.Spec.Template.Spec)

err := es.CreateCerts()
if err != nil {
jaeger.Logger().WithError(err).Error("failed to create Elasticsearch certificates, Elasticsearch won't be deployed")
} else {
c.secrets = es.ExtractSecrets()
c.elasticsearches = append(c.elasticsearches, *es.Elasticsearch())

es.InjectStorageConfiguration(&queryDep.Spec.Template.Spec)
es.InjectStorageConfiguration(&cDep.Spec.Template.Spec)
if indexCleaner != nil {
es.InjectSecretsConfiguration(&indexCleaner.Spec.JobTemplate.Spec.Template.Spec)
}
for i := range esRollover {
es.InjectSecretsConfiguration(&esRollover[i].Spec.JobTemplate.Spec.Template.Spec)
}
for i := range c.dependencies {
es.InjectSecretsConfiguration(&c.dependencies[i].Spec.Template.Spec)
}
}
autoProvisionElasticsearch(&c, jaeger, jobs, []*appsv1.Deployment{queryDep, cDep})
}
Expand Down
Loading

0 comments on commit f100fc9

Please sign in to comment.