fix: update sso configuration for service (#307)

redhat-developer · Jun 23, 2022 · e65e89e · e65e89e
1 parent 4b6ce2b
commit e65e89e
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 7 deletions.
diff --git a/build_docs/dev-install.adoc b/build_docs/dev-install.adoc
@@ -148,6 +148,6 @@ The operator also has several values which may be set via environment variables.
  * AUTH_CLIENTID :  The SSO client client-id, defaults to `cloud-services`
  * AUTH_TOKENPATH : The path to use with AUTH_SERVERURL to exchange the access token, defaults to `protocol/openid-connect/token`
  * CLOUD_SERVICES_API : The base path for the cloud services API, defaults to `https://api.stage.openshift.com`
- * MAS_AUTH_URL : This is the URL for Managed Service SSO. Defaults to `https://identity.api.openshift.com/auth/`
+ * MAS_AUTH_URL : This is the URL for Managed Service SSO.
  * MAS_AUTH_REALM : This is the realm for Managed Service SSO. Defaults to `rhoas`
  * MAS_AUTH_URL_TOKEN_PATH : This is the token path used to exchange OAuth tokens for Mas services. Defaults to `realms/rhoas/protocol/openid-connect/token`. When injected a full token url will be of the form $MAS_AUTH_URL + $MAS_AUTH_URL_TOKEN_PATH.
diff --git a/docs/custom_resources.adoc b/docs/custom_resources.adoc
@@ -230,7 +230,7 @@ spec:
 #    type: Finished
 #  message: Created
 #  metadata:
-#    oauthTokenUrl: https://identity.api.openshift.com/auth/realms/rhoas/protocol/openid-connect/token
+#    oauthTokenUrl: https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
 #    provider: rhoas
 #    type: serviceregistry
 #  registryUrl: https://bu98.serviceregistry.rhcloud.com/t/ca6b69b3-12be-4ec9-add5-0098567008f5/apis/registry/v2

diff --git a/...as/src/main/java/com/openshift/cloud/controllers/ServiceRegistryConnectionController.java b/...as/src/main/java/com/openshift/cloud/controllers/ServiceRegistryConnectionController.java
@@ -20,8 +20,7 @@ public class ServiceRegistryConnectionController
   @Inject
   AccessTokenSecretTool accessTokenSecretTool;
 
-  @ConfigProperty(name = "rhoas.client.srsOAuthHost",
-      defaultValue = "https://identity.api.openshift.com/auth")
+  @ConfigProperty(name = "rhoas.client.srsOAuthHost")
   String oAuthHost;
 
   @ConfigProperty(name = "rhoas.client.srsOAuthRealm", defaultValue = "rhoas")

diff --git a/source/rhoas/src/main/resources/application.properties b/source/rhoas/src/main/resources/application.properties
@@ -15,9 +15,9 @@ quarkus.log.level=${RHOAS_LOG_LEVEL:INFO}
 rhoas.client.apiBasePath=${CLOUD_SERVICES_API:https://api.openshift.com}
 auth.serverUrl=${CLOUD_SERVICES_SSO:https://sso.redhat.com/auth/realms/redhat-external}
 
-rhoas.client.srsOAuthHost=${MAS_AUTH_URL:https://identity.api.openshift.com/auth}
-rhoas.client.srsOAuthRealm=${MAS_AUTH_REALM:rhoas}
-rhoas.client.srsOAuthTokenPath=${MAS_AUTH_URL_TOKEN_PATH:realms/rhoas/protocol/openid-connect/token}
+rhoas.client.srsOAuthHost=${MAS_AUTH_URL:https://sso.redhat.com/auth}
+rhoas.client.srsOAuthRealm=${MAS_AUTH_REALM:redhat-external}
+rhoas.client.srsOAuthTokenPath=${MAS_AUTH_URL_TOKEN_PATH:realms/redhat-external/protocol/openid-connect/token}
 
 ## Enable clusters without valid certificated
 quarkus.kubernetes-client.trust-certs=true