Update master-next from master

README.md

@@ -154,7 +154,7 @@ yarn run dev
 ```
 If changes aren't detected, you might need to increase `fs.inotify.max_user_watches`. See <https://webpack.js.org/configuration/watch/#not-enough-watchers>.
 
-### Tests
+### Unit Tests
 
 Run all unit tests:
 ```
@@ -171,6 +171,14 @@ Run frontend tests:
 ./test-frontend.sh
 ```
 
+#### Debugging Unit Tests
+
+1. `cd frontend; yarn run build`
+2. Add `debugger;` statements to any unit test
+3. `yarn debug-test route-pages`
+4. Chrome browser URL: 'chrome://inspect/#devices', click on the 'inspect' link in **Target (v10...)** section.
+5. Launches chrome-dev tools, click Resume button to continue
+6. Will break on any `debugger;` statements
 
 ### Integration Tests
 
@@ -222,6 +230,16 @@ $ ./test-gui.sh olm
 
 Remove the `--headless` flag to Chrome (chromeOptions) in [protractor.conf.ts](frontend/integration-tests/protractor.conf.ts) to see what the tests are actually doing.
 
+##### Debugging Integration Tests
+
+1. `cd frontend; yarn run build`
+2. Add `debugger;` statements to any e2e test
+3. `yarn run debug-test-suite --suite overview`
+4. Chrome browser URL: 'chrome://inspect/#devices', click on the 'inspect' link in **Target (v10...)** section.
+5. Launches chrome-dev tools, click Resume button to continue
+6. Will break on any `debugger;` statements
+7. Pauses browser when not using `--headless` argument!
+
 ### Dependency Management
 
 Dependencies should be pinned to an exact semver, sha, or git tag (eg, no ^).

auth/auth.go

@@ -13,6 +13,7 @@ import (
 	"net/http"
 	"net/url"
 	"strings"
+	"sync"
 	"time"
 
 	"github.com/coreos/dex/api"
@@ -39,15 +40,27 @@ const (
 	errorInvalidState = "invalid_state"
 )
 
-var log = capnslog.NewPackageLogger("github.com/openshift/console", "auth")
+var (
+	log = capnslog.NewPackageLogger("github.com/openshift/console", "auth")
 
-type Authenticator struct {
-	tokenVerifier func(string) (*loginState, error)
+	// Cache HTTP clients to avoid recreating them for each request to the
+	// OAuth server. The key is the ca.crt bytes cast to a string and the
+	// value is a pointer to the http.Client. Keep two maps: one that
+	// incldues system roots and one that doesn't.
+	httpClientCache            sync.Map
+	httpClientCacheSystemRoots sync.Map
+)
 
+type Authenticator struct {
 	authFunc func() (*oauth2.Config, loginMethod)
 
 	clientFunc func() *http.Client
 
+	// userFunc returns the User associated with the cookie from a request.
+	// This is not part of loginMethod to avoid creating an unnecessary
+	// HTTP client for every call.
+	userFunc func(*http.Request) (*User, error)
+
 	errorURL      string
 	successURL    string
 	cookiePath    string
@@ -66,8 +79,6 @@ type loginMethod interface {
 	login(http.ResponseWriter, *oauth2.Token) (*loginState, error)
 	// logout deletes any cookies associated with the user.
 	logout(http.ResponseWriter, *http.Request)
-	// authenticate fetches the bearer token from the cookie of a request.
-	authenticate(*http.Request) (*User, error)
 	// getKubeAdminLogoutURL returns the logout URL for the special
 	// kube:admin user in OpenShift
 	getKubeAdminLogoutURL() string
@@ -112,27 +123,43 @@ func newHTTPClient(issuerCA string, includeSystemRoots bool) (*http.Client, erro
 		return nil, fmt.Errorf("load issuer CA file %s: %v", issuerCA, err)
 	}
 
+	caKey := string(data)
 	var certPool *x509.CertPool
 	if includeSystemRoots {
+		if httpClient, ok := httpClientCacheSystemRoots.Load(caKey); ok {
+			return httpClient.(*http.Client), nil
+		}
 		certPool, err = x509.SystemCertPool()
 		if err != nil {
 			log.Errorf("error copying system cert pool: %v", err)
 			certPool = x509.NewCertPool()
 		}
 	} else {
+		if httpClient, ok := httpClientCache.Load(caKey); ok {
+			return httpClient.(*http.Client), nil
+		}
 		certPool = x509.NewCertPool()
 	}
 	if !certPool.AppendCertsFromPEM(data) {
 		return nil, fmt.Errorf("file %s contained no CA data", issuerCA)
 	}
-	return &http.Client{
+
+	httpClient := &http.Client{
 		Transport: &http.Transport{
 			TLSClientConfig: &tls.Config{
 				RootCAs: certPool,
 			},
 		},
 		Timeout: time.Second * 5,
-	}, nil
+	}
+
+	if includeSystemRoots {
+		httpClientCacheSystemRoots.Store(caKey, httpClient)
+	} else {
+		httpClientCache.Store(caKey, httpClient)
+	}
+
+	return httpClient, nil
 }
 
 // NewAuthenticator initializes an Authenticator struct. It blocks until the authenticator is
@@ -154,6 +181,7 @@ func NewAuthenticator(ctx context.Context, c *Config) (*Authenticator, error) {
 		var authSourceFunc func() (oauth2.Endpoint, loginMethod, error)
 		switch c.AuthSource {
 		case AuthSourceOpenShift:
+			a.userFunc = getOpenShiftUser
 			authSourceFunc = func() (oauth2.Endpoint, loginMethod, error) {
 				// Use the k8s CA for OAuth metadata discovery.
 				// Don't include system roots when talking to the API server.
@@ -171,14 +199,22 @@ func NewAuthenticator(ctx context.Context, c *Config) (*Authenticator, error) {
 				})
 			}
 		default:
+			// OIDC auth source is stateful, so only create it once.
+			endpoint, oidcAuthSource, err := newOIDCAuth(ctx, &oidcConfig{
+				client:        a.clientFunc(),
+				issuerURL:     c.IssuerURL,
+				clientID:      c.ClientID,
+				cookiePath:    c.CookiePath,
+				secureCookies: c.SecureCookies,
+			})
+			a.userFunc = func(r *http.Request) (*User, error) {
+				if oidcAuthSource == nil {
+					return nil, fmt.Errorf("OIDC auth source is not intialized")
+				}
+				return oidcAuthSource.authenticate(r)
+			}
 			authSourceFunc = func() (oauth2.Endpoint, loginMethod, error) {
-				return newOIDCAuth(ctx, &oidcConfig{
-					client:        a.clientFunc(),
-					issuerURL:     c.IssuerURL,
-					clientID:      c.ClientID,
-					cookiePath:    c.CookiePath,
-					secureCookies: c.SecureCookies,
-				})
+				return endpoint, oidcAuthSource, err
 			}
 		}
 
@@ -273,7 +309,7 @@ type User struct {
 }
 
 func (a *Authenticator) Authenticate(r *http.Request) (*User, error) {
-	return a.getLoginMethod().authenticate(r)
+	return a.userFunc(r)
 }
 
 // LoginFunc redirects to the OIDC provider for user login.

auth/auth_openshift.go

@@ -159,7 +159,7 @@ func (o *openShiftAuth) logout(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusNoContent)
 }
 
-func (o *openShiftAuth) authenticate(r *http.Request) (*User, error) {
+func getOpenShiftUser(r *http.Request) (*User, error) {
 	// TODO: This doesn't do any validation of the cookie with the assumption that the
 	// API server will reject tokens it doesn't recognize. If we want to keep some backend
 	// state we should sign this cookie. If not there's not much we can do.

frontend/__mocks__/k8sResourcesMocks.ts

@@ -9,7 +9,8 @@ import {
   CatalogSourceKind,
   InstallPlanApproval,
   PackageManifestKind,
-  OperatorGroupKind } from '../public/components/operator-lifecycle-manager';
+  OperatorGroupKind,
+  InstallPlanPhase } from '../public/components/operator-lifecycle-manager';
 import { StatusCapability, SpecCapability } from '../public/components/operator-lifecycle-manager/descriptors/types';
 import { CustomResourceDefinitionKind, K8sResourceKind, K8sKind } from '../public/module/k8s';
 /* eslint-enable no-unused-vars */
@@ -307,7 +308,7 @@ export const testInstallPlan: InstallPlanKind = {
     approval: InstallPlanApproval.Automatic,
   },
   status: {
-    phase: 'Complete',
+    phase: InstallPlanPhase.InstallPlanPhaseComplete,
     catalogSources: ['test-catalog'],
     plan: [],
   },

frontend/__mocks__/operatorHubItemsMocks.ts

@@ -1,6 +1,7 @@
 /* eslint-disable no-unused-vars, no-undef */
 
 import { PackageManifestKind } from '../public/components/operator-lifecycle-manager';
+import { OperatorHubItem } from '../public/components/operator-hub';
 
 const amqPackageManifest = {
   apiVersion: 'packages.app.redhat.com/v1alpha1',
@@ -315,6 +316,7 @@ export const operatorHubTileViewPageProps = {
     {
       obj: amqPackageManifest,
       installState: 'Installed',
+      installed: false,
       kind: 'PackageManifest',
       name: 'amq-streams',
       uid: 'amq-streams/openshift-operator-lifecycle-manager',
@@ -332,10 +334,13 @@ export const operatorHubTileViewPageProps = {
       support: undefined,
       longDescription: undefined,
       categories: ['messaging', 'streaming'],
+      catalogSource: 'testing',
+      catalogSourceNamespace: 'openshift-marketplace',
     },
     {
       obj: etcdPackageManifest,
       installState: 'Not Installed',
+      installed: false,
       kind: 'PackageManifest',
       name: 'etcd',
       uid: 'etcd/openshift-operator-lifecycle-manager',
@@ -353,9 +358,12 @@ export const operatorHubTileViewPageProps = {
       support: undefined,
       longDescription: undefined,
       categories: ['database'],
+      catalogSource: 'testing',
+      catalogSourceNamespace: 'openshift-marketplace',
     },
     { obj: federationv2PackageManifest,
       installState: 'Not Installed',
+      installed: false,
       kind: 'PackageManifest',
       name: 'federationv2',
       uid: 'federationv2/openshift-operator-lifecycle-manager',
@@ -373,9 +381,12 @@ export const operatorHubTileViewPageProps = {
       support: undefined,
       longDescription: undefined,
       categories: [],
+      catalogSource: 'testing',
+      catalogSourceNamespace: 'openshift-marketplace',
     },
     { obj: prometheusPackageManifest,
       installState: 'Not Installed',
+      installed: false,
       kind: 'PackageManifest',
       name: 'prometheus',
       uid: 'prometheus/openshift-operator-lifecycle-manager',
@@ -393,9 +404,12 @@ export const operatorHubTileViewPageProps = {
       support: undefined,
       longDescription: undefined,
       categories: ['monitoring', 'alerting'],
+      catalogSource: 'testing',
+      catalogSourceNamespace: 'openshift-marketplace',
     },
     { obj: svcatPackageManifest,
       installState: 'Not Installed',
+      installed: false,
       kind: 'PackageManifest',
       name: 'svcat',
       uid: 'svcat/openshift-operator-lifecycle-manager',
@@ -413,8 +427,10 @@ export const operatorHubTileViewPageProps = {
       support: undefined,
       longDescription: undefined,
       categories: ['catalog'],
+      catalogSource: 'testing',
+      catalogSourceNamespace: 'openshift-marketplace',
     },
-  ],
+  ] as OperatorHubItem[],
   openOverlay: null,
 };
 
@@ -427,6 +443,7 @@ export const operatorHubTileViewPagePropsWithDummy = {
     operatorHubTileViewPageProps.items[4],
     {
       obj: dummyPackageManifest,
+      installed: false,
       kind: 'PackageManifest',
       name: 'dummy',
       uid: 'dummy/openshift-operator-lifecycle-manager',
@@ -444,6 +461,8 @@ export const operatorHubTileViewPagePropsWithDummy = {
       support: undefined,
       longDescription: undefined,
       categories: ['dummy'],
+      catalogSource: 'testing',
+      catalogSourceNamespace: 'openshift-marketplace',
     },
   ],
   openOverlay: null,
@@ -553,4 +572,6 @@ export const itemWithLongDescription = {
   support: undefined,
   longDescription: '**Red Hat AMQ Streams** is a massively scalable, distributed, and high performance data streaming platform based on the Apache Kafka project. \nAMQ Streams provides an event streaming backbone that allows microservices and other application components to exchange data with extremely high throughput and low latency.\n\n**The core capabilities include**\n* A pub/sub messaging model, similar to a traditional enterprise messaging system, in which application components publish and consume events to/from an ordered stream\n* The long term, fault-tolerant storage of events\n* The ability for a consumer to replay streams of events\n* The ability to partition topics for horizontal scalability\n\n# Before you start\n\n1. Create AMQ Streams Cluster Roles\n```\n$ oc apply -f http://amq.io/amqstreams/rbac.yaml\n```\n2. Create following bindings\n```\n$ oc adm policy add-cluster-role-to-user strimzi-cluster-operator -z strimzi-cluster-operator --namespace <namespace>\n$ oc adm policy add-cluster-role-to-user strimzi-kafka-broker -z strimzi-cluster-operator --namespace <namespace>\n```',
   categories: ['messaging', 'streaming'],
+  catalogSource: 'testing',
+  catalogSourceNamespace: 'openshift-marketplace',
 };