UPSTREAM: <carry>: use console-public config map for console redirect

OpenShift-Rebase-Source: 2e5064e
openshift · Nov 3, 2023 · 7db866f · 7db866f
1 parent f398400
commit 7db866f
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 14 deletions.
diff --git a/openshift-kube-apiserver/openshiftkubeapiserver/patch.go b/openshift-kube-apiserver/openshiftkubeapiserver/patch.go
@@ -93,8 +93,8 @@ func OpenShiftKubeAPIServerConfigPatch(genericConfig *genericapiserver.Config, k
 		return nil
 	})
 	genericConfig.BuildHandlerChainFunc, err = BuildHandlerChain(
-		enablement.OpenshiftConfig().ConsolePublicURL,
 		enablement.OpenshiftConfig().AuthConfig.OAuthMetadataFile,
+		kubeInformers.Core().V1().ConfigMaps(),
 		apiRequestCountController,
 	)
 	if err != nil {

diff --git a/openshift-kube-apiserver/openshiftkubeapiserver/patch_handlerchain.go b/openshift-kube-apiserver/openshiftkubeapiserver/patch_handlerchain.go
@@ -6,15 +6,20 @@ import (
 
 	authenticationv1 "k8s.io/api/authentication/v1"
 	genericapiserver "k8s.io/apiserver/pkg/server"
+	coreinformers "k8s.io/client-go/informers/core/v1"
 	patchfilters "k8s.io/kubernetes/openshift-kube-apiserver/filters"
 	"k8s.io/kubernetes/openshift-kube-apiserver/filters/apirequestcount"
 
 	authorizationv1 "github.com/openshift/api/authorization/v1"
-	"github.com/openshift/library-go/pkg/apiserver/httprequest"
+)
+
+const (
+	openShiftConfigManagedNamespaceName = "openshift-config-managed"
+	consolePublicConfigMapName          = "console-public"
 )
 
 // TODO switch back to taking a kubeapiserver config.  For now make it obviously safe for 3.11
-func BuildHandlerChain(consolePublicURL string, oauthMetadataFile string, requestLogger apirequestcount.APIRequestLogger) (func(apiHandler http.Handler, kc *genericapiserver.Config) http.Handler, error) {
+func BuildHandlerChain(oauthMetadataFile string, cmInformer coreinformers.ConfigMapInformer, requestLogger apirequestcount.APIRequestLogger) (func(apiHandler http.Handler, kc *genericapiserver.Config) http.Handler, error) {
 	// load the oauthmetadata when we can return an error
 	oAuthMetadata := []byte{}
 	if len(oauthMetadataFile) > 0 {
@@ -39,7 +44,7 @@ func BuildHandlerChain(consolePublicURL string, oauthMetadataFile string, reques
 			handler = translateLegacyScopeImpersonation(handler)
 
 			// redirects from / and /console to consolePublicURL if you're using a browser
-			handler = withConsoleRedirect(handler, consolePublicURL)
+			handler = withConsoleRedirect(handler, cmInformer)
 
 			return handler
 		},
@@ -69,19 +74,28 @@ func withOAuthInfo(handler http.Handler, oAuthMetadata []byte) http.Handler {
 
 // If we know the location of the asset server, redirect to it when / is requested
 // and the Accept header supports text/html
-func withConsoleRedirect(handler http.Handler, consolePublicURL string) http.Handler {
-	if len(consolePublicURL) == 0 {
-		return handler
-	}
-
+func withConsoleRedirect(handler http.Handler, cmInformer coreinformers.ConfigMapInformer) http.Handler {
+	cmLister := cmInformer.Lister()
+	informer := cmInformer.Informer()
 	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
-		if strings.HasPrefix(req.URL.Path, "/console") ||
-			(req.URL.Path == "/" && httprequest.PrefersHTML(req)) {
-			http.Redirect(w, req, consolePublicURL, http.StatusFound)
+		if !strings.HasPrefix(req.URL.Path, "/console") {
+			// Dispatch to the next handler
+			handler.ServeHTTP(w, req)
 			return
 		}
-		// Dispatch to the next handler
-		handler.ServeHTTP(w, req)
+
+		consoleUrl := ""
+		if informer.HasSynced() {
+			consolePublicConfig, err := cmLister.ConfigMaps(openShiftConfigManagedNamespaceName).Get(consolePublicConfigMapName)
+			if err == nil {
+				consoleUrl = consolePublicConfig.Data["consoleURL"]
+			}
+		}
+		if len(consoleUrl) > 0 {
+			http.Redirect(w, req, consoleUrl, http.StatusFound)
+			return
+		}
+		http.Error(w, "redirection failed: console URL not found", http.StatusInternalServerError)
 	})
 }