fix: add OpenShift token check for che-dashboard

Signed-off-by: Oleksii Orel <[email protected]>
eclipse-che · Apr 28, 2022 · 9cd32fc · 9cd32fc
1 parent 2fdc36e
commit 9cd32fc
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 0 deletions.
diff --git a/pkg/deploy/dashboard/dashboard.go b/pkg/deploy/dashboard/dashboard.go
@@ -126,6 +126,7 @@ func (d *DashboardReconciler) createGatewayConfig(ctx *deploy.DeployContext) *ga
 		[]string{})
 	if util.IsOpenShift {
 		cfg.AddAuthHeaderRewrite(d.getComponentName(ctx))
+		cfg.AddOpenShiftTokenCheck(d.getComponentName(ctx))
 	}
 	return cfg
 }
diff --git a/pkg/deploy/dashboard/dashboard_test.go b/pkg/deploy/dashboard/dashboard_test.go
@@ -47,6 +47,24 @@ func TestDashboardOpenShift(t *testing.T) {
 	assert.True(t, util.ContainsString(ctx.CheCluster.Finalizers, ClusterPermissionsDashboardFinalizer))
 }
 
+func TestTokenValidityCheckOnOpenShift(t *testing.T) {
+	util.IsOpenShift = true
+
+	ctx := deploy.GetTestDeployContext(nil, []runtime.Object{})
+	dashboard := NewDashboardReconciler()
+	_, done, err := dashboard.Reconcile(ctx)
+	assert.True(t, done)
+	assert.Nil(t, err)
+	cfg := dashboard.createGatewayConfig(ctx)
+
+	if assert.Contains(t, cfg.HTTP.Routers, "che-dashboard") {
+		assert.Contains(t, cfg.HTTP.Routers["che-dashboard"].Middlewares, "che-dashboard-token-check")
+	}
+	if assert.Contains(t, cfg.HTTP.Middlewares, "che-dashboard-token-check") && assert.NotNil(t, cfg.HTTP.Middlewares["che-dashboard-token-check"].ForwardAuth) {
+		assert.Equal(t, "https://kubernetes.default.svc/apis/user.openshift.io/v1/users/~", cfg.HTTP.Middlewares["che-dashboard-token-check"].ForwardAuth.Address)
+	}
+}
+
 func TestDashboardKubernetes(t *testing.T) {
 	util.IsOpenShift = false