WIP: move up oauth metadata creation

Signed-off-by: Simo Sorce <[email protected]>

Author: simo5

pkg/cmd/server/origin/master.go

@@ -1,6 +1,7 @@
 package origin
 
 import (
+	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"net/http"
@@ -75,24 +76,37 @@ func (c *MasterConfig) newOpenshiftAPIConfig(kubeAPIServerConfig apiserver.Confi
 	return ret, ret.ExtraConfig.Validate()
 }
 
-func (c *MasterConfig) newOpenshiftNonAPIConfig(kubeAPIServerConfig apiserver.Config) *OpenshiftNonAPIConfig {
+// Prep OAuth metadata once
+func (c *MasterConfig) prepOauthMetadata(config *OpenshiftNonAPIConfig) error {
+	var err error
+	if c.Options.OAuthConfig != nil {
+		config.ExtraConfig.OAuthMetadata, err = json.MarshalIndent(oauthutil.GetOauthMetadata(c.Options.OAuthConfig.MasterPublicURL), "", "  ")
+		if err != nil {
+			glog.Errorf("Unable to initialize OAuth authorization server metadata route: %v", err)
+			return err
+		}
+	}
+	if c.Options.ExternalOAuthConfig != nil {
+		config.ExtraConfig.OAuthMetadata, err = oauthutil.LoadOAuthMetadataFile(c.Options.ExternalOAuthConfig.MetadataFile)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (c *MasterConfig) newOpenshiftNonAPIConfig(kubeAPIServerConfig apiserver.Config) (*OpenshiftNonAPIConfig, error) {
 	ret := &OpenshiftNonAPIConfig{
 		GenericConfig: &apiserver.RecommendedConfig{
 			Config:                kubeAPIServerConfig,
 			SharedInformerFactory: c.ClientGoKubeInformers,
 		},
-		ExtraConfig: NonAPIExtraConfig{
-			EnableOAuth: c.Options.OAuthConfig != nil || c.Options.ExternalOAuthConfig != nil,
-		},
-	}
-	if c.Options.OAuthConfig != nil {
-		ret.ExtraConfig.MasterPublicURL = c.Options.OAuthConfig.MasterPublicURL
 	}
-	if c.Options.ExternalOAuthConfig != nil {
-		ret.ExtraConfig.OAuthMetadataFile = c.Options.ExternalOAuthConfig.MetadataFile
+	if err := c.prepOauthMetadata(ret); err != nil {
+		return nil, err
 	}
 
-	return ret
+	return ret, nil
 }
 
 func (c *MasterConfig) withAPIExtensions(delegateAPIServer apiserver.DelegationTarget, kubeAPIServerConfig apiserver.Config) (apiserver.DelegationTarget, apiextensionsinformers.SharedInformerFactory, error) {
@@ -113,7 +127,10 @@ func (c *MasterConfig) withAPIExtensions(delegateAPIServer apiserver.DelegationT
 }
 
 func (c *MasterConfig) withNonAPIRoutes(delegateAPIServer apiserver.DelegationTarget, kubeAPIServerConfig apiserver.Config) (apiserver.DelegationTarget, error) {
-	openshiftNonAPIConfig := c.newOpenshiftNonAPIConfig(kubeAPIServerConfig)
+	openshiftNonAPIConfig, err := c.newOpenshiftNonAPIConfig(kubeAPIServerConfig)
+	if err != nil {
+		return nil, err
+	}
 	openshiftNonAPIServer, err := openshiftNonAPIConfig.Complete().New(delegateAPIServer)
 	if err != nil {
 		return nil, err

pkg/cmd/server/origin/nonapiserver.go

@@ -1,21 +1,15 @@
 package origin
 
 import (
-	"encoding/json"
 	"net/http"
 
-	"github.com/golang/glog"
-
 	genericmux "k8s.io/apiserver/pkg/server/mux"
 
-	oauthutil "github.com/openshift/origin/pkg/oauth/util"
 	genericapiserver "k8s.io/apiserver/pkg/server"
 )
 
 type NonAPIExtraConfig struct {
-	MasterPublicURL   string
-	EnableOAuth       bool
-	OAuthMetadataFile string
+	OAuthMetadata []byte
 }
 
 type OpenshiftNonAPIConfig struct {
@@ -60,7 +54,7 @@ func (c completedOpenshiftNonAPIConfig) New(delegationTarget genericapiserver.De
 
 	// TODO move this up to the spot where we wire the oauth endpoint
 	// Set up OAuth metadata only if we are configured to use OAuth
-	if c.ExtraConfig.EnableOAuth {
+	if len(c.ExtraConfig.OAuthMetadata) > 0 {
 		initOAuthAuthorizationServerMetadataRoute(s.GenericAPIServer.Handler.NonGoRestfulMux, c.ExtraConfig)
 	}
 
@@ -78,27 +72,9 @@ const (
 // https://tools.ietf.org/id/draft-ietf-oauth-discovery-04.html#rfc.section.2
 // masterPublicURL should be internally and externally routable to allow all users to discover this information
 func initOAuthAuthorizationServerMetadataRoute(mux *genericmux.PathRecorderMux, ExtraConfig *NonAPIExtraConfig) {
-	// Build OAuth metadata once
-	var metadata []byte
-	var err error
-
-	if len(ExtraConfig.OAuthMetadataFile) > 0 {
-		metadata, err = oauthutil.LoadOAuthMetadataFile(ExtraConfig.OAuthMetadataFile)
-		if err != nil {
-			glog.Error(err)
-			return
-		}
-	} else {
-		metadata, err = json.MarshalIndent(oauthutil.GetOauthMetadata(ExtraConfig.MasterPublicURL), "", "  ")
-		if err != nil {
-			glog.Errorf("Unable to initialize OAuth authorization server metadata route: %v", err)
-			return
-		}
-	}
-
 	mux.UnlistedHandleFunc(oauthMetadataEndpoint, func(w http.ResponseWriter, req *http.Request) {
 		w.Header().Set("Content-Type", "application/json")
 		w.WriteHeader(http.StatusOK)
-		w.Write(metadata)
+		w.Write(ExtraConfig.OAuthMetadata)
 	})
 }