Bug 1826873

Summary: Default console route should redirect to correct public URL when route hostname has been customized
Product: OpenShift Container Platform Reporter: Samuel Padgett <spadgett>
Component: Management ConsoleAssignee: Jakub Hadvig <jhadvig>
Status: CLOSED ERRATA QA Contact: Yadan Pei <yapei>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.5CC: aos-bugs, bpeterse, jokerman, yapei
Target Milestone: ---   
Target Release: 4.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: When setting custom route for the console in the console operator config we dont remove the default route. Consequence: When user tries to access the console from the default route, he will not be able to login since the OAuth callback will use the public URL, which points to the custom route, when set. Fix: Redirect the default route to the custom one, if the custom one is set. Result: User is redirected when accessing the default route to the custom one.
 Story Points: ---
Clone Of: Environment:
Version: 4.5.0-0.ci-2020-04-22-091616 Cluster ID: c377171a-8172-49e8-ae39-c91e322bd91d Browser: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:75.0) Gecko/20100101 Firefox/75.0
Last Closed: 2020-07-13 17:30:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Samuel Padgett 2020-04-22 16:52:40 UTC 
We don't do anything to disable the default console route when the console hostname is customized. The problem is that users who visit the default route will not be able to login since the OAuth callback will use the public URL, and the state cookie will be missing. We should provide a redirect to the correct public URL from the previous, default route (ideally preserving the path and any query parameters). This will allow old bookmarks and links to keep working.
Comment 1 bpeterse 2020-04-23 16:05:41 UTC 
I see 2 options initially:

1.
- we delete the default route.
- if the custom route is removed, we hope we get the default back.
- we go degraded if we cannot due to a squatter.

2. 
- we find a base image in our registry with node.js or python 
- we write a small node.js or python script that acts as a redirect server. we would do similar to the downloads server by injecting our script with the inline YAML (little gross)
- we pass the custom-URL into the image as an env var or config map
- we create a pod with that image called 'default-route-redirect' in 'openshift-console' and deploy it

Either seems a reasonable solution, but the second is a better experience, we will just have a small stack of hacks to maintain.  The first leaves the admin with more to fix later if something steals our route.  I can't think of a good reason for a squatter to want console-openshift-console. off the top of my head.
Comment 7 errata-xmlrpc 2020-07-13 17:30:21 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409