Bug 1826873 - Default console route should redirect to correct public URL when route hostname has been customized
Summary: Default console route should redirect to correct public URL when route hostna...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Management Console
Version: 4.5
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 4.5.0
Assignee: Jakub Hadvig
QA Contact: Yadan Pei
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-04-22 16:52 UTC by Samuel Padgett
Modified: 2020-07-13 17:30 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: When setting custom route for the console in the console operator config we dont remove the default route. Consequence: When user tries to access the console from the default route, he will not be able to login since the OAuth callback will use the public URL, which points to the custom route, when set. Fix: Redirect the default route to the custom one, if the custom one is set. Result: User is redirected when accessing the default route to the custom one.
Clone Of:
Environment:
Version: 4.5.0-0.ci-2020-04-22-091616 Cluster ID: c377171a-8172-49e8-ae39-c91e322bd91d Browser: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:75.0) Gecko/20100101 Firefox/75.0
Last Closed: 2020-07-13 17:30:21 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift console-operator pull 420 0 None closed Bug 1826873: Default console route should redirect to correct public URL when route hostname has been customized 2020-08-03 02:00:59 UTC
Github openshift console pull 5276 0 None closed Bug 1826873: Add redirect listener to console backend 2020-08-03 02:00:59 UTC
Red Hat Product Errata RHBA-2020:2409 0 None None None 2020-07-13 17:30:39 UTC

Description Samuel Padgett 2020-04-22 16:52:40 UTC
We don't do anything to disable the default console route when the console hostname is customized. The problem is that users who visit the default route will not be able to login since the OAuth callback will use the public URL, and the state cookie will be missing. We should provide a redirect to the correct public URL from the previous, default route (ideally preserving the path and any query parameters). This will allow old bookmarks and links to keep working.

Comment 1 bpeterse 2020-04-23 16:05:41 UTC
I see 2 options initially:

1.
- we delete the default route.
- if the custom route is removed, we hope we get the default back.
- we go degraded if we cannot due to a squatter.

2. 
- we find a base image in our registry with node.js or python 
- we write a small node.js or python script that acts as a redirect server. we would do similar to the downloads server by injecting our script with the inline YAML (little gross)
- we pass the custom-URL into the image as an env var or config map
- we create a pod with that image called 'default-route-redirect' in 'openshift-console' and deploy it

Either seems a reasonable solution, but the second is a better experience, we will just have a small stack of hacks to maintain.  The first leaves the admin with more to fix later if something steals our route.  I can't think of a good reason for a squatter to want console-openshift-console. off the top of my head.

Comment 7 errata-xmlrpc 2020-07-13 17:30:21 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409


Note You need to log in before you can comment on or make changes to this bug.