search

crc-org / crc-extension

Red Hat OpenShift Local Extension for integration of OpenShift Local clusters with Podman Desktop
Apache License 2.0
12 stars 16 forks source link

Simplify setup and pull secret flow with Red Hat SSO extension #200

Open slemeur opened 4 months ago

slemeur commented 4 months ago

Goals

Thanks to the work done on the Red Hat SSO extension, we now would like to automate the process of getting the pull secret to start openshift local.

Sub-tasks

gbraad commented 4 months ago

@dgolovin @jeffmaury

dgolovin commented 4 months ago

@jeffmaury I published @redhat-developer/rhaccm-client simplify it. The implementation for this feature should:

  1. Add dependency Red Hat SSO extension
  2. Ask for Red Hat SSO session through authentication API when configuring OpenShift Local Instance 
    const authSession: extensionApi.AuthenticationSession | undefined> = await extensionApi.authentication.getSession(
'redhat.authentication-provider',
['api.iam.registry_service_accounts', //scope that gives access to hydra service accounts API
'api.console', // scope that gives access to console.redhat.com APIs
'id.username'], // adds claim to accessToken that used to render account label
{createIfNone: true} // will request to login in browser if session does not exists
);
  3. get access_token from the session when created
  4. call @redhat-developer/rhaccm-client to get pull_secret json string 
    import { AccountManagementClient } from '@redhat-developer/rhaccm-client';
const client = new AccountManagementClient({
BASE: 'https://api.openshift.com/api/accounts_mgmt/v1',
TOKEN: authSession.access_token,
});
const accessTokenCfg = await client.default.postApiAccountsMgmtV1AccessToken();
const pull_secret:string = JSON.stringify(accessTokenCfg);