fix: Adds cluster-mode uris to allowed list of nginx endpoints

* URIs are necessary for query projects/namespaces when discovering in cluster-mode.
hawtio · May 14, 2024 · 363c806 · 363c806
1 parent 60a9b3e
commit 363c806
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/docker/nginx.js b/docker/nginx.js
@@ -29,6 +29,10 @@ var masterUrlPatterns = [
   /\/master\/apis\/apps.openshift.io\/v1$/,
   // OpenShift Current User
   /\/master\/apis\/user.openshift.io\/v1\/users\/~$/,
+  // OpenShift projects (for cluster-mode)
+  /\/master\/apis\/project.openshift.io\/v1\/projects$/,
+  // Kubernetes namespaces (for cluster-mode)
+  /\/master\/api\/v1\/namespaces$/,
   // Kubernetes Pods in a wildcard namespace to be converted to websocket
   /\/master\/api\/v1\/namespaces\/[0-9a-zA-Z-]+\/pods\?watch=true$/,
   // Kubernetes Pods in a wildcard namespace
@@ -59,7 +63,7 @@ function proxyMasterGuard(req) {
   }
 
   req.headersOut['Content-Type'] = 'application/json';
-  req.return(502, JSON.stringify({ message: `Error: Access to ${uri} is not allowed` }));
+  req.return(502, JSON.stringify({ message: `Error (gateway): Access to ${uri} is not allowed.` }));
 }
 
 function proxyJolokiaAgent(req) {

diff --git a/packages/kubernetes-api-app/query b/packages/kubernetes-api-app/query
@@ -1,8 +1,14 @@
 #!/bin/bash
 
+ENDPOINT="apis/apps.openshift.io/v1"
+
+if [ -n "${1}" ]; then
+  ENDPOINT=${1}
+fi
+
 token=$(oc whoami -t)
 
 curl -k \
   -H "Authorization: Bearer ${token}" \
-  https://api.crc.testing:6443/apis/apps.openshift.io/v1
+  https://api.crc.testing:6443/${ENDPOINT}