From 363c806a1a71fb2ced336e3ea8806636879d8dd7 Mon Sep 17 00:00:00 2001
From: Paul Richardson <p.g.richardson@phantomjinx.co.uk>
Date: Tue, 14 May 2024 19:02:10 +0100
Subject: [PATCH] fix: Adds cluster-mode uris to allowed list of nginx
 endpoints

* URIs are necessary for query projects/namespaces when discovering in
  cluster-mode.
---
 docker/nginx.js                   | 6 +++++-
 packages/kubernetes-api-app/query | 8 +++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/docker/nginx.js b/docker/nginx.js
index edddaa80..8c2ddaf5 100644
--- a/docker/nginx.js
+++ b/docker/nginx.js
@@ -29,6 +29,10 @@ var masterUrlPatterns = [
   /\/master\/apis\/apps.openshift.io\/v1$/,
   // OpenShift Current User
   /\/master\/apis\/user.openshift.io\/v1\/users\/~$/,
+  // OpenShift projects (for cluster-mode)
+  /\/master\/apis\/project.openshift.io\/v1\/projects$/,
+  // Kubernetes namespaces (for cluster-mode)
+  /\/master\/api\/v1\/namespaces$/,
   // Kubernetes Pods in a wildcard namespace to be converted to websocket
   /\/master\/api\/v1\/namespaces\/[0-9a-zA-Z-]+\/pods\?watch=true$/,
   // Kubernetes Pods in a wildcard namespace
@@ -59,7 +63,7 @@ function proxyMasterGuard(req) {
   }
 
   req.headersOut['Content-Type'] = 'application/json';
-  req.return(502, JSON.stringify({ message: `Error: Access to ${uri} is not allowed` }));
+  req.return(502, JSON.stringify({ message: `Error (gateway): Access to ${uri} is not allowed.` }));
 }
 
 function proxyJolokiaAgent(req) {
diff --git a/packages/kubernetes-api-app/query b/packages/kubernetes-api-app/query
index 406c6f7b..56f16b8c 100755
--- a/packages/kubernetes-api-app/query
+++ b/packages/kubernetes-api-app/query
@@ -1,8 +1,14 @@
 #!/bin/bash
 
+ENDPOINT="apis/apps.openshift.io/v1"
+
+if [ -n "${1}" ]; then
+  ENDPOINT=${1}
+fi
+
 token=$(oc whoami -t)
 
 curl -k \
   -H "Authorization: Bearer ${token}" \
-  https://api.crc.testing:6443/apis/apps.openshift.io/v1
+  https://api.crc.testing:6443/${ENDPOINT}