Adding SSO to common logging link

ManageIQ · Mar 29, 2017 · 56be18b · 56be18b
1 parent c06e0a7
commit 56be18b
Showing 1 changed file with 44 additions and 5 deletions.
diff --git a/app/controllers/mixins/containers_external_logging_support_mixin.rb b/app/controllers/mixins/containers_external_logging_support_mixin.rb
@@ -5,12 +5,51 @@ def launch_external_logging
     route_name = ems.external_logging_route_name
     logging_route = ContainerRoute.find_by(:name => route_name, :ems_id => ems.id) if route_name
     if logging_route
-      scheme = URI.parse(logging_route.host_name).scheme || "https"
-      url = "#{scheme}://#{logging_route.host_name}#{record.external_logging_path}"
-      javascript_open_window(url)
+      user_token = SecureRandom.base64(15)
+      query_params = {'access_token' => ems.authentication_token,
+                      'user_token'   => user_token,
+                      'redirect'     => record.external_logging_path}
+      url = URI::HTTPS.build(:host  => logging_route.host_name,
+                             :path  => '/auth/sso-setup',
+                             :query => (query_params.collect { |k, v| k + '=' + v }).join('&'))
+      res = nil
+      begin
+        Net::HTTP.start(url.hostname, url.port,
+                        :use_ssl => true,
+                        :verify_mode => ems.verify_ssl_mode,
+                        :cert_store  => ems.ssl_cert_store
+                       ) do |http|
+          res = http.request(Net::HTTP::Get.new(url.request_uri))
+        end
+      rescue Errno::ECONNREFUSED, SocketError => _e
+        javascript_flash(:text        => _("Cannot access '%{hostname}. " \
+                                           "Make sure that the logging route is accessible") %
+                                          {:hostname => url.hostname},
+                         :severity    => :error,
+                         :spinner_off => true)
+      rescue OpenSSL::SSL::SSLError => e
+        javascript_flash(:text        => _("Cannot validate certificate to '%{hostname}. " \
+                                           "Make sure that you use a certificate signed by the root Openshift Cert." \
+                                           "error message: %{err}") %
+                                            {:hostname => url.hostname, :err => e.message },
+                         :severity    => :error,
+                         :spinner_off => true)
+      else
+        if res.code_type == Net::HTTPOK
+          query_params.delete('access_token')
+          url = URI::HTTPS.build(:host  => logging_route.host_name,
+                                 :path  => '/auth/sso-login',
+                                 :query => (query_params.collect { |k, v| k + '=' + v }).join('&'))
+        else
+          scheme = URI.parse(logging_route.host_name).scheme || "https"
+          url = "#{scheme}://#{logging_route.host_name}#{record.external_logging_path}"
+        end
+        javascript_open_window(url.to_s)
+      end
     else
-      javascript_flash(:text        => _("A route named '#{route_name}' is configured to connect to the " \
-                                          "external logging server but it doesn't exist"),
+      javascript_flash(:text        => _("A route named '%{route_name}' is configured to connect to the " \
+                                          "external logging server but it doesn't exist") %
+                                         {:route_name => route_name},
                        :severity    => :error,
                        :spinner_off => true)
     end