feat: add possibility to use user-created routes

README.md

@@ -112,6 +112,15 @@ route:
 
 If the 'key' isn't defined 'tls.crt' is automatically used.
 
+### Custom routes
+To use custom routes, it is necessary to create the correct annotation in the service account. 
+All the routes to annotate can be listed in the `externalRoutes` field in the custom resource:
+
+```yaml
+  externalRoutes:
+    - second-route
+    - third-route
+```
 ## Deploy
 
 To create the required resources by the operator (e.g. CRD, service account, roles, role binding, deployment, ...), run the following command:

bundle/manifests/hawt.io_hawtios.yaml

@@ -175,6 +175,12 @@ spec:
                         type: string
                     type: object
                 type: object
+              externalRoutes:
+                description: List of external route names that will be annotated by
+                  the operator to access the console using the routes
+                items:
+                  type: string
+                type: array
               metadataPropagation:
                 description: The configuration for which metadata on Hawtio custom
                   resources to propagate to generated resources such as deployments,

deploy/crd/hawtio_v1alpha1_hawtio_crd.yaml

@@ -289,6 +289,12 @@ spec:
                   Note that the operator will recreate the route if the field is emptied,
                   so that the host is re-generated.'
                 type: string
+              externalRoutes:
+                description: List of external route names that will be annotated by
+                  the operator to access the console using the routes
+                items:
+                  type: string
+                type: array
               type:
                 description: 'The deployment type. Defaults to cluster. cluster: Hawtio
                   is capable of discovering and managing applications across all namespaces

pkg/apis/hawtio/v1alpha1/hawtio_types.go

@@ -68,6 +68,8 @@ type HawtioSpec struct {
 	RouteHostName string `json:"routeHostName,omitempty"`
 	// Custom certificate configuration for the route
 	Route HawtioRoute `json:"route,omitempty"`
+	// List of external route names that will be annotated by the operator to access the console using the routes
+	ExternalRoutes []string `json:"externalRoutes,omitempty"`
 	// The Hawtio console container image version. Defaults to 'latest'.
 	Version string `json:"version,omitempty"`
 	// The authentication configuration

pkg/controller/hawtio/hawtio_controller.go

@@ -715,7 +715,7 @@ func (r *ReconcileHawtio) reconcileDeployment(hawtio *hawtiov1alpha1.Hawtio,
 	var serviceAccount *corev1.ServiceAccount
 	if hawtio.Spec.Type == hawtiov1alpha1.NamespaceHawtioDeploymentType {
 		// Add service account as OAuth client
-		serviceAccount, err = resources.NewServiceAccountAsOauthClient(hawtio.Name)
+		serviceAccount, err = resources.NewServiceAccountAsOauthClient(hawtio.Name, hawtio.Spec.ExternalRoutes)
 		if err != nil {
 			return false, fmt.Errorf("error UpdateResources : %s", err)
 		}

pkg/resources/service_account.go

@@ -9,17 +9,17 @@ import (
 	oauthv1 "github.com/openshift/api/oauth/v1"
 )
 
-func NewServiceAccountAsOauthClient(name string) (*corev1.ServiceAccount, error) {
-	OAuthRedirectReference := &oauthv1.OAuthRedirectReference{
-		Reference: oauthv1.RedirectReference{
-			Kind: "Route",
-			Name: name,
-		},
-	}
+func NewServiceAccountAsOauthClient(name string, externalRoutes []string) (*corev1.ServiceAccount, error) {
+	annotations := make(map[string]string)
+	routes := append(externalRoutes, name)
+	for _, name := range routes {
 
-	ref, err := json.Marshal(OAuthRedirectReference)
-	if err != nil {
-		return nil, err
+		ref, err := createRedirectReferenceString(name)
+		if err != nil {
+			return nil, err
+		}
+		annotations["serviceaccounts.openshift.io/oauth-redirecturi."+name] = "https://"
+		annotations["serviceaccounts.openshift.io/oauth-redirectreference."+name] = ref
 	}
 
 	sa := &corev1.ServiceAccount{
@@ -28,11 +28,22 @@ func NewServiceAccountAsOauthClient(name string) (*corev1.ServiceAccount, error)
 			Labels: map[string]string{
 				"app": "hawtio",
 			},
-			Annotations: map[string]string{
-				"serviceaccounts.openshift.io/oauth-redirecturi.route":       "https://",
-				"serviceaccounts.openshift.io/oauth-redirectreference.route": string(ref),
-			},
+			Annotations: annotations,
 		},
 	}
 	return sa, nil
 }
+
+func createRedirectReferenceString(name string) (string, error) {
+	OAuthRedirectReference := &oauthv1.OAuthRedirectReference{
+		Reference: oauthv1.RedirectReference{
+			Kind: "Route",
+			Name: name,
+		},
+	}
+	ref, err := json.Marshal(OAuthRedirectReference)
+	if err != nil {
+		return "", err
+	}
+	return string(ref), err
+}

pkg/resources/service_account_test.go

@@ -0,0 +1,20 @@
+package resources
+
+import (
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestAnnotations(t *testing.T) {
+	sa, err := NewServiceAccountAsOauthClient("hawtio-online", []string{"one", "two", "three"})
+	assert.NoError(t, err)
+	assert.NotEmpty(t, sa.Annotations["serviceaccounts.openshift.io/oauth-redirectreference.hawtio-online"])
+	assert.NotEmpty(t, sa.Annotations["serviceaccounts.openshift.io/oauth-redirectreference.one"])
+	assert.NotEmpty(t, sa.Annotations["serviceaccounts.openshift.io/oauth-redirectreference.two"])
+	assert.NotEmpty(t, sa.Annotations["serviceaccounts.openshift.io/oauth-redirectreference.three"])
+
+	sa, err = NewServiceAccountAsOauthClient("hawtio-online", []string{})
+	assert.NoError(t, err)
+	assert.NotEmpty(t, sa.Annotations["serviceaccounts.openshift.io/oauth-redirectreference.hawtio-online"])
+
+}