Update secret-controller to create OAuth client

[VaishnaviHire]

Fixes #175

Description

How Has This Been Tested?

Operator Image: quay.io/vhire/opendatahub-operator:testoauth

1. Create an example secret with required annotations and plain text

apiVersion: v1
kind: Secret
metadata:
  name: example
  annotations:
    secret-generator.opendatahub.io/name: "password"
    secret-generator.opendatahub.io/type: "random"
    secret-generator.opendatahub.io/complexity: "16"
    secret-generator.opendatahub.io/oauth-client-route: "example-route"
type: Opaque

2. Create a Route for an example service to be accessed by Oauth client

kind: Route
apiVersion: route.openshift.io/v1
metadata:
  name: example-route
  namespace: test
spec:
  host: >-
    example-route-test.apps.ci-ln-2gzkqh2-76ef8.origin-ci-int-aws.dev.rhcloud.com
  to:
    kind: Service
    name: example
    weight: 100
  port:
    targetPort: 9376

The seceret Controller will generate a secret and an Oauth client

apiVersion: v1
kind: Secret
metadata:
  name: example-generated
data:
  password: jgKGv6grDaLEMo6r
type: Opaque

apiVersion: oauth.openshift.io/v1
grantMethod: auto
kind: OAuthClient
metadata:
  name: example-route
redirectURIs:
- example-route-test.apps.ci-ln-2gzkqh2-76ef8.origin-ci-int-aws.dev.rhcloud.com
secret: <secret-value>

Merge criteria:

• The commits are squashed in a cohesive manner and have meaningful messages.
• Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
• The developer has manually tested the changes and verified that the changes work

[VaishnaviHire]

Review request - @samuelvl

[samuelvl]

OAuhClient is missing ownerreferences for garbage collection, as done in:

opendatahub-operator/pkg/controller/secretgenerator/secretgenerator_controller.go

Lines 107 to 109 in 10e7bba

	OwnerReferences: []metav1.OwnerReference{
	*metav1.NewControllerRef(foundSecret, foundSecret.GroupVersionKind()),
	},

[VaishnaviHire]

Updated code to delete OauthClient using delete events for secret. As discussed offline, adding OwnerReferences doesn't work because OauthClient is a ClusterScoped resource

[samuelvl]

I am using this kfdef to test the PR with the quay.io/vhire/opendatahub-operator:testoauth image and the OAuthClient is not created:

$ oc get secret oauth-token-generated                                        
NAME                    TYPE     DATA   AGE
oauth-token-generated   Opaque   1      23m

$ oc get route secret-generator        
NAME               HOST/PORT                                                             PATH   SERVICES           PORT   TERMINATION   WILDCARD
secret-generator   secret-generator-opendatahub.apps.mydomain.foo

$ oc get oauthclient secret-generator                    
Error from server (NotFound): oauthclients.oauth.openshift.io "secret-generator" not found

I dont't see any error in the logs.

[VaishnaviHire]

quay.io/vhire/opendatahub-operator:testoauth

It should be created in subsequent reconcile, since the route is created at the same time. Used the provided Kfdef -

$ oc get secret oauth-token-generated -n test
NAME                    TYPE     DATA   AGE
oauth-token-generated   Opaque   1      4m33s

$ oc get route secret-generator -n test
NAME               HOST/PORT                                                                          PATH   SERVICES           PORT   TERMINATION   WILDCARD
secret-generator   secret-generator-test.apps.ci-ln-2gzkqh2-76ef8.origin-ci-int-aws.dev.rhcloud.com          secret-generator   9376                 None

$ oc get oauthclient secret-generator -n test
NAME               SECRET                  WWW-CHALLENGE   TOKEN-MAX-AGE   REDIRECT URIS
secret-generator   oauth-token-generated   false           default         secret-generator-test.apps.ci-ln-2gzkqh2-76ef8.origin-ci-int-aws.dev.rhcloud.com

[samuelvl]

@VaishnaviHire I think my problem is I'm using the odh-operator overlay and the operator pod is not running correctly. What are the deployment instructions?

[VaishnaviHire]

@VaishnaviHire I think my problem is I'm using the odh-operator overlay and the operator pod is not running correctly. What are the deployment instructions?

Quickest would be to deploy the operator with Operator Hub and replace the value in CSV
spec.image with quay.io/vhire/opendatahub-operator:testoauth

[samuelvl]

We can change the createOAuthClient function to avoid using a LIST operation here. Name the OAuthClient object with the original secret name, instead of using the route name:

err = r.createOAuthClient(foundSecret.Name, secret.Value, oauthClientRoute.Spec.Host)

func (r *ReconcileSecretGenerator) createOAuthClient(name string, secret string, uri string) error {
...
}

This way, in the deleteOAuthClient method you can just retrieve the OAuthClient by doing a GET operation (much better performance).

[samuelvl]

Replace s/oauthClientRoute/route to make it more generic (it can return any route, not only the OAuth client route).

[samuelvl]

There are multiple places with this typo, OauthClient should be OAuthClient.

[samuelvl]

Tested in opendatahub-io/odh-dashboard#658

/lgtm

[samuelvl]

@LaVLaS Could you approve this PR? I have already reviewed it

[samuelvl]

/retest

[samuelvl]

/retest

[LaVLaS]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: LaVLaS, samuelvl

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [LaVLaS]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[LaVLaS]

/retest