Added htpasswd option to the OpenShift OAuth type

[jpkrohling]

Closes #572 by adding a new field to the oauth proxy struct.

Signed-off-by: Juraci Paixão Kröhling juraci@kroehling.de

[jpkrohling]

@jwendell, would you be able to confirm that this fixes the issue for you? I'm still running some manual tests on this, and we'd be ready to merge once you confirm it works, Travis approves and @objectiser reviews.

This is the image that can be used for the test: jpkroehling/jaeger-operator:572-htpasswd-oauth-proxy. The correct image will report the Jaeger Operator version as v1.13.1-37-g5735cbb7 (5735cbb being the latest commit in this PR)

[codecov]

Codecov Report

Merging #573 into master will increase coverage by 0.01%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master     #573      +/-   ##
==========================================
+ Coverage   91.56%   91.57%   +0.01%     
==========================================
  Files          73       73              
  Lines        3615     3620       +5     
==========================================
+ Hits         3310     3315       +5     
  Misses        213      213              
  Partials       92       92

Impacted Files	Coverage Δ
pkg/apis/jaegertracing/v1/jaeger_types.go	100% <ø> (ø)	⬆️
pkg/inject/oauth-proxy.go	100% <100%> (ø)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 60f5ed6...1fe0103. Read the comment docs.

[jpkrohling]

@objectiser, I tested this and when htpasswd is enabled, I cannot login to the Jaeger UI with OpenShift users such as kubeadmin, only with users specified in the htpasswd file. @jwendell, is this the expected behavior?

I could also not verify whether bearer tokens were issued at all, perhaps this is something that @rubenvp8510 could check.

[jpkrohling]

I don't know how I missed the big blue button on the page, but it's indeed possible to login using kubeadmin (or other OpenShift users):

[jpkrohling]

The newest image has just been published (version: v1.13.1-40-gb8330536): jpkroehling/jaeger-operator:572-htpasswd-oauth-proxy

[jpkrohling]

For the record, this is how it looks like now:

[objectiser]

LGTM -just need final approval from @jwendell to make sure it works for him.

[jwendell]

I confirm it works fine, thanks!

[jpkrohling]

Alright, I just squashed the commits and updated the PR. Once Travis finishes, I'll merge it.

[rubenvp8510]

@objectiser, I tested this and when htpasswd is enabled, I cannot login to the Jaeger UI with OpenShift users such as kubeadmin, only with users specified in the htpasswd file. @jwendell, is this the expected behavior?

I could also not verify whether bearer tokens were issued at all, perhaps this is something that @rubenvp8510 could check.

In my tests I see that oauth-proxy store the bearer token encrypted in the cookie, but you need to pass the following flags:

--pass-access-token=true
--pass-user-bearer-token=true
--pass-basic-auth=false

And a better secret.. (16 bytes )

You can see how I did my tests on rubenvp8510/jaeger@2f1ea29

I'm actually working on change it to a simpler test, but that worked for me to learn how the propagation works with openshift oauth-proxy