feat: retrieve pull-sectret using Red Hat SSO account

Signed-off-by: Denis Golovin <[email protected]>
crc-org · May 22, 2024 · e45ded3 · e45ded3
1 parent 12bba3d
commit e45ded3
Show file tree

Hide file tree

Showing 3 changed files with 272 additions and 1,042 deletions.
diff --git a/package.json b/package.json
@@ -69,7 +69,9 @@
     "desk:run": "ts-node-esm ./scripts/run.mts run",
     "test": "vitest run --coverage --passWithNoTests"
   },
-  "dependencies": {},
+  "dependencies": {
+    "@redhat-developer/rhaccm-client": "^0.0.1"
+  },
   "devDependencies": {
     "@podman-desktop/api": "next",
     "@rollup/plugin-commonjs": "^24.0.1",
@@ -94,5 +96,8 @@
     "vitest": "^1.6.0",
     "which": "^3.0.0",
     "zip-local": "^0.3.5"
-  }
+  },
+  "extensionDependencies": [
+    "redhat.redhat-authentication"
+  ]
 }
diff --git a/src/crc-start.ts b/src/crc-start.ts
@@ -22,6 +22,7 @@ import { crcStatus } from './crc-status';
 import { commander } from './daemon-commander';
 import { crcLogProvider } from './log-provider';
 import { productName } from './util';
+import { AccountManagementClient } from '@redhat-developer/rhaccm-client';
 
 interface ImagePullSecret {
   auths: Auths;
@@ -91,12 +92,42 @@ export async function startCrc(
 }
 
 async function askAndStorePullSecret(logger: extensionApi.Logger): Promise<boolean> {
-  const pullSecret = await extensionApi.window.showInputBox({
-    prompt: 'Provide a pull secret',
-    markdownDescription:
-      'To pull container images from the registry, a *pull secret* is necessary. You can get a pull secret from the [Red Hat OpenShift Local download page](https://console.redhat.com/openshift/create/local?sc_cid=7013a000003SUmqAAG). Use the *"Copy pull secret"* option and paste the content into the field above',
-    ignoreFocusOut: true,
-  });
+  let pullSecret: string;
+  const howToPull = await extensionApi.window.showInformationMessage(
+    'To pull container images from the registry, a *pull secret* is necessary. You can login into your Red Hat SSO account to get it configured automatically or manually copy it from browser and paste when requested.',
+    'Sign in with Red Hat SSO',
+    'Configure manually',
+  );
+  if (howToPull) {
+    if (howToPull === 'Use Red Hat SSO Account') {
+      const authSession: extensionApi.AuthenticationSession | undefined = await extensionApi.authentication.getSession(
+        'redhat.authentication-provider',
+        [
+          'api.iam.registry_service_accounts', //scope that gives access to hydra service accounts API
+          'api.console', // scope that gives access to console.redhat.com APIs
+          'id.username',
+        ], // adds claim to accessToken that used to render account label
+        { createIfNone: true }, // will request to login in browser if session does not exists
+      );
+      if (authSession) {
+        const client = new AccountManagementClient({
+          BASE: 'https://api.openshift.com',
+          TOKEN: authSession.accessToken,
+        });
+        const accessTokenCfg = await client.default.postApiAccountsMgmtV1AccessToken();
+        pullSecret = JSON.stringify(accessTokenCfg);
+      }
+    } else {
+      pullSecret = await extensionApi.window.showInputBox({
+        prompt: 'Provide a pull secret',
+        markdownDescription:
+          'To pull container images from the registry, a *pull secret* is necessary. You can get a pull secret from the [Red Hat OpenShift Local download page](https://console.redhat.com/openshift/create/local?sc_cid=7013a000003SUmqAAG). Use the *"Copy pull secret"* option and paste the content into the field above',
+        ignoreFocusOut: true,
+      });
+    }
+  } else {
+    return false;
+  }
 
   if (!pullSecret) {
     return false;