feat: retrieve pull-secret using Red Hat SSO account (#216)

Signed-off-by: Denis Golovin <[email protected]>
crc-org · Jun 27, 2024 · e568606 · e568606
1 parent fcf98df
commit e568606
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 2,249 deletions.
diff --git a/package.json b/package.json
@@ -70,6 +70,7 @@
     "test": "vitest run --coverage --passWithNoTests"
   },
   "dependencies": {
+    "@redhat-developer/rhaccm-client": "^0.0.1"
   },
   "devDependencies": {
     "@podman-desktop/api": "next",
@@ -92,5 +93,8 @@
     "vitest": "^1.6.0",
     "which": "^3.0.0",
     "zip-local": "^0.3.5"
-  }
+  },
+  "extensionDependencies": [
+    "redhat.redhat-authentication"
+  ]
 }
diff --git a/src/crc-start.ts b/src/crc-start.ts
@@ -22,6 +22,7 @@ import { crcStatus } from './crc-status';
 import { commander } from './daemon-commander';
 import { crcLogProvider } from './log-provider';
 import { productName } from './util';
+import { AccountManagementClient } from '@redhat-developer/rhaccm-client';
 
 interface ImagePullSecret {
   auths: Auths;
@@ -91,12 +92,33 @@ export async function startCrc(
 }
 
 async function askAndStorePullSecret(logger: extensionApi.Logger): Promise<boolean> {
-  const pullSecret = await extensionApi.window.showInputBox({
-    prompt: 'Provide a pull secret',
-    markdownDescription:
-      'To pull container images from the registry, a *pull secret* is necessary. You can get a pull secret from the [Red Hat OpenShift Local download page](https://console.redhat.com/openshift/create/local?sc_cid=7013a000003SUmqAAG). Use the *"Copy pull secret"* option and paste the content into the field above',
-    ignoreFocusOut: true,
-  });
+  let pullSecret: string;
+  const authSession: extensionApi.AuthenticationSession | undefined = await extensionApi.authentication.getSession(
+    'redhat.authentication-provider',
+    [
+      'api.iam.registry_service_accounts', //scope that gives access to hydra service accounts API
+      'api.console', // scope that gives access to console.redhat.com APIs
+      'id.username',
+    ], // adds claim to accessToken that used to render account label
+    { createIfNone: true }, // will request to login in browser if session does not exists
+  );
+  if (authSession) {
+    const client = new AccountManagementClient({
+      BASE: 'https://api.openshift.com',
+      TOKEN: authSession.accessToken,
+    });
+    const accessTokenCfg = await client.default.postApiAccountsMgmtV1AccessToken();
+    pullSecret = JSON.stringify(accessTokenCfg);
+  }
+  if (!pullSecret) {
+    // ask for text in field
+    pullSecret = await extensionApi.window.showInputBox({
+      prompt: 'Provide a pull secret',
+      markdownDescription:
+        'To pull container images from the registry, a *pull secret* is necessary. You can get a pull secret from the [Red Hat OpenShift Local download page](https://console.redhat.com/openshift/create/local?sc_cid=7013a000003SUmqAAG). Use the *"Copy pull secret"* option and paste the content into the field above',
+      ignoreFocusOut: true,
+    });
+  }
 
   if (!pullSecret) {
     return false;