disable TSB client cert and front proxy auth until aggregation is on …

…by default
deads2k · Aug 10, 2017 · a564e15 · a564e15
1 parent 4a90471
commit a564e15
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/pkg/openservicebroker/cmd/server/start.go b/pkg/openservicebroker/cmd/server/start.go
@@ -92,9 +92,23 @@ func (o TemplateServiceBrokerServerOptions) Config() (*server.TemplateServiceBro
 	if err := o.SecureServing.ApplyTo(serverConfig); err != nil {
 		return nil, err
 	}
-	if err := o.Authentication.ApplyTo(serverConfig); err != nil {
+
+	// TODO restore this after https://github.com/openshift/openshift-ansible/issues/5056 is fixed
+	//if err := o.Authentication.ApplyTo(serverConfig); err != nil {
+	//	return nil, err
+	//}
+	// the TSB server *can* limp along without terminating client certs or front proxy authn. Do that for now
+	// this wiring is a bit tricky.
+	cfg, err := o.Authentication.ToAuthenticationConfig()
+	if err != nil {
+		return nil, err
+	}
+	authenticator, _, err := cfg.New()
+	if err != nil {
 		return nil, err
 	}
+	serverConfig.Authenticator = authenticator
+
 	if err := o.Authorization.ApplyTo(serverConfig); err != nil {
 		return nil, err
 	}