OpenShift Authentication via Python

Red Hat created a knarly system of authentication with OpenShfit. The main issue is auth is handeled by a separate endpoint and when you use it to authenticate it redirects you right away before you can get the token. Here is a code snippit that will help you with that on you Python project.

def get_config_user_pass_hash():

    username = ""
    password = ""
     
    basic_auth_userpass = username + ":" + password

    # Encode to simple auth
    output_bytes = basic_auth_userpass.encode('ascii')
    b64_hash_bytes = base64.b64encode(output_bytes)

    return b64_hash_bytes.decode('ascii')

def get_os_token(hostname):

    url = "https://oauth-openshift.apps." + hostname + "/oauth/authorize"

    ## We need this to tell OAUTH what we want.
    querystring = {"response_type":"token","client_id":"openshift-challenging-client"}

    headers = {
        "Authorization": "Basic " + get_config_user_pass_hash()
    }

    ## The token is in the header before it gets redirected, you just need to turn off that redirect.
    response = requests.request("POST", url, headers=headers, params=querystring, verify=False, allow_redirects=False)

    ## Get the token from the Location header, which you also need to parse to get the token.
    token = urlparse(response.headers['Location'])[5].split("&")[0].replace("access_token=", "")

    return token

host = ""

# Login to cluster and make sure we are in the correct project
token = get_os_token(host)
subprocess.run(["oc", "login", "--server=https://api." + host + ":6443", "--token=" + token])

As you can see above, the token will work with the "OC" command. If you'd like to use a pure REST API request, you can simply use the token as a bearer token:

authentication:
    type: bearer
    token: sha256~