Merge pull request #15064 from jhadvig/OCPBUGS-csp

OCPBUGS-49291: Set proper type for the CSP field for the serverconfig

Author: openshift-merge-bot[bot]

pkg/serverconfig/config.go

@@ -419,15 +419,21 @@ func isAlreadySet(fs *flag.FlagSet, name string) bool {
 	return alreadySet
 }
 
-func addContentSecurityPolicy(fs *flag.FlagSet, csp MultiKeyValue) {
+func addContentSecurityPolicy(fs *flag.FlagSet, csp map[consolev1.DirectiveType][]string) error {
+	var directives []string
 	for cspDirectiveName, cspDirectiveValue := range csp {
-		directiveName := getDirectiveName(cspDirectiveName)
+		directiveName := getDirectiveName(string(cspDirectiveName))
 		if directiveName == "" {
 			klog.Fatalf("invalid CSP directive: %s", cspDirectiveName)
 		}
 
-		fs.Set("content-security-policy", fmt.Sprintf("%s=%s", directiveName, cspDirectiveValue))
+		directives = append(directives, fmt.Sprintf("%s=%s", directiveName, strings.Join(cspDirectiveValue, " ")))
 	}
+
+	if len(directives) > 0 {
+		fs.Set("content-security-policy", strings.Join(directives, ", "))
+	}
+	return nil
 }
 
 func getDirectiveName(directive string) string {

pkg/serverconfig/config_test.go

@@ -8,6 +8,8 @@ import (
 	"os"
 	"reflect"
 	"testing"
+
+	consolev1 "github.com/openshift/api/console/v1"
 )
 
 func TestMultiKeyValueSetter(t *testing.T) {
@@ -294,9 +296,9 @@ func TestSetFlagsFromConfig(t *testing.T) {
 			config: Config{
 				APIVersion: "console.openshift.io/v1",
 				Kind:       "ConsoleConfig",
-				ContentSecurityPolicy: MultiKeyValue{
-					"FontSrc":   "value2 value3",
-					"ScriptSrc": "value1",
+				ContentSecurityPolicy: map[consolev1.DirectiveType][]string{
+					"FontSrc":   {"value2", "value3"},
+					"ScriptSrc": {"value1"},
 				},
 			},
 			expectedFlagValues: map[string]string{

pkg/serverconfig/types.go

@@ -2,6 +2,7 @@ package serverconfig
 
 import (
 	configv1 "github.com/openshift/api/config/v1"
+	consolev1 "github.com/openshift/api/console/v1"
 	operatorv1 "github.com/openshift/api/operator/v1"
 	authorizationv1 "k8s.io/api/authorization/v1"
 )
@@ -22,12 +23,12 @@ type Config struct {
 	Providers                    `yaml:"providers"`
 	Helm                         `yaml:"helm"`
 	MonitoringInfo               `yaml:"monitoringInfo,omitempty"`
-	Plugins                      MultiKeyValue `yaml:"plugins,omitempty"`
-	I18nNamespaces               []string      `yaml:"i18nNamespaces,omitempty"`
-	Proxy                        Proxy         `yaml:"proxy,omitempty"`
-	ContentSecurityPolicyEnabled bool          `yaml:"contentSecurityPolicyEnabled,omitempty"`
-	ContentSecurityPolicy        MultiKeyValue `yaml:"contentSecurityPolicy,omitempty"`
-	Telemetry                    MultiKeyValue `yaml:"telemetry,omitempty"`
+	Plugins                      MultiKeyValue                        `yaml:"plugins,omitempty"`
+	I18nNamespaces               []string                             `yaml:"i18nNamespaces,omitempty"`
+	Proxy                        Proxy                                `yaml:"proxy,omitempty"`
+	ContentSecurityPolicyEnabled bool                                 `yaml:"contentSecurityPolicyEnabled,omitempty"`
+	ContentSecurityPolicy        map[consolev1.DirectiveType][]string `yaml:"contentSecurityPolicy,omitempty"`
+	Telemetry                    MultiKeyValue                        `yaml:"telemetry,omitempty"`
 }
 
 type Proxy struct {