ACM-17274 include root certificates for routes (stolostron#4211)

* Include root certificates when accessing Routes

Signed-off-by: Kevin Cormier <kcormier@redhat.com>

* Add missing development proxies

Signed-off-by: Kevin Cormier <kcormier@redhat.com>

* Add /multicloud/virtualmachines dev proxy

Signed-off-by: Kevin Cormier <kcormier@redhat.com>

---------

Signed-off-by: Kevin Cormier <kcormier@redhat.com>

Author: KevinFCormier

backend/src/lib/serviceAccountToken.ts

@@ -51,25 +51,28 @@ function base64DecodeValue(value: string): string {
 
 type Certificates = string | string[]
 
-function getCertificate(name: string, base64DefaultValue: string): Certificates {
+function getCertificate(name: string, base64DefaultValue: string, includeRoot?: boolean): Certificates {
   const internal_cert = readServiceAccountFile(name, base64DecodeValue(base64DefaultValue))
-  return process.env.NODE_ENV === 'production'
-    ? internal_cert
-    : [...(internal_cert ? [internal_cert] : []), ...rootCertificates] // include root certificates for development against clusters with signed certificates
+  return [internal_cert, ...(includeRoot ? rootCertificates : [])] // include root certificates in addition to internal cluster certificates
 }
 
 let ca_cert: Certificates
 export function getCACertificate(): Certificates {
   if (ca_cert === undefined) {
-    ca_cert = getCertificate('ca.crt', process.env.CA_CERT)
+    ca_cert = getCertificate('ca.crt', process.env.CA_CERT, true)
   }
   return ca_cert
 }
 
 let service_ca_cert: Certificates
 export function getServiceCACertificate(): Certificates {
   if (service_ca_cert === undefined) {
-    service_ca_cert = getCertificate('service-ca.crt', process.env.SERVICE_CA_CERT)
+    // in dev mode, connections to Services need to be proxied via Routes, so they need root certificates
+    service_ca_cert = getCertificate(
+      'service-ca.crt',
+      process.env.SERVICE_CA_CERT,
+      process.env.NODE_ENV !== 'production'
+    )
   }
   return service_ca_cert
 }

frontend/webpack.config.ts

@@ -163,12 +163,16 @@ module.exports = function (env: any, argv: { hot?: boolean; mode: string | undef
         '/multicloud/metrics',
         '/multicloud/login',
         '/multicloud/logout',
+        '/multicloud/observability',
         '/multicloud/operatorCheck',
+        '/multicloud/prometheus',
         '/multicloud/proxy/search',
         '/multicloud/aggregate',
         '/multicloud/username',
         '/multicloud/userpreference',
         '/multicloud/version',
+        '/multicloud/virtualmachines',
+        '/multicloud/virtualmachineinstances',
       ].map((backendPath) => ({
         path: backendPath,
         target: `https://localhost:${process.env.BACKEND_PORT}`,