-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Implement login manager and login/logout commands #910
Conversation
Skipping CI for Draft Pull Request. |
Only |
It is better to split login/logout functionality into the following commands: |
d21dd75
to
4f6ed85
Compare
Signed-off-by: Mykola Morhun <mmorhun@redhat.com>
…atly. Signed-off-by: Mykola Morhun <mmorhun@redhat.com>
Rebased |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can merge it and improve later if needed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mmorhun Impressive work!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some tiny suggestions regarding the messages
src/commands/auth/use.ts
Outdated
[USERNAME_KEY]: username, | ||
interactive: flags.boolean({ | ||
char: 'i', | ||
description: 'Select active login session in interactive mode', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
description: 'Select active login session in interactive mode', | |
description: 'Select an active login session in interactive mode', |
src/commands/auth/use.ts
Outdated
'chectl auth:use -u another-user-on-this-server', | ||
'\n\n# Switch to the only user on the given cluster:\n' + | ||
'chectl auth:use my.cluster.net', | ||
'\n\n# Select active login session in interactive mode:\n' + |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
'\n\n# Select active login session in interactive mode:\n' + | |
'\n\n# Select an active login session in interactive mode:\n' + |
src/api/che-login-manager.ts
Outdated
if (error && error.response && error.response.data && error.response.data.error_description) { | ||
message = error.response.data.error_description | ||
} | ||
throw new Error(`Failed to get access token from ${keycloakTokenUrl}. Cause: ${message}`) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
throw new Error(`Failed to get access token from ${keycloakTokenUrl}. Cause: ${message}`) | |
throw new Error(`Failed to get the access token from ${keycloakTokenUrl}. Cause: ${message}`) |
test/e2e/openshift.test.ts
Outdated
@@ -44,6 +47,37 @@ describe('Eclipse Che deploy test suite', () => { | |||
}) | |||
}) | |||
|
|||
describe('Che server authentication', () => { | |||
it('Should login into Che server with username and password', async () => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it('Should login into Che server with username and password', async () => { | |
it('Should log in to Che server with username and password', async () => { |
Signed-off-by: Mykola Morhun <mmorhun@redhat.com>
New changes are detected. LGTM label has been removed. |
This is needed because of che-incubator/chectl#910 Signed-off-by: Radim Hopp <rhopp@redhat.com>
This is needed because of che-incubator/chectl#910 Signed-off-by: Radim Hopp <rhopp@redhat.com>
This is needed because of che-incubator/chectl#910 Signed-off-by: Radim Hopp <rhopp@redhat.com>
This is needed because of che-incubator/chectl#910 Signed-off-by: Radim Hopp <rhopp@redhat.com>
This is needed because of che-incubator/chectl#910 Signed-off-by: Radim Hopp <rhopp@redhat.com>
Signed-off-by: Mykola Morhun mmorhun@redhat.com
What does this PR do?
Before this change users had to provide Che server API URL and access token for each run of all commands that require authentication. This is not a user-friendly way to go. In this PR login manager is implemented and new commands introduced:
auth:login
logins user into a Che server. So, after login user can just run commands without Che API URL and access token parameters.auth:logout
logs out user from current Che serverauth:get
- show current login infoauth:list
- shows all available loginsauth:use
- switches between login sessionsauth:delete
- deletes specified login session or all logins for the given Che serverAlso, comfortable interface for using in commands is created.
The implementation supports 3 login methods via:
Note, login manager does not (and should not) depend on
kubectl
oroc
login information. It might use it, thought, to simplify login process.Under the hood, login manager saves users refresh tokens. Also it is capable to automatically remove outdated ones.
What issues does this PR fix or reference?
eclipse-che/che#16415
How to test this PR?
At least two running instances of Eclispe Che is needed (
s1
,s2
) with two users (u1(admin user)
,u2
) in each. One instance should have OAuth enabled on Openshift, where the second one should use password login on Kubernetes. For testing purposes I usedworkspace:list
command, so it is helpful when each account has different workspaces (ideally different number of them).User scenario:
chectl workspace:list
andchectl context:list
commandss1u2
:chectl auth:login <s1> -t <refresh-token>
.s2u1
:chectl auth:login <s2> -u <username> -p <password>
s2u2
:chectl auth:login <s2> -u <username>
(password should be asked)oc
intos1u1
. Runchectl auth:login
(if u1 is not admin user, provide<s1>
argument)chectl auth:use <s2> -u <u2>
chectl auth:delete <s1> -u <u1>
chectl auth:logout
s3
which is a single user Che installationchectl workspace:list --che-api-endpoint <s3>
for single user instance.See docs how to get refresh token manually and feel the difference =)
PR Checklist
As the author of this Pull Request I made sure that:
What issues does this PR fix or reference
andHow to test this PR
completedReviewers
Reviewers, please comment how you tested the PR when approving it.