-
Notifications
You must be signed in to change notification settings - Fork 165
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Obtain and persist Bitbucket personal access token as k8s secret (#1807)
Obtain and persist Bitbucket personal access token as k8s secret (#1807) Signed-off-by: Sergii Kabashniuk <skabashniuk@redhat.com> Co-authored-by: Fabrice Flore-Thébault <ffloreth@redhat.com> Co-authored-by: Serhii Leshchenko <sleshche@redhat.com>
- Loading branch information
1 parent
b141e18
commit 5f3b9e4
Showing
21 changed files
with
195 additions
and
99 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
7 changes: 0 additions & 7 deletions
7
modules/administration-guide/pages/authenticating-users-3rd-party-services.adoc
This file was deleted.
Oops, something went wrong.
File renamed without changes.
7 changes: 7 additions & 0 deletions
7
modules/administration-guide/pages/managing-identities-and-authorizations.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
[id="managing-identities-and-authorizations"] | ||
// = Managing identities and authorizations | ||
:navtitle: Managing identities and authorizations | ||
:keywords: end-user-guide, managing-identities-and-authorizations | ||
:page-aliases: .:managing-identities-and-authorizations | ||
|
||
include::partial$assembly_managing-identities-and-authorizations.adoc[] |
This file was deleted.
Oops, something went wrong.
15 changes: 0 additions & 15 deletions
15
...tration-guide/partials/assembly_authenticating-users-on-3rd-party-services.adoc
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
18 changes: 18 additions & 0 deletions
18
...inistration-guide/partials/assembly_managing-identities-and-authorizations.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
|
||
|
||
:parent-context-of-configuring-oauth-authorization: {context} | ||
|
||
[id="managing-identities-and-authorizations_{context}"] | ||
= Managing identities and authorizations | ||
|
||
:context: managing-identities-and-authorizations | ||
|
||
This section describes different aspects of managing identities and authorizations of {prod}. | ||
|
||
* xref:authenticating-users.adoc[] | ||
* xref:authorizing-users.adoc[] | ||
* xref:configuring-authorization.adoc[] | ||
* xref:removing-user-data.adoc[] | ||
* xref:configuring-openshift-oauth.adoc[] | ||
|
||
:context: {parent-context-of-managing-identities-and-authorizations} |
22 changes: 0 additions & 22 deletions
22
modules/administration-guide/partials/assembly_managing-users.adoc
This file was deleted.
Oops, something went wrong.
140 changes: 140 additions & 0 deletions
140
...les/administration-guide/partials/proc_configuring-bitbucket-server-oauth1.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,140 @@ | ||
// Module included in the following assemblies: | ||
// | ||
// Configuring Bitbucket server OAuth1 | ||
|
||
pass:[<!-- vale IBM.Headings = NO -->] | ||
|
||
[id="proc_configuring-bitbucket-server-oauth1_{context}"] | ||
= Configuring Bitbucket Server OAuth 1 | ||
|
||
pass:[<!-- vale IBM.Headings = YES -->] | ||
|
||
This procedure describes how to activate OAuth 1 for Bitbucket Server to: | ||
|
||
* Use devfiles hosted on a Bitbucket Server. | ||
* xref:end-user-guide:authentication-against-bitbucket-server-with-the-personal-access-token.adoc[]. | ||
|
||
It enables {prod-short} to obtain and renew link:https://confluence.atlassian.com/bitbucketserver/personal-access-tokens-939515499.html[Bitbucket Server Personal access tokens]. | ||
|
||
.Prerequisites | ||
|
||
* The `{orch-cli}` tool is available. | ||
* Bitbucket Server is available from {prod-short} server. | ||
|
||
.Procedure | ||
|
||
. Generate a RSA key pair and a stripped down version of the public key: | ||
+ | ||
[subs="+quotes,+attributes"] | ||
---- | ||
openssl genrsa -out __<private.pem>__ 2048 | ||
openssl rsa -in __<private.pem>__ -pubout > __<public.pub>__ | ||
openssl pkcs8 -topk8 -inform pem -outform pem -nocrypt -in __<private.pem>__ -out __<privatepkcs8.pem>__ | ||
cat __<public.pub>__ | sed 's/-----BEGIN PUBLIC KEY-----//g' | sed 's/-----END PUBLIC KEY-----//g' | tr -d '\n' > __<public-stripped.pub>__ | ||
---- | ||
|
||
. Generate a consumer key and a shared secret. | ||
+ | ||
[subs="+quotes,+attributes"] | ||
---- | ||
openssl rand -base64 24 > __<bitbucket_server_consumer_key>__ | ||
openssl rand -base64 24 > __<bitbucket_shared_secret>__ | ||
---- | ||
|
||
. Create a Kubernetes Secret in {prod-short} namespace containing the RSA key pair, the consumer key and the shared secret. | ||
+ | ||
[subs="+quotes,+attributes"] | ||
---- | ||
$ {orch-cli} apply -f - <<EOF | ||
kind: Secret | ||
apiVersion: v1 | ||
metadata: | ||
name: github-oauth-credentials | ||
namespace: <...> <1> | ||
labels: | ||
app.kubernetes.io/part-of: che.eclipse.org | ||
app.kubernetes.io/component: che-secret | ||
annotations: | ||
che.eclipse.org/mount-path: /home/user/eclipse-che/conf/oauth1/bitbucket | ||
che.eclipse.org/mount-as: file | ||
data: | ||
private.key: <...> <2> | ||
consumer.key: <...> <3> | ||
shared_secret: <...> <4> | ||
type: Opaque | ||
EOF | ||
---- | ||
<1> {prod-short} namespace. The default is {prod-namespace} | ||
<2> base64 encoded content of the __<privatepkcs8.pem>__ file without first and last lines. | ||
<3> base64 encoded content of the `__<bitbucket_server_consumer_key>__` file. | ||
<4> base64 encoded content of the `__<bitbucket_shared_secret>__` file. | ||
|
||
. Configure the {prod-short} server environment variables: | ||
+ | ||
[subs="+quotes,macros"] | ||
---- | ||
spec: | ||
server: | ||
customCheProperties: | ||
pass:[CHE_OAUTH1_BITBUCKET_CONSUMERKEYPATH]: '/home/user/eclipse-che/conf/oauth1/bitbucket/consumer.key' | ||
pass:[CHE_OAUTH1_BITBUCKET_SHAREDSECRETPATH]: '/home/user/eclipse-che/conf/oauth1/bitbucket/shared_secret' | ||
pass:[CHE_OAUTH1_BITBUCKET_PRIVATEKEYPATH]: '/home/user/eclipse-che/conf/oauth1/bitbucket/private.key' | ||
pass:[CHE_OAUTH1_BITBUCKET_ENDPOINT]: '__<Bitbucket Server URL>__' | ||
pass:[CHE_INTEGRATION_BITBUCKET_SERVER__ENDPOINTS]: '__<Bitbucket Server URL>__' | ||
---- | ||
|
||
. Configure an link:https://confluence.atlassian.com/adminjiraserver/using-applinks-to-link-to-other-applications-938846918.html[Application Link] in Bitbucket to enable the communication from {prod-short} to Bitbucket Server. | ||
|
||
.. In Bitbucket Server, click the cog in the top navigation bar to navigate to *Administration* > *Application Links*. | ||
|
||
pass:[<!-- vale IBM.Usage = NO -->] | ||
|
||
.. Enter the application URL: `__<{prod-url-secure}/dashboard/>__` and click the btn:[Create new link] button. | ||
|
||
pass:[<!-- vale IBM.Usage = YES -->] | ||
|
||
pass:[<!-- vale IBM.PassiveVoice = NO -->] | ||
|
||
.. On the warning message stating "No response was received from the URL" click the btn:[Continue] button. | ||
|
||
pass:[<!-- vale IBM.PassiveVoice = YES -->] | ||
|
||
.. Fill-in the *Link Applications* form and click the btn:[Continue] button. | ||
|
||
Application Name:: `__<{prod-short}>__` | ||
|
||
Application Type:: Generic Application. | ||
|
||
Service Provider Name:: `__<{prod-short}>__` | ||
|
||
Consumer Key:: Paste the content of the `__<bitbucket_server_consumer_key>__` file. | ||
|
||
Shared secret:: Paste the content of the `__<bitbucket_shared_secret>__` file. | ||
|
||
Request Token URL:: `__<Bitbucket Server URL>__/plugins/servlet/oauth/request-token` | ||
|
||
Access token URL:: `__<Bitbucket Server URL>__/plugins/servlet/oauth/access-token` | ||
|
||
Authorize URL:: `__<Bitbucket Server URL>__/plugins/servlet/oauth/access-token` | ||
|
||
Create incoming link:: Enabled. | ||
|
||
.. Fill-in the *Link Applications* form and click the btn:[Continue] button. | ||
|
||
Consumer Key:: Paste the content of the `__<bitbucket_server_consumer_key>__` file. | ||
|
||
Consumer name:: `__<{prod-short}>__` | ||
|
||
Public Key:: Paste the content of the `__<public-stripped.pub>__` file. | ||
|
||
|
||
|
||
.Additional resources | ||
|
||
* link:https://bitbucket.org/product/enterprise[Bitbucket Server overview] | ||
* link:https://bitbucket.org/product/download[Download Bitbucket Server] | ||
* link:https://confluence.atlassian.com/bitbucketserver/personal-access-tokens-939515499.html[Bitbucket Server Personal access tokens] | ||
* link:https://confluence.atlassian.com/jirakb/how-to-generate-public-key-to-application-link-3rd-party-applications-913214098.html[How to generate public key to application link 3rd party applications] | ||
* link:https://confluence.atlassian.com/adminjiraserver/using-applinks-to-link-to-other-applications-938846918.html[Using AppLinks to link to other applications] | ||
* xref:end-user-guide:authentication-against-bitbucket-server-with-the-personal-access-token.adoc[]. |
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
7 changes: 7 additions & 0 deletions
7
...ges/authentication-against-bitbucket-server-with-the-personal-access-token.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
[id="authentication-against-bitbucket-server-with-the-personal-access-token"] | ||
// = Authentication against Bitbucket Server with the personal access token | ||
:navtitle: Authentication against Bitbucket Server with the personal access token | ||
:keywords: end-user-guide, authentication-against-bitbucket-server-with-the-personal-access-token | ||
:page-aliases: .:authentication-against-bitbucket-server-with-the-personal-access-token | ||
|
||
include::partial$proc_configuring_bitbucket_authentication.adoc[] |
7 changes: 0 additions & 7 deletions
7
modules/end-user-guide/pages/configuring-oauth-authorization.adoc
This file was deleted.
Oops, something went wrong.
14 changes: 0 additions & 14 deletions
14
modules/end-user-guide/partials/assembly_configuring-oauth-authorization.adoc
This file was deleted.
Oops, something went wrong.
5 changes: 2 additions & 3 deletions
5
...configuring_bitbucket_authentication.adoc → ...configuring_bitbucket_authentication.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters