Skip to content

Commit

Permalink
chore: Ensure that CHE_INTEGRATION_XXXX_SERVER__ENDPOINTS and CHE_INT… (
Browse files Browse the repository at this point in the history 
#1250)

* chore: Ensure that CHE_INTEGRATION_XXXX_SERVER__ENDPOINTS and CHE_INTEGRATION_XXXX_OAUTH__ENDPOINT properties are properly set

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
  • Loading branch information
@tolusha
tolusha committed Dec 16, 2021
1 parent 3262a5a commit 5cfbc07
Show file tree
Hide file tree
Showing 5 changed files with 106 additions and 135 deletions.
34 changes: 16 additions & 18 deletions pkg/deploy/server/server_configmap.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -326,34 +326,32 @@ func (s *CheServerReconciler) getCheConfigMapData(ctx *deploy.DeployContext) (ch

addMap(cheEnv, ctx.CheCluster.Spec.Server.CustomCheProperties)

err = setBitbucketEndpoints(ctx, cheEnv)
if err != nil {
return nil, err
for _, oauthProvider := range []string{"bitbucket", "gitlab", "github"} {
err := updateIntegrationServerEndpoints(ctx, cheEnv, oauthProvider)
if err != nil {
return nil, err
}
}

return cheEnv, nil
}

func setBitbucketEndpoints(deployContext *deploy.DeployContext, cheEnv map[string]string) error {
secrets, err := deploy.GetSecrets(deployContext, map[string]string{
deploy.KubernetesPartOfLabelKey: deploy.CheEclipseOrg,
deploy.KubernetesComponentLabelKey: deploy.OAuthScmConfiguration,
}, map[string]string{
deploy.CheEclipseOrgOAuthScmServer: "bitbucket",
})
func updateIntegrationServerEndpoints(ctx *deploy.DeployContext, cheEnv map[string]string, oauthProvider string) error {
secret, err := getOAuthConfig(ctx, oauthProvider)
if secret == nil {
return err
}

envName := fmt.Sprintf("CHE_INTEGRATION_%s_SERVER__ENDPOINTS", strings.ToUpper(oauthProvider))
if err != nil {
return err
} else if len(secrets) == 1 {
serverEndpoint := secrets[0].Annotations[deploy.CheEclipseOrgScmServerEndpoint]
endpoints, exists := cheEnv["CHE_INTEGRATION_BITBUCKET_SERVER__ENDPOINTS"]
if exists {
cheEnv["CHE_INTEGRATION_BITBUCKET_SERVER__ENDPOINTS"] = endpoints + "," + serverEndpoint
} else {
cheEnv["CHE_INTEGRATION_BITBUCKET_SERVER__ENDPOINTS"] = serverEndpoint
}
}

if cheEnv[envName] != "" {
cheEnv[envName] = secret.Annotations[deploy.CheEclipseOrgScmServerEndpoint] + "," + cheEnv[envName]
} else {
cheEnv[envName] = secret.Annotations[deploy.CheEclipseOrgScmServerEndpoint]
}
return nil
}

Expand Down
6 changes: 4 additions & 2 deletions pkg/deploy/server/server_configmap_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -233,7 +233,7 @@ func TestConfigMap(t *testing.T) {
}
}

func TestUpdateBitBucketEndpoints(t *testing.T) {
func TestUpdateIntegrationServerEndpoints(t *testing.T) {
type testCase struct {
name string
initObjects []runtime.Object
Expand Down Expand Up @@ -267,6 +267,7 @@ func TestUpdateBitBucketEndpoints(t *testing.T) {
cheCluster: &orgv1.CheCluster{
ObjectMeta: metav1.ObjectMeta{
Namespace: "eclipse-che",
Name: "eclipse-che",
},
},
expectedData: map[string]string{
Expand Down Expand Up @@ -298,6 +299,7 @@ func TestUpdateBitBucketEndpoints(t *testing.T) {
cheCluster: &orgv1.CheCluster{
ObjectMeta: metav1.ObjectMeta{
Namespace: "eclipse-che",
Name: "eclipse-che",
},
Spec: orgv1.CheClusterSpec{
Server: orgv1.CheClusterSpecServer{
Expand All @@ -308,7 +310,7 @@ func TestUpdateBitBucketEndpoints(t *testing.T) {
},
},
expectedData: map[string]string{
"CHE_INTEGRATION_BITBUCKET_SERVER__ENDPOINTS": "bitbucket_endpoint_1,bitbucket_endpoint_2",
"CHE_INTEGRATION_BITBUCKET_SERVER__ENDPOINTS": "bitbucket_endpoint_2,bitbucket_endpoint_1",
},
},
{
Expand Down
133 changes: 39 additions & 94 deletions pkg/deploy/server/server_deployment.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@
package server

import (
"errors"
"strconv"
"strings"

Expand Down Expand Up @@ -404,115 +403,58 @@ func GetFullCheServerImageLink(checluster *orgv1.CheCluster) string {
return imageParts[0] + ":" + checluster.Spec.Server.CheImageTag
}

func MountBitBucketOAuthConfig(deployContext *deploy.DeployContext, deployment *appsv1.Deployment) error {
secrets, err := deploy.GetSecrets(deployContext, map[string]string{
deploy.KubernetesPartOfLabelKey: deploy.CheEclipseOrg,
deploy.KubernetesComponentLabelKey: deploy.OAuthScmConfiguration,
}, map[string]string{
deploy.CheEclipseOrgOAuthScmServer: "bitbucket",
})

if err != nil {
func MountBitBucketOAuthConfig(ctx *deploy.DeployContext, deployment *appsv1.Deployment) error {
secret, err := getOAuthConfig(ctx, "bitbucket")
if secret == nil {
return err
} else if len(secrets) > 1 {
return errors.New("More than 1 BitBucket OAuth configuration secrets found")
} else if len(secrets) == 1 {
mountSecret(deployment, &secrets[0], deploy.BitBucketOAuthConfigMountPath)
mountEnv(deployment, []corev1.EnvVar{
{
Name: "CHE_OAUTH1_BITBUCKET_CONSUMERKEYPATH",
Value: deploy.BitBucketOAuthConfigMountPath + "/" + deploy.BitBucketOAuthConfigConsumerKeyFileName,
}, {
Name: "CHE_OAUTH1_BITBUCKET_PRIVATEKEYPATH",
Value: deploy.BitBucketOAuthConfigMountPath + "/" + deploy.BitBucketOAuthConfigPrivateKeyFileName,
},
})

endpoint := secrets[0].Annotations[deploy.CheEclipseOrgScmServerEndpoint]
if endpoint != "" {
mountEnv(deployment, []corev1.EnvVar{{
Name: "CHE_OAUTH1_BITBUCKET_ENDPOINT",
Value: endpoint,
}})
}
}

mountVolumes(deployment, secret, deploy.BitBucketOAuthConfigMountPath)
mountEnv(deployment, "CHE_OAUTH1_BITBUCKET_CONSUMERKEYPATH", deploy.BitBucketOAuthConfigMountPath+"/"+deploy.BitBucketOAuthConfigConsumerKeyFileName)
mountEnv(deployment, "CHE_OAUTH1_BITBUCKET_PRIVATEKEYPATH", deploy.BitBucketOAuthConfigMountPath+"/"+deploy.BitBucketOAuthConfigPrivateKeyFileName)

oauthEndpoint := secret.Annotations[deploy.CheEclipseOrgScmServerEndpoint]
if oauthEndpoint != "" {
mountEnv(deployment, "CHE_OAUTH1_BITBUCKET_ENDPOINT", oauthEndpoint)
}
return nil
}

func MountGitHubOAuthConfig(deployContext *deploy.DeployContext, deployment *appsv1.Deployment) error {
secrets, err := deploy.GetSecrets(deployContext, map[string]string{
deploy.KubernetesPartOfLabelKey: deploy.CheEclipseOrg,
deploy.KubernetesComponentLabelKey: deploy.OAuthScmConfiguration,
}, map[string]string{
deploy.CheEclipseOrgOAuthScmServer: "github",
})

if err != nil {
func MountGitHubOAuthConfig(ctx *deploy.DeployContext, deployment *appsv1.Deployment) error {
secret, err := getOAuthConfig(ctx, "github")
if secret == nil {
return err
} else if len(secrets) > 1 {
return errors.New("More than 1 GitHub OAuth configuration secrets found")
} else if len(secrets) == 1 {
mountSecret(deployment, &secrets[0], deploy.GitHubOAuthConfigMountPath)
mountEnv(deployment, []corev1.EnvVar{
{
Name: "CHE_OAUTH2_GITHUB_CLIENTID__FILEPATH",
Value: deploy.GitHubOAuthConfigMountPath + "/" + deploy.GitHubOAuthConfigClientIdFileName,
}, {
Name: "CHE_OAUTH2_GITHUB_CLIENTSECRET__FILEPATH",
Value: deploy.GitHubOAuthConfigMountPath + "/" + deploy.GitHubOAuthConfigClientSecretFileName,
},
})

endpoint := secrets[0].Annotations[deploy.CheEclipseOrgScmServerEndpoint]
if endpoint != "" {
mountEnv(deployment, []corev1.EnvVar{{
Name: "CHE_INTEGRATION_GITHUB_SERVER__ENDPOINTS",
Value: endpoint,
}})
}
}

mountVolumes(deployment, secret, deploy.GitHubOAuthConfigMountPath)
mountEnv(deployment, "CHE_OAUTH2_GITHUB_CLIENTID__FILEPATH", deploy.GitHubOAuthConfigMountPath+"/"+deploy.GitHubOAuthConfigClientIdFileName)
mountEnv(deployment, "CHE_OAUTH2_GITHUB_CLIENTSECRET__FILEPATH", deploy.GitHubOAuthConfigMountPath+"/"+deploy.GitHubOAuthConfigClientSecretFileName)

oauthEndpoint := secret.Annotations[deploy.CheEclipseOrgScmServerEndpoint]
if oauthEndpoint != "" {
mountEnv(deployment, "CHE_INTEGRATION_GITHUB_OAUTH__ENDPOINT", oauthEndpoint)
}
return nil
}

func MountGitLabOAuthConfig(deployContext *deploy.DeployContext, deployment *appsv1.Deployment) error {
secrets, err := deploy.GetSecrets(deployContext, map[string]string{
deploy.KubernetesPartOfLabelKey: deploy.CheEclipseOrg,
deploy.KubernetesComponentLabelKey: deploy.OAuthScmConfiguration,
}, map[string]string{
deploy.CheEclipseOrgOAuthScmServer: "gitlab",
})

if err != nil {
func MountGitLabOAuthConfig(ctx *deploy.DeployContext, deployment *appsv1.Deployment) error {
secret, err := getOAuthConfig(ctx, "gitlab")
if secret == nil {
return err
} else if len(secrets) > 1 {
return errors.New("More than 1 GitLab OAuth configuration secrets found")
} else if len(secrets) == 1 {
mountSecret(deployment, &secrets[0], deploy.GitLabOAuthConfigMountPath)
mountEnv(deployment, []corev1.EnvVar{
{
Name: "CHE_OAUTH_GITLAB_CLIENTID__FILEPATH",
Value: deploy.GitLabOAuthConfigMountPath + "/" + deploy.GitLabOAuthConfigClientIdFileName,
}, {
Name: "CHE_OAUTH_GITLAB_CLIENTSECRET__FILEPATH",
Value: deploy.GitLabOAuthConfigMountPath + "/" + deploy.GitLabOAuthConfigClientSecretFileName,
},
})

endpoint := secrets[0].Annotations[deploy.CheEclipseOrgScmServerEndpoint]
if endpoint != "" {
mountEnv(deployment, []corev1.EnvVar{{
Name: "CHE_INTEGRATION_GITLAB_SERVER__ENDPOINTS",
Value: endpoint,
}})
}
}

mountVolumes(deployment, secret, deploy.GitLabOAuthConfigMountPath)
mountEnv(deployment, "CHE_OAUTH2_GITLAB_CLIENTID__FILEPATH", deploy.GitLabOAuthConfigMountPath+"/"+deploy.GitLabOAuthConfigClientIdFileName)
mountEnv(deployment, "CHE_OAUTH2_GITLAB_CLIENTSECRET__FILEPATH", deploy.GitLabOAuthConfigMountPath+"/"+deploy.GitLabOAuthConfigClientSecretFileName)

oauthEndpoint := secret.Annotations[deploy.CheEclipseOrgScmServerEndpoint]
if oauthEndpoint != "" {
mountEnv(deployment, "CHE_INTEGRATION_GITLAB_OAUTH__ENDPOINT", oauthEndpoint)
}
return nil
}

func mountSecret(deployment *appsv1.Deployment, secret *corev1.Secret, mountPath string) {
func mountVolumes(deployment *appsv1.Deployment, secret *corev1.Secret, mountPath string) {
container := &deployment.Spec.Template.Spec.Containers[0]
deployment.Spec.Template.Spec.Volumes = append(deployment.Spec.Template.Spec.Volumes,
corev1.Volume{
Expand All @@ -530,7 +472,10 @@ func mountSecret(deployment *appsv1.Deployment, secret *corev1.Secret, mountPath
})
}

func mountEnv(deployment *appsv1.Deployment, envVar []corev1.EnvVar) {
func mountEnv(deployment *appsv1.Deployment, envName string, envValue string) {
container := &deployment.Spec.Template.Spec.Containers[0]
container.Env = append(container.Env, envVar...)
container.Env = append(container.Env, corev1.EnvVar{
Name: envName,
Value: envValue,
})
}
46 changes: 25 additions & 21 deletions pkg/deploy/server/server_deployment_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@ func TestMountBitBucketOAuthEnvVar(t *testing.T) {
initObjects []runtime.Object
expectedConsumerKeyPathEnv corev1.EnvVar
expectedPrivateKeyPathEnv corev1.EnvVar
expectedEndpointEnv corev1.EnvVar
expectedOAuthEndpointEnv corev1.EnvVar
expectedVolume corev1.Volume
expectedVolumeMount corev1.VolumeMount
}
Expand All @@ -141,7 +141,7 @@ func TestMountBitBucketOAuthEnvVar(t *testing.T) {
},
Annotations: map[string]string{
"che.eclipse.org/oauth-scm-server": "bitbucket",
"che.eclipse.org/scm-server-endpoint": "endpoint",
"che.eclipse.org/scm-server-endpoint": "endpoint_1",
},
},
Data: map[string][]byte{
Expand All @@ -158,9 +158,9 @@ func TestMountBitBucketOAuthEnvVar(t *testing.T) {
Name: "CHE_OAUTH1_BITBUCKET_PRIVATEKEYPATH",
Value: "/che-conf/oauth/bitbucket/private.key",
},
expectedEndpointEnv: corev1.EnvVar{
expectedOAuthEndpointEnv: corev1.EnvVar{
Name: "CHE_OAUTH1_BITBUCKET_ENDPOINT",
Value: "endpoint",
Value: "endpoint_1",
},
expectedVolume: corev1.Volume{
Name: "github-oauth-config",
Expand Down Expand Up @@ -197,7 +197,7 @@ func TestMountBitBucketOAuthEnvVar(t *testing.T) {

env = util.FindEnv(container.Env, "CHE_OAUTH1_BITBUCKET_ENDPOINT")
assert.NotNil(t, env)
assert.Equal(t, testCase.expectedEndpointEnv, *env)
assert.Equal(t, testCase.expectedOAuthEndpointEnv, *env)

volume := util.FindVolume(deployment.Spec.Template.Spec.Volumes, "github-oauth-config")
assert.NotNil(t, volume)
Expand All @@ -216,7 +216,7 @@ func TestMountGitHubOAuthEnvVar(t *testing.T) {
initObjects []runtime.Object
expectedIdKeyPathEnv corev1.EnvVar
expectedSecretKeyPathEnv corev1.EnvVar
expectedEndpointEnv corev1.EnvVar
expectedOAuthEndpointEnv corev1.EnvVar
expectedVolume corev1.Volume
expectedVolumeMount corev1.VolumeMount
}
Expand All @@ -239,7 +239,7 @@ func TestMountGitHubOAuthEnvVar(t *testing.T) {
},
Annotations: map[string]string{
"che.eclipse.org/oauth-scm-server": "github",
"che.eclipse.org/scm-server-endpoint": "endpoint",
"che.eclipse.org/scm-server-endpoint": "endpoint_1",
},
},
Data: map[string][]byte{
Expand All @@ -256,9 +256,9 @@ func TestMountGitHubOAuthEnvVar(t *testing.T) {
Name: "CHE_OAUTH2_GITHUB_CLIENTSECRET__FILEPATH",
Value: "/che-conf/oauth/github/secret",
},
expectedEndpointEnv: corev1.EnvVar{
Name: "CHE_INTEGRATION_GITHUB_SERVER__ENDPOINTS",
Value: "endpoint",
expectedOAuthEndpointEnv: corev1.EnvVar{
Name: "CHE_INTEGRATION_GITHUB_OAUTH__ENDPOINT",
Value: "endpoint_1",
},
expectedVolume: corev1.Volume{
Name: "github-oauth-config",
Expand Down Expand Up @@ -293,6 +293,10 @@ func TestMountGitHubOAuthEnvVar(t *testing.T) {
assert.NotNil(t, env)
assert.Equal(t, testCase.expectedSecretKeyPathEnv, *env)

env = util.FindEnv(container.Env, "CHE_INTEGRATION_GITHUB_OAUTH__ENDPOINT")
assert.NotNil(t, env)
assert.Equal(t, testCase.expectedOAuthEndpointEnv, *env)

volume := util.FindVolume(deployment.Spec.Template.Spec.Volumes, "github-oauth-config")
assert.NotNil(t, volume)
assert.Equal(t, testCase.expectedVolume, volume)
Expand All @@ -310,7 +314,7 @@ func TestMountGitLabOAuthEnvVar(t *testing.T) {
initObjects []runtime.Object
expectedIdKeyPathEnv corev1.EnvVar
expectedSecretKeyPathEnv corev1.EnvVar
expectedEndpointEnv corev1.EnvVar
expectedOAuthEndpointEnv corev1.EnvVar
expectedVolume corev1.Volume
expectedVolumeMount corev1.VolumeMount
}
Expand All @@ -333,7 +337,7 @@ func TestMountGitLabOAuthEnvVar(t *testing.T) {
},
Annotations: map[string]string{
"che.eclipse.org/oauth-scm-server": "gitlab",
"che.eclipse.org/scm-server-endpoint": "endpoint",
"che.eclipse.org/scm-server-endpoint": "endpoint_1",
},
},
Data: map[string][]byte{
Expand All @@ -343,16 +347,16 @@ func TestMountGitLabOAuthEnvVar(t *testing.T) {
},
},
expectedIdKeyPathEnv: corev1.EnvVar{
Name: "CHE_OAUTH_GITLAB_CLIENTID__FILEPATH",
Name: "CHE_OAUTH2_GITLAB_CLIENTID__FILEPATH",
Value: "/che-conf/oauth/gitlab/id",
},
expectedSecretKeyPathEnv: corev1.EnvVar{
Name: "CHE_OAUTH_GITLAB_CLIENTSECRET__FILEPATH",
Name: "CHE_OAUTH2_GITLAB_CLIENTSECRET__FILEPATH",
Value: "/che-conf/oauth/gitlab/secret",
},
expectedEndpointEnv: corev1.EnvVar{
Name: "CHE_INTEGRATION_GITLAB_SERVER__ENDPOINTS",
Value: "endpoint",
expectedOAuthEndpointEnv: corev1.EnvVar{
Name: "CHE_INTEGRATION_GITLAB_OAUTH__ENDPOINT",
Value: "endpoint_1",
},
expectedVolume: corev1.Volume{
Name: "gitlab-oauth-config",
Expand All @@ -379,17 +383,17 @@ func TestMountGitLabOAuthEnvVar(t *testing.T) {

container := &deployment.Spec.Template.Spec.Containers[0]

env := util.FindEnv(container.Env, "CHE_OAUTH_GITLAB_CLIENTID__FILEPATH")
env := util.FindEnv(container.Env, "CHE_OAUTH2_GITLAB_CLIENTID__FILEPATH")
assert.NotNil(t, env)
assert.Equal(t, testCase.expectedIdKeyPathEnv, *env)

env = util.FindEnv(container.Env, "CHE_OAUTH_GITLAB_CLIENTSECRET__FILEPATH")
env = util.FindEnv(container.Env, "CHE_OAUTH2_GITLAB_CLIENTSECRET__FILEPATH")
assert.NotNil(t, env)
assert.Equal(t, testCase.expectedSecretKeyPathEnv, *env)

env = util.FindEnv(container.Env, "CHE_INTEGRATION_GITLAB_SERVER__ENDPOINTS")
env = util.FindEnv(container.Env, "CHE_INTEGRATION_GITLAB_OAUTH__ENDPOINT")
assert.NotNil(t, env)
assert.Equal(t, testCase.expectedEndpointEnv, *env)
assert.Equal(t, testCase.expectedOAuthEndpointEnv, *env)

volume := util.FindVolume(deployment.Spec.Template.Spec.Volumes, "gitlab-oauth-config")
assert.NotNil(t, volume)
Expand Down
Loading

0 comments on commit 5cfbc07

Please sign in to comment.