Fixx after suggestions

Signed-off-by: Flavius Lacatusu <flacatus@redhat.com>
eclipse-che · Feb 11, 2021 · f0317c0 · f0317c0
1 parent 04ad177
commit f0317c0
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 24 deletions.
diff --git a/.ci/cico_updates_openshift.sh b/.ci/cico_updates_openshift.sh
@@ -27,14 +27,14 @@ overrideDefaults() {
 runTests() {
   "${OPERATOR_REPO}"/olm/testUpdate.sh "openshift" "stable" ${NAMESPACE}
   waitEclipseCheDeployed ${LAST_PACKAGE_VERSION}
-  oauthProvisioned
+  provisionOAuth
   provisionPostgres
   startNewWorkspace
   waitWorkspaceStart
 }
 
 init
 overrideDefaults
-provisionOpenshiftUsers
+provisionOpenShiftOAuthUser
 initStableTemplates "openshift" "stable"
 runTests
diff --git a/.ci/oci-nightly-olm.sh b/.ci/oci-nightly-olm.sh
@@ -30,22 +30,21 @@ trap "catchFinish" EXIT SIGINT
 overrideDefaults() {
   # CI_CHE_OPERATOR_IMAGE it is che operator image builded in openshift CI job workflow. More info about how works image dependencies in ci:https://github.com/openshift/ci-tools/blob/master/TEMPLATES.md#parameters-available-to-templates
   export OPERATOR_IMAGE=${CI_CHE_OPERATOR_IMAGE:-"quay.io/eclipse/che-operator:nightly"}
-  export OAUTH="true"
 }
 
 runTests() {
     # Deploy Eclipse Che applying CR
     applyOlmCR
     waitEclipseCheDeployed "nightly"
-    oauthProvisioned
+    provisionOAuth
     provisionPostgres
     startNewWorkspace
     waitWorkspaceStart
 }
 
 init
-provisionOpenshiftUsers
 overrideDefaults
+provisionOpenShiftOAuthUser
 patchEclipseCheOperatorSubscription
 printOlmCheObjects
 runTests
diff --git a/.ci/oci-single-host.sh b/.ci/oci-single-host.sh
@@ -31,22 +31,21 @@ overrideDefaults() {
   # CI_CHE_OPERATOR_IMAGE it is che operator image builded in openshift CI job workflow. More info about how works image dependencies in ci:https://github.com/openshift/ci-tools/blob/master/TEMPLATES.md#parameters-available-to-templates
   export OPERATOR_IMAGE=${CI_CHE_OPERATOR_IMAGE:-"quay.io/eclipse/che-operator:nightly"}
   export CHE_EXPOSURE_STRATEGY="single-host"
-  export OAUTH="true"
 }
 
 runTests() {
     # Deploy Eclipse Che applying CR
     applyOlmCR
     waitEclipseCheDeployed "nightly"
-    oauthProvisioned
+    provisionOAuth
     provisionPostgres
     startNewWorkspace
     waitWorkspaceStart
 }
 
 init
 overrideDefaults
-provisionOpenshiftUsers
+provisionOpenShiftOAuthUser
 patchEclipseCheOperatorSubscription
 printOlmCheObjects
 runTests
diff --git a/.github/bin/common.sh b/.github/bin/common.sh
@@ -33,7 +33,7 @@ init() {
   export OPERATOR_IMAGE="quay.io/eclipse/che-operator:test"
   export DEFAULT_DEVFILE="https://raw.githubusercontent.com/eclipse/che-devfile-registry/master/devfiles/quarkus/devfile.yaml"
   export CHE_EXPOSURE_STRATEGY="multi-host"
-  export OAUTH="false"
+  export OAUTH="true"
 
   export XDG_DATA_HOME=/tmp/xdg_data
   export XDG_CACHE_HOME=/tmp/xdg_cache
@@ -309,7 +309,7 @@ applyOlmCR() {
 }
 
 # Create admin user inside of openshift cluster and login
-function provisionOpenshiftUsers() {
+function provisionOpenShiftOAuthUser() {
   oc create secret generic htpass-secret --from-file=htpasswd="${OPERATOR_REPO}"/.github/bin/resources/users.htpasswd -n openshift-config            
   oc apply -f "${OPERATOR_REPO}"/.github/bin/resources/htpasswdProvider.yaml
   oc adm policy add-cluster-role-to-user cluster-admin user

diff --git a/.github/bin/oauth-provision.sh b/.github/bin/oauth-provision.sh
@@ -16,12 +16,14 @@ set -o pipefail
 set -u
 
 # Link ocp account with Keycloak IDP
-function oauthProvisioned() {
+function provisionOAuth() {
   OCP_USER_UID=$(oc get user user -o=jsonpath='{.metadata.uid}')
 
   IDP_USER="admin"
+  # Get Eclipse Che IDP secrets and decode to use to connect to IDP
   IDP_PASSWORD=$(oc get secret che-identity-secret -n eclipse-che -o=jsonpath='{.data.password}' | base64 --decode)
 
+  # Get Auth Route
   if [[ "${CHE_EXPOSURE_STRATEGY}" == "single-host" ]]; then
     IDP_HOST="https://"$(oc get route che -n eclipse-che -o=jsonpath='{.spec.host}')
   fi
@@ -30,31 +32,36 @@ function oauthProvisioned() {
     IDP_HOST="https://"$(oc get route keycloak -n eclipse-che -o=jsonpath='{.spec.host}')
   fi
 
+  # Get the oauth client from Eclipse Che Custom Resource
   OAUTH_CLIENT_NAME=$(oc get checluster eclipse-che -n eclipse-che -o=jsonpath='{.spec.auth.oAuthClientName}')
 
-  TOKEN_RESULT=$(curl -k --location --request POST ''$IDP_HOST'/auth/realms/master/protocol/openid-connect/token' \
+  # Obtain from Keycloak the token to make api request authentication
+  IDP_TOKEN=$(curl -k --location --request POST ''$IDP_HOST'/auth/realms/master/protocol/openid-connect/token' \
   --header 'Content-Type: application/x-www-form-urlencoded' \
   --data-urlencode 'username=admin' \
   --data-urlencode 'password='$IDP_PASSWORD'' \
   --data-urlencode 'grant_type=password' \
   --data-urlencode 'client_id=admin-cli' | jq -r .access_token)
 
-  echo -e "[INFO] Token: $TOKEN_RESULT"
+  echo -e "[INFO] IDP Token: $IDP_TOKEN"
 
-  USER_ID=$(curl --location -k --request GET ''$IDP_HOST'/auth/admin/realms/che/users' \
-  --header 'Authorization: Bearer '$TOKEN_RESULT'' | jq -r '.[] | select(.username == "admin").id' )
+  # Get admin user id from IDP
+  CHE_USER_ID=$(curl --location -k --request GET ''$IDP_HOST'/auth/admin/realms/che/users' \
+  --header 'Authorization: Bearer '$IDP_TOKEN'' | jq -r '.[] | select(.username == "admin").id' )
 
-  echo -e "[INFO] user id: $USER_ID"
+  echo -e "[INFO] Eclipse CHE user ID: $CHE_USER_ID"
 
-  curl --location -k --request POST ''$IDP_HOST'/auth/admin/realms/che/users/'$USER_ID'/federated-identity/openshift-v4' \
-  --header 'Authorization: Bearer '$TOKEN_RESULT'' \
+  # Request to link Openshift user with Identity Provider user. In this case we are linked an existed user in IDP
+  curl --location -k --request POST ''$IDP_HOST'/auth/admin/realms/che/users/'$CHE_USER_ID'/federated-identity/openshift-v4' \
+  --header 'Authorization: Bearer '$IDP_TOKEN'' \
   --header 'Content-Type: application/json' \
   --data '{
       "identityProvider": "openshift-v4",
       "userId": "'$OCP_USER_UID'",
       "userName": "admin"
   }'
 
+# Create OAuthClientAuthorization object for Eclipse Che in Cluster. 
 OAUTHCLIENTAuthorization=$(
     oc create -f - -o jsonpath='{.metadata.name}' <<EOF
 apiVersion: oauth.openshift.io/v1
@@ -69,12 +76,8 @@ scopes:
   - 'user:full'
 EOF
 )
-
+  # Create SQL script
   echo -e "Created authorization client: $OAUTHCLIENTAuthorization"
-}
-
-# Insert in Keycloak Database openshift token after linking ocp user with IDP user
-function provisionPostgres() {
   cat << 'EOF' > path.sql
 UPDATE federated_identity SET token ='{"access_token":"INSERT_TOKEN_HERE","expires_in":86400,"scope":"user:full","token_type":"Bearer"}'
 WHERE federated_username = 'admin'
@@ -83,8 +86,8 @@ EOF
   TOKEN=$(oc whoami -t)
   sed -i "s|INSERT_TOKEN_HERE|$TOKEN|g" path.sql
 
+  # Insert sql script inside of postgres and execute it.
   POSTGRES_POD=$(oc get pods -o json -n eclipse-che | jq -r '.items[] | select(.metadata.name | test("postgres-")).metadata.name')
-
   oc cp path.sql "${POSTGRES_POD}":/tmp/ -n eclipse-che
   oc exec -it "${POSTGRES_POD}" -n eclipse-che  -- bash -c "psql -U postgres -d keycloak -d keycloak -f /tmp/path.sql"