Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Openshift connector and Che: openshift user should be logged automatically with the Openshift user. #15261

Closed
sunix opened this issue Nov 20, 2019 · 11 comments
Assignees
Labels
kind/enhancement A feature request - must adhere to the feature request template. severity/P1 Has a major impact to usage or development of the system. status/in-progress This issue has been taken by an engineer and is under active development.
Milestone

Comments

@sunix
Copy link
Contributor

sunix commented Nov 20, 2019

Is your enhancement related to a problem? Please describe.

Having

  • a workspace that use the openshift connector plugin
  • a Che server running on Openshift v4.2 and OpenShift oAuth activated

When a user is opening the openshift connector panel, he is connected as his openshift user. and see (without any project)
Selection_461

Describe the solution you'd like

When a user is opening the openshift connector panel, he should be connected as his openshift user. and not have to login with his credential or token

@sunix sunix added the kind/enhancement A feature request - must adhere to the feature request template. label Nov 20, 2019
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Nov 20, 2019
@tsmaeder tsmaeder added the status/info-needed More information is needed before the issue can move into the “analyzing” state for engineering. label Nov 21, 2019
@tsmaeder
Copy link
Contributor

Not sure I understand this one correctly: What I understand is this:

  1. When opening the connector panel, the cluster that Che is running on is displayed per default
  2. Your expectation is that the user is already logged into that cluster as the same user he uses to log into Che?

@tsmaeder
Copy link
Contributor

@sunix this seems upstream behaviour, right?

@sunix
Copy link
Contributor Author

sunix commented Nov 21, 2019

Not sure I understand this one correctly: What I understand is this:

  1. When opening the connector panel, the cluster that Che is running on is displayed per default
  2. Your expectation is that the user is already logged into that cluster as the same user he uses to log into Che?

yes

@sunix this seems upstream behaviour, right?

not an upstream issue.

@azatsarynnyy
Copy link
Member

OpenShift Connector plugin is connected to a cluster as Che service account. ATM I don't see how we can connect plugin automatically as OpenShift user.

Improving a kubeconfig injection with chectl could make the UX is a bit better. See #14877

@l0rd
Copy link
Contributor

l0rd commented Nov 27, 2019

@azatsarynnyy a couple of comments:

  1. When we inject the context using chectl the OpenShift Connector plugin will use that context (and not the workspace serviceaccount) to connect to the cluster right?
  2. When Che is deployed on OpenShift in multi-user mode and OpenShift OAuth enabled we should inject the OpenShift context of the current Che user at workspace startup (no need to use chectl)

@l0rd
Copy link
Contributor

l0rd commented Nov 27, 2019

Hence for me #14877 and this one are distinct issues:

And this issue is probably the most critical one. But if for technical reasons solving #14877 helps solve this one let's start with #14877. Does that make sense?

@benoitf benoitf removed the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Nov 27, 2019
@sunix sunix removed their assignment Nov 27, 2019
@vparfonov vparfonov added this to the Backlog - IDE 1 milestone Nov 27, 2019
@azatsarynnyy
Copy link
Member

azatsarynnyy commented Nov 28, 2019

@azatsarynnyy a couple of comments:

When we inject the context using chectl the OpenShift Connector plugin will use that context (and not the workspace serviceaccount) to connect to the cluster right?

right

When Che is deployed on OpenShift in multi-user mode and OpenShift OAuth enabled we should inject the OpenShift context of the current Che user at workspace startup (no need to use chectl)

@l0rd where we can get the OpenShift context of the current Che user in that case? Is that information stored somewhere?

@vinokurig
Copy link
Contributor

vinokurig commented Jan 13, 2020

Depends on #15670

@vinokurig vinokurig added the status/blocked Issue that can’t be moved forward. Must include a comment on the reason for the blockage. label Jan 13, 2020
@azatsarynnyy azatsarynnyy removed their assignment Jan 13, 2020
@ericwill ericwill mentioned this issue Jan 28, 2020
12 tasks
@ericwill ericwill mentioned this issue Feb 19, 2020
21 tasks
@vinokurig vinokurig added status/in-progress This issue has been taken by an engineer and is under active development. and removed status/info-needed More information is needed before the issue can move into the “analyzing” state for engineering. labels Mar 4, 2020
@sunix
Copy link
Contributor Author

sunix commented Apr 10, 2020

@ericwill @vinokurig any update on this one ? what is the status ?

@sunix sunix added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Apr 10, 2020
@vinokurig
Copy link
Contributor

It is almost done, waiting for che-incubator/che-theia-openshift-auth#1 and eclipse-che/che-plugin-registry#419 to be reviewed

@vparfonov vparfonov removed the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Apr 13, 2020
@nickboldt nickboldt modified the milestones: Backlog - IDE 1, 7.12 Apr 14, 2020
@dmytro-ndp dmytro-ndp added the severity/P1 Has a major impact to usage or development of the system. label Apr 14, 2020
@dmytro-ndp
Copy link
Contributor

dmytro-ndp commented Apr 14, 2020

The issue is quite important for downstream project CRW, and it would be nice to have it fixed in CRW 2.2.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/enhancement A feature request - must adhere to the feature request template. severity/P1 Has a major impact to usage or development of the system. status/in-progress This issue has been taken by an engineer and is under active development.
Projects
None yet
Development

No branches or pull requests

10 participants