Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure OpenShift oAuth client for the OpenShift oAuth provider by operator #16199

Closed
vinokurig opened this issue Mar 2, 2020 · 8 comments
Closed

Configure OpenShift oAuth client for the OpenShift oAuth provider by operator #16199

vinokurig opened this issue Mar 2, 2020 · 8 comments
Labels
area/che-operator Issues and PRs related to Eclipse Che Kubernetes Operator area/chectl Issues related to chectl, the CLI of Che kind/enhancement A feature request - must adhere to the feature request template. severity/P1 Has a major impact to usage or development of the system. status/blocked Issue that can’t be moved forward. Must include a comment on the reason for the blockage.

Comments

@vinokurig
Copy link
Contributor

vinokurig commented Mar 2, 2020
edited
Loading

Is your enhancement related to a problem? Please describe.

The OpenShift oAuth provider which was introduced by #15963 must be manually configured to corresponding OpenShift oAuth client: https://www.eclipse.org/che/docs/che-7/configuring-openshift-oauth/. We can get rid of manual configuring by applying a new option for workspace:start command in the che-operator (similar to --os-oauth in the chectl) which will create a new oAuth client for OpenShift and then propagate related values to the OpenShift oAuth provider.

Describe the solution you'd like

Describe alternatives you've considered

Additional context

depends on #15963
@vinokurig vinokurig added kind/enhancement A feature request - must adhere to the feature request template. area/chectl Issues related to chectl, the CLI of Che area/che-operator Issues and PRs related to Eclipse Che Kubernetes Operator labels Mar 2, 2020
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Mar 2, 2020
@vinokurig vinokurig mentioned this issue Mar 2, 2020
Merged
@ibuziuk ibuziuk added team/deploy and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Mar 2, 2020
@ibuziuk
Copy link
Member

ibuziuk commented Mar 2, 2020

@tolusha adding team/deploy label

@ibuziuk ibuziuk added the severity/P1 Has a major impact to usage or development of the system. label Mar 2, 2020
@ibuziuk
Copy link
Member

ibuziuk commented Mar 2, 2020

setting P1 but I'm not sure about priority for this particular issue

@l0rd
Copy link
Contributor

l0rd commented Mar 2, 2020

applying a new option for workspace:start command

@vinokurig workspaces:start is a chectl command, you want to automate the creation of the client at the operator level right?

@davidfestal
Copy link
Contributor

In the case when openshiftOAuth mode is already enabled in the Che operator, we could probably explore the ability to reuse the existing OAuth client already created by the operator, instead of creating a second one ?

@vinokurig
Copy link
Contributor Author

@l0rd

workspaces:start is a chectl command, you want to automate the creation of the client at the operator level right?

It supposed to be automated at the operator level, but chectl should have an ability to control this option.

@davidfestal
I don't like the idea of reusing existing openshiftOAuth mode because user might want to use the OpenShift provider separately from the openshiftOAuth mode.

@tolusha tolusha added this to the Backlog - Deploy milestone Mar 4, 2020
@ericwill ericwill mentioned this issue Mar 20, 2020
Closed
50 tasks
@vinokurig vinokurig added the status/blocked Issue that can’t be moved forward. Must include a comment on the reason for the blockage. label Mar 20, 2020
@vinokurig
Copy link
Contributor Author

Currently I am stuck on getting the openshift endpoint url by k8s api. I need it to pass the env variables to che server. @benoitf @davidfestal any ideas?

@ericwill ericwill mentioned this issue Apr 1, 2020
Closed
47 tasks
@vinokurig
Copy link
Contributor Author

Depends on #16488. It will bring the ability to use openshift oauth provider as a keycloack identity provider, similar to --os-oauth chectl option

@vinokurig
Copy link
Contributor Author

Since we have switched to keycloak authentication (#16488) the openshift oauth API uses existing OAuth client which is already created by the operator.

@tolusha tolusha removed this from the Backlog - Deploy milestone Apr 15, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/che-operator Issues and PRs related to Eclipse Che Kubernetes Operator area/chectl Issues related to chectl, the CLI of Che kind/enhancement A feature request - must adhere to the feature request template. severity/P1 Has a major impact to usage or development of the system. status/blocked Issue that can’t be moved forward. Must include a comment on the reason for the blockage.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@l0rd @davidfestal @ibuziuk @tolusha @vinokurig @che-bot