Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Obtain and persist Bitbucket personal access token as k8s secret #18388

Closed
skabashnyuk opened this issue Nov 17, 2020 · 2 comments · Fixed by #18726
Closed

Obtain and persist Bitbucket personal access token as k8s secret #18388

skabashnyuk opened this issue Nov 17, 2020 · 2 comments · Fixed by #18726
Assignees
@skabashnyuk
Labels
area/factory/server Server side of factory implementation kind/task Internal things, technical debt, and to-do tasks to be performed.
Projects
Che Platform team sprint #194
Milestone
7.27

Comments

@skabashnyuk
Copy link
Contributor

Is your task related to a problem? Please describe.

To be able to use Bitbucket personal access token during factory resolution #18386
and git operations we want to persist them as k8s secrets

Describe the solution you'd like

Obtain and persist Bitbucket personal access token as k8s secret

apiVersion: v1
kind: Secret
metadata:
  name: bitbucket-personal-access-token-secret
  labels:
    app.kubernetes.io/part-of: che.eclipse.org
    app.kubernetes.io/component: bitbucket-personal-access-token
  annotations:
    che.eclipse.org/expired-after: 12323423
    che.eclipse.org/che-userid: 7234090-45345234
    che.eclipse.org/bitbucket-userid: 34593094509
    che.eclipse.org/bitbucket-username: 'tshevchenko'
data:
  token: ZHNhZmFkZmFzZGZxMzRyMzRyMTM0
apiVersion: v1
kind: Secret
metadata:
  name: git-credentials-secret
  labels:
    app.kubernetes.io/part-of: che.eclipse.org
    app.kubernetes.io/component: workspace-secret
  annotations:
    che.eclipse.org/expired-after: 12323423  
    che.eclipse.org/che-userid: 7234090-45345234
    che.eclipse.org/automount-workspace-secret: 'true'
    che.eclipse.org/mount-path: /home/theia/.git-credentials
    che.eclipse.org/mount-as: file
    che.eclipse.org/git-credential: 'true'
    che.eclipse.org/bitbucket-personal-access-token-secret: 'bitbucket-personal-access-token-secret'
data:
  credentials: aHR0cHM6Ly91c2VyOnBhc3NAZXhhbXBsZS5jb20K

Describe alternatives you've considered

n/a

Additional context

#18385
@skabashnyuk skabashnyuk added kind/task Internal things, technical debt, and to-do tasks to be performed. area/factory/server Server side of factory implementation labels Nov 17, 2020
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Nov 17, 2020
@skabashnyuk skabashnyuk removed the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Nov 17, 2020
@skabashnyuk skabashnyuk changed the title Obtain and perist Bitbacket personal access token as k8s secret Obtain and persist Bitbucket personal access token as k8s secret Nov 17, 2020
@skabashnyuk skabashnyuk mentioned this issue Nov 17, 2020
Closed
10 tasks
@skabashnyuk skabashnyuk added this to To do in Che Platform team sprint #194 via automation Dec 9, 2020
@skabashnyuk skabashnyuk added this to the 7.24 milestone Dec 9, 2020
@skabashnyuk skabashnyuk moved this from To do to In progress in Che Platform team sprint #194 Dec 23, 2020
@skabashnyuk skabashnyuk mentioned this issue Dec 30, 2020
Closed
6 tasks
@skabashnyuk skabashnyuk modified the milestones: 7.24, 7.25 Dec 30, 2020
@skabashnyuk skabashnyuk self-assigned this Jan 4, 2021
@skabashnyuk skabashnyuk mentioned this issue Jan 5, 2021
Merged
9 tasks
@skabashnyuk
Copy link
Contributor Author

skabashnyuk commented Jan 5, 2021
edited
Loading

In my "experimental code" #18726 I was to able determine the current Bitbucket user (that was quite a complicated thing because Bitbucket server has no API to figure out that) and obtain and persist server personal access code.
Знімок екрана 2021-01-04 о 16 32 15

@skabashnyuk
Copy link
Contributor Author

In c8772d2 changed

  1. Git credential secret - changed name to [scm-user-name]-git-credentials-secret-[5 random]
  2. Git credential secret - added che user id annotation
  3. Personal token secret - changed name to personal-access-token-[5 random]
  4. Personal token secret - added che.eclipse.org/scm-personal-access-token-id
  5. Personal token secret - added che.eclipse.org/scm-personal-access-token-name
  6. Bitbucket token - changed name to che-token--
  7. Bitbucket token - changed name to che-token--
  8. BitbucketPersonalAccessToken - added lastAuthenticated, ignoring default fields on decerialization.

Now secrets look like this:
Знімок екрана 2021-01-05 о 16 43 03
Знімок екрана 2021-01-05 о 16 43 14

@skabashnyuk skabashnyuk modified the milestones: 7.25, 7.26 Jan 20, 2021
@skabashnyuk skabashnyuk mentioned this issue Jan 20, 2021
Closed
5 tasks
@skabashnyuk skabashnyuk mentioned this issue Feb 1, 2021
Closed
@skabashnyuk skabashnyuk modified the milestones: 7.26, 7.25, 7.27 Feb 9, 2021
@skabashnyuk skabashnyuk mentioned this issue Feb 10, 2021
Closed
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@skabashnyuk skabashnyuk

Labels
area/factory/server Server side of factory implementation kind/task Internal things, technical debt, and to-do tasks to be performed.
Projects
No open projects
Che Platform team sprint #194
  
In progress
Milestone
7.27
Development

Successfully merging a pull request may close this issue.

Obtain and persist Bitbucket personal access token as k8s secret skabashnyuk/che
2 participants
@skabashnyuk @che-bot