Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[che-operator] Configure OAuth1 and OAuth2 integrations with K8s Secrets #18932

Closed
skabashnyuk opened this issue Feb 1, 2021 · 0 comments
Closed

[che-operator] Configure OAuth1 and OAuth2 integrations with K8s Secrets #18932

skabashnyuk opened this issue Feb 1, 2021 · 0 comments
Labels
area/che-operator Issues and PRs related to Eclipse Che Kubernetes Operator kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system.
Milestone
7.27

Comments

@skabashnyuk
Copy link
Contributor

skabashnyuk commented Feb 1, 2021
edited

Is your task related to a problem? Please describe.

We would like to standardize/unify the way how OAuth1 and OAuth2 integration configured.

Describe the solution you'd like

Proposed format.

kind: Secret
apiVersion: v1
metadata:
  name: <scm-provider-id>-oaut-config
  namespace: <...> 
  labels:
    app.kubernetes.io/part-of: che.eclipse.org
    app.kubernetes.io/component: oauth-scm-configuration
  annotations:
    che.eclipse.org/oauth-scm-server: bitbucket (variants: github, bitbucket, gitlab)
    che.eclipse.org/scm-server-endpoint: http://bitbucket-bitbucket.apps.cluster-2d6e.2d6e.example.opentlc.com/ (if url is set that means that this is and on-prem otherwise this is saas)
type: Opaque
data:
  file1: <...> 
  file2: <...>

For Github it will look like this.

kind: Secret
apiVersion: v1
metadata:
  name: github-oaut-config
  namespace: <...> 
  labels:
    app.kubernetes.io/part-of: che.eclipse.org
    app.kubernetes.io/component: oauth-scm-configuration
  annotations:
    che.eclipse.org/oauth-scm-server: github
type: Opaque
data:
  id: <...> 
  secret: <...>

That means that che operator has to :

  • Mount GITHUB_CLIENT_ID and GITHUB_SECRET to keycloak container
  • Run the correct script to create github integrations on keycloak

For Bitbucket server it will looks like this:

kind: Secret
apiVersion: v1
metadata:
  name: github-oaut-config
  namespace: <...> 
  labels:
    app.kubernetes.io/part-of: che.eclipse.org
    app.kubernetes.io/component: oauth-scm-configuration
  annotations:
    che.eclipse.org/oauth-scm-server: bitbucket
    che.eclipse.org/scm-server-endpoint: http://bitbucket-bitbucket.apps.cluster-2d6e.2d6e.example.opentlc.com/
type: Opaque
data:
  private.key: <...> 
  consumer.key: <...>

That means that che operator has to :

Describe alternatives you've considered

Additional context
@skabashnyuk skabashnyuk added kind/task Internal things, technical debt, and to-do tasks to be performed. area/che-operator Issues and PRs related to Eclipse Che Kubernetes Operator labels Feb 1, 2021
@skabashnyuk skabashnyuk mentioned this issue Feb 1, 2021
Merged
9 tasks
@tolusha tolusha added this to the 7.27 milestone Feb 1, 2021
@tolusha tolusha added the severity/P1 Has a major impact to usage or development of the system. label Feb 3, 2021
@tolusha tolusha mentioned this issue Feb 5, 2021
Closed
57 tasks
@skabashnyuk skabashnyuk mentioned this issue Feb 15, 2021
Closed
10 tasks
This was referenced Feb 15, 2021
Merged
Merged
@tolusha tolusha closed this as completed Feb 17, 2021
@skabashnyuk skabashnyuk mentioned this issue Sep 21, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/che-operator Issues and PRs related to Eclipse Che Kubernetes Operator kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
7.27
Development

No branches or pull requests
2 participants
@skabashnyuk @tolusha