Conversation
Related to issue redhat-developer/rh-che#680 Signed-off-by: David Festal <dfestal@redhat.com>
Signed-off-by: David Festal <dfestal@redhat.com>
Signed-off-by: David Festal <dfestal@redhat.com>
Signed-off-by: David Festal <dfestal@redhat.com>
|
Can one of the admins verify this patch? |
|
ci-test |
benoitf
added
status/code-review
|
ci-test build report: |
Adapt to changes made in upstream PR eclipse-che/che#9962 Signed-off-by: David Festal <dfestal@redhat.com>
garagatyi
left a comment
garagatyi
left a comment
There was a problem hiding this comment.
Overall looks good. I would love to see code been improved from the support side. I added inlined comments about that.
| import org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment; | ||
| import org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespaceFactory; | ||
|
|
||
| /** @author David Festal */ |
| throws InfrastructureException { | ||
|
|
||
| AuthConfigs authConfigs = userSpecificDockerRegistryCredentialsProvider.getCredentials(); | ||
| if (authConfigs.getConfigs().isEmpty()) { |
There was a problem hiding this comment.
You may get an NPE here. Please, add a check.
| Base64.Encoder encoder = Base64.getEncoder(); | ||
|
|
||
| String config; | ||
| try (StringWriter strWriter = new StringWriter(); |
There was a problem hiding this comment.
This class contains multiple levels of abstraction - usage of provider, manipulating strings, usage of k8s objects. This makes it too complex. Please, move conversion of AuthConfigs to Secret into a separate class.
There was a problem hiding this comment.
Maybe private method could be enough
There was a problem hiding this comment.
Fixed with a private method
| (name, authConfig) -> { | ||
| try { | ||
| if (!name.startsWith("https://")) { | ||
| name = "https://" + name; |
There was a problem hiding this comment.
if the name starts from http:// we add "https://" in front of it. Should we really do that?
| jsonWriter.value(authConfig.getPassword()); | ||
| jsonWriter.name("email"); | ||
| jsonWriter.value("email@email"); | ||
| String auth = |
There was a problem hiding this comment.
Can you point me to a doc that describes how this object should look like - I don't understand by looking at the code. This also indicates that this code is not clear and might require additional code simplifications or comments to ease support of this code.
There was a problem hiding this comment.
I added an example in the Javadoc of the extracted private method
| k8sEnv.getPods().values().forEach(this::provision); | ||
| } | ||
|
|
||
| public void provision(Pod pod) { |
There was a problem hiding this comment.
It looks like this method should be private
| .getBytes()); | ||
| } | ||
|
|
||
| @SuppressWarnings("unchecked") |
There was a problem hiding this comment.
If you use suppressing of warnings, please, add a comment to the doc that explains why it is safe to suppress warnings.
There was a problem hiding this comment.
BTW it's not good practice to use SuppressWarnings for the whole method.
There was a problem hiding this comment.
I removed the warnings completely, so no more SuppressWarnings :-)
| verifyZeroInteractions(podSpec); | ||
| } | ||
|
|
||
| private static class TestAuthConfig implements AuthConfig { |
There was a problem hiding this comment.
Please, move auxiliary methods down. It is easier to read test when test cases are higher and all other methods are lower in the class.
infrastructures/kubernetes/pom.xml
Outdated
| </dependency> | ||
| <dependency> | ||
| <groupId>org.eclipse.che.infrastructure.docker</groupId> | ||
| <artifactId>docker-client</artifactId> |
There was a problem hiding this comment.
I think this dependency can potentially bring some issues in future. I suggest to move docker auth related code in separate maven module and replace this dependency with it.
@sleshchenko @garagatyi @gazarenkov wdyt?
There was a problem hiding this comment.
@skabashnyuk the same applies to the docker-environment dependency that is just below right?
There was a problem hiding this comment.
I would say that not the same. It is supposed that docker-environment may be reused by another infrastructure.
There was a problem hiding this comment.
Is it a blocker for this PR or could this new module refactoring be done in a next PR ?
There was a problem hiding this comment.
Yes. Could you do that please in this PR. I really appreciate your efforts. I guess it will take less time then we spend writing this comments and protect us with potential binding/classloading/configuration issues.
There was a problem hiding this comment.
I extracted the docker auth-related classes to a new docker-auth maven module.
@skabashnyuk does it correspond to what you were expecting ?
| static final String SECRET_NAME = "workspace-private-registries"; | ||
|
|
||
| private final UserSpecificDockerRegistryCredentialsProvider | ||
| userSpecificDockerRegistryCredentialsProvider; |
There was a problem hiding this comment.
quite a long variable name =)
There was a problem hiding this comment.
is it a problem ?
There was a problem hiding this comment.
tiny one. I don't like such long names 😄
There was a problem hiding this comment.
I reduced its length :-D
| .getBytes()); | ||
| } | ||
|
|
||
| @SuppressWarnings("unchecked") |
There was a problem hiding this comment.
BTW it's not good practice to use SuppressWarnings for the whole method.
| return; | ||
| } | ||
|
|
||
| Gson gson = new Gson(); |
There was a problem hiding this comment.
Please explain why do you need to create it here instead of a single line where it is used?
There was a problem hiding this comment.
Fixed in other code changes.
|
|
||
| Base64.Encoder encoder = Base64.getEncoder(); | ||
|
|
||
| String config; |
There was a problem hiding this comment.
Why do you need a declaration of this variable here?
There was a problem hiding this comment.
Not needed. Fixed.
| Base64.Encoder encoder = Base64.getEncoder(); | ||
|
|
||
| String config; | ||
| try (StringWriter strWriter = new StringWriter(); |
There was a problem hiding this comment.
Maybe private method could be enough
| jsonWriter.value(encoder.encodeToString(auth.getBytes())); | ||
| jsonWriter.endObject(); | ||
| } catch (IOException e) { | ||
| throw new RuntimeException(e); |
There was a problem hiding this comment.
Please don't throw RuntimeException. InfrastructureException only is expected to be thrown by this method.
There was a problem hiding this comment.
Replacing the forEach with a for loop removed the need for a RuntimeException
Signed-off-by: David Festal <dfestal@redhat.com>
|
@garagatyi @sleshchenko I mainly did the changes you requested. Is it OK for you OK now ? @skabashnyuk The only remaining comment that I didn't fix is this one @l0rd wdyt ? could be postpone this to a next PR ? |
| jsonWriter.value(encoder.encodeToString(auth.getBytes())); | ||
| jsonWriter.endObject(); | ||
| } catch (IOException e) { | ||
| throw new InfrastructureException(e); |
There was a problem hiding this comment.
I think that IOException message here won't be user-friendly. Can you wrap it with an introduction appropriate for a user?
| jsonWriter.flush(); | ||
| return strWriter.toString(); | ||
| } catch (IOException e) { | ||
| throw new InfrastructureException(e); |
There was a problem hiding this comment.
I think that IOException message here won't be user-friendly. Can you wrap it with an introduction appropriate for a user?
There was a problem hiding this comment.
I added a message to the wrapping exception.
Signed-off-by: David Festal <dfestal@redhat.com>
as requested by @skabashnyuk [here](#9962 (review)) Signed-off-by: David Festal <dfestal@redhat.com>
Signed-off-by: David Festal <dfestal@redhat.com>
|
ci-test |
|
ci-test build report: |
sleshchenko
left a comment
sleshchenko
left a comment
There was a problem hiding this comment.
LGTM. Please take a look my inlined comments especially about DockerComposeEnvironmentConverter.
| <packaging>jar</packaging> | ||
| <name>Infrastructure :: Docker :: Docker Auth</name> | ||
| <properties> | ||
| <findbugs.failonerror>false</findbugs.failonerror> |
There was a problem hiding this comment.
It should be! Please, do not use this property unless you have strong arguments why we should use it!
There was a problem hiding this comment.
This came from a copy/paste of the docker-client pom.xml file.
I just removed it.
| * @author Anton Korneta | ||
| */ | ||
| @Singleton | ||
| public class DockerComposeEnvironmentConverter { |
There was a problem hiding this comment.
It looks exactly the same as DockerImageEnvironmentConverter but with another name. Please check these changes, I guess it should be reverted.
| * @author Anton Korneta | ||
| */ | ||
| @Singleton | ||
| public class DockerComposeEnvironmentConverter { |
There was a problem hiding this comment.
This class seems to be unrelated to your PR. Can you elaborate why we need it?
There was a problem hiding this comment.
yes, it was added by mistake. I just removed it.
Signed-off-by: David Festal <dfestal@redhat.com>
Signed-off-by: David Festal <dfestal@redhat.com>
|
ci-test |
|
ci-test build report: |
benoitf
removed
the
status/code-review
Adapt to changes made in upstream PR eclipse-che/che#9962 Signed-off-by: David Festal <dfestal@redhat.com>
* Support private docker registry in Che on Kubernetes / Openshift : related to issue redhat-developer/rh-che#680 * Extract the `AuthConfig` and related classes to a new module Signed-off-by: David Festal <dfestal@redhat.com>
* Support private docker registries in OSIO : adapt to changes made in upstream PR eclipse-che/che#9962 * Now upgrade to the `6.6.1` bugfix release the contains required upstream changes Signed-off-by: David Festal <dfestal@redhat.com>
* Support private docker registry in Che on Kubernetes / Openshift : related to issue redhat-developer/rh-che#680 * Extract the `AuthConfig` and related classes to a new module Signed-off-by: David Festal <dfestal@redhat.com>
8 participants
What does this PR do?
This PR adds support of private docker registries when running on the Kubernetes and OpenShift infrastructure.
What issues does this PR fix or reference?
redhat-developer/rh-che#680