Switch to service account after logging into OpenShift Sandbox

[datho7561]

The service account will remain authenticated for longer than 15 minutes.

To try this out:

1. Log into an OpenShift Sandbox cluster using the Login workflow
2. Run oc whoami. You should see a reference to pipeline, which is the serviceaccount that's being used
3. The Application Explorer should display you as logged in and work as expected

Closes #3838

Signed-off-by: David Thompson davthomp@redhat.com

[datho7561]

@vrubezhny I made the changes you mentioned, specifically:

• There is a notification box that asks if it's okay to use the service account
• The existing context is overwritten instead of adding a new one
• I changed the line wrap settings of the YAML serializer to 120 to avoid >- appearing in the ~/.kube/config

[codecov]

Codecov Report

Attention: 26 lines in your changes are missing coverage. Please review.

Comparison is base (da60441) 32.37% compared to head (8555d78) 45.52%.
Report is 6 commits behind head on main.

Files	Patch %	Lines
src/openshift/cluster.ts	18.75%	26 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #3844       +/-   ##
===========================================
+ Coverage   32.37%   45.52%   +13.15%     
===========================================
  Files          85       85               
  Lines        6505     6532       +27     
  Branches     1349     1352        +3     
===========================================
+ Hits         2106     2974      +868     
+ Misses       4399     3558      -841     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[vrubezhny]

@vrubezhny I made the changes you mentioned, specifically:

• There is a notification box that asks if it's okay to use the service account

✔️

• The existing context is overwritten instead of adding a new one

❔ The current user is changed to pipeline:

So now we have two users: the original one + new pipeline user - both with their tokens set:

- name: vrubezhny/api-sandbox-m3-1530-p1-openshiftapps-com:6443
  user:
    token: sha256~xxxx-xxxx
- name: pipeline
  user:
    token: 
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Once we know for sure that the token for my original user (vrubezhny/api-sandbox-m3-1530-p1-openshiftapps-com:6443) will be expired soon - there is no need to keep it here...
So why not just replace this user's token with the pipeline one instead of creating a new pipeline user and switching into it?

• I changed the line wrap settings of the YAML serializer to 120 to avoid >- appearing in the ~/.kube/config

✅ (There are some tokens that definitely contain more than 120 chars - so it's needed to watch a bit on how the YAML is serialized for those ones, but at the moment I don't see any problems)

[datho7561]

Okay, I've updated the PR to rewrite the token of the current user instead of creating a new one.

[vrubezhny]

• I changed the line wrap settings of the YAML serializer to 120 to avoid >- appearing in the ~/.kube/config

✅ (There are some tokens that definitely contain more than 120 chars - so it's needed to watch a bit on how the YAML is serialized for those ones, but at the moment I don't see any problems)

Nope, 120 chars looks like is not enough:

[vrubezhny]

Looks good overall and works like a charm.

The only question is that we probably must use env.KUBECONFIG when compiling a path to the current Kube config

[vrubezhny]

Looks good to me and works like a charm! Thanks!