Instructions for OpenShift OAuth provider (#1076)

* Instructions for OpenShift OAuth provider

Signed-off-by: Igor Vinokur <ivinokur@redhat.com>

* fixup! Instructions for OpenShift OAuth provider

* fixup! Instructions for OpenShift OAuth provider

* Update src/main/pages/che-7/end-user-guide/assembly_configuring-openshift-oauth.adoc

* Update src/main/pages/che-7/end-user-guide/proc_managing-pull-requests-using-the-github-pr-plug-in.adoc

* Update src/main/pages/che-7/end-user-guide/assembly_configuring-openshift-oauth.adoc

Co-authored-by: Fabrice Flore-Thébault <ffloreth@redhat.com>

src/main/_data/sidebars/che_7_docs.yml

@@ -137,6 +137,18 @@ entries:
     - title: Using a VS Code extension in Che
       url: che-7/using-a-visual-studio-code-extension-in-che
       output: web
+  - title: Configuring OAuth authorization
+    output: web
+    folderitems:
+      - title: Overview
+        url: che-7/configuring-oauth-authorization
+        output: web
+      - title: Configuring GitHub OAuth
+        url: che-7/configuring-github-oauth
+        output: web
+      - title: Configuring OpenShift OAuth
+        url: che-7/configuring-openshift-oauth
+        output: web
   #- title: Troubleshooting for Che end users
     #url: che-7/troubleshooting-for-che-end-users
     #output: web

src/main/pages/che-7/end-user-guide/proc_configuring-github-oauth.adoc → src/main/pages/che-7/end-user-guide/assembly_configuring-github-oauth.adoc

@@ -1,4 +1,12 @@
-// version-control
+---
+title: Configuring GitHub OAuth
+keywords: 
+tags: []
+sidebar: che_7_docs
+permalink: che-7/configuring-github-oauth/
+folder: che-7/end-user-guide
+summary: 
+---
 
 [id="configuring-github-oauth_{context}"]
 = Configuring GitHub OAuth

src/main/pages/che-7/end-user-guide/assembly_configuring-oauth-authorization.adoc

@@ -0,0 +1,24 @@
+---
+title: Configuring OAuth authorization
+keywords:
+tags: []
+sidebar: che_7_docs
+permalink: che-7/configuring-oauth-authorization/
+folder: che-7/end-user-guide
+summary:
+---
+
+:parent-context-of-configuring-oauth-authorization: {context}
+
+[id='configuring-oauth-authorization']
+= Configuring OAuth authorization
+
+:context: configuring-oauth-authorization
+
+This section describes how to connect {prod} as an OAuth application to supported OAuth providers.
+
+* link:{site-baseurl}che-7/configuring-github-oauth[Configuring GitHub OAuth]
+
+* link:{site-baseurl}che-7/configuring-openshift-oauth[Configuring OpenShift OAuth]
+
+:context: {parent-context-of-configuring-oauth-authorization}

src/main/pages/che-7/end-user-guide/assembly_configuring-openshift-oauth.adoc

@@ -0,0 +1,61 @@
+---
+title: Configuring OpenShift OAuth
+keywords: 
+tags: []
+sidebar: che_7_docs
+permalink: che-7/configuring-openshift-oauth/
+folder: che-7/end-user-guide
+summary: 
+---
+
+[id="configuring-openshift-oauth_{context}"]
+= Configuring OpenShift OAuth
+
+OAuth for OpenShift allows to obtain OpenShift token.
+
+.Procedure
+
+. Register Che OAuth client in OpenShift (see link:https://docs.openshift.com/container-platform/4.3/authentication/configuring-internal-oauth.html#oauth-register-additional-client_configuring-internal-oauth[Register an OAuth client in OpenShift]).
++
+[subs="+quotes"]
+----
+$ oc create -f <(echo '
+kind: OAuthClient
+apiVersion: oauth.openshift.io/v1
+metadata:
+ name: che
+secret: "<random set of symbols>"
+redirectURIs:
+ - "<Che api url>/oauth/callback"
+grantMethod: prompt
+')
+----
+. Add the OpenShift SSL certificate to the Che Java trust store.
+.. Export the OpenShift SSL certificate to `ca.crt` file.
+.. Create a *configMap* with the certificate.
++
+====
+[subs="+quotes"]
+----
+oc create configmap custom-public-cert --from-file=ca.crt -n che
+----
+====
+. Update the OpenShift deployment configuration
+(see link:{site-baseurl}che-7/advanced-configuration-options/#che-configmaps-and-their-behavior_advanced-configuration-options[Che configMaps and their behavior],
+link:{site-baseurl}che-7/advanced-configuration-options/#che-installed-using-a-helm-chart[Che installed using a Helm Chart]).
++
+====
+[subs="+quotes"]
+----
+CHE_OAUTH_OPENSHIFT_CLIENTID: <client-id>
+CHE_OAUTH_OPENSHIFT_CLIENTSECRET: <openshift-secret>
+CHE_OAUTH_OPENSHIFT_OAUTH__ENDPOINT: <oauth-endpoint>
+CHE_OAUTH_OPENSHIFT_VERIFY__TOKEN__URL: <verify-token-url>
+----
+====
+* <client-id> a name specified in the OpenShift OAuthClient.
+* <openshift-secret> a secret specified in the OpenShift OAuthClient.
+* <oauth-endpoint> the url of the OpenShift oauth service:
+** For OpenShift 3 specify the OpenShift master url.
+** For OpenShift 4 specify the `oauth-openshift` route.
+* <verify-token-url> request url that is used to verify the token. `<OpenShift master url>/api` can be used for OpenShift 3 and 4.

src/main/pages/che-7/end-user-guide/assembly_version-control.adoc

@@ -25,8 +25,6 @@ include::proc_accessing-a-git-repository-via-https.adoc[leveloffset=+1]
 
 include::proc_accessing-a-git-repository-via-ssh.adoc[leveloffset=+1]
 
-include::proc_configuring-github-oauth.adoc[leveloffset=+1]
-
 include::proc_managing-pull-requests-using-the-github-pr-plug-in.adoc[leveloffset=+1]
 
 :context: {parent-context-of-version-control}

src/main/pages/che-7/end-user-guide/proc_managing-pull-requests-using-the-github-pr-plug-in.adoc

@@ -10,7 +10,7 @@ To manage GitHub pull requests, the VS Code GitHub Pull Request plug-in is avail
 
 .Prerequisites
 
-* GitHub OAuth should be configured (see link:https://www.eclipse.org/che/docs/che-7/version-control/#configuring-github-oauth_version-control[Configuring GitHub OAuth)].
+* GitHub OAuth should be configured (see link:{site-baseurl}che-7/configuring-github-oauth/[Configuring GitHub OAuth)].
 
 .Procedure