From 82a89384e6461448fcbf299e31454b7474c5ae3b Mon Sep 17 00:00:00 2001 From: Igor Vinokur Date: Mon, 17 Feb 2020 13:11:06 +0200 Subject: [PATCH] Instructions for OpenShift OAuth provider (#1076) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Instructions for OpenShift OAuth provider Signed-off-by: Igor Vinokur * fixup! Instructions for OpenShift OAuth provider * fixup! Instructions for OpenShift OAuth provider * Update src/main/pages/che-7/end-user-guide/assembly_configuring-openshift-oauth.adoc * Update src/main/pages/che-7/end-user-guide/proc_managing-pull-requests-using-the-github-pr-plug-in.adoc * Update src/main/pages/che-7/end-user-guide/assembly_configuring-openshift-oauth.adoc Co-authored-by: Fabrice Flore-Thébault --- src/main/_data/sidebars/che_7_docs.yml | 12 ++++ ...=> assembly_configuring-github-oauth.adoc} | 10 ++- ...embly_configuring-oauth-authorization.adoc | 24 ++++++++ .../assembly_configuring-openshift-oauth.adoc | 61 +++++++++++++++++++ .../assembly_version-control.adoc | 2 - ...-requests-using-the-github-pr-plug-in.adoc | 2 +- 6 files changed, 107 insertions(+), 4 deletions(-) rename src/main/pages/che-7/end-user-guide/{proc_configuring-github-oauth.adoc => assembly_configuring-github-oauth.adoc} (89%) create mode 100644 src/main/pages/che-7/end-user-guide/assembly_configuring-oauth-authorization.adoc create mode 100644 src/main/pages/che-7/end-user-guide/assembly_configuring-openshift-oauth.adoc diff --git a/src/main/_data/sidebars/che_7_docs.yml b/src/main/_data/sidebars/che_7_docs.yml index 2b2f61add5..986fc84780 100644 --- a/src/main/_data/sidebars/che_7_docs.yml +++ b/src/main/_data/sidebars/che_7_docs.yml @@ -137,6 +137,18 @@ entries: - title: Using a VS Code extension in Che url: che-7/using-a-visual-studio-code-extension-in-che output: web + - title: Configuring OAuth authorization + output: web + folderitems: + - title: Overview + url: che-7/configuring-oauth-authorization + output: web + - title: Configuring GitHub OAuth + url: che-7/configuring-github-oauth + output: web + - title: Configuring OpenShift OAuth + url: che-7/configuring-openshift-oauth + output: web #- title: Troubleshooting for Che end users #url: che-7/troubleshooting-for-che-end-users #output: web diff --git a/src/main/pages/che-7/end-user-guide/proc_configuring-github-oauth.adoc b/src/main/pages/che-7/end-user-guide/assembly_configuring-github-oauth.adoc similarity index 89% rename from src/main/pages/che-7/end-user-guide/proc_configuring-github-oauth.adoc rename to src/main/pages/che-7/end-user-guide/assembly_configuring-github-oauth.adoc index df5f4c78cd..9cd587ae25 100644 --- a/src/main/pages/che-7/end-user-guide/proc_configuring-github-oauth.adoc +++ b/src/main/pages/che-7/end-user-guide/assembly_configuring-github-oauth.adoc @@ -1,4 +1,12 @@ -// version-control +--- +title: Configuring GitHub OAuth +keywords: +tags: [] +sidebar: che_7_docs +permalink: che-7/configuring-github-oauth/ +folder: che-7/end-user-guide +summary: +--- [id="configuring-github-oauth_{context}"] = Configuring GitHub OAuth diff --git a/src/main/pages/che-7/end-user-guide/assembly_configuring-oauth-authorization.adoc b/src/main/pages/che-7/end-user-guide/assembly_configuring-oauth-authorization.adoc new file mode 100644 index 0000000000..533541eede --- /dev/null +++ b/src/main/pages/che-7/end-user-guide/assembly_configuring-oauth-authorization.adoc @@ -0,0 +1,24 @@ +--- +title: Configuring OAuth authorization +keywords: +tags: [] +sidebar: che_7_docs +permalink: che-7/configuring-oauth-authorization/ +folder: che-7/end-user-guide +summary: +--- + +:parent-context-of-configuring-oauth-authorization: {context} + +[id='configuring-oauth-authorization'] += Configuring OAuth authorization + +:context: configuring-oauth-authorization + +This section describes how to connect {prod} as an OAuth application to supported OAuth providers. + +* link:{site-baseurl}che-7/configuring-github-oauth[Configuring GitHub OAuth] + +* link:{site-baseurl}che-7/configuring-openshift-oauth[Configuring OpenShift OAuth] + +:context: {parent-context-of-configuring-oauth-authorization} diff --git a/src/main/pages/che-7/end-user-guide/assembly_configuring-openshift-oauth.adoc b/src/main/pages/che-7/end-user-guide/assembly_configuring-openshift-oauth.adoc new file mode 100644 index 0000000000..c8779291ad --- /dev/null +++ b/src/main/pages/che-7/end-user-guide/assembly_configuring-openshift-oauth.adoc @@ -0,0 +1,61 @@ +--- +title: Configuring OpenShift OAuth +keywords: +tags: [] +sidebar: che_7_docs +permalink: che-7/configuring-openshift-oauth/ +folder: che-7/end-user-guide +summary: +--- + +[id="configuring-openshift-oauth_{context}"] += Configuring OpenShift OAuth + +OAuth for OpenShift allows to obtain OpenShift token. + +.Procedure + +. Register Che OAuth client in OpenShift (see link:https://docs.openshift.com/container-platform/4.3/authentication/configuring-internal-oauth.html#oauth-register-additional-client_configuring-internal-oauth[Register an OAuth client in OpenShift]). ++ +[subs="+quotes"] +---- +$ oc create -f <(echo ' +kind: OAuthClient +apiVersion: oauth.openshift.io/v1 +metadata: + name: che +secret: "" +redirectURIs: + - "/oauth/callback" +grantMethod: prompt +') +---- +. Add the OpenShift SSL certificate to the Che Java trust store. +.. Export the OpenShift SSL certificate to `ca.crt` file. +.. Create a *configMap* with the certificate. ++ +==== +[subs="+quotes"] +---- +oc create configmap custom-public-cert --from-file=ca.crt -n che +---- +==== +. Update the OpenShift deployment configuration +(see link:{site-baseurl}che-7/advanced-configuration-options/#che-configmaps-and-their-behavior_advanced-configuration-options[Che configMaps and their behavior], +link:{site-baseurl}che-7/advanced-configuration-options/#che-installed-using-a-helm-chart[Che installed using a Helm Chart]). ++ +==== +[subs="+quotes"] +---- +CHE_OAUTH_OPENSHIFT_CLIENTID: +CHE_OAUTH_OPENSHIFT_CLIENTSECRET: +CHE_OAUTH_OPENSHIFT_OAUTH__ENDPOINT: +CHE_OAUTH_OPENSHIFT_VERIFY__TOKEN__URL: +---- +==== +* a name specified in the OpenShift OAuthClient. +* a secret specified in the OpenShift OAuthClient. +* the url of the OpenShift oauth service: +** For OpenShift 3 specify the OpenShift master url. +** For OpenShift 4 specify the `oauth-openshift` route. +* request url that is used to verify the token. `/api` can be used for OpenShift 3 and 4. diff --git a/src/main/pages/che-7/end-user-guide/assembly_version-control.adoc b/src/main/pages/che-7/end-user-guide/assembly_version-control.adoc index 401d564907..0da940732d 100644 --- a/src/main/pages/che-7/end-user-guide/assembly_version-control.adoc +++ b/src/main/pages/che-7/end-user-guide/assembly_version-control.adoc @@ -25,8 +25,6 @@ include::proc_accessing-a-git-repository-via-https.adoc[leveloffset=+1] include::proc_accessing-a-git-repository-via-ssh.adoc[leveloffset=+1] -include::proc_configuring-github-oauth.adoc[leveloffset=+1] - include::proc_managing-pull-requests-using-the-github-pr-plug-in.adoc[leveloffset=+1] :context: {parent-context-of-version-control} diff --git a/src/main/pages/che-7/end-user-guide/proc_managing-pull-requests-using-the-github-pr-plug-in.adoc b/src/main/pages/che-7/end-user-guide/proc_managing-pull-requests-using-the-github-pr-plug-in.adoc index e3206ee9d8..66885f0b12 100644 --- a/src/main/pages/che-7/end-user-guide/proc_managing-pull-requests-using-the-github-pr-plug-in.adoc +++ b/src/main/pages/che-7/end-user-guide/proc_managing-pull-requests-using-the-github-pr-plug-in.adoc @@ -10,7 +10,7 @@ To manage GitHub pull requests, the VS Code GitHub Pull Request plug-in is avail .Prerequisites -* GitHub OAuth should be configured (see link:https://www.eclipse.org/che/docs/che-7/version-control/#configuring-github-oauth_version-control[Configuring GitHub OAuth)]. +* GitHub OAuth should be configured (see link:{site-baseurl}che-7/configuring-github-oauth/[Configuring GitHub OAuth)]. .Procedure