fix configuration

Signed-off-by: Michal Vala <mvala@redhat.com>

assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties

@@ -553,7 +553,7 @@ che.infra.kubernetes.trusted_ca.dest_configmap_labels=
 # This results in huge privilege escalation.
 # It impacts only Kubernetes infrastructure. Therefore it implies no security risk on OpenShift with OAuth.
 # Do not enable this, unless you understand the risks.
-che.infra.kubernetes.enable_unsupported_k8s=false
+# che.infra.kubernetes.enable_unsupported_k8s=false
 
 ### OpenShift Infra parameters
 

infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/namespace/configurator/CredentialsSecretConfiguratorTest.java

@@ -0,0 +1,6 @@
+package org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator;
+
+import static org.testng.Assert.*;
+public class CredentialsSecretConfiguratorTest {
+
+}

multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/KeycloakEnvironmentInitializationFilter.java

@@ -13,6 +13,7 @@
 
 import static com.google.common.base.Strings.isNullOrEmpty;
 import static jakarta.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;
+import static org.eclipse.che.multiuser.oidc.OIDCInfoProvider.OIDC_USERNAME_CLAIM_SETTING;
 
 import com.google.common.base.Splitter;
 import io.jsonwebtoken.Claims;
@@ -43,7 +44,6 @@
 import org.eclipse.che.multiuser.api.authentication.commons.token.RequestTokenExtractor;
 import org.eclipse.che.multiuser.api.permission.server.AuthorizedSubject;
 import org.eclipse.che.multiuser.api.permission.server.PermissionChecker;
-import org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -123,8 +123,7 @@ public Subject extractSubject(String token, Jws<Claims> processedToken) throws S
 
     try {
       String username =
-          claims.get(
-              keycloakSettings.get().get(KeycloakConstants.USERNAME_CLAIM_SETTING), String.class);
+          claims.get(keycloakSettings.get().get(OIDC_USERNAME_CLAIM_SETTING), String.class);
       if (username == null) { // fallback to unique id promised by spec
         // https://openid.net/specs/openid-connect-basic-1_0.html#ClaimStability
         username = claims.getIssuer() + ":" + claims.getSubject();

multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/KeycloakSettings.java

@@ -18,17 +18,17 @@
 import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.JS_ADAPTER_URL_SETTING;
 import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.JWKS_ENDPOINT_SETTING;
 import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.LOGOUT_ENDPOINT_SETTING;
-import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.OIDC_PROVIDER_SETTING;
 import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.OSO_ENDPOINT_SETTING;
 import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.PASSWORD_ENDPOINT_SETTING;
 import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.PROFILE_ENDPOINT_SETTING;
 import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.REALM_SETTING;
 import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.TOKEN_ENDPOINT_SETTING;
 import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.USERINFO_ENDPOINT_SETTING;
-import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.USERNAME_CLAIM_SETTING;
 import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.USE_FIXED_REDIRECT_URLS_SETTING;
 import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.USE_NONCE_SETTING;
 import static org.eclipse.che.multiuser.oidc.OIDCInfoProvider.AUTH_SERVER_URL_SETTING;
+import static org.eclipse.che.multiuser.oidc.OIDCInfoProvider.OIDC_PROVIDER_SETTING;
+import static org.eclipse.che.multiuser.oidc.OIDCInfoProvider.OIDC_USERNAME_CLAIM_SETTING;
 
 import com.google.common.collect.Maps;
 import java.util.Collections;
@@ -55,7 +55,7 @@ public KeycloakSettings(
       @Nullable @Named(REALM_SETTING) String realm,
       @Named(CLIENT_ID_SETTING) String clientId,
       @Nullable @Named(OIDC_PROVIDER_SETTING) String oidcProviderUrl,
-      @Nullable @Named(USERNAME_CLAIM_SETTING) String usernameClaim,
+      @Nullable @Named(OIDC_USERNAME_CLAIM_SETTING) String usernameClaim,
       @Named(USE_NONCE_SETTING) boolean useNonce,
       @Nullable @Named(OSO_ENDPOINT_SETTING) String osoEndpoint,
       @Nullable @Named(GITHUB_ENDPOINT_SETTING) String gitHubEndpoint,
@@ -65,7 +65,8 @@ public KeycloakSettings(
 
     Map<String, String> settings = Maps.newHashMap();
     settings.put(
-        USERNAME_CLAIM_SETTING, usernameClaim == null ? DEFAULT_USERNAME_CLAIM : usernameClaim);
+        OIDC_USERNAME_CLAIM_SETTING,
+        usernameClaim == null ? DEFAULT_USERNAME_CLAIM : usernameClaim);
     settings.put(CLIENT_ID_SETTING, clientId);
     settings.put(REALM_SETTING, realm);
 

multiuser/keycloak/che-multiuser-keycloak-server/src/test/java/org/eclipse/che/multiuser/keycloak/server/KeycloakEnvironmentInitializationFilterTest.java

@@ -12,7 +12,7 @@
 package org.eclipse.che.multiuser.keycloak.server;
 
 import static org.eclipse.che.multiuser.api.authentication.commons.Constants.CHE_SUBJECT_ATTRIBUTE;
-import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.USERNAME_CLAIM_SETTING;
+import static org.eclipse.che.multiuser.oidc.OIDCInfoProvider.OIDC_USERNAME_CLAIM_SETTING;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyBoolean;
 import static org.mockito.ArgumentMatchers.anyString;
@@ -50,7 +50,6 @@
 import org.eclipse.che.multiuser.api.authentication.commons.token.RequestTokenExtractor;
 import org.eclipse.che.multiuser.api.permission.server.AuthorizedSubject;
 import org.eclipse.che.multiuser.api.permission.server.PermissionChecker;
-import org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants;
 import org.eclipse.che.multiuser.machine.authentication.server.signature.SignatureKeyManager;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Mock;
@@ -119,7 +118,7 @@ public void shouldReplaceBackSlashAndAtSignInUsername() throws Exception {
     DefaultJws<Claims> jws = new DefaultJws<>(new DefaultJwsHeader(), claims, "");
     when(tokenExtractor.getToken(any(HttpServletRequest.class))).thenReturn("token");
     when(jwtParser.parseClaimsJws(anyString())).thenReturn(jws);
-    keycloakSettingsMap.put(USERNAME_CLAIM_SETTING, "preferred_username");
+    keycloakSettingsMap.put(OIDC_USERNAME_CLAIM_SETTING, "preferred_username");
     when(userManager.getOrCreateUser(anyString(), anyString(), anyString()))
         .thenReturn(mock(UserImpl.class, RETURNS_DEEP_STUBS));
     filter =
@@ -149,7 +148,7 @@ public void shoulBeAbleToDisableUsernameStringReplacing() throws Exception {
     DefaultJws<Claims> jws = new DefaultJws<>(new DefaultJwsHeader(), claims, "");
     when(tokenExtractor.getToken(any(HttpServletRequest.class))).thenReturn("token");
     when(jwtParser.parseClaimsJws(anyString())).thenReturn(jws);
-    keycloakSettingsMap.put(USERNAME_CLAIM_SETTING, "preferred_username");
+    keycloakSettingsMap.put(OIDC_USERNAME_CLAIM_SETTING, "preferred_username");
     when(userManager.getOrCreateUser(anyString(), anyString(), anyString()))
         .thenReturn(mock(UserImpl.class, RETURNS_DEEP_STUBS));
     filter =
@@ -210,7 +209,7 @@ public void shouldRetrieveTheEmailWhenItIsNotInJwtToken() throws Exception {
     Claims claims = new DefaultClaims(claimParams).setSubject("id");
     DefaultJws<Claims> jws = new DefaultJws<>(new DefaultJwsHeader(), claims, "");
     UserImpl user = new UserImpl("id", "test@test.com", "username");
-    keycloakSettingsMap.put(KeycloakConstants.USERNAME_CLAIM_SETTING, "preferred_username");
+    keycloakSettingsMap.put(OIDC_USERNAME_CLAIM_SETTING, "preferred_username");
     // given
     when(tokenExtractor.getToken(any(HttpServletRequest.class))).thenReturn("token");
     when(jwtParser.parseClaimsJws(anyString())).thenReturn(jws);

multiuser/keycloak/che-multiuser-keycloak-server/src/test/java/org/eclipse/che/multiuser/keycloak/server/KeycloakSettingsTest.java

@@ -19,16 +19,16 @@
 import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.JS_ADAPTER_URL_SETTING;
 import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.JWKS_ENDPOINT_SETTING;
 import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.LOGOUT_ENDPOINT_SETTING;
-import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.OIDC_PROVIDER_SETTING;
 import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.OSO_ENDPOINT_SETTING;
 import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.PASSWORD_ENDPOINT_SETTING;
 import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.PROFILE_ENDPOINT_SETTING;
 import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.REALM_SETTING;
 import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.TOKEN_ENDPOINT_SETTING;
 import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.USERINFO_ENDPOINT_SETTING;
-import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.USERNAME_CLAIM_SETTING;
 import static org.eclipse.che.multiuser.keycloak.shared.KeycloakConstants.USE_NONCE_SETTING;
 import static org.eclipse.che.multiuser.oidc.OIDCInfoProvider.AUTH_SERVER_URL_SETTING;
+import static org.eclipse.che.multiuser.oidc.OIDCInfoProvider.OIDC_PROVIDER_SETTING;
+import static org.eclipse.che.multiuser.oidc.OIDCInfoProvider.OIDC_USERNAME_CLAIM_SETTING;
 import static org.mockito.Mockito.when;
 import static org.testng.Assert.assertEquals;
 import static org.testng.Assert.assertNull;
@@ -209,7 +209,7 @@ public void shouldBeUsedConfigurationFromExternalOIDCProviderWithoutFixedRedirec
             oidcInfo);
 
     Map<String, String> publicSettings = settings.get();
-    assertEquals(publicSettings.get(USERNAME_CLAIM_SETTING), DEFAULT_USERNAME_CLAIM);
+    assertEquals(publicSettings.get(OIDC_USERNAME_CLAIM_SETTING), DEFAULT_USERNAME_CLAIM);
     assertEquals(publicSettings.get(CLIENT_ID_SETTING), CLIENT_ID);
     assertEquals(publicSettings.get(REALM_SETTING), CHE_REALM);
     assertNull(publicSettings.get(AUTH_SERVER_URL_SETTING));
@@ -254,7 +254,7 @@ public void shouldBeUsedConfigurationFromExternalAuthServer() {
             oidcInfo);
 
     Map<String, String> publicSettings = settings.get();
-    assertEquals(publicSettings.get(USERNAME_CLAIM_SETTING), DEFAULT_USERNAME_CLAIM);
+    assertEquals(publicSettings.get(OIDC_USERNAME_CLAIM_SETTING), DEFAULT_USERNAME_CLAIM);
     assertEquals(publicSettings.get(CLIENT_ID_SETTING), CLIENT_ID);
     assertEquals(publicSettings.get(REALM_SETTING), CHE_REALM);
     assertEquals(publicSettings.get(AUTH_SERVER_URL_SETTING), SERVER_AUTH_URL);

multiuser/keycloak/che-multiuser-keycloak-shared/src/main/java/org/eclipse/che/multiuser/keycloak/shared/KeycloakConstants.java

@@ -19,8 +19,6 @@ public class KeycloakConstants {
 
   public static final String REALM_SETTING = KEYCLOAK_SETTING_PREFIX + "realm";
   public static final String CLIENT_ID_SETTING = KEYCLOAK_SETTING_PREFIX + "client_id";
-  public static final String OIDC_PROVIDER_SETTING = KEYCLOAK_SETTING_PREFIX + "oidc_provider";
-  public static final String USERNAME_CLAIM_SETTING = KEYCLOAK_SETTING_PREFIX + "username_claim";
   public static final String USE_NONCE_SETTING = KEYCLOAK_SETTING_PREFIX + "use_nonce";
   public static final String USE_FIXED_REDIRECT_URLS_SETTING =
       KEYCLOAK_SETTING_PREFIX + "use_fixed_redirect_urls";