-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: native auth on Kubernetes #171
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sparkoo
requested review from
amisevsk,
yhontyk,
ibuziuk,
metlos,
MichalMaler,
mshaposhnik,
nickboldt,
skabashnyuk,
sleshchenko and
themr0c
as code owners
November 10, 2021 14:23
Signed-off-by: Michal Vala <mvala@redhat.com>
Signed-off-by: Michal Vala <mvala@redhat.com>
Signed-off-by: Michal Vala <mvala@redhat.com>
Signed-off-by: Michal Vala <mvala@redhat.com>
Signed-off-by: Michal Vala <mvala@redhat.com>
Signed-off-by: Michal Vala <mvala@redhat.com>
Signed-off-by: Michal Vala <mvala@redhat.com>
Signed-off-by: Michal Vala <mvala@redhat.com>
Signed-off-by: Michal Vala <mvala@redhat.com>
Signed-off-by: Michal Vala <mvala@redhat.com>
Signed-off-by: Michal Vala <mvala@redhat.com>
sparkoo
force-pushed
the
gh20633-nativeAuthKube
branch
from
November 11, 2021 15:31
e94344a
to
847cd43
Compare
Signed-off-by: Michal Vala <mvala@redhat.com>
Signed-off-by: Michal Vala <mvala@redhat.com>
Signed-off-by: Michal Vala <mvala@redhat.com>
Signed-off-by: Michal Vala <mvala@redhat.com>
Signed-off-by: Michal Vala <mvala@redhat.com>
@skabashnyuk is there a script to generate https://github.com/eclipse-che/che-server/blob/main/assembly/assembly-wsmaster-war/.deps/prod.md ? |
skabashnyuk
approved these changes
Nov 24, 2021
...rkspace/infrastructure/openshift/multiuser/oauth/OpenshiftTokenInitializationFilterTest.java
Outdated
Show resolved
Hide resolved
|
# Conflicts: # infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/namespace/KubernetesNamespaceFactory.java # infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/namespace/KubernetesNamespaceFactoryTest.java # infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/project/OpenShiftProjectFactory.java # infrastructures/openshift/src/test/java/org/eclipse/che/workspace/infrastructure/openshift/project/OpenShiftProjectFactoryTest.java
metlos
approved these changes
Nov 24, 2021
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nicely done. Just 1 more nitpick about a todo in tests but don't consider being blocked by it...
...rkspace/infrastructure/openshift/multiuser/oauth/OpenshiftTokenInitializationFilterTest.java
Outdated
Show resolved
Hide resolved
Signed-off-by: Michal Vala <mvala@redhat.com>
Signed-off-by: Michal Vala <mvala@redhat.com>
Signed-off-by: Michal Vala <mvala@redhat.com>
Signed-off-by: Michal Vala <mvala@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Signed-off-by: Michal Vala mvala@redhat.com
What does this PR do?
che.infra.kubernetes.enable_unsupported_k8s
+ any checks to itOIDCTokenInitializationFilter
that checks token from Authorization header, decodes it and creates Che user from token claims.Keycloak*
classes into new OIDC module and keep generic OIDC stuff there. Where needed, Keycloak implementation extends these OIDC ones.NamespaceConfigurator
s. This makesKubernetesNamespaceFactory
andOpenShiftProjectFactory
simpler.NamespaceConfigurator
fromNamespaceProvisioner
intoKubernetesNamespaceFactory
/OpenShiftProjectFactory
. This makes factories slightly more complex, but still better than doing all configuration/provisioning directly by Factory.Screenshot/screencast of this PR
What issues does this PR fix or reference?
eclipse-che/che#20633
How to test this PR?
che-server image:
quay.io/mvala/che-server:gh20633-nativeAuthKube
che-operator image:
quay.io/mvala/che-operator:gh20635-nativeAuthKube
patch.yaml
, replace{{MINIKUBE_IP}}
with your minikube IP:chectl server:deploy --platform=minikube --installer=operator --cheimage=quay.io/mvala/che-server:gh20633-nativeAuthKube --che-operator-image=quay.io/mvala/che-operator:gh20635-nativeAuthKube --workspace-engine=dev-workspace --che-operator-cr-patch-yaml=patch.yaml
che@eclipse.org:admin
oruserN@che:password
where N is 1-5. After you login, you should get to dashboard as you know.PR Checklist
As the author of this Pull Request I made sure that:
What issues does this PR fix or reference
andHow to test this PR
completedReviewers
Reviewers, please comment how you tested the PR when approving it.