Add an ability to create and edit namespaced secrets by workspace user

[vinokurig]

Signed-off-by: Igor Vinokur ivinokur@redhat.com

What does this PR do?

To be able to create edit and delete namespaced secretes workspace user needs special permissions. This PR adds a kubernetes role for secrets, and binds it to a workspace user.

Screenshot/screencast of this PR

What issues does this PR fix or reference?

eclipse-che/che#19837

How to test this PR?

1. Start a workspace and open a terminal from ide container
2. Send an HTTP request to kubernetes API to create a secret: curl -X POST <kubernetes API url>/api/v1/namespaces/<namespace name>/secrets --header "Content-Type: application/json" -d '{ "apiVersion": "v1", "kind": "Secret", "metadata": { "name" : "new-secret" } }'

PR Checklist

As the author of this Pull Request I made sure that:

• The Eclipse Contributor Agreement is valid
• Code produced is complete
• Code builds without errors
• Tests are covering the bugfix
• The repository devfile is up to date and works
• Sections What issues does this PR fix or reference and How to test this PR completed
• Relevant user documentation updated
• Relevant contributing documentation updated
• CI/CD changes implemented, documented and communicated

Reviewers

Reviewers, please comment how you tested the PR when approving it.

[sleshchenko]

pay attention that it won't work for existing namespaces, only newly created due eclipse-che/che#19697

[che-bot]

✅ E2E Happy path tests succeed 🎉

See Details

• Jenkins job

• test report

• logs and configs

• Happy path tests DevFile

• image: quay.io/crw_pr/che-server:44

Test product:

• tested with Eclipse Che on K8S (minikube v1.1.1)
• E2E test scenario
• E2E test pipeline source code

• Use comment "[crw-ci-test]" to rerun happy path E2E test.
• Use comment "[crw-ci-test --rebuild]" to re-build the images and rerun happy path E2E test.

Eclipse Che QE channel: https://mattermost.eclipse.org/eclipse/channels/eclipse-che-qe

[skabashnyuk]

Do we need documentation for that?

[skabashnyuk]

is there a way to test these roles?

[vinokurig]

I've added a testcase but all tests in this module are ignored. Should I create an issue for that?

[skabashnyuk]

LGTM to me in general. Let's see that other folks are thinking about that.

[sparkoo]

lgtm

[vinokurig]

Do we need documentation for that?

I don't think so because it doesn't affect user experience. We might add some for the related issue.

[che-bot]

✅ E2E Happy path tests succeed 🎉

See Details

• Jenkins job

• test report

• logs and configs

• Happy path tests DevFile

• image: quay.io/crw_pr/che-server:44

Test product:

• tested with Eclipse Che on K8S (minikube v1.1.1)
• E2E test scenario
• E2E test pipeline source code

• Use comment "[crw-ci-test]" to rerun happy path E2E test.
• Use comment "[crw-ci-test --rebuild]" to re-build the images and rerun happy path E2E test.

Eclipse Che QE channel: https://mattermost.eclipse.org/eclipse/channels/eclipse-che-qe