eclipse-che · artaleks9 · May 22, 2023 · Apr 10, 2023 · Apr 10, 2023 · Apr 10, 2023
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright (c) 2019-2021 Red Hat, Inc.
+# Copyright (c) 2023 Red Hat, Inc.
 # This program and the accompanying materials are made
 # available under the terms of the Eclipse Public License 2.0
 # which is available at https://www.eclipse.org/legal/epl-2.0/

@@ -0,0 +1,313 @@
+#!/bin/bash
+#
+# Copyright (c) 2023 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+# Contributors:
+#   Red Hat, Inc. - initial API and implementation
+#
+
+set -e
+# only exit with zero if all commands of the pipeline exit successfully
+set -o pipefail
+
+PR_IMAGE_TAG="pr-${PULL_NUMBER}"
+
+export CHE_NAMESPACE=${CHE_NAMESPACE:-"eclipse-che"}
+export CHE_SERVER_IMAGE=${CHE_SERVER_IMAGE:-"quay.io/eclipse/che-server:${PR_IMAGE_TAG}"}
+export ARTIFACTS_DIR=${ARTIFACT_DIR:-"/tmp/artifacts"}
+export CHE_FORWARDED_PORT="8081"
+export OCP_ADMIN_USER_NAME=${OCP_ADMIN_USER_NAME:-"admin"}
+export OCP_NON_ADMIN_USER_NAME=${OCP_NON_ADMIN_USER_NAME:-"user"}
+export OCP_LOGIN_PASSWORD=${OCP_LOGIN_PASSWORD:-"passw"}
+export ADMIN_CHE_NAMESPACE=${OCP_ADMIN_USER_NAME}"-che"
+export USER_CHE_NAMESPACE=${OCP_NON_ADMIN_USER_NAME}"-che"
+export GIT_PROVIDER_USERNAME=${GIT_PROVIDER_USERNAME:-"chepullreq1"}
+export PUBLIC_REPO_WORKSPACE_NAME=${PUBLIC_REPO_WORKSPACE_NAME:-"public-repo-wksp-testname"}
+export PRIVATE_REPO_WORKSPACE_NAME=${PRIVATE_REPO_WORKSPACE_NAME:-"private-repo-wksp-testname"}
+export PUBLIC_PROJECT_NAME=${PUBLIC_PROJECT_NAME:-"public-repo"}
+export PRIVATE_PROJECT_NAME=${PRIVATE_PROJECT_NAME:-"private-repo"}
+export YAML_FILE_NAME=${YAML_FILE_NAME:-"devfile.yaml"}
+
+provisionOpenShiftOAuthUser() {
+  echo -e "[INFO] Provisioning Openshift OAuth user"
+  htpasswd -c -B -b users.htpasswd ${OCP_ADMIN_USER_NAME} ${OCP_LOGIN_PASSWORD}
+  htpasswd -b users.htpasswd ${OCP_NON_ADMIN_USER_NAME} ${OCP_LOGIN_PASSWORD}
+  oc create secret generic htpass-secret --from-file=htpasswd="users.htpasswd" -n openshift-config
+  oc apply -f ".ci/openshift-ci/htpasswdProvider.yaml"
+  oc adm policy add-cluster-role-to-user cluster-admin ${OCP_ADMIN_USER_NAME}
+
+  echo -e "[INFO] Waiting for htpasswd auth to be working up to 5 minutes"
+  CURRENT_TIME=$(date +%s)
+  ENDTIME=$((CURRENT_TIME + 300))
+  while [ "$(date +%s)" -lt $ENDTIME ]; do
+      if oc login -u=${OCP_ADMIN_USER_NAME} -p=${OCP_LOGIN_PASSWORD} --insecure-skip-tls-verify=false; then
+          break
+      fi
+      sleep 10
+  done
+}
+
+createCustomResourcesFile() {
+  cat > custom-resources.yaml <<-END
+apiVersion: org.eclipse.che/v2
+spec:
+  devEnvironments:
+  maxNumberOfRunningWorkspacesPerUser: 10000
+END
+
+  echo "Generated custom resources file"
+  cat custom-resources.yaml
+}
+
+deployChe() {
+  chectl server:deploy --cheimage=$CHE_SERVER_IMAGE \
+                       --che-operator-cr-patch-yaml=custom-resources.yaml \
+                       --platform=openshift \
+                       --telemetry=off \
+                       --batch
+}
+
+# this command starts port forwarding between the local machine and the che-host service in the OpenShift cluster.
+forwardPortToService() {
+  oc port-forward service/che-host ${CHE_FORWARDED_PORT}:8080 -n ${CHE_NAMESPACE} &
+  sleep 3s
+}
+
+killProcessByPort() {
+  fuser -k ${CHE_FORWARDED_PORT}/tcp
+}
+
+requestFactoryResolverGitRepoUrl() {
+  GIT_REPO_URL=$1
+  CLUSTER_ACCESS_TOKEN=$(oc whoami -t)
+
+  curl -i -X 'POST' \
+    http://localhost:${CHE_FORWARDED_PORT}/api/factory/resolver \
+    -H 'accept: */*' \
+    -H "Authorization: Bearer ${CLUSTER_ACCESS_TOKEN}" \
+    -H 'Content-Type: application/json' \
+    -d '{
+    "url": "'${GIT_REPO_URL}'"
+  }'
+}
+
+# check that factory resolver returns correct value without any PAT/OAuth setup
+testFactoryResolverNoPatOAuth() {
+  PUBLIC_REPO_URL=$1
+  PRIVATE_REPO_URL=$2
+
+  echo "[INFO] Check factory resolver for public repository with NO PAT/OAuth setup"
+  if [ "$(requestFactoryResolverGitRepoUrl ${PUBLIC_REPO_URL} | grep "HTTP/1.1 200")" ]; then
+    echo "[INFO] Factory resolver returned 'HTTP/1.1 200' status code."
+  else
+    echo "[ERROR] Factory resolver returned wrong status code. Expected: HTTP/1.1 200."
+    exit 1
+  fi
+
+  echo "[INFO] Check factory resolver for private repository with NO PAT/OAuth setup"
+  if [ "$(requestFactoryResolverGitRepoUrl ${PRIVATE_REPO_URL} | grep "HTTP/1.1 400")" ]; then
+    echo "[INFO] Factory resolver returned 'HTTP/1.1 400' status code. Expected client side error."
+  else
+    echo "[ERROR] Factory resolver returned wrong status code. Expected 'HTTP/1.1 400'."
+    exit 1
+  fi
+}
+
+# check that factory resolver returns correct value with PAT/OAuth setup
+testFactoryResolverWithPatOAuth() {
+  PUBLIC_REPO_URL=$1
+  PRIVATE_REPO_URL=$2
+
+  echo "[INFO] Check factory resolver for public repository with PAT/OAuth setup"
+  if [ "$(requestFactoryResolverGitRepoUrl ${PUBLIC_REPO_URL} | grep "HTTP/1.1 200")" ]; then
+    echo "[INFO] Factory resolver returned 'HTTP/1.1 200' status code."
+  else
+    echo "[ERROR] Factory resolver returned wrong status code. Expected: HTTP/1.1 200"
+    exit 1
+  fi
+
+  echo "[INFO] Check factory resolver for private repository with PAT/OAuth setup"
+  if [ "$(requestFactoryResolverGitRepoUrl ${PRIVATE_REPO_URL} | grep "HTTP/1.1 200")" ]; then
+    echo "[INFO] Factory resolver returned 'HTTP/1.1 200' status code."
+  else
+    echo "[ERROR] Factory resolver returned wrong status code. Expected: HTTP/1.1 200"
+    exit 1
+  fi
+}
+
+requestProvisionNamespace() {
+  CLUSTER_ACCESS_TOKEN=$(oc whoami -t)
+
+  curl -i -X 'POST' \
+    http://localhost:${CHE_FORWARDED_PORT}/api/kubernetes/namespace/provision \
+    -H 'accept: application/json' \
+    -H "Authorization: Bearer ${CLUSTER_ACCESS_TOKEN}" \
+    -d ''
+}
+
+initUserNamespace() {
+  OCP_USER_NAME=$1
+
+  echo "[INFO] Initialize user namespace"
+  oc login -u=${OCP_USER_NAME} -p=${OCP_LOGIN_PASSWORD} --insecure-skip-tls-verify=false
+  if [ "$(requestProvisionNamespace | grep "HTTP/1.1 200")" ]; then
+    echo "[INFO] Request provision user namespace returned 'HTTP/1.1 200' status code."
+  else
+    echo "[ERROR] Request provision user namespace returned wrong status code. Expected: HTTP/1.1 200"
+    exit 1
+  fi
+}
+
+setupPersonalAccessToken() {
+  GIT_PROVIDER_TYPE=$1
+  GIT_PROVIDER_URL=$2
+  GIT_PROVIDER_USER_ID=$3
+  GIT_PROVIDER_PAT=$4
+
+  echo "[INFO] Setup Personal Access Token Secret"
+  oc project ${USER_CHE_NAMESPACE}
+  CHE_USER_ID=$(oc get secret user-profile -o jsonpath='{.data.id}' | base64 -d)
+  ENCODED_PAT=$(echo -n ${GIT_PROVIDER_PAT} | base64)
+  cat .ci/openshift-ci/pat-secret.yaml > pat-secret.yaml
+
+  # patch the pat-secret.yaml file
+  sed -i "s#che-user-id#${CHE_USER_ID}#g" pat-secret.yaml
+  sed -i "s#git-provider-name#${GIT_PROVIDER_TYPE}#g" pat-secret.yaml
+  sed -i "s#git-provider-url#${GIT_PROVIDER_URL}#g" pat-secret.yaml
+  sed -i "s#git-provider-user-id#${GIT_PROVIDER_USER_ID}#g" pat-secret.yaml
+  sed -i "s#encoded-access-token#${ENCODED_PAT}#g" pat-secret.yaml
+
+  cat pat-secret.yaml
+
+  oc apply -f pat-secret.yaml -n ${USER_CHE_NAMESPACE}
+}
+
+runTestWorkspaceWithGitRepoUrl() {
+  WS_NAME=$1
+  PROJECT_NAME=$2
+  GIT_REPO_URL=$3
+  OCP_USER_NAMESPACE=$4
+
+  oc project ${OCP_USER_NAMESPACE}
+  cat .ci/openshift-ci/devworkspace-test.yaml > devworkspace-test.yaml
+
+  # patch the devworkspace-test.yaml file
+  sed -i "s#ws-name#${WS_NAME}#g" devworkspace-test.yaml
+  sed -i "s#project-name#${PROJECT_NAME}#g" devworkspace-test.yaml
+  sed -i "s#git-repo-url#${GIT_REPO_URL}#g" devworkspace-test.yaml
+
+  cat devworkspace-test.yaml
+
+  oc apply -f devworkspace-test.yaml -n ${OCP_USER_NAMESPACE}
+  oc wait -n ${OCP_USER_NAMESPACE} --for=condition=Ready dw ${WS_NAME} --timeout=360s
+  echo "[INFO] Test workspace is run"
+}
+
+testProjectIsCloned() {
+  PROJECT_NAME=$1
+  OCP_USER_NAMESPACE=$2
+
+  WORKSPACE_POD_NAME=$(oc get pods -n ${OCP_USER_NAMESPACE} | grep workspace | awk '{print $1}')
+  if oc exec -it -n ${OCP_USER_NAMESPACE} ${WORKSPACE_POD_NAME} -- test -f /projects/${PROJECT_NAME}/${YAML_FILE_NAME}; then
+    echo "[INFO] Project file /projects/${PROJECT_NAME}/${YAML_FILE_NAME} exists."
+  else
+    echo "[ERROR] Project file /projects/${PROJECT_NAME}/${YAML_FILE_NAME} does not exist."
+    return 1
+  fi
+}
+
+testGitCredentials() {
+  OCP_USER_NAMESPACE=$1
+  GIT_PROVIDER_PAT=$2
+
+  echo "[INFO] Check the 'git credentials' is in a workspace"
+  gitCredentials="${GIT_PROVIDER_USERNAME}:${GIT_PROVIDER_PAT}"
+  WORKSPACE_POD_NAME=$(oc get pods -n ${OCP_USER_NAMESPACE} | grep workspace | awk '{print $1}')
+  if oc exec -it -n ${OCP_USER_NAMESPACE} ${WORKSPACE_POD_NAME} -- cat /.git-credentials/credentials | grep -q ${gitCredentials}; then
+    echo "[INFO] Git credentials file '/.git-credentials/credentials' exists and has the expected content."
+  else
+    echo "[ERROR] Git credentials file '/.git-credentials/credentials' does not exist or has incorrect content."
+    return 1
+  fi
+}
+
+deleteTestWorkspace() {
+  WS_NAME=$1
+  OCP_USER_NAMESPACE=$2
+
+  oc delete dw ${WS_NAME} -n ${OCP_USER_NAMESPACE}
+}
+
+# Catch the finish of the job and write logs in artifacts.
+catchFinish() {
+  local RESULT=$?
+  killProcessByPort
+  if [ "$RESULT" != "0" ]; then
+    set +e
+    collectEclipseCheLogs
+    set -e
+  fi
+
+  [[ "${RESULT}" != "0" ]] && echo "[ERROR] Job failed." || echo "[INFO] Job completed successfully."
+  exit $RESULT
+}
+
+collectEclipseCheLogs() {
+  mkdir -p ${ARTIFACTS_DIR}/che-logs
+
+  # Collect all Eclipse Che logs and cluster CR
+  chectl server:logs -n $CHE_NAMESPACE --directory ${ARTIFACTS_DIR}/che-logs --telemetry off
+  oc get checluster -o yaml -n $CHE_NAMESPACE > "${ARTIFACTS_DIR}/che-cluster.yaml"
+}
+
+testClonePublicRepoNoPatOAuth() {
+  WS_NAME=$1
+  PROJECT_NAME=$2
+  GIT_REPO_URL=$3
+  OCP_USER_NAMESPACE=$4
+
+  runTestWorkspaceWithGitRepoUrl ${WS_NAME} ${PROJECT_NAME} ${GIT_REPO_URL} ${OCP_USER_NAMESPACE}
+  echo "[INFO] Check the public repository is cloned with NO PAT/OAuth setup"
+  testProjectIsCloned ${PROJECT_NAME} ${OCP_USER_NAMESPACE} || exit 1
+  deleteTestWorkspace ${WS_NAME} ${OCP_USER_NAMESPACE}
+}
+
+testClonePrivateRepoNoPatOAuth() {
+  WS_NAME=$1
+  PROJECT_NAME=$2
+  GIT_REPO_URL=$3
+  OCP_USER_NAMESPACE=$4
+
+  runTestWorkspaceWithGitRepoUrl ${WS_NAME} ${PROJECT_NAME} ${GIT_REPO_URL} ${OCP_USER_NAMESPACE}
+  echo "[INFO] Check the private repository is NOT cloned with NO PAT/OAuth setup"
+  testProjectIsCloned ${PROJECT_NAME} ${OCP_USER_NAMESPACE} && exit 1
+  deleteTestWorkspace ${WS_NAME} ${OCP_USER_NAMESPACE}
+}
+
+testCloneGitRepoWithSetupPat() {
+  WS_NAME=$1
+  PROJECT_NAME=$2
+  GIT_REPO_URL=$3
+  OCP_USER_NAMESPACE=$4
+  GIT_PROVIDER_PATH=$5
+
+  runTestWorkspaceWithGitRepoUrl ${WS_NAME} ${PROJECT_NAME} ${GIT_REPO_URL} ${OCP_USER_NAMESPACE}
+  testProjectIsCloned ${PROJECT_NAME} ${OCP_USER_NAMESPACE} || exit 1
+  testGitCredentials ${OCP_USER_NAMESPACE} ${GIT_PROVIDER_PAT}
+  deleteTestWorkspace ${WS_NAME} ${OCP_USER_NAMESPACE}
+}
+
+setupTestEnvironment() {
+  OCP_USER_NAME=$1
+
+  provisionOpenShiftOAuthUser
+  createCustomResourcesFile
+  deployChe
+  forwardPortToService
+  initUserNamespace ${OCP_USER_NAME}
+}
@@ -0,0 +1,21 @@
+kind: DevWorkspace
+apiVersion: workspace.devfile.io/v1alpha2
+metadata:
+  name: ws-name
+spec:
+  started: true
+  template:
+    projects:
+      - name: project-name
+        git:
+          remotes:
+            origin: git-repo-url
+  contributions:
+    - name: che-code
+      uri: https://eclipse-che.github.io/che-plugin-registry/main/v3/plugins/che-incubator/che-code/latest/devfile.yaml
+      components:
+        - name: che-code-runtime-description
+          container:
+            env:
+              - name: CODE_HOST
+                value: 0.0.0.0
@@ -0,0 +1,12 @@
+apiVersion: config.openshift.io/v1
+kind: OAuth
+metadata:
+  name: cluster
+spec:
+  identityProviders:
+    - name: htpasswd
+      mappingMethod: claim
+      type: HTPasswd
+      htpasswd:
+        fileData:
+          name: htpass-secret
@@ -0,0 +1,16 @@
+kind: Secret
+apiVersion: v1
+metadata:
+  name: personal-access-token
+  labels:
+    app.kubernetes.io/component: scm-personal-access-token
+    app.kubernetes.io/part-of: che.eclipse.org
+  annotations:
+    che.eclipse.org/che-userid: che-user-id
+    che.eclipse.org/scm-personal-access-token-name: git-provider-name
+    che.eclipse.org/scm-url: git-provider-url
+    che.eclipse.org/scm-userid: 'git-provider-user-id'
+    che.eclipse.org/scm-username: chepullreq1
+data:
+  token: encoded-access-token
+type: Opaque