fix: Adapt the Secrets plugin API to use kubernetes secrets

[vinokurig]

Signed-off-by: Igor Vinokur ivinokur@redhat.com

What does this PR do?

Rework the Secrets API from upstream theia to use kubernetes secrets

Screenshot/screencast of this PR

What issues does this PR fix or reference?

fixes eclipse-che/che#19837

How to test this PR?

1. Start a workspace from devfile:

apiVersion: 1.0.0
metadata:
  name: wksp-xhxvu
components:
  - type: cheEditor
    reference: 'https://raw.githubusercontent.com/chepullreq4/pr-check-files/master/che-theia/pr-1166/che_theia_meta.yaml'
  - type: chePlugin
    reference: 'https://pastebin.com/raw/riqiReMi'

2. Run Test Get Password command and see a notification with empty (undefined) password.
3. Run Test Set Password command and see a notification about password change.
4. Run Test Get Password command and see a notification with the updated password.
5. Run Test Delete Password command and see a notification about password change.
6. Run Test Get Password command and see a notification with empty (undefined) password.

P.S. This will work only for newly created namespace, see eclipse-che/che-server#44 (review)

PR Checklist

As the author of this Pull Request I made sure that:

• The Eclipse Contributor Agreement is valid
• Code produced is complete
• Code builds without errors
• Tests are covering the bugfix
• The repository devfile is up to date and works
• Sections What issues does this PR fix or reference and How to test this PR completed
• Relevant user documentation updated
• Relevant contributing documentation updated
• CI/CD changes implemented, documented and communicated

Reviewers

Reviewers, please comment how you tested the PR when approving it.

Happy Path Channel

HAPPY_PATH_CHANNEL=stable

[vinokurig]

Depends on eclipse-che/che-server#44

[codecov]

Codecov Report

Merging #1166 (e7c5cec) into main (c299f59) will decrease coverage by 0.25%.
The diff coverage is 9.70%.

@@            Coverage Diff             @@
##             main    #1166      +/-   ##
==========================================
- Coverage   32.78%   32.52%   -0.26%     
==========================================
  Files         290      295       +5     
  Lines        9885     9994     +109     
  Branches     1457     1474      +17     
==========================================
+ Hits         3241     3251      +10     
- Misses       6641     6740      +99     
  Partials        3        3              

Impacted Files	Coverage Δ
...theia-about/src/browser/about-che-theia-dialog.tsx	0.00% <0.00%> (ø)
...credentials/src/browser/che-credentials-service.ts	0.00% <0.00%> (ø)
...entials/src/browser/credentials-frontend-module.ts	0.00% <0.00%> (ø)
...eia-credentials/src/common/credentials-protocol.ts	0.00% <0.00%> (ø)
...eia-credentials/src/node/che-credentials-server.ts	0.00% <0.00%> (ø)
...s/src/node/che-theia-credentials-backend-module.ts	0.00% <0.00%> (ø)
...rowser/src/browser/che-mini-browser-environment.ts	0.00% <0.00%> (ø)
...he-server/src/node/che-server-http-service-impl.ts	0.00% <0.00%> (ø)
...-che-server/src/node/che-server-remote-api-impl.ts	38.88% <0.00%> (ø)
...browser/contribution/exec-terminal-contribution.ts	0.00% <0.00%> (ø)
... and 17 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 929e119...e7c5cec. Read the comment docs.

[dmytro-ndp]

[crw-ci-test --rebuild]

[che-bot]

✅ E2E Happy path tests succeed 🎉

See Details

• Jenkins job

• test report

• logs and configs

• Happy path tests DevFile

• images:

name	link
che-theia	quay.io/crw_pr/che-theia:1166
che-theia-endpoint-runtime-binary	quay.io/crw_pr/che-theia-endpoint-runtime-binary:1166

Test product:

• tested with Eclipse Che on K8S (minikube v1.1.1)
• E2E test scenario
• E2E test pipeline source code

• Use comment "[crw-ci-test]" to rerun happy path E2E test.
• Use comment "[crw-ci-test --rebuild]" to re-build the images and rerun happy path E2E test.

Eclipse Che QE channel: https://mattermost.eclipse.org/eclipse/channels/eclipse-che-qe

[vzhukovs]

lgtm 👍

[benoitf]

For this classe, we should rely on the mounted files for reading secrets.

About delete and create it should be possible to do it using K8S API

[vinokurig]

About delete and create it should be possible to do it using K8S API

Could you please elaborate more on this?

[azatsarynnyy]

If I understand correctly, with this PR, we don't need keytar-based code anymore, e,g, KeytarServiceImpl or KeytarCredentialsProvider.
Can we unbind the unused keytar-related components in Che-Theia to avoid including libsecret into the image?

As recently, we've fixed starting Che-Theia backend by including libsecret in 07aeab7

[vinokurig]

@azatsarynnyy

If I understand correctly, with this PR, we don't need keytar-based code anymore, e,g, KeytarServiceImpl or KeytarCredentialsProvider.
Can we unbind the unused keytar-related components in Che-Theia to avoid including libsecret into the image?

As recently, we've fixed starting Che-Theia backend by including libsecret in 07aeab7

When I unbind the KeytarServiceImpl and KeytarCredentialsProvider classes the che-theia build fails with an error:

#21 403.7     'ERROR in ../../node_modules/keytar/build/Release/keytar.node 1:0\n' +
#21 403.7     "Module parse failed: Unexpected character '�' (1:0)\n" +
#21 403.7     'You may need an appropriate loader to handle this file type, currently no loaders are configured to process this file. See https://webpack.js.org/concepts#loaders\n' +
#21 403.7     '(Source code omitted for this binary file)\n' +
#21 403.7     ' @ ../../node_modules/keytar/lib/keytar.js 1:13-52\n' +
#21 403.7     ' @ ../../packages/core/lib/node/keytar-server.js 63:13-30\n' +
#21 403.7     ' @ ../../che-theia/extensions/eclipse-che-theia-credentials/lib/browser/credentials-frontend-module.js 16:22-67\n' +
#21 403.7     ' @ ./src-gen/frontend/index.js 100:47-128\n' +
#21 403.7     '\n' +
#21 403.7     'webpack 5.46.0 compiled with 1 error and 75 warnings in 140062 ms\n' +
#21 403.7     '\n' +
#21 403.7     'info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.\n',

Probably we can fix it as a next iteration.

[che-bot]

✅ E2E Happy path tests succeed 🎉

See Details

• Jenkins job

• test report

• logs and configs

• Happy path tests DevFile

• images:

name	link
che-theia	quay.io/crw_pr/che-theia:1166
che-theia-endpoint-runtime-binary	quay.io/crw_pr/che-theia-endpoint-runtime-binary:1166

Test product:

• tested with Eclipse Che on K8S (minikube v1.1.1)
• E2E test scenario
• E2E test pipeline source code

• Use comment "[crw-ci-test]" to rerun happy path E2E test.
• Use comment "[crw-ci-test --rebuild]" to re-build the images and rerun happy path E2E test.

Eclipse Che QE channel: https://mattermost.eclipse.org/eclipse/channels/eclipse-che-qe

[vinokurig]

@azatsarynnyy @benoitf Since the server-side part is merged I am going to merge this tomorrow if no more objections.

[azatsarynnyy]

@azatsarynnyy @benoitf Since the server-side part is merged I am going to merge this tomorrow if no more objections.

Thanks @vinokurig ! The PR looks good to me 👍

But I'm worried about removing the keytar dependency, since we don't use it in Che-Theia, and we have to provide it with all our Che/CRW images.

...
Probably we can fix it as a next iteration.

It's a good idea. It would be great to create an issue for that and at least investigate it during one of the next sprints.