Skip to content

Commit

Permalink
Merge pull request #1 from ibuziuk/che-15906
Browse files Browse the repository at this point in the history
che #15906 Adding 'che.workspace.stop.role.enabled' property in order to have a possibility to disable the 'OpenShiftStopWorkspaceRoleProvisioner'
  • Loading branch information
Tom George authored Apr 21, 2020
2 parents 650f205 + 32e2cc9 commit e187145
Show file tree
Hide file tree
Showing 3 changed files with 40 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,10 @@ che.workspace.server.liveness_probes=wsagent/http,exec-agent/http,terminal,theia
# default 10MB=10485760
che.workspace.startup_debug_log_limit_bytes=10485760

# If true, 'stop-workspace' role with the edit privileges will be granted to the 'che' ServiceAccount.
# This configuration is mainly required for workspace idling when the OpenShift OAuth is enabled.
che.workspace.stop.role.enabled=true

### Templates

# Folder that contains JSON files with code templates and samples
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,11 @@
*/
package org.eclipse.che.workspace.infrastructure.openshift.provision;

import com.google.inject.Inject;
import io.fabric8.kubernetes.api.model.ObjectReferenceBuilder;
import io.fabric8.openshift.api.model.*;
import io.fabric8.openshift.client.OpenShiftClient;
import javax.inject.Inject;
import javax.inject.Named;
import org.eclipse.che.api.workspace.server.spi.InfrastructureException;
import org.eclipse.che.workspace.infrastructure.openshift.OpenShiftClientFactory;
import org.eclipse.che.workspace.infrastructure.openshift.environment.OpenShiftCheInstallationLocation;
Expand All @@ -31,18 +32,22 @@ public class OpenShiftStopWorkspaceRoleProvisioner {

private final OpenShiftClientFactory clientFactory;
private final String installationLocation;
private final boolean stopWorkspaceRoleEnabled;

private static final Logger LOG = LoggerFactory.getLogger(OpenShiftCheInstallationLocation.class);

@Inject
public OpenShiftStopWorkspaceRoleProvisioner(
OpenShiftClientFactory clientFactory, OpenShiftCheInstallationLocation installationLocation) {
OpenShiftClientFactory clientFactory,
OpenShiftCheInstallationLocation installationLocation,
@Named("che.workspace.stop.role.enabled") boolean stopWorkspaceRoleEnabled) {
this.clientFactory = clientFactory;
this.installationLocation = installationLocation.getInstallationLocationNamespace();
this.stopWorkspaceRoleEnabled = stopWorkspaceRoleEnabled;
}

public void provision(String projectName) throws InfrastructureException {
if (installationLocation != null) {
if (stopWorkspaceRoleEnabled && installationLocation != null) {
OpenShiftClient osClient = clientFactory.createOC();
String stopWorkspacesRoleName = "workspace-stop";
if (osClient.roles().inNamespace(projectName).withName(stopWorkspacesRoleName).get()
Expand All @@ -58,7 +63,9 @@ public void provision(String projectName) throws InfrastructureException {
.createOrReplace(createStopWorkspacesRoleBinding(projectName));
} else {
LOG.warn(
"Could not determine Che installation location. Did not provision stop workspace Role and RoleBinding.");
"Stop workspace Role and RoleBinding will not be provisioned to the '{}' namespace. 'che.workspace.stop.role.enabled' property is set to '{}'",
installationLocation,
stopWorkspaceRoleEnabled);
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ public class OpenShiftStopWorkspaceRoleProvisionerTest {
public void setUp() throws Exception {
lenient().when(cheInstallationLocation.getInstallationLocationNamespace()).thenReturn("che");
stopWorkspaceRoleProvisioner =
new OpenShiftStopWorkspaceRoleProvisioner(clientFactory, cheInstallationLocation);
new OpenShiftStopWorkspaceRoleProvisioner(clientFactory, cheInstallationLocation, true);
lenient().when(clientFactory.createOC()).thenReturn(osClient);
lenient().when(osClient.roles()).thenReturn(mixedRoleOperation);
lenient().when(osClient.roleBindings()).thenReturn(mixedRoleBindingOperation);
Expand Down Expand Up @@ -191,4 +191,28 @@ public void shouldCreateRoleBindingWhenRoleAlreadyExists() throws Infrastructure
verify(osClient.roleBindings().inNamespace("developer-che"))
.createOrReplace(expectedRoleBinding);
}

@Test
public void shouldNotCreateRoleBindingWhenStopWorkspaceRolePropertyIsDisabled()
throws InfrastructureException {
OpenShiftStopWorkspaceRoleProvisioner disabledStopWorkspaceRoleProvisioner =
new OpenShiftStopWorkspaceRoleProvisioner(clientFactory, cheInstallationLocation, false);
disabledStopWorkspaceRoleProvisioner.provision("developer-che");
verify(osClient, never()).roles();
verify(osClient, never()).roleBindings();
verify(osClient.roleBindings(), never()).inNamespace("developer-che");
}

@Test
public void shouldNotCreateRoleBindingWhenInstallationLocationIsNull()
throws InfrastructureException {
lenient().when(cheInstallationLocation.getInstallationLocationNamespace()).thenReturn(null);
OpenShiftStopWorkspaceRoleProvisioner
stopWorkspaceRoleProvisionerWithoutValidInstallationLocation =
new OpenShiftStopWorkspaceRoleProvisioner(clientFactory, cheInstallationLocation, true);
stopWorkspaceRoleProvisionerWithoutValidInstallationLocation.provision("developer-che");
verify(osClient, never()).roles();
verify(osClient, never()).roleBindings();
verify(osClient.roleBindings(), never()).inNamespace("developer-che");
}
}

0 comments on commit e187145

Please sign in to comment.