Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make Bitbucket's sensitive configuration file-based #18710

Closed
skabashnyuk opened this issue Dec 30, 2020 · 1 comment
Closed

Make Bitbucket's sensitive configuration file-based #18710

skabashnyuk opened this issue Dec 30, 2020 · 1 comment
Labels
area/che-server kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system.

Comments

@skabashnyuk
Copy link
Contributor

skabashnyuk commented Dec 30, 2020
edited
Loading

Is your task related to a problem? Please describe.

At this moment CHE_OAUTH1_BITBUCKET_CONSUMERKEY and CHE_OAUTH1_BITBUCKET_PRIVATEKEY configured as environment variables
or configuration properties. We would like to move these values to the file to make them more secured.

Describe the solution you'd like

Sensitive configuration should be configured with Secrets and mounted eclipse-che/che-operator#595 with che-operator as a file to che-server container.
Example:

apiVersion: v1
kind: Secret
metadata:
  name: che-server-settings-secret
  labels:
    app.kubernetes.io/part-of: che.eclipse.org
    app.kubernetes.io/component: che-secret
  annotations:
    che.eclipse.org/mount-path: /home/user/che-server/settings/
data:
  bitbucket_consumer_key: <base64 encoded data content here>  
  bitbucket_private_key: <base64 encoded data content here>  
  @Inject
  public BitbucketServerOAuthAuthenticator(
      @Named("/home/user/che-server/settings/bitbucket_consumer_key") File consumerKey,
      @Named("/home/user/che-server/settings/bitbucket_private_key") File privateKey,
      @Named("che.oauth1.bitbucket.endpoint") String bitbucketEndpoint,
      @Named("che.api") String apiEndpoint) {
    super

TBD

  1. Concrete che.eclipse.org/mount-path
  2. @Named("file:/home/user/che-server/settings/bitbucket_private_key") String privateKey - injection of file values.
  3. che.oauth1.bitbucket.endpoint - configure with file too.

Describe alternatives you've considered

n/a

Additional context

#18385
@skabashnyuk skabashnyuk added kind/task Internal things, technical debt, and to-do tasks to be performed. area/che-server labels Dec 30, 2020
@skabashnyuk skabashnyuk mentioned this issue Dec 30, 2020
Closed
10 tasks
@l0rd l0rd added the severity/P1 Has a major impact to usage or development of the system. label Dec 30, 2020
@skabashnyuk
Copy link
Contributor Author

Done as part of #18726

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/che-server kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@l0rd @skabashnyuk