Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ability to mount more than one Git credential secret #18721

Closed
mshaposhnik opened this issue Jan 4, 2021 · 5 comments
Closed

Ability to mount more than one Git credential secret #18721

mshaposhnik opened this issue Jan 4, 2021 · 5 comments
Labels
area/devworkspace-operator engine/devworkspace Issues related to Che configured to use the devworkspace controller as workspace engine. kind/task Internal things, technical debt, and to-do tasks to be performed. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. severity/P2 Has a minor but important impact to the usage or development of the system.

Comments

@mshaposhnik
Copy link
Contributor

mshaposhnik commented Jan 4, 2021
edited
Loading

Is your task related to a problem? Please describe.

Right now, having Git credential secret in form:

apiVersion: v1
kind: Secret
metadata:
  name: git-credentials-secret
  labels:
    app.kubernetes.io/part-of: che.eclipse.org
    app.kubernetes.io/component: workspace-secret
  annotations:
    che.eclipse.org/automount-workspace-secret: 'true'
    che.eclipse.org/mount-path: /home/theia/.git-credentials
    che.eclipse.org/mount-as: file
    che.eclipse.org/git-credential: 'true'
data:
  credentials: <https://user:pass@example.com in Base64 >

will result in file mount to each container:

/home/theia/.git-credentials/credentials

https://user:pass@example.com

But if we want to have more than one credential secret, for example, one for GitHub and one for Bitbucket,
secret provisioner will fail. We need to fix that situation.

Describe the solution you'd like

Right now we're not managing content of the files, we just creating volume mount poining to the secret, which will be mount as file on FS by Kubernetes.
So GitCredentialStorageFileSecretApplier should be reworked and allow multiple secrets to be merged into single credential file which will lools like:

/home/theia/.git-credentials/credentials

https://user:pass@server1.com
https://user:pass@server2.com
... etc

Describe alternatives you've considered

Additional context
@mshaposhnik mshaposhnik added the kind/task Internal things, technical debt, and to-do tasks to be performed. label Jan 4, 2021
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Jan 4, 2021
@mshaposhnik mshaposhnik added area/che-server and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Jan 4, 2021
@l0rd l0rd added the severity/P2 Has a minor but important impact to the usage or development of the system. label Jan 5, 2021
@l0rd
Copy link
Contributor

l0rd commented Jan 5, 2021

This is important but can you please think about the implementation in the context of Che using DevWorkspace operator?

@skabashnyuk
Copy link
Contributor

This is important but can you please think about the implementation in the context of Che using DevWorkspace operator?

Most likely that would be two separate things. One for DevWorkspace operator and the other for Che-server. As I understand the idea is to merge existed multiple git-credentials-secret s during workspace startup in one thing.

@l0rd
Copy link
Contributor

l0rd commented Jan 11, 2021

The idea is not to implement it twice. Let's plan that for DevWorkspace only.

@che-bot
Copy link
Contributor

che-bot commented Jul 19, 2021

Issues go stale after 180 days of inactivity. lifecycle/stale issues rot after an additional 7 days of inactivity and eventually close.

Mark the issue as fresh with /remove-lifecycle stale in a new comment.

If this issue is safe to close now please do so.

Moderators: Add lifecycle/frozen label to avoid stale mode.

@che-bot che-bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jul 19, 2021
@l0rd
Copy link
Contributor

l0rd commented Aug 5, 2021

/remove-lifecycle stale

@skabashnyuk skabashnyuk added area/devworkspace-operator engine/devworkspace Issues related to Che configured to use the devworkspace controller as workspace engine. and removed area/che-server labels Aug 6, 2021
@JPinkney JPinkney mentioned this issue Aug 27, 2021
Merged
3 tasks
@che-bot che-bot closed this as completed Sep 2, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/devworkspace-operator engine/devworkspace Issues related to Che configured to use the devworkspace controller as workspace engine. kind/task Internal things, technical debt, and to-do tasks to be performed. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. severity/P2 Has a minor but important impact to the usage or development of the system.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@l0rd @skabashnyuk @mshaposhnik @che-bot