Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support OAuth flow for GitHub Enterprise Server #21485

Closed
Tracked by #20583
vinokurig opened this issue Jun 22, 2022 · 24 comments · Fixed by eclipse-che/che-server#350
Closed
Tracked by #20583

Support OAuth flow for GitHub Enterprise Server #21485

vinokurig opened this issue Jun 22, 2022 · 24 comments · Fixed by eclipse-che/che-server#350
Assignees
Labels
area/factory/server Server side of factory implementation kind/task Internal things, technical debt, and to-do tasks to be performed. new&noteworthy For new and/or noteworthy issues that deserve a blog post, new docs, or emphasis in release notes severity/P1 Has a major impact to usage or development of the system.
Milestone

Comments

@vinokurig
Copy link
Contributor

vinokurig commented Jun 22, 2022

Is your task related to a problem? Please describe

Currently OAuth flow is supported for GitHub SAAS (github.com and GitHub Enterpise Cloud). We need to add the support for the on-premises version (GitHub Enterprises Server).

Describe the solution you'd like

Add a new or modify the existing GitHub OAuth handler.

Release Notes Text

Administrators can now configure Che instances to automatically connect to GitHub Enteprise Server to retrieve and configure users personal access tokens. Note the GitHub Enterprise Cloud was already supported.

@vinokurig vinokurig added the kind/task Internal things, technical debt, and to-do tasks to be performed. label Jun 22, 2022
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Jun 22, 2022
@vinokurig vinokurig self-assigned this Jun 22, 2022
@amisevsk amisevsk added severity/P1 Has a major impact to usage or development of the system. area/factory/server Server side of factory implementation and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Jun 24, 2022
@vinokurig
Copy link
Contributor Author

Didn't mangae to start github enterprise instance localy. Need a remote instance: https://enterprise.github.com/releases/3.5.1/download

@vinokurig vinokurig added the status/blocked Issue that can’t be moved forward. Must include a comment on the reason for the blockage. label Jun 28, 2022
@ibuziuk ibuziuk mentioned this issue Jun 28, 2022
68 tasks
@svor
Copy link
Contributor

svor commented Jun 28, 2022

Didn't mangae to start github enterprise instance localy. Need a remote instance: https://enterprise.github.com/releases/3.5.1/download

@l0rd could you please help with this

@vinokurig
Copy link
Contributor Author

OAuth flow for GitHub hosted version of GitHub enterprise works without any changes. To work on the server version need an instance with the application.

@l0rd
Copy link
Contributor

l0rd commented Aug 17, 2022

We discussed that today with @benoitf and @ibuziuk. On prem GitHub instances have URLs that don't match this regexp (the URL is typically something like https://github.redhat.com). To address that we should allow to specify the annotation che.eclipse.org/scm-server-endpoint for GitHub as well.

And yes, the problem about how to test it isn't solved.

@l0rd l0rd changed the title Support OAuth flow for GitHub enterprise Support OAuth flow for GitHub Enterprise Server Aug 17, 2022
@l0rd
Copy link
Contributor

l0rd commented Aug 17, 2022

Using a Git Provider Access Token may be a workaround.

@vinokurig
Copy link
Contributor Author

vinokurig commented Aug 18, 2022

@l0rd

Using a Git Provider Access Token may be a workaround.

I don't think so. We would still need an endpoint to test the feature.

@l0rd
Copy link
Contributor

l0rd commented Aug 19, 2022

I don't think so. We would still need an endpoint to test the feature.

@vinokurig but with the PAT secret a user can specifies the che.eclipse.org/scm-url, why do you think that's not going to work?

@vinokurig
Copy link
Contributor Author

@l0rd You are right that Git Provider Access Token can be a workaround for a user, but not for us to work on this issue.

@ibuziuk ibuziuk mentioned this issue Aug 24, 2022
82 tasks
@ibuziuk
Copy link
Member

ibuziuk commented Aug 24, 2022

@vinokurig added this issue to the next sprint as a highly important case to resolve. Just wondering if you have tried - https://docs.github.com/en/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-cloud ? (it has 30 days trial )

@benoitf
Copy link
Contributor

benoitf commented Aug 24, 2022

and https://docs.github.com/en/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server is 45 days trial as well

@vinokurig
Copy link
Contributor Author

@ibuziuk

@vinokurig added this issue to the next sprint as a highly important case to resolve. Just wondering if you have tried - https://docs.github.com/en/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-cloud ? (it has 30 days trial )

The link refers to a cloud version of GitHub enterprise whis is already supported by Che. The issue is to support the server version of GitHub enterprise.

@benoitf
Copy link
Contributor

benoitf commented Aug 25, 2022

@vinokurig you can get credits on Azure as well (trial) to deploy it
https://azure.microsoft.com/en-us/free/

@vinokurig
Copy link
Contributor Author

@benoitf

@vinokurig you can get credits on Azure as well (trial) to deploy it
https://azure.microsoft.com/en-us/free/

The free subscription is too weak for the github-server application:
screenshot-20 100 174 210_8443-2022 08 26-15_54_41

@benoitf
Copy link
Contributor

benoitf commented Aug 26, 2022

I think you need to use the $ credits, not the free instance

https://docs.gitlab.com/ee/install/azure/ (I know it's gitlab but it shows you how to use free credits $ to setup the machines on azure, gcp or amazon)

@vinokurig vinokurig removed the status/blocked Issue that can’t be moved forward. Must include a comment on the reason for the blockage. label Aug 29, 2022
@vinokurig
Copy link
Contributor Author

Managed to launch an instance in a local virtualbox machine

@RickJWagner
Copy link
Contributor

Additional information from users:

OpenShift DevSpaces v3.1.0 is not able to pull repos from GitHub Enterprise private repos even after defining the needed secrets as called in the docs at https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.1/html/user_guide/using-credentials-and-configurations-in-workspaces.

You can find the all the our manifests (reference to support case).

What is the business impact? Please also provide timeframe information.
We use GitHub Enterprise (GHE) as our SCM solution. DevSpaces not supporting GHE severly imparis our ability to use OpenShift DevSpace.

Where are you experiencing the behavior? What environment?
OpenShift : 4.11.1
DevSpaces: 1.3.1

@spuranam
Copy link

@RickJWagner It does not looks like using GHE PAT workaroud described above does not either ... please find the details around our usecase @ https://gist.github.com/spuranam/f47d985ada94a7c0c1ee1c8553579119

@spuranam
Copy link

spuranam commented Aug 29, 2022

@RickJWagner here is more info about my test setup:

OpenShift: v4.11.1
DevSpace: v3.1.0
GitHub Enterpirse: v3.5.3

@vinokurig
Copy link
Contributor Author

@l0rd @RickJWagner @spuranam The PR has been opened, see the link above. Please note that this just extends the current GitHub provider. It means that if the provider is configured to an Enterprise Server endpoint, the Cloud support won't be available, and vice versa.
So do we need a separate OAuth provider to support both versions at the same time?

@vinokurig
Copy link
Contributor Author

@l0rd

@RickJWagner It does not looks like using GHE PAT workaroud described above does not either ... please find the details around our usecase @ https://gist.github.com/spuranam/f47d985ada94a7c0c1ee1c8553579119

I confirm that the manual PAT flow doesn't work for GitHub Enterprise server case, even with my PR. Do we need to support it?

@l0rd
Copy link
Contributor

l0rd commented Sep 7, 2022

t means that if the provider is configured to an Enterprise Server endpoint, the Cloud support won't be available, and vice versa. So do we need a separate OAuth provider to support both versions at the same time?

Supporting only either GitHub enterprise server or github.com (but not both at the same time) is an acceptable compromise.

I confirm that the manual PAT flow doesn't work for GitHub Enterprise server case, even with my PR. Do we need to support it?

We don't need to support it right now.

@l0rd l0rd added this to the 7.54 milestone Sep 15, 2022
@l0rd l0rd added new&noteworthy For new and/or noteworthy issues that deserve a blog post, new docs, or emphasis in release notes status/release-notes-review-needed Issues that needs to be reviewed by the doc team for the Release Notes wording labels Sep 15, 2022
@devstudio-release
Copy link

sync'd to Red Hat JIRA https://issues.redhat.com/browse/CRW-3352

@nickboldt
Copy link
Contributor

Backported to 7.52 / 3.2 in eclipse-che/che-server@b35291d

@max-cx max-cx removed the status/release-notes-review-needed Issues that needs to be reviewed by the doc team for the Release Notes wording label Jan 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/factory/server Server side of factory implementation kind/task Internal things, technical debt, and to-do tasks to be performed. new&noteworthy For new and/or noteworthy issues that deserve a blog post, new docs, or emphasis in release notes severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Development

Successfully merging a pull request may close this issue.