Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SPI] Investigate why OpenShift SPI doesn't work on OCP #6607

Closed
sleshchenko opened this issue Oct 6, 2017 · 1 comment
Closed

[SPI] Investigate why OpenShift SPI doesn't work on OCP #6607

sleshchenko opened this issue Oct 6, 2017 · 1 comment
Assignees
@sleshchenko
Labels
kind/task Internal things, technical debt, and to-do tasks to be performed. target/branch Indicates that a PR will be merged into a branch other than master.

Comments

@sleshchenko
Copy link
Member

sleshchenko commented Oct 6, 2017
edited
Loading

OpenShift SPI works fine on minishift instance with set user's credentials. But it doesn't work on OCP

In case of using a service account (with missing credentials) che-server doesn't have rights to create objects outside of its project.

In case of using user's credentials, there is another error

2017-10-05 15:34:59,923[nio-8080-exec-5]  [ERROR] [o.e.c.a.w.s.WorkspaceRuntimes 270]   - Unexpected response (401 Unauthorized), to the authorization request. Missing header:[Location]!
--
  | org.eclipse.che.api.workspace.server.spi.InfrastructureException: Unexpected response (401 Unauthorized), to the authorization request. Missing header:[Location]!
  | at org.eclipse.che.workspace.infrastructure.openshift.project.OpenShiftProject.get(OpenShiftProject.java:98)

It is needed to investigate how we can provide OpenShift SPI rights to manage objects outside of its OpenShift Project.
@sleshchenko sleshchenko added kind/task Internal things, technical debt, and to-do tasks to be performed. status/open-for-dev An issue has had its specification reviewed and confirmed. Waiting for an engineer to take it. target/branch Indicates that a PR will be merged into a branch other than master. team/platform labels Oct 6, 2017
@sleshchenko sleshchenko self-assigned this Oct 6, 2017
@sleshchenko sleshchenko added status/in-progress This issue has been taken by an engineer and is under active development. and removed status/open-for-dev An issue has had its specification reviewed and confirmed. Waiting for an engineer to take it. labels Oct 6, 2017
@skabashnyuk skabashnyuk mentioned this issue Oct 6, 2017
Closed
26 tasks
@sleshchenko sleshchenko mentioned this issue Oct 10, 2017
Merged
@sleshchenko
Copy link
Member Author

So, deploy script for OCP flavor was broken this PR #6656 contains all required changes for deploying Che on OCP.

So, OpenShift spi doesn't work on Codenvy OCP instance (https://api.codenvy.openshift.com/) with set users' credentials(I guess it is because of keycloak server configuration to use LDAP authentication). It works somehow with service account but while #6284 is not resolved, starting workspaces in the same project doesn't work good enough.
Prepared PR also contains changes for setting oauth token instead of users' credentials for grant che-server permissions to create workspaces object outside of its OpenShift project.

@sleshchenko sleshchenko removed the status/in-progress This issue has been taken by an engineer and is under active development. label Oct 11, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sleshchenko sleshchenko

Labels
kind/task Internal things, technical debt, and to-do tasks to be performed. target/branch Indicates that a PR will be merged into a branch other than master.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@skabashnyuk @sleshchenko