fixup! fixup! fixup! fixup! rh-che #541: Login to user project using …

…oc CLI in workspace containers

plugins/fabric8-multi-tenant-manager/src/main/java/com/redhat/che/multitenant/Fabric8MultiTenantModule.java

@@ -11,6 +11,7 @@
 package com.redhat.che.multitenant;
 
 import com.google.inject.AbstractModule;
+
 import org.eclipse.che.inject.DynaModule;
 import org.eclipse.che.workspace.infrastructure.openshift.OpenShiftClientFactory;
 import org.eclipse.che.workspace.infrastructure.openshift.project.OpenShiftProjectFactory;
@@ -28,6 +29,5 @@ protected void configure() {
 
     bind(OpenShiftClientFactory.class).to(Fabric8OpenShiftClientFactory.class);
     bind(OpenShiftProjectFactory.class).to(Fabric8OpenShiftProjectFactory.class);
-    bind(OsoUserTokenInjector.class).asEagerSingleton();
   }
 }

plugins/fabric8-multi-tenant-manager/src/main/java/com/redhat/che/multitenant/RhCheInfraEnvironmentProvisioner.java

@@ -0,0 +1,162 @@
+/*******************************************************************************
+ * Copyright (c) 2012-2016 Codenvy, S.A.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ *   Codenvy, S.A. - initial API and implementation
+ *******************************************************************************/
+package com.redhat.che.multitenant;
+
+import io.fabric8.kubernetes.api.model.EnvVar;
+import io.fabric8.kubernetes.api.model.Pod;
+
+import org.eclipse.che.api.core.NotFoundException;
+import org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity;
+import org.eclipse.che.api.workspace.server.spi.InfrastructureException;
+import org.eclipse.che.commons.subject.Subject;
+import org.eclipse.che.workspace.infrastructure.kubernetes.namespace.pvc.WorkspaceVolumesStrategy;
+import org.eclipse.che.workspace.infrastructure.kubernetes.provision.InstallerServersPortProvisioner;
+import org.eclipse.che.workspace.infrastructure.kubernetes.provision.LogsVolumeMachineProvisioner;
+import org.eclipse.che.workspace.infrastructure.kubernetes.provision.env.EnvVarsConverter;
+import org.eclipse.che.workspace.infrastructure.kubernetes.provision.limits.ram.RamLimitProvisioner;
+import org.eclipse.che.workspace.infrastructure.kubernetes.provision.restartpolicy.RestartPolicyRewriter;
+import org.eclipse.che.workspace.infrastructure.openshift.OpenShiftEnvironmentProvisioner;
+import org.eclipse.che.workspace.infrastructure.openshift.environment.OpenShiftEnvironment;
+import org.eclipse.che.workspace.infrastructure.openshift.provision.OpenShiftServersConverter;
+import org.eclipse.che.workspace.infrastructure.openshift.provision.OpenShiftUniqueNamesProvisioner;
+import org.eclipse.che.workspace.infrastructure.openshift.provision.RouteTlsProvisioner;
+import org.slf4j.Logger;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.inject.Singleton;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Map;
+
+import static java.lang.String.format;
+import static org.slf4j.LoggerFactory.getLogger;
+
+/**
+ * Adds env vars needed to perform oc login in workspace containers.
+ *
+ * TODO remove it when injection of env vars won't hold workspace start request.
+ *
+ * @author Alexander Garagatyi
+ */
+@Singleton
+public class RhCheInfraEnvironmentProvisioner extends OpenShiftEnvironmentProvisioner {
+    private static final Logger LOG         = getLogger(RhCheInfraEnvironmentProvisioner.class);
+    private static final String TOKEN_VAR   = "CHE_OSO_USER_TOKEN";
+    private static final String CLUSTER_VAR = "CHE_OSO_CLUSTER";
+    private static final String PROJECT_VAR = "CHE_OSO_PROJECT";
+
+    private final OpenshiftUserTokenProvider openshiftUserTokenProvider;
+    private final TenantDataProvider         tenantDataProvider;
+    private final WorkspaceSubjectsRegistry  subjectsRegistry;
+
+    @Inject
+    public RhCheInfraEnvironmentProvisioner(@Named("che.infra.kubernetes.pvc.enabled") boolean pvcEnabled,
+                                            OpenShiftUniqueNamesProvisioner uniqueNamesProvisioner,
+                                            RouteTlsProvisioner routeTlsProvisioner,
+                                            OpenShiftServersConverter openShiftServersConverter,
+                                            EnvVarsConverter envVarsConverter,
+                                            RestartPolicyRewriter restartPolicyRewriter,
+                                            WorkspaceVolumesStrategy volumesStrategy,
+                                            RamLimitProvisioner ramLimitProvisioner,
+                                            InstallerServersPortProvisioner installerServersPortProvisioner,
+                                            LogsVolumeMachineProvisioner logsVolumeMachineProvisioner,
+                                            OpenshiftUserTokenProvider openshiftUserTokenProvider,
+                                            TenantDataProvider tenantDataProvider,
+                                            WorkspaceSubjectsRegistry subjectsRegistry) {
+        super(pvcEnabled, uniqueNamesProvisioner, routeTlsProvisioner, openShiftServersConverter, envVarsConverter,
+              restartPolicyRewriter, volumesStrategy, ramLimitProvisioner, installerServersPortProvisioner,
+              logsVolumeMachineProvisioner);
+
+        this.openshiftUserTokenProvider = openshiftUserTokenProvider;
+        this.tenantDataProvider = tenantDataProvider;
+        this.subjectsRegistry = subjectsRegistry;
+    }
+
+    @Override
+    public void provision(OpenShiftEnvironment osEnv, RuntimeIdentity identity) throws InfrastructureException {
+        super.provision(osEnv, identity);
+
+        // here we are at a stage when we should add to openshift specific entities only
+
+        Map<String, String> envVars = new HashMap<>();
+
+        Subject subject;
+        try {
+            subject = subjectsRegistry.getSubject(identity.getOwnerId());
+        } catch (NotFoundException e) {
+            // we can't perform operations without subject, do nothing
+            LOG.error("Subject for user ID '" + identity.getOwnerId() + "' not found in subjects registry");
+            return;
+        }
+
+        String token = getOsoToken(subject);
+        // we can't perform oc login without OSO token, so do nothing
+        if (token == null) {
+            return;
+        }
+        envVars.put(TOKEN_VAR, token);
+
+        UserCheTenantData tenantDataData = getTenantData(subject);
+        if (tenantDataData == null) {
+            // we can't perform operations without tenant data, so do nothing
+            return;
+        }
+        envVars.put(CLUSTER_VAR, tenantDataData.getClusterUrl());
+        envVars.put(PROJECT_VAR, tenantDataData.getNamespace());
+
+        Collection<Pod> pods = osEnv.getPods().values();
+        pods.forEach(pod -> pod.getSpec().getContainers().forEach(container -> {
+            envVars.forEach((key, value) -> {
+                container.getEnv().removeIf(envVar -> envVar.getName().equals(key));
+                container.getEnv().add(new EnvVar(key, value, null));
+            });
+        }));
+
+//        CompletableFuture<Subject> future;
+//        CompletableFuture<Void> voidCompletableFuture =
+//                future.thenApply(subject1 -> subject1).thenApply(subject1 -> envVars).thenAccept();
+//        voidCompletableFuture.
+    }
+
+    private String getOsoToken(Subject subject) {
+        String osoToken = null;
+        try {
+            osoToken = openshiftUserTokenProvider.getToken(subject);
+            if (osoToken == null) {
+                LOG.error("OSO token not found for user " + getUserDescription(subject));
+            }
+        } catch (InfrastructureException e) {
+            LOG.error(
+                    format(
+                            "OSO token retrieval for user '%s' failed with error: %s",
+                            getUserDescription(subject), e.getMessage()));
+        }
+        return osoToken;
+    }
+
+    private UserCheTenantData getTenantData(Subject subject) {
+        UserCheTenantData userCheTenantData = null;
+        try {
+            userCheTenantData = tenantDataProvider.getUserCheTenantData(subject, "user");
+        } catch (InfrastructureException e) {
+            LOG.error(
+                    format(
+                            "OSO tenant data retrieval for user '%s' failed with error: %s",
+                            getUserDescription(subject), e.getMessage()));
+        }
+        return userCheTenantData;
+    }
+
+    private String getUserDescription(Subject subject) {
+        return subject.getUserName() + "(" + subject.getUserId() + ")";
+    }
+}

plugins/fabric8-multi-tenant-manager/src/main/resources/installers/1.0.0/com.redhat.oc-login.json

@@ -0,0 +1,6 @@
+{
+  "id": "com.redhat.oc-login-oso",
+  "version": "1.0.0",
+  "name": "Login to OSO",
+  "description": "Login with oc to user project on OSO"
+}

plugins/fabric8-multi-tenant-manager/src/main/resources/installers/1.0.0/com.redhat.oc-login.script.sh

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2012-2018 Red Hat, Inc.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+# Contributors:
+#   Red Hat, Inc. - initial API and implementation
+#
+
+if [ -n "${CHE_OSO_USER_TOKEN}" ] && [ -n "${CHE_OSO_PROJECT}" ] && [ -n "${CHE_OSO_CLUSTER}" ]; then
+    # login to OSO project where user has edit rights
+    oc login ${CHE_OSO_CLUSTER} --token=${CHE_OSO_USER_TOKEN} && oc project ${CHE_OSO_PROJECT} || true
+fi