Skip to content
Blame Permalink
  • David Festal's avatar
    e0890235
    Allow creating OpenShift objects under the current user account on OCP (#9577) · e0890235
    David Festal authored 
    

* Support identity provider token retrieval in both JSON or URL formats.

That's required because some identity providers (such a `openshift-v3`)
correctly return the token information in JSON, as expected. So
switching to the url-based syntax should only used when the returned
json is invalid.

Signed-off-by: default avatarDavid Festal <dfestal@redhat.com>

* Introduce an `OpenShiftClientConfigFactory` to allow customizing the OpenShift config returned according to the current context (workspace ID, current user)

Signed-off-by: default avatarDavid Festal <dfestal@redhat.com>

* Openshift Infra + Multi-user => allow using OpenShift identity provider to connect to openshift with the OS oauth token of the current Che user.

This introduces a new property:

`che.infra.openshift.oauth_identity_provider`

Signed-off-by: default avatarDavid Festal <dfestal@redhat.com>

* Notify the user when a workspace cannot be started from the nav bar.

Signed-off-by: default avatarDavid Festal <dfestal@redhat.com>

* Add the ability to install the Openshift certificate into Keycloak

Signed-off-by: default avatarDavid Festal <dfestal@redhat.com>

* Add a yaml file to provide the openshift certificate as a secret,

in case it has to be installed into the dedicated Keycloak server.

Then the commands to install Che multiuser on Minishift with this
certificate are:

```
oc new-project che

oc process -f multi/openshift-certificate-secret.yaml -p
CERTIFICATE="$(minishift ssh docker exec origin /bin/cat
./openshift.local.config/master/ca.crt)" | oc apply -f -; \
oc new-app -f multi/postgres-template.yaml; \
oc new-app -f multi/keycloak-template.yaml -p ROUTING_SUFFIX=$(minishift
ip).nip.io; \
oc apply -f pvc/che-server-pvc.yaml; \
oc new-app -f che-server-template.yaml -p ROUTING_SUFFIX=$(minishift
ip).nip.io -p CHE_MULTIUSER=true -p
CHE_INFRA_OPENSHIFT_OAUTH__IDENTITY__PROVIDER=openshift-v3; \
oc set volume dc/che --add -m /data --name=che-data-volume
--claim-name=che-data-volume
```

Of course it's still needed to register the `openshift-v3` identity
provider in the Keycloak server, as well as, add the corresponding
`OAuthClient` object in Minihshift.

Signed-off-by: default avatarDavid Festal <dfestal@redhat.com>
    e0890235
    Allow creating OpenShift objects under the current user account on OCP (#9577)
    David Festal authored 
    

* Support identity provider token retrieval in both JSON or URL formats.

That's required because some identity providers (such a `openshift-v3`)
correctly return the token information in JSON, as expected. So
switching to the url-based syntax should only used when the returned
json is invalid.

Signed-off-by: default avatarDavid Festal <dfestal@redhat.com>

* Introduce an `OpenShiftClientConfigFactory` to allow customizing the OpenShift config returned according to the current context (workspace ID, current user)

Signed-off-by: default avatarDavid Festal <dfestal@redhat.com>

* Openshift Infra + Multi-user => allow using OpenShift identity provider to connect to openshift with the OS oauth token of the current Che user.

This introduces a new property:

`che.infra.openshift.oauth_identity_provider`

Signed-off-by: default avatarDavid Festal <dfestal@redhat.com>

* Notify the user when a workspace cannot be started from the nav bar.

Signed-off-by: default avatarDavid Festal <dfestal@redhat.com>

* Add the ability to install the Openshift certificate into Keycloak

Signed-off-by: default avatarDavid Festal <dfestal@redhat.com>

* Add a yaml file to provide the openshift certificate as a secret,

in case it has to be installed into the dedicated Keycloak server.

Then the commands to install Che multiuser on Minishift with this
certificate are:

```
oc new-project che

oc process -f multi/openshift-certificate-secret.yaml -p
CERTIFICATE="$(minishift ssh docker exec origin /bin/cat
./openshift.local.config/master/ca.crt)" | oc apply -f -; \
oc new-app -f multi/postgres-template.yaml; \
oc new-app -f multi/keycloak-template.yaml -p ROUTING_SUFFIX=$(minishift
ip).nip.io; \
oc apply -f pvc/che-server-pvc.yaml; \
oc new-app -f che-server-template.yaml -p ROUTING_SUFFIX=$(minishift
ip).nip.io -p CHE_MULTIUSER=true -p
CHE_INFRA_OPENSHIFT_OAUTH__IDENTITY__PROVIDER=openshift-v3; \
oc set volume dc/che --add -m /data --name=che-data-volume
--claim-name=che-data-volume
```

Of course it's still needed to register the `openshift-v3` identity
provider in the Keycloak server, as well as, add the corresponding
`OAuthClient` object in Minihshift.

Signed-off-by: default avatarDavid Festal <dfestal@redhat.com>