feat: Setup OpenShift OAuth by default on OpenShift infrastructure (#809

)

* Setup OpenShift OAuth by default on OpenShift infrastructure

Signed-off-by: Anatolii Bazko <[email protected]>

README.md

@@ -122,7 +122,7 @@ EXAMPLES
   $ chectl autocomplete --refresh-cache
 ```
 
-_See code: [@oclif/plugin-autocomplete](https://github.com/oclif/plugin-autocomplete/blob/v0.1.5/src/commands/autocomplete/index.ts)_
+_See code: [@oclif/plugin-autocomplete](https://github.com/oclif/plugin-autocomplete/blob/v0.2.0/src/commands/autocomplete/index.ts)_
 
 ## `chectl cacert:export`
 
@@ -302,7 +302,7 @@ USAGE
 
 OPTIONS
   -a, --installer=helm|operator|olm|minishift-addon
-      Installer type
+      [default: operator] Installer type.
 
   -b, --domain=domain
       Domain of the Kubernetes cluster (e.g. example.k8s-cluster.com or <local-ip>.nip.io)
@@ -407,9 +407,6 @@ OPTIONS
                            If options was not set, will be used default version for package manifest.
                            This parameter is used only when the installer is the 'olm'.
 
-  --os-oauth
-      Enable use of OpenShift credentials to log into Eclipse Che
-
   --package-manifest-name=package-manifest-name
       Package manifest name to subscribe to Eclipse Che OLM package manifest.
                            This parameter is used only when the installer is the 'olm'.
@@ -483,7 +480,10 @@ USAGE
   $ chectl server:update
 
 OPTIONS
-  -a, --installer=helm|operator|minishift-addon|olm                            Installer type
+  -a, --installer=operator|olm                                                 Installer type. If not set, default is
+                                                                               autodetected depending on previous
+                                                                               installation.
+
   -h, --help                                                                   show CLI help
 
   -n, --chenamespace=chenamespace                                              [default: che] Kubernetes namespace where
@@ -560,7 +560,7 @@ _See code: [src/commands/workspace/create.ts](https://github.com/che-incubator/c
 
 ## `chectl workspace:delete WORKSPACE`
 
-delete a user's workspace
+delete a stopped workspace - use workspace:stop to stop the workspace before deleting it
 
 ```
 USAGE

src/api/kube.ts

@@ -21,7 +21,7 @@ import * as net from 'net'
 import { Writable } from 'stream'
 
 import { CHE_CLUSTER_CRD, DEFAULT_CHE_IMAGE, OLM_STABLE_CHANNEL_NAME } from '../constants'
-import { getClusterClientCommand } from '../util'
+import { getClusterClientCommand, isKubernetesPlatformFamily } from '../util'
 
 import { V1alpha2Certificate } from './typings/cert-manager'
 import { CatalogSource, ClusterServiceVersionList, InstallPlan, OperatorGroup, PackageManifest, Subscription } from './typings/olm'
@@ -832,11 +832,11 @@ export class KubeHelper {
   }
 
   async createDeployment(name: string,
-                         image: string,
-                         serviceAccount: string,
-                         pullPolicy: string,
-                         configMapEnvSource: string,
-                         namespace: string) {
+    image: string,
+    serviceAccount: string,
+    pullPolicy: string,
+    configMapEnvSource: string,
+    namespace: string) {
     const k8sAppsApi = KubeHelper.KUBE_CONFIG.makeApiClient(AppsV1Api)
     let deployment = new V1Deployment()
     deployment.metadata = new V1ObjectMeta()
@@ -953,12 +953,12 @@ export class KubeHelper {
   }
 
   async createPod(name: string,
-                  image: string,
-                  serviceAccount: string,
-                  restartPolicy: string,
-                  pullPolicy: string,
-                  configMapEnvSource: string,
-                  namespace: string) {
+    image: string,
+    serviceAccount: string,
+    restartPolicy: string,
+    pullPolicy: string,
+    configMapEnvSource: string,
+    namespace: string) {
     const k8sCoreApi = KubeHelper.KUBE_CONFIG.makeApiClient(CoreV1Api)
     let pod = new V1Pod()
     pod.metadata = new V1ObjectMeta()
@@ -986,11 +986,11 @@ export class KubeHelper {
   }
 
   async createJob(name: string,
-                  image: string,
-                  serviceAccount: string,
-                  namespace: string,
-                  backoffLimit = 0,
-                  restartPolicy = 'Never') {
+    image: string,
+    serviceAccount: string,
+    namespace: string,
+    backoffLimit = 0,
+    restartPolicy = 'Never') {
     const k8sBatchApi = KubeHelper.KUBE_CONFIG.makeApiClient(BatchV1Api)
 
     const job = new V1Job()
@@ -1187,10 +1187,10 @@ export class KubeHelper {
       }
       yamlCr.spec.server.cheDebug = flags.debug ? flags.debug.toString() : 'false'
 
-      yamlCr.spec.auth.openShiftoAuth = flags['os-oauth']
-      if (!yamlCr.spec.auth.openShiftoAuth && flags.multiuser) {
+      if (isKubernetesPlatformFamily(flags.platform) || !yamlCr.spec.auth.openShiftoAuth) {
         yamlCr.spec.auth.updateAdminPassword = true
       }
+
       if (!yamlCr.spec.k8s) {
         yamlCr.spec.k8s = {}
       }
@@ -1855,7 +1855,7 @@ export class KubeHelper {
    * Creates a secret with given name and data.
    * Data should not be base64 encoded.
    */
-  async createSecret(name: string, data: {[key: string]: string}, namespace: string): Promise<V1Secret | undefined> {
+  async createSecret(name: string, data: { [key: string]: string }, namespace: string): Promise<V1Secret | undefined> {
     const k8sCoreApi = KubeHelper.KUBE_CONFIG.makeApiClient(CoreV1Api)
 
     const secret = new V1Secret()

src/commands/server/start.ts

@@ -114,10 +114,6 @@ export default class Start extends Command {
       description: 'Enables the debug mode for Eclipse Che server. To debug Eclipse Che server from localhost use \'server:debug\' command.',
       default: false
     }),
-    'os-oauth': flags.boolean({
-      description: 'Enable use of OpenShift credentials to log into Eclipse Che',
-      default: false
-    }),
     'che-operator-image': string({
       description: 'Container image of the operator. This parameter is used only when the installer is the operator',
       default: DEFAULT_CHE_OPERATOR_IMAGE
@@ -258,7 +254,6 @@ export default class Start extends Command {
       flags['devfile-registry-url'] && ignoredFlags.push('--devfile-registry-url')
       flags['postgres-pvc-storage-class-name'] && ignoredFlags.push('--postgres-pvc-storage-class-name')
       flags['workspace-pvc-storage-class-name'] && ignoredFlags.push('--workspace-pvc-storage-class-name')
-      flags['os-oauth'] && ignoredFlags.push('--os-oauth')
       flags.tls && ignoredFlags.push('--tls')
       flags.cheimage && ignoredFlags.push('--cheimage')
       flags.debug && ignoredFlags.push('--debug')
@@ -284,14 +279,6 @@ export default class Start extends Command {
           this.error(`🛑 Current platform is ${flags.platform}. Helm installer is only available on top of Kubernetes flavor platform (including Minikube, Docker Desktop).`)
         }
       }
-      if (flags['os-oauth']) {
-        if (flags.platform !== 'openshift' && flags.platform !== 'minishift' && flags.platform !== 'crc') {
-          this.error(`You requested to enable OpenShift OAuth but the platform doesn\'t seem to be OpenShift. Platform is ${flags.platform}.`)
-        }
-        if (flags.installer !== 'operator' && flags.installer !== 'olm') {
-          this.error(`You requested to enable OpenShift OAuth but that's only possible when using the 'operator' or 'olm' as installer. The current installer is ${flags.installer}.`)
-        }
-      }
 
       if (flags.installer === 'olm' && flags.platform === 'minishift') {
         this.error(`🛑 The specified installer ${flags.installer} does not support Minishift`)

src/tasks/platforms/common-platform-tasks.ts

@@ -88,12 +88,12 @@ export namespace CommonPlatformTasks {
         if (await kube.isOpenShift4()) {
           const providers = await kube.getOpenshiftAuthProviders()
           if (!providers || providers.length === 0) {
-            ctx.highlightedMessages.push(`❗ ${ansi.yellow('[WARNING]')} 'os-oauth' flag was disabled, because Openshift oauth hasn't got any identity providers. ${DOCS_LINK_HOW_TO_ADD_IDENTITY_PROVIDER_OS4}`)
+            ctx.highlightedMessages.push(`❗ ${ansi.yellow('[WARNING]')} OpenShift OAuth is turned off, because there is no any identity providers configured. ${DOCS_LINK_HOW_TO_ADD_IDENTITY_PROVIDER_OS4}`)
             ctx.CROverrides = { spec: { auth: { openShiftoAuth: false } } }
           }
         } else {
           if (await kube.getAmoutUsers() === 0) {
-            ctx.highlightedMessages.push(`❗ ${ansi.yellow('[WARNING]')} 'os-oauth' flag was disabled, because Openshift oauth hasn't got any users. See: "${DOCS_LINK_HOW_TO_CREATE_USER_OS3}"`)
+            ctx.highlightedMessages.push(`❗ ${ansi.yellow('[WARNING]')} OpenShift OAuth is turned off, because there are no any users added. See: "${DOCS_LINK_HOW_TO_CREATE_USER_OS3}"`)
             ctx.CROverrides = { spec: { auth: { openShiftoAuth: false } } }
           }
         }
@@ -127,6 +127,6 @@ export namespace CommonPlatformTasks {
       }
     }
 
-    return flags['os-oauth'] ? true : false
+    return true
   }
 }

test/e2e/util/cr-test.yaml

@@ -12,3 +12,4 @@
 spec:
   auth:
     updateAdminPassword: false
+    openShiftoAuth: false

yarn.lock

@@ -1544,11 +1544,11 @@ ecc-jsbn@~0.1.1:
 
 "eclipse-che-operator@git://github.com/eclipse/che-operator#master":
   version "0.0.0"
-  resolved "git://github.com/eclipse/che-operator#c64d61faf4f7b5eb13ee1d91e0ee90c8a84b3b8c"
+  resolved "git://github.com/eclipse/che-operator#bd8679d5a5146f5200f77494caeb73a2b76620a8"
 
 "eclipse-che@git://github.com/eclipse/che#master":
   version "0.0.0"
-  resolved "git://github.com/eclipse/che#cc7fd4e75e45e632e3d8f704ac2d0ce8365e55ce"
+  resolved "git://github.com/eclipse/che#90548b2d3331915aebd9527bb506f58a665f8e80"
 
 editorconfig@^0.15.0:
   version "0.15.3"