From aaf3582641c6c63ea8ebb8a7f9dbf0383689e919 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Mon, 10 Aug 2020 14:04:43 +0300 Subject: [PATCH] feat: Setup OpenShift OAuth by default on OpenShift infrastructure (#809) * Setup OpenShift OAuth by default on OpenShift infrastructure Signed-off-by: Anatolii Bazko --- README.md | 14 +++---- src/api/kube.ts | 40 ++++++++++---------- src/commands/server/start.ts | 13 ------- src/tasks/platforms/common-platform-tasks.ts | 6 +-- test/e2e/util/cr-test.yaml | 1 + yarn.lock | 4 +- 6 files changed, 33 insertions(+), 45 deletions(-) diff --git a/README.md b/README.md index b56b6bbf8..af8471657 100644 --- a/README.md +++ b/README.md @@ -122,7 +122,7 @@ EXAMPLES $ chectl autocomplete --refresh-cache ``` -_See code: [@oclif/plugin-autocomplete](https://github.com/oclif/plugin-autocomplete/blob/v0.1.5/src/commands/autocomplete/index.ts)_ +_See code: [@oclif/plugin-autocomplete](https://github.com/oclif/plugin-autocomplete/blob/v0.2.0/src/commands/autocomplete/index.ts)_ ## `chectl cacert:export` @@ -302,7 +302,7 @@ USAGE OPTIONS -a, --installer=helm|operator|olm|minishift-addon - Installer type + [default: operator] Installer type. -b, --domain=domain Domain of the Kubernetes cluster (e.g. example.k8s-cluster.com or .nip.io) @@ -407,9 +407,6 @@ OPTIONS If options was not set, will be used default version for package manifest. This parameter is used only when the installer is the 'olm'. - --os-oauth - Enable use of OpenShift credentials to log into Eclipse Che - --package-manifest-name=package-manifest-name Package manifest name to subscribe to Eclipse Che OLM package manifest. This parameter is used only when the installer is the 'olm'. @@ -483,7 +480,10 @@ USAGE $ chectl server:update OPTIONS - -a, --installer=helm|operator|minishift-addon|olm Installer type + -a, --installer=operator|olm Installer type. If not set, default is + autodetected depending on previous + installation. + -h, --help show CLI help -n, --chenamespace=chenamespace [default: che] Kubernetes namespace where @@ -560,7 +560,7 @@ _See code: [src/commands/workspace/create.ts](https://github.com/che-incubator/c ## `chectl workspace:delete WORKSPACE` -delete a user's workspace +delete a stopped workspace - use workspace:stop to stop the workspace before deleting it ``` USAGE diff --git a/src/api/kube.ts b/src/api/kube.ts index 813e7352f..628f355d4 100644 --- a/src/api/kube.ts +++ b/src/api/kube.ts @@ -21,7 +21,7 @@ import * as net from 'net' import { Writable } from 'stream' import { CHE_CLUSTER_CRD, DEFAULT_CHE_IMAGE, OLM_STABLE_CHANNEL_NAME } from '../constants' -import { getClusterClientCommand } from '../util' +import { getClusterClientCommand, isKubernetesPlatformFamily } from '../util' import { V1alpha2Certificate } from './typings/cert-manager' import { CatalogSource, ClusterServiceVersionList, InstallPlan, OperatorGroup, PackageManifest, Subscription } from './typings/olm' @@ -832,11 +832,11 @@ export class KubeHelper { } async createDeployment(name: string, - image: string, - serviceAccount: string, - pullPolicy: string, - configMapEnvSource: string, - namespace: string) { + image: string, + serviceAccount: string, + pullPolicy: string, + configMapEnvSource: string, + namespace: string) { const k8sAppsApi = KubeHelper.KUBE_CONFIG.makeApiClient(AppsV1Api) let deployment = new V1Deployment() deployment.metadata = new V1ObjectMeta() @@ -953,12 +953,12 @@ export class KubeHelper { } async createPod(name: string, - image: string, - serviceAccount: string, - restartPolicy: string, - pullPolicy: string, - configMapEnvSource: string, - namespace: string) { + image: string, + serviceAccount: string, + restartPolicy: string, + pullPolicy: string, + configMapEnvSource: string, + namespace: string) { const k8sCoreApi = KubeHelper.KUBE_CONFIG.makeApiClient(CoreV1Api) let pod = new V1Pod() pod.metadata = new V1ObjectMeta() @@ -986,11 +986,11 @@ export class KubeHelper { } async createJob(name: string, - image: string, - serviceAccount: string, - namespace: string, - backoffLimit = 0, - restartPolicy = 'Never') { + image: string, + serviceAccount: string, + namespace: string, + backoffLimit = 0, + restartPolicy = 'Never') { const k8sBatchApi = KubeHelper.KUBE_CONFIG.makeApiClient(BatchV1Api) const job = new V1Job() @@ -1187,10 +1187,10 @@ export class KubeHelper { } yamlCr.spec.server.cheDebug = flags.debug ? flags.debug.toString() : 'false' - yamlCr.spec.auth.openShiftoAuth = flags['os-oauth'] - if (!yamlCr.spec.auth.openShiftoAuth && flags.multiuser) { + if (isKubernetesPlatformFamily(flags.platform) || !yamlCr.spec.auth.openShiftoAuth) { yamlCr.spec.auth.updateAdminPassword = true } + if (!yamlCr.spec.k8s) { yamlCr.spec.k8s = {} } @@ -1855,7 +1855,7 @@ export class KubeHelper { * Creates a secret with given name and data. * Data should not be base64 encoded. */ - async createSecret(name: string, data: {[key: string]: string}, namespace: string): Promise { + async createSecret(name: string, data: { [key: string]: string }, namespace: string): Promise { const k8sCoreApi = KubeHelper.KUBE_CONFIG.makeApiClient(CoreV1Api) const secret = new V1Secret() diff --git a/src/commands/server/start.ts b/src/commands/server/start.ts index cbc31aee1..b2ee70683 100644 --- a/src/commands/server/start.ts +++ b/src/commands/server/start.ts @@ -114,10 +114,6 @@ export default class Start extends Command { description: 'Enables the debug mode for Eclipse Che server. To debug Eclipse Che server from localhost use \'server:debug\' command.', default: false }), - 'os-oauth': flags.boolean({ - description: 'Enable use of OpenShift credentials to log into Eclipse Che', - default: false - }), 'che-operator-image': string({ description: 'Container image of the operator. This parameter is used only when the installer is the operator', default: DEFAULT_CHE_OPERATOR_IMAGE @@ -258,7 +254,6 @@ export default class Start extends Command { flags['devfile-registry-url'] && ignoredFlags.push('--devfile-registry-url') flags['postgres-pvc-storage-class-name'] && ignoredFlags.push('--postgres-pvc-storage-class-name') flags['workspace-pvc-storage-class-name'] && ignoredFlags.push('--workspace-pvc-storage-class-name') - flags['os-oauth'] && ignoredFlags.push('--os-oauth') flags.tls && ignoredFlags.push('--tls') flags.cheimage && ignoredFlags.push('--cheimage') flags.debug && ignoredFlags.push('--debug') @@ -284,14 +279,6 @@ export default class Start extends Command { this.error(`🛑 Current platform is ${flags.platform}. Helm installer is only available on top of Kubernetes flavor platform (including Minikube, Docker Desktop).`) } } - if (flags['os-oauth']) { - if (flags.platform !== 'openshift' && flags.platform !== 'minishift' && flags.platform !== 'crc') { - this.error(`You requested to enable OpenShift OAuth but the platform doesn\'t seem to be OpenShift. Platform is ${flags.platform}.`) - } - if (flags.installer !== 'operator' && flags.installer !== 'olm') { - this.error(`You requested to enable OpenShift OAuth but that's only possible when using the 'operator' or 'olm' as installer. The current installer is ${flags.installer}.`) - } - } if (flags.installer === 'olm' && flags.platform === 'minishift') { this.error(`🛑 The specified installer ${flags.installer} does not support Minishift`) diff --git a/src/tasks/platforms/common-platform-tasks.ts b/src/tasks/platforms/common-platform-tasks.ts index 72253ae42..445fbba95 100644 --- a/src/tasks/platforms/common-platform-tasks.ts +++ b/src/tasks/platforms/common-platform-tasks.ts @@ -88,12 +88,12 @@ export namespace CommonPlatformTasks { if (await kube.isOpenShift4()) { const providers = await kube.getOpenshiftAuthProviders() if (!providers || providers.length === 0) { - ctx.highlightedMessages.push(`❗ ${ansi.yellow('[WARNING]')} 'os-oauth' flag was disabled, because Openshift oauth hasn't got any identity providers. ${DOCS_LINK_HOW_TO_ADD_IDENTITY_PROVIDER_OS4}`) + ctx.highlightedMessages.push(`❗ ${ansi.yellow('[WARNING]')} OpenShift OAuth is turned off, because there is no any identity providers configured. ${DOCS_LINK_HOW_TO_ADD_IDENTITY_PROVIDER_OS4}`) ctx.CROverrides = { spec: { auth: { openShiftoAuth: false } } } } } else { if (await kube.getAmoutUsers() === 0) { - ctx.highlightedMessages.push(`❗ ${ansi.yellow('[WARNING]')} 'os-oauth' flag was disabled, because Openshift oauth hasn't got any users. See: "${DOCS_LINK_HOW_TO_CREATE_USER_OS3}"`) + ctx.highlightedMessages.push(`❗ ${ansi.yellow('[WARNING]')} OpenShift OAuth is turned off, because there are no any users added. See: "${DOCS_LINK_HOW_TO_CREATE_USER_OS3}"`) ctx.CROverrides = { spec: { auth: { openShiftoAuth: false } } } } } @@ -127,6 +127,6 @@ export namespace CommonPlatformTasks { } } - return flags['os-oauth'] ? true : false + return true } } diff --git a/test/e2e/util/cr-test.yaml b/test/e2e/util/cr-test.yaml index 0fbf45f44..fd31c8b20 100644 --- a/test/e2e/util/cr-test.yaml +++ b/test/e2e/util/cr-test.yaml @@ -12,3 +12,4 @@ spec: auth: updateAdminPassword: false + openShiftoAuth: false diff --git a/yarn.lock b/yarn.lock index 732e61035..a2a85a854 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1544,11 +1544,11 @@ ecc-jsbn@~0.1.1: "eclipse-che-operator@git://github.com/eclipse/che-operator#master": version "0.0.0" - resolved "git://github.com/eclipse/che-operator#c64d61faf4f7b5eb13ee1d91e0ee90c8a84b3b8c" + resolved "git://github.com/eclipse/che-operator#bd8679d5a5146f5200f77494caeb73a2b76620a8" "eclipse-che@git://github.com/eclipse/che#master": version "0.0.0" - resolved "git://github.com/eclipse/che#cc7fd4e75e45e632e3d8f704ac2d0ce8365e55ce" + resolved "git://github.com/eclipse/che#90548b2d3331915aebd9527bb506f58a665f8e80" editorconfig@^0.15.0: version "0.15.3"