Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Add a predefined secret to store credentials #68

Merged
merged 9 commits into from
Aug 17, 2021
Merged

Conversation

vinokurig
Copy link
Contributor

@vinokurig vinokurig commented Jul 28, 2021

Signed-off-by: Igor Vinokur [email protected]

What does this PR do?

  • Create a predefined K8s secret per nemaespace to store credentials.
  • Add a specific secret role for the credentials secret. This role allows to edit only this predefined secret. Other secrets are not controlled by this role.

depends on eclipse-che/che-operator#971

Screenshot/screencast of this PR

What issues does this PR fix or reference?

eclipse-che/che#19837

How to test this PR?

  1. Start a workspace and open a terminal from ide container
  2. Send an HTTP request to kubernetes API to edit the credentials-secret: curl -X POST <kubernetes API url>/api/v1/namespaces/<namespace name>/secrets--header "Content-Type: application/json-patch+json" -d '[{ "op": "add", "path": "/data", "value": { "key": "" } }]'

PR Checklist

As the author of this Pull Request I made sure that:

Reviewers

Reviewers, please comment how you tested the PR when approving it.

@che-bot
Copy link
Contributor

che-bot commented Jul 28, 2021

❌ E2E Happy path tests failed ❗

See Details

Test product:

  • Use comment "[crw-ci-test]" to rerun happy path E2E test.
  • Use comment "[crw-ci-test --rebuild]" to re-build the images and rerun happy path E2E test.

Eclipse Che QE channel: https://mattermost.eclipse.org/eclipse/channels/eclipse-che-qe

Copy link
Contributor

@amisevsk amisevsk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this approach is better than the previous, but would prefer the predefined secret to have an abstract name, e.g. workspace-credentials-secret. This sort of name maps more naturally onto what is provisioned in the DevWorkspace Operator, since it would look strange for Web Terminals to come with access to che-credentials-secret.

k8sClient,
SECRETS_ROLE_NAME,
singletonList("secrets"),
singletonList("che-credentials-secret"),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we choose a Che-agnostic name -- e.g. workspace-credentials-secret? If we want to do a similar thing in DWO, it's a lot easier to justify if it's not labelled with a specific platform.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 for workspace-credentials-secret

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+ please consider moving that secret name somewhere to constants

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

k8sClient,
SECRETS_ROLE_NAME,
singletonList("secrets"),
singletonList("che-credentials-secret"),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+ please consider moving that secret name somewhere to constants

@che-bot
Copy link
Contributor

che-bot commented Aug 2, 2021

❌ E2E Happy path tests failed ❗

See Details

Test product:

  • Use comment "[crw-ci-test]" to rerun happy path E2E test.
  • Use comment "[crw-ci-test --rebuild]" to re-build the images and rerun happy path E2E test.

Eclipse Che QE channel: https://mattermost.eclipse.org/eclipse/channels/eclipse-che-qe

@skabashnyuk
Copy link
Contributor

@vinokurig can you merge latest "main" please?

@che-bot
Copy link
Contributor

che-bot commented Aug 3, 2021

❌ E2E Happy path tests failed ❗

See Details

Test product:

  • Use comment "[crw-ci-test]" to rerun happy path E2E test.
  • Use comment "[crw-ci-test --rebuild]" to re-build the images and rerun happy path E2E test.

Eclipse Che QE channel: https://mattermost.eclipse.org/eclipse/channels/eclipse-che-qe

@che-bot
Copy link
Contributor

che-bot commented Aug 4, 2021

❌ E2E Happy path tests failed ❗

See Details

Test product:

  • Use comment "[crw-ci-test]" to rerun happy path E2E test.
  • Use comment "[crw-ci-test --rebuild]" to re-build the images and rerun happy path E2E test.

Eclipse Che QE channel: https://mattermost.eclipse.org/eclipse/channels/eclipse-che-qe

@che-bot
Copy link
Contributor

che-bot commented Aug 4, 2021

❌ E2E Happy path tests failed ❗

See Details

Test product:

  • Use comment "[crw-ci-test]" to rerun happy path E2E test.
  • Use comment "[crw-ci-test --rebuild]" to re-build the images and rerun happy path E2E test.

Eclipse Che QE channel: https://mattermost.eclipse.org/eclipse/channels/eclipse-che-qe

Signed-off-by: Igor Vinokur <[email protected]>
@che-bot
Copy link
Contributor

che-bot commented Aug 4, 2021

✅ E2E Happy path tests succeed 🎉

See Details

Test product:

  • Use comment "[crw-ci-test]" to rerun happy path E2E test.
  • Use comment "[crw-ci-test --rebuild]" to re-build the images and rerun happy path E2E test.

Eclipse Che QE channel: https://mattermost.eclipse.org/eclipse/channels/eclipse-che-qe

@vinokurig
Copy link
Contributor Author

@skabashnyuk @sparkoo @mshaposhnik I am going to merge this PR tomorrow if no objections?

String name, List<String> resources, List<String> apiGroups, List<String> verbs) {
String name,
List<String> resources,
@Nullable List<String> resourceNames,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pass empty list, instread of nullable

@che-bot
Copy link
Contributor

che-bot commented Aug 5, 2021

✅ E2E Happy path tests succeed 🎉

See Details

Test product:

  • Use comment "[crw-ci-test]" to rerun happy path E2E test.
  • Use comment "[crw-ci-test --rebuild]" to re-build the images and rerun happy path E2E test.

Eclipse Che QE channel: https://mattermost.eclipse.org/eclipse/channels/eclipse-che-qe

@che-bot
Copy link
Contributor

che-bot commented Aug 6, 2021

❌ E2E Happy path tests failed ❗

See Details

Test product:

  • Use comment "[crw-ci-test]" to rerun happy path E2E test.
  • Use comment "[crw-ci-test --rebuild]" to re-build the images and rerun happy path E2E test.

Eclipse Che QE channel: https://mattermost.eclipse.org/eclipse/channels/eclipse-che-qe

@che-bot
Copy link
Contributor

che-bot commented Aug 9, 2021

❌ E2E Happy path tests failed ❗

See Details

Test product:

  • Use comment "[crw-ci-test]" to rerun happy path E2E test.
  • Use comment "[crw-ci-test --rebuild]" to re-build the images and rerun happy path E2E test.

Eclipse Che QE channel: https://mattermost.eclipse.org/eclipse/channels/eclipse-che-qe

canCreateNamespace(identity),
labelNamespaces ? namespaceLabels : emptyMap(),
annotateNamespaces ? namespaceAnnotationsEvaluated : emptyMap());
if (newNamespace) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I understand correctly, this will be true only in case that we've created the namespace in previous namespace.prepare call. So what if namespace already exists? Don't we need the secret then? The namespace could be prepared by admins or created by older Che version. What if user removed/modified the secret ? Don't we need to reconcile ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed, reworked to check if the secret exists.

Copy link
Member

@sparkoo sparkoo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

code looks good to me, thanks.

@che-bot
Copy link
Contributor

che-bot commented Aug 10, 2021

❌ E2E Happy path tests failed ❗

See Details

Test product:

  • Use comment "[crw-ci-test]" to rerun happy path E2E test.
  • Use comment "[crw-ci-test --rebuild]" to re-build the images and rerun happy path E2E test.

Eclipse Che QE channel: https://mattermost.eclipse.org/eclipse/channels/eclipse-che-qe

@che-bot
Copy link
Contributor

che-bot commented Aug 11, 2021

❌ E2E Happy path tests failed ❗

See Details

Test product:

  • Use comment "[crw-ci-test]" to rerun happy path E2E test.
  • Use comment "[crw-ci-test --rebuild]" to re-build the images and rerun happy path E2E test.

Eclipse Che QE channel: https://mattermost.eclipse.org/eclipse/channels/eclipse-che-qe

@vinokurig
Copy link
Contributor Author

[crw-ci-test]

@che-bot
Copy link
Contributor

che-bot commented Aug 16, 2021

❌ E2E Happy path tests failed ❗

See Details

Test product:

  • Use comment "[crw-ci-test]" to rerun happy path E2E test.
  • Use comment "[crw-ci-test --rebuild]" to re-build the images and rerun happy path E2E test.

Eclipse Che QE channel: https://mattermost.eclipse.org/eclipse/channels/eclipse-che-qe

@vinokurig
Copy link
Contributor Author

[crw-ci-test --rebuild]

@che-bot
Copy link
Contributor

che-bot commented Aug 16, 2021

❌ E2E Happy path tests failed ❗

See Details

Test product:

  • Use comment "[crw-ci-test]" to rerun happy path E2E test.
  • Use comment "[crw-ci-test --rebuild]" to re-build the images and rerun happy path E2E test.

Eclipse Che QE channel: https://mattermost.eclipse.org/eclipse/channels/eclipse-che-qe

@eclipse-che eclipse-che deleted a comment from che-bot Aug 17, 2021
@dmytro-ndp
Copy link
Contributor

[crw-ci-test --rebuild]

@che-bot
Copy link
Contributor

che-bot commented Aug 17, 2021

✅ E2E Happy path tests succeed 🎉

See Details

Test product:

  • Use comment "[crw-ci-test]" to rerun happy path E2E test.
  • Use comment "[crw-ci-test --rebuild]" to re-build the images and rerun happy path E2E test.

Eclipse Che QE channel: https://mattermost.eclipse.org/eclipse/channels/eclipse-che-qe

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants