Comments (11)
Hello @guydog28
Make sense for me.
Suggestion:
Modify networking.auth.oAuthSecret to first check in the namespace for a secret with the provided name, and a key of 'secret', and if it does not exist, assume the value is the plaintext secret. This keeps things working with backward compatibility but allows us to keep sensitive oauth client secrets out of our git repo.
from che.
Adding help-wanted
label. @guydog28 Would you be interested in contributing this functionality to Eclipse Che?
from che.
Adding
help-wanted
label. @guydog28 Would you be interested in contributing this functionality to Eclipse Che?
Possibly. If someone wants to point me in the right direction for eclipse's requirements for contributing and the section of the architecture to look at for this, I can possibly dig in a bit.
from che.
I think we can read the secret here [1] like this:
secret := &corev1.Secret{}
exists, err := deploy.GetNamespacedObject(ctx, ctx.CheCluster.Spec.Networking.Auth.OAuthSecret, secret)
If secret exists, then read some key from it, otherwise use ctx.CheCluster.Spec.Networking.Auth.OAuthSecret
as plain text
from che.
I think we can read the secret here [1] like this:
secret := &corev1.Secret{} exists, err := deploy.GetNamespacedObject(ctx, ctx.CheCluster.Spec.Networking.Auth.OAuthSecret, secret)If secret exists, then read some key from it, otherwise use
ctx.CheCluster.Spec.Networking.Auth.OAuthSecret
as plain text
I agree that is probably the right spot since it isn't done the same way in openshift. Is this something your team would do or is it still preferred that I do it? I've only written minimal Go, so it might take me a bit to get a working environment going and wrap my head around it and add tests and such.
from che.
I created this:
eclipse-che/che-operator@main...guydog28:che-operator:main
But I lack the background to create proper unit tests that test the cases where:
- The secret exists and the key oAuthSecret does not exist on the secret, and
- The secret exists and the key oAuthSecret does exist on the secret
Mainly - how to mock the calls to get the secret and the key in the cluster for the tests.
Any help on that would be appreciated and then I can submit a PR.
from che.
@guydog28
Sounds good, could you create a PR ?
I will provide comments there.
from che.
@tolusha eclipse-che/che-operator#1836 Created there.
from che.
@guydog28
Thank you for contribution.
from che.
@guydog28 Thank you for contribution.
You are very welcome. Thanks for the help!
from che.
@guydog28 thank you for the contribution \o/
Adding the issue to the upstream Release Notes:
Previously, when deployed on Kubernetes, `oAuthClientSecret` was stored in plain text in the CheCluster resource. That was not convenient for the GitOps approach when the cluster state is stored in Git and managed by ArgoCD. Starting from this release the values for oAuthSecret can be configured using ExternalSecrets to keep all sensitive data out of the code base.
will you be able to contribute additional docs to https://github.com/eclipse-che/che-docs?
from che.
Related Issues (20)
- Remove outdated editors from the che editors list HOT 1
- Che-Code automatic rebase against upstream VS Code is failed
- Print error message from start workspace page in E2E typescript test logs
- Release Eclipse Che 7.86.0 HOT 2
- Che docs stable documentation updates are not automatically published in some cases
- Dashboard Git Services tab duplicates status icon if 2 GitHubs configured
- doc: Chapter `Installing the chectl management tool` has wrong urls in it, affecting `chectl` installations HOT 2
- che-devworkspace-generator doesn't seem to like the URLs I have in my meta.yaml files HOT 9
- [UD] Expose URL parameters to users(Advanced Options)
- [UD] Move samples to the dedicated page
- Eclipse Che disconnected tests failed fails due to recent changes related to editors definitions: Init Container che-code-injector had state ImagePullBackOff HOT 1
- Allow adding trusted certificates to DWOC from CheCluster CR
- 'OAuth-setup' E2E test is fail in PR checks che-server on OpenShift CI
- The 'gitlab-with-pat-setup-flow` test is fail in PR checks che-server on OpenShift CI HOT 2
- An extension installation fails for the Che-Code editor HOT 1
- Eclipse che authentication using GitLab -> Callback URL is invalid HOT 2
- Opening links doesn't work in the Che-Code editor
- Automatic 'podman login' with configured container registry not working HOT 3
- Configuring Keycloak SSO to eclipse che HOT 1
- All good but can't access it
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from che.