Flavius Lacatusu
parent
ecf63a94de
commit
076536c74d
|
|
@ -20,10 +20,6 @@ source "${OPERATOR_REPO}"/.github/bin/oauth-provision.sh
|
|||
#Stop execution on any error
|
||||
trap "catchFinish" EXIT SIGINT
|
||||
|
||||
overrideDefaults() {
|
||||
export OAUTH="true"
|
||||
}
|
||||
|
||||
runTests() {
|
||||
"${OPERATOR_REPO}"/olm/testUpdate.sh "openshift" "stable" ${NAMESPACE}
|
||||
waitEclipseCheDeployed ${LAST_PACKAGE_VERSION}
|
||||
|
|
@ -33,7 +29,6 @@ runTests() {
|
|||
}
|
||||
|
||||
init
|
||||
overrideDefaults
|
||||
provisionOpenShiftOAuthUser
|
||||
initStableTemplates "openshift" "stable"
|
||||
runTests
|
||||
|
|
|
|||
|
|
@ -19,7 +19,8 @@ set -u
|
|||
function provisionOAuth() {
|
||||
OCP_USER_UID=$(oc get user user -o=jsonpath='{.metadata.uid}')
|
||||
|
||||
IDP_USER="admin"
|
||||
IDP_USERNAME="admin"
|
||||
CHE_USERNAME="admin"
|
||||
# Get Eclipse Che IDP secrets and decode to use to connect to IDP
|
||||
IDP_PASSWORD=$(oc get secret che-identity-secret -n eclipse-che -o=jsonpath='{.data.password}' | base64 --decode)
|
||||
|
||||
|
|
@ -38,7 +39,7 @@ function provisionOAuth() {
|
|||
# Obtain from Keycloak the token to make api request authentication
|
||||
IDP_TOKEN=$(curl -k --location --request POST ''$IDP_HOST'/auth/realms/master/protocol/openid-connect/token' \
|
||||
--header 'Content-Type: application/x-www-form-urlencoded' \
|
||||
--data-urlencode 'username=admin' \
|
||||
--data-urlencode 'username='$IDP_USERNAME'' \
|
||||
--data-urlencode 'password='$IDP_PASSWORD'' \
|
||||
--data-urlencode 'grant_type=password' \
|
||||
--data-urlencode 'client_id=admin-cli' | jq -r .access_token)
|
||||
|
|
@ -47,7 +48,7 @@ function provisionOAuth() {
|
|||
|
||||
# Get admin user id from IDP
|
||||
CHE_USER_ID=$(curl --location -k --request GET ''$IDP_HOST'/auth/admin/realms/che/users' \
|
||||
--header 'Authorization: Bearer '$IDP_TOKEN'' | jq -r '.[] | select(.username == "admin").id' )
|
||||
--header 'Authorization: Bearer '$IDP_TOKEN'' | jq -r '.[] | select(.username == "'$CHE_USERNAME'").id' )
|
||||
|
||||
echo -e "[INFO] Eclipse CHE user ID: $CHE_USER_ID"
|
||||
|
||||
|
|
@ -58,7 +59,7 @@ function provisionOAuth() {
|
|||
--data '{
|
||||
"identityProvider": "openshift-v4",
|
||||
"userId": "'$OCP_USER_UID'",
|
||||
"userName": "admin"
|
||||
"userName": "'$CHE_USERNAME'"
|
||||
}'
|
||||
|
||||
# Create OAuthClientAuthorization object for Eclipse Che in Cluster.
|
||||
|
|
@ -67,10 +68,10 @@ OAUTHCLIENTAuthorization=$(
|
|||
apiVersion: oauth.openshift.io/v1
|
||||
kind: OAuthClientAuthorization
|
||||
metadata:
|
||||
generateName: $IDP_USER:$OAUTH_CLIENT_NAME
|
||||
generateName: $CHE_USERNAME:$OAUTH_CLIENT_NAME
|
||||
namespace: eclipse-che
|
||||
clientName: $OAUTH_CLIENT_NAME
|
||||
userName: $IDP_USER
|
||||
userName: $CHE_USERNAME
|
||||
userUID: $OCP_USER_UID
|
||||
scopes:
|
||||
- 'user:full'
|
||||
|
|
@ -80,11 +81,12 @@ EOF
|
|||
echo -e "Created authorization client: $OAUTHCLIENTAuthorization"
|
||||
cat << 'EOF' > path.sql
|
||||
UPDATE federated_identity SET token ='{"access_token":"INSERT_TOKEN_HERE","expires_in":86400,"scope":"user:full","token_type":"Bearer"}'
|
||||
WHERE federated_username = 'admin'
|
||||
WHERE federated_username = 'INSERT_CHE_USER_HERE'
|
||||
EOF
|
||||
|
||||
TOKEN=$(oc whoami -t)
|
||||
sed -i "s|INSERT_TOKEN_HERE|$TOKEN|g" path.sql
|
||||
sed -i "s|INSERT_CHE_USER_HERE|$CHE_USERNAME|g" path.sql
|
||||
|
||||
# Insert sql script inside of postgres and execute it.
|
||||
POSTGRES_POD=$(oc get pods -o json -n eclipse-che | jq -r '.items[] | select(.metadata.name | test("postgres-")).metadata.name')
|
||||
|
|
|
|||
Loading…
Reference in New Issue