From 5cfbc073a75c78e567d23c15c818df96d1bef83c Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Thu, 16 Dec 2021 08:58:35 +0200 Subject: [PATCH] =?UTF-8?q?chore:=20Ensure=20that=20CHE=5FINTEGRATION=5FXX?= =?UTF-8?q?XX=5FSERVER=5F=5FENDPOINTS=20and=20CHE=5FINT=E2=80=A6=20(#1250)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore: Ensure that CHE_INTEGRATION_XXXX_SERVER__ENDPOINTS and CHE_INTEGRATION_XXXX_OAUTH__ENDPOINT properties are properly set Signed-off-by: Anatolii Bazko --- pkg/deploy/server/server_configmap.go | 38 +++--- pkg/deploy/server/server_configmap_test.go | 6 +- pkg/deploy/server/server_deployment.go | 133 ++++++-------------- pkg/deploy/server/server_deployment_test.go | 46 +++---- pkg/deploy/server/server_util.go | 22 ++++ 5 files changed, 108 insertions(+), 137 deletions(-) diff --git a/pkg/deploy/server/server_configmap.go b/pkg/deploy/server/server_configmap.go index f2eec6055..b241ce755 100644 --- a/pkg/deploy/server/server_configmap.go +++ b/pkg/deploy/server/server_configmap.go @@ -326,34 +326,32 @@ func (s *CheServerReconciler) getCheConfigMapData(ctx *deploy.DeployContext) (ch addMap(cheEnv, ctx.CheCluster.Spec.Server.CustomCheProperties) - err = setBitbucketEndpoints(ctx, cheEnv) - if err != nil { - return nil, err + for _, oauthProvider := range []string{"bitbucket", "gitlab", "github"} { + err := updateIntegrationServerEndpoints(ctx, cheEnv, oauthProvider) + if err != nil { + return nil, err + } } return cheEnv, nil } -func setBitbucketEndpoints(deployContext *deploy.DeployContext, cheEnv map[string]string) error { - secrets, err := deploy.GetSecrets(deployContext, map[string]string{ - deploy.KubernetesPartOfLabelKey: deploy.CheEclipseOrg, - deploy.KubernetesComponentLabelKey: deploy.OAuthScmConfiguration, - }, map[string]string{ - deploy.CheEclipseOrgOAuthScmServer: "bitbucket", - }) - - if err != nil { +func updateIntegrationServerEndpoints(ctx *deploy.DeployContext, cheEnv map[string]string, oauthProvider string) error { + secret, err := getOAuthConfig(ctx, oauthProvider) + if secret == nil { return err - } else if len(secrets) == 1 { - serverEndpoint := secrets[0].Annotations[deploy.CheEclipseOrgScmServerEndpoint] - endpoints, exists := cheEnv["CHE_INTEGRATION_BITBUCKET_SERVER__ENDPOINTS"] - if exists { - cheEnv["CHE_INTEGRATION_BITBUCKET_SERVER__ENDPOINTS"] = endpoints + "," + serverEndpoint - } else { - cheEnv["CHE_INTEGRATION_BITBUCKET_SERVER__ENDPOINTS"] = serverEndpoint - } } + envName := fmt.Sprintf("CHE_INTEGRATION_%s_SERVER__ENDPOINTS", strings.ToUpper(oauthProvider)) + if err != nil { + return err + } + + if cheEnv[envName] != "" { + cheEnv[envName] = secret.Annotations[deploy.CheEclipseOrgScmServerEndpoint] + "," + cheEnv[envName] + } else { + cheEnv[envName] = secret.Annotations[deploy.CheEclipseOrgScmServerEndpoint] + } return nil } diff --git a/pkg/deploy/server/server_configmap_test.go b/pkg/deploy/server/server_configmap_test.go index 038ca90a2..752e828f3 100644 --- a/pkg/deploy/server/server_configmap_test.go +++ b/pkg/deploy/server/server_configmap_test.go @@ -233,7 +233,7 @@ func TestConfigMap(t *testing.T) { } } -func TestUpdateBitBucketEndpoints(t *testing.T) { +func TestUpdateIntegrationServerEndpoints(t *testing.T) { type testCase struct { name string initObjects []runtime.Object @@ -267,6 +267,7 @@ func TestUpdateBitBucketEndpoints(t *testing.T) { cheCluster: &orgv1.CheCluster{ ObjectMeta: metav1.ObjectMeta{ Namespace: "eclipse-che", + Name: "eclipse-che", }, }, expectedData: map[string]string{ @@ -298,6 +299,7 @@ func TestUpdateBitBucketEndpoints(t *testing.T) { cheCluster: &orgv1.CheCluster{ ObjectMeta: metav1.ObjectMeta{ Namespace: "eclipse-che", + Name: "eclipse-che", }, Spec: orgv1.CheClusterSpec{ Server: orgv1.CheClusterSpecServer{ @@ -308,7 +310,7 @@ func TestUpdateBitBucketEndpoints(t *testing.T) { }, }, expectedData: map[string]string{ - "CHE_INTEGRATION_BITBUCKET_SERVER__ENDPOINTS": "bitbucket_endpoint_1,bitbucket_endpoint_2", + "CHE_INTEGRATION_BITBUCKET_SERVER__ENDPOINTS": "bitbucket_endpoint_2,bitbucket_endpoint_1", }, }, { diff --git a/pkg/deploy/server/server_deployment.go b/pkg/deploy/server/server_deployment.go index fb76fa8ec..c9d6ff10e 100644 --- a/pkg/deploy/server/server_deployment.go +++ b/pkg/deploy/server/server_deployment.go @@ -12,7 +12,6 @@ package server import ( - "errors" "strconv" "strings" @@ -404,115 +403,58 @@ func GetFullCheServerImageLink(checluster *orgv1.CheCluster) string { return imageParts[0] + ":" + checluster.Spec.Server.CheImageTag } -func MountBitBucketOAuthConfig(deployContext *deploy.DeployContext, deployment *appsv1.Deployment) error { - secrets, err := deploy.GetSecrets(deployContext, map[string]string{ - deploy.KubernetesPartOfLabelKey: deploy.CheEclipseOrg, - deploy.KubernetesComponentLabelKey: deploy.OAuthScmConfiguration, - }, map[string]string{ - deploy.CheEclipseOrgOAuthScmServer: "bitbucket", - }) - - if err != nil { +func MountBitBucketOAuthConfig(ctx *deploy.DeployContext, deployment *appsv1.Deployment) error { + secret, err := getOAuthConfig(ctx, "bitbucket") + if secret == nil { return err - } else if len(secrets) > 1 { - return errors.New("More than 1 BitBucket OAuth configuration secrets found") - } else if len(secrets) == 1 { - mountSecret(deployment, &secrets[0], deploy.BitBucketOAuthConfigMountPath) - mountEnv(deployment, []corev1.EnvVar{ - { - Name: "CHE_OAUTH1_BITBUCKET_CONSUMERKEYPATH", - Value: deploy.BitBucketOAuthConfigMountPath + "/" + deploy.BitBucketOAuthConfigConsumerKeyFileName, - }, { - Name: "CHE_OAUTH1_BITBUCKET_PRIVATEKEYPATH", - Value: deploy.BitBucketOAuthConfigMountPath + "/" + deploy.BitBucketOAuthConfigPrivateKeyFileName, - }, - }) - - endpoint := secrets[0].Annotations[deploy.CheEclipseOrgScmServerEndpoint] - if endpoint != "" { - mountEnv(deployment, []corev1.EnvVar{{ - Name: "CHE_OAUTH1_BITBUCKET_ENDPOINT", - Value: endpoint, - }}) - } } + mountVolumes(deployment, secret, deploy.BitBucketOAuthConfigMountPath) + mountEnv(deployment, "CHE_OAUTH1_BITBUCKET_CONSUMERKEYPATH", deploy.BitBucketOAuthConfigMountPath+"/"+deploy.BitBucketOAuthConfigConsumerKeyFileName) + mountEnv(deployment, "CHE_OAUTH1_BITBUCKET_PRIVATEKEYPATH", deploy.BitBucketOAuthConfigMountPath+"/"+deploy.BitBucketOAuthConfigPrivateKeyFileName) + + oauthEndpoint := secret.Annotations[deploy.CheEclipseOrgScmServerEndpoint] + if oauthEndpoint != "" { + mountEnv(deployment, "CHE_OAUTH1_BITBUCKET_ENDPOINT", oauthEndpoint) + } return nil } -func MountGitHubOAuthConfig(deployContext *deploy.DeployContext, deployment *appsv1.Deployment) error { - secrets, err := deploy.GetSecrets(deployContext, map[string]string{ - deploy.KubernetesPartOfLabelKey: deploy.CheEclipseOrg, - deploy.KubernetesComponentLabelKey: deploy.OAuthScmConfiguration, - }, map[string]string{ - deploy.CheEclipseOrgOAuthScmServer: "github", - }) - - if err != nil { +func MountGitHubOAuthConfig(ctx *deploy.DeployContext, deployment *appsv1.Deployment) error { + secret, err := getOAuthConfig(ctx, "github") + if secret == nil { return err - } else if len(secrets) > 1 { - return errors.New("More than 1 GitHub OAuth configuration secrets found") - } else if len(secrets) == 1 { - mountSecret(deployment, &secrets[0], deploy.GitHubOAuthConfigMountPath) - mountEnv(deployment, []corev1.EnvVar{ - { - Name: "CHE_OAUTH2_GITHUB_CLIENTID__FILEPATH", - Value: deploy.GitHubOAuthConfigMountPath + "/" + deploy.GitHubOAuthConfigClientIdFileName, - }, { - Name: "CHE_OAUTH2_GITHUB_CLIENTSECRET__FILEPATH", - Value: deploy.GitHubOAuthConfigMountPath + "/" + deploy.GitHubOAuthConfigClientSecretFileName, - }, - }) - - endpoint := secrets[0].Annotations[deploy.CheEclipseOrgScmServerEndpoint] - if endpoint != "" { - mountEnv(deployment, []corev1.EnvVar{{ - Name: "CHE_INTEGRATION_GITHUB_SERVER__ENDPOINTS", - Value: endpoint, - }}) - } } + mountVolumes(deployment, secret, deploy.GitHubOAuthConfigMountPath) + mountEnv(deployment, "CHE_OAUTH2_GITHUB_CLIENTID__FILEPATH", deploy.GitHubOAuthConfigMountPath+"/"+deploy.GitHubOAuthConfigClientIdFileName) + mountEnv(deployment, "CHE_OAUTH2_GITHUB_CLIENTSECRET__FILEPATH", deploy.GitHubOAuthConfigMountPath+"/"+deploy.GitHubOAuthConfigClientSecretFileName) + + oauthEndpoint := secret.Annotations[deploy.CheEclipseOrgScmServerEndpoint] + if oauthEndpoint != "" { + mountEnv(deployment, "CHE_INTEGRATION_GITHUB_OAUTH__ENDPOINT", oauthEndpoint) + } return nil } -func MountGitLabOAuthConfig(deployContext *deploy.DeployContext, deployment *appsv1.Deployment) error { - secrets, err := deploy.GetSecrets(deployContext, map[string]string{ - deploy.KubernetesPartOfLabelKey: deploy.CheEclipseOrg, - deploy.KubernetesComponentLabelKey: deploy.OAuthScmConfiguration, - }, map[string]string{ - deploy.CheEclipseOrgOAuthScmServer: "gitlab", - }) - - if err != nil { +func MountGitLabOAuthConfig(ctx *deploy.DeployContext, deployment *appsv1.Deployment) error { + secret, err := getOAuthConfig(ctx, "gitlab") + if secret == nil { return err - } else if len(secrets) > 1 { - return errors.New("More than 1 GitLab OAuth configuration secrets found") - } else if len(secrets) == 1 { - mountSecret(deployment, &secrets[0], deploy.GitLabOAuthConfigMountPath) - mountEnv(deployment, []corev1.EnvVar{ - { - Name: "CHE_OAUTH_GITLAB_CLIENTID__FILEPATH", - Value: deploy.GitLabOAuthConfigMountPath + "/" + deploy.GitLabOAuthConfigClientIdFileName, - }, { - Name: "CHE_OAUTH_GITLAB_CLIENTSECRET__FILEPATH", - Value: deploy.GitLabOAuthConfigMountPath + "/" + deploy.GitLabOAuthConfigClientSecretFileName, - }, - }) - - endpoint := secrets[0].Annotations[deploy.CheEclipseOrgScmServerEndpoint] - if endpoint != "" { - mountEnv(deployment, []corev1.EnvVar{{ - Name: "CHE_INTEGRATION_GITLAB_SERVER__ENDPOINTS", - Value: endpoint, - }}) - } } + mountVolumes(deployment, secret, deploy.GitLabOAuthConfigMountPath) + mountEnv(deployment, "CHE_OAUTH2_GITLAB_CLIENTID__FILEPATH", deploy.GitLabOAuthConfigMountPath+"/"+deploy.GitLabOAuthConfigClientIdFileName) + mountEnv(deployment, "CHE_OAUTH2_GITLAB_CLIENTSECRET__FILEPATH", deploy.GitLabOAuthConfigMountPath+"/"+deploy.GitLabOAuthConfigClientSecretFileName) + + oauthEndpoint := secret.Annotations[deploy.CheEclipseOrgScmServerEndpoint] + if oauthEndpoint != "" { + mountEnv(deployment, "CHE_INTEGRATION_GITLAB_OAUTH__ENDPOINT", oauthEndpoint) + } return nil } -func mountSecret(deployment *appsv1.Deployment, secret *corev1.Secret, mountPath string) { +func mountVolumes(deployment *appsv1.Deployment, secret *corev1.Secret, mountPath string) { container := &deployment.Spec.Template.Spec.Containers[0] deployment.Spec.Template.Spec.Volumes = append(deployment.Spec.Template.Spec.Volumes, corev1.Volume{ @@ -530,7 +472,10 @@ func mountSecret(deployment *appsv1.Deployment, secret *corev1.Secret, mountPath }) } -func mountEnv(deployment *appsv1.Deployment, envVar []corev1.EnvVar) { +func mountEnv(deployment *appsv1.Deployment, envName string, envValue string) { container := &deployment.Spec.Template.Spec.Containers[0] - container.Env = append(container.Env, envVar...) + container.Env = append(container.Env, corev1.EnvVar{ + Name: envName, + Value: envValue, + }) } diff --git a/pkg/deploy/server/server_deployment_test.go b/pkg/deploy/server/server_deployment_test.go index a3098c721..242ecb954 100644 --- a/pkg/deploy/server/server_deployment_test.go +++ b/pkg/deploy/server/server_deployment_test.go @@ -118,7 +118,7 @@ func TestMountBitBucketOAuthEnvVar(t *testing.T) { initObjects []runtime.Object expectedConsumerKeyPathEnv corev1.EnvVar expectedPrivateKeyPathEnv corev1.EnvVar - expectedEndpointEnv corev1.EnvVar + expectedOAuthEndpointEnv corev1.EnvVar expectedVolume corev1.Volume expectedVolumeMount corev1.VolumeMount } @@ -141,7 +141,7 @@ func TestMountBitBucketOAuthEnvVar(t *testing.T) { }, Annotations: map[string]string{ "che.eclipse.org/oauth-scm-server": "bitbucket", - "che.eclipse.org/scm-server-endpoint": "endpoint", + "che.eclipse.org/scm-server-endpoint": "endpoint_1", }, }, Data: map[string][]byte{ @@ -158,9 +158,9 @@ func TestMountBitBucketOAuthEnvVar(t *testing.T) { Name: "CHE_OAUTH1_BITBUCKET_PRIVATEKEYPATH", Value: "/che-conf/oauth/bitbucket/private.key", }, - expectedEndpointEnv: corev1.EnvVar{ + expectedOAuthEndpointEnv: corev1.EnvVar{ Name: "CHE_OAUTH1_BITBUCKET_ENDPOINT", - Value: "endpoint", + Value: "endpoint_1", }, expectedVolume: corev1.Volume{ Name: "github-oauth-config", @@ -197,7 +197,7 @@ func TestMountBitBucketOAuthEnvVar(t *testing.T) { env = util.FindEnv(container.Env, "CHE_OAUTH1_BITBUCKET_ENDPOINT") assert.NotNil(t, env) - assert.Equal(t, testCase.expectedEndpointEnv, *env) + assert.Equal(t, testCase.expectedOAuthEndpointEnv, *env) volume := util.FindVolume(deployment.Spec.Template.Spec.Volumes, "github-oauth-config") assert.NotNil(t, volume) @@ -216,7 +216,7 @@ func TestMountGitHubOAuthEnvVar(t *testing.T) { initObjects []runtime.Object expectedIdKeyPathEnv corev1.EnvVar expectedSecretKeyPathEnv corev1.EnvVar - expectedEndpointEnv corev1.EnvVar + expectedOAuthEndpointEnv corev1.EnvVar expectedVolume corev1.Volume expectedVolumeMount corev1.VolumeMount } @@ -239,7 +239,7 @@ func TestMountGitHubOAuthEnvVar(t *testing.T) { }, Annotations: map[string]string{ "che.eclipse.org/oauth-scm-server": "github", - "che.eclipse.org/scm-server-endpoint": "endpoint", + "che.eclipse.org/scm-server-endpoint": "endpoint_1", }, }, Data: map[string][]byte{ @@ -256,9 +256,9 @@ func TestMountGitHubOAuthEnvVar(t *testing.T) { Name: "CHE_OAUTH2_GITHUB_CLIENTSECRET__FILEPATH", Value: "/che-conf/oauth/github/secret", }, - expectedEndpointEnv: corev1.EnvVar{ - Name: "CHE_INTEGRATION_GITHUB_SERVER__ENDPOINTS", - Value: "endpoint", + expectedOAuthEndpointEnv: corev1.EnvVar{ + Name: "CHE_INTEGRATION_GITHUB_OAUTH__ENDPOINT", + Value: "endpoint_1", }, expectedVolume: corev1.Volume{ Name: "github-oauth-config", @@ -293,6 +293,10 @@ func TestMountGitHubOAuthEnvVar(t *testing.T) { assert.NotNil(t, env) assert.Equal(t, testCase.expectedSecretKeyPathEnv, *env) + env = util.FindEnv(container.Env, "CHE_INTEGRATION_GITHUB_OAUTH__ENDPOINT") + assert.NotNil(t, env) + assert.Equal(t, testCase.expectedOAuthEndpointEnv, *env) + volume := util.FindVolume(deployment.Spec.Template.Spec.Volumes, "github-oauth-config") assert.NotNil(t, volume) assert.Equal(t, testCase.expectedVolume, volume) @@ -310,7 +314,7 @@ func TestMountGitLabOAuthEnvVar(t *testing.T) { initObjects []runtime.Object expectedIdKeyPathEnv corev1.EnvVar expectedSecretKeyPathEnv corev1.EnvVar - expectedEndpointEnv corev1.EnvVar + expectedOAuthEndpointEnv corev1.EnvVar expectedVolume corev1.Volume expectedVolumeMount corev1.VolumeMount } @@ -333,7 +337,7 @@ func TestMountGitLabOAuthEnvVar(t *testing.T) { }, Annotations: map[string]string{ "che.eclipse.org/oauth-scm-server": "gitlab", - "che.eclipse.org/scm-server-endpoint": "endpoint", + "che.eclipse.org/scm-server-endpoint": "endpoint_1", }, }, Data: map[string][]byte{ @@ -343,16 +347,16 @@ func TestMountGitLabOAuthEnvVar(t *testing.T) { }, }, expectedIdKeyPathEnv: corev1.EnvVar{ - Name: "CHE_OAUTH_GITLAB_CLIENTID__FILEPATH", + Name: "CHE_OAUTH2_GITLAB_CLIENTID__FILEPATH", Value: "/che-conf/oauth/gitlab/id", }, expectedSecretKeyPathEnv: corev1.EnvVar{ - Name: "CHE_OAUTH_GITLAB_CLIENTSECRET__FILEPATH", + Name: "CHE_OAUTH2_GITLAB_CLIENTSECRET__FILEPATH", Value: "/che-conf/oauth/gitlab/secret", }, - expectedEndpointEnv: corev1.EnvVar{ - Name: "CHE_INTEGRATION_GITLAB_SERVER__ENDPOINTS", - Value: "endpoint", + expectedOAuthEndpointEnv: corev1.EnvVar{ + Name: "CHE_INTEGRATION_GITLAB_OAUTH__ENDPOINT", + Value: "endpoint_1", }, expectedVolume: corev1.Volume{ Name: "gitlab-oauth-config", @@ -379,17 +383,17 @@ func TestMountGitLabOAuthEnvVar(t *testing.T) { container := &deployment.Spec.Template.Spec.Containers[0] - env := util.FindEnv(container.Env, "CHE_OAUTH_GITLAB_CLIENTID__FILEPATH") + env := util.FindEnv(container.Env, "CHE_OAUTH2_GITLAB_CLIENTID__FILEPATH") assert.NotNil(t, env) assert.Equal(t, testCase.expectedIdKeyPathEnv, *env) - env = util.FindEnv(container.Env, "CHE_OAUTH_GITLAB_CLIENTSECRET__FILEPATH") + env = util.FindEnv(container.Env, "CHE_OAUTH2_GITLAB_CLIENTSECRET__FILEPATH") assert.NotNil(t, env) assert.Equal(t, testCase.expectedSecretKeyPathEnv, *env) - env = util.FindEnv(container.Env, "CHE_INTEGRATION_GITLAB_SERVER__ENDPOINTS") + env = util.FindEnv(container.Env, "CHE_INTEGRATION_GITLAB_OAUTH__ENDPOINT") assert.NotNil(t, env) - assert.Equal(t, testCase.expectedEndpointEnv, *env) + assert.Equal(t, testCase.expectedOAuthEndpointEnv, *env) volume := util.FindVolume(deployment.Spec.Template.Spec.Volumes, "gitlab-oauth-config") assert.NotNil(t, volume) diff --git a/pkg/deploy/server/server_util.go b/pkg/deploy/server/server_util.go index c687b2fc6..f86ff565e 100644 --- a/pkg/deploy/server/server_util.go +++ b/pkg/deploy/server/server_util.go @@ -12,10 +12,13 @@ package server import ( + "fmt" + orgv1 "github.com/eclipse-che/che-operator/api/v1" "github.com/eclipse-che/che-operator/pkg/deploy" "github.com/eclipse-che/che-operator/pkg/deploy/gateway" "github.com/eclipse-che/che-operator/pkg/util" + corev1 "k8s.io/api/core/v1" ) func getComponentName(ctx *deploy.DeployContext) string { @@ -28,3 +31,22 @@ func getServerExposingServiceName(cr *orgv1.CheCluster) string { } return deploy.CheServiceName } + +func getOAuthConfig(ctx *deploy.DeployContext, oauthProvider string) (*corev1.Secret, error) { + secrets, err := deploy.GetSecrets(ctx, map[string]string{ + deploy.KubernetesPartOfLabelKey: deploy.CheEclipseOrg, + deploy.KubernetesComponentLabelKey: deploy.OAuthScmConfiguration, + }, map[string]string{ + deploy.CheEclipseOrgOAuthScmServer: oauthProvider, + }) + + if err != nil { + return nil, err + } else if len(secrets) == 0 { + return nil, nil + } else if len(secrets) > 1 { + return nil, fmt.Errorf("More than 1 OAuth %s configuration secrets found", oauthProvider) + } + + return &secrets[0], nil +}