feat: Configure disable subdomain isolation via secret (#1613)

* feat: Configre disable subdomin isolation via secet

Signed-off-by: Anatolii Bazko <abazko@redhat.com>

* Deprecate Enpoints

Signed-off-by: Anatolii Bazko <abazko@redhat.com>

api/checluster_conversion_from_test.go

@@ -408,19 +408,16 @@ func TestConvertFrom(t *testing.T) {
 				GitHub: []chev2.GitHubService{
 					{
 						SecretName: "github-secret-name",
-						Endpoint:   "github-endpoint",
 					},
 				},
 				GitLab: []chev2.GitLabService{
 					{
 						SecretName: "gitlab-secret-name",
-						Endpoint:   "gitlab-endpoint",
 					},
 				},
 				BitBucket: []chev2.BitBucketService{
 					{
 						SecretName: "bitbucket-secret-name",
-						Endpoint:   "bitbucket-endpoint",
 					},
 				},
 			},
@@ -570,11 +567,8 @@ func TestConvertFrom(t *testing.T) {
 	assert.Equal(t, checlusterv1.Spec.Storage.PerWorkspaceStrategyPVCStorageClassName, "PerWorkspaceStorageClass")
 
 	assert.Equal(t, checlusterv1.Spec.GitServices.GitHub[0].SecretName, "github-secret-name")
-	assert.Equal(t, checlusterv1.Spec.GitServices.GitHub[0].Endpoint, "github-endpoint")
 	assert.Equal(t, checlusterv1.Spec.GitServices.GitLab[0].SecretName, "gitlab-secret-name")
-	assert.Equal(t, checlusterv1.Spec.GitServices.GitLab[0].Endpoint, "gitlab-endpoint")
 	assert.Equal(t, checlusterv1.Spec.GitServices.BitBucket[0].SecretName, "bitbucket-secret-name")
-	assert.Equal(t, checlusterv1.Spec.GitServices.BitBucket[0].Endpoint, "bitbucket-endpoint")
 }
 
 func TestShouldConvertFromWhenOnlyMemoryResourceSpecified(t *testing.T) {

api/checluster_conversion_to_test.go

@@ -526,11 +526,8 @@ func TestConvertTo(t *testing.T) {
 	assert.Equal(t, checlusterv2.Status.PostgresVersion, "PostgresVersion")
 
 	assert.Equal(t, checlusterv2.Spec.GitServices.GitHub[0].SecretName, "github-secret-name")
-	assert.Equal(t, checlusterv2.Spec.GitServices.GitHub[0].Endpoint, "github-endpoint")
 	assert.Equal(t, checlusterv2.Spec.GitServices.GitLab[0].SecretName, "gitlab-secret-name")
-	assert.Equal(t, checlusterv2.Spec.GitServices.GitLab[0].Endpoint, "gitlab-endpoint")
 	assert.Equal(t, checlusterv2.Spec.GitServices.BitBucket[0].SecretName, "bitbucket-secret-name")
-	assert.Equal(t, checlusterv2.Spec.GitServices.BitBucket[0].Endpoint, "bitbucket-endpoint")
 }
 
 func TestShouldConvertToWhenOnlyMemoryResourceSpecified(t *testing.T) {

api/checluster_webhook_test.go

@@ -157,6 +157,9 @@ func TestValidateScmSecrets(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Namespace: "eclipse-che",
 			Name:      "gitlab-scm-secret",
+			Annotations: map[string]string{
+				constants.CheEclipseOrgScmServerEndpoint: "gitlab-endpoint-secret",
+			},
 		},
 		Data: map[string][]byte{
 			"id":     []byte("id"),
@@ -189,18 +192,18 @@ func TestValidateScmSecrets(t *testing.T) {
 				GitHub: []v2.GitHubService{
 					{
 						SecretName: "github-scm-secret",
+						Endpoint:   "github-endpoint",
 					},
 				},
 				GitLab: []v2.GitLabService{
 					{
 						SecretName: "gitlab-scm-secret",
-						Endpoint:   "gitlab-endpoint",
+						Endpoint:   "gitlab-endpoint-checluster",
 					},
 				},
 				BitBucket: []v2.BitBucketService{
 					{
 						SecretName: "bitbucket-scm-secret",
-						Endpoint:   "bitbucket-endpoint",
 					},
 				},
 			},
@@ -213,20 +216,58 @@ func TestValidateScmSecrets(t *testing.T) {
 	githubSecret, err = k8sHelper.GetClientset().CoreV1().Secrets("eclipse-che").Get(context.TODO(), "github-scm-secret", metav1.GetOptions{})
 	assert.Nil(t, err)
 	assert.Equal(t, "github", githubSecret.Annotations[constants.CheEclipseOrgOAuthScmServer])
+	assert.Equal(t, "github-endpoint", githubSecret.Annotations[constants.CheEclipseOrgScmServerEndpoint])
 	assert.Equal(t, constants.OAuthScmConfiguration, githubSecret.Labels[constants.KubernetesComponentLabelKey])
 	assert.Equal(t, constants.CheEclipseOrg, githubSecret.Labels[constants.KubernetesPartOfLabelKey])
 
 	gitlabSecret, err = k8sHelper.GetClientset().CoreV1().Secrets("eclipse-che").Get(context.TODO(), "gitlab-scm-secret", metav1.GetOptions{})
 	assert.Nil(t, err)
 	assert.Equal(t, "gitlab", gitlabSecret.Annotations[constants.CheEclipseOrgOAuthScmServer])
-	assert.Equal(t, "gitlab-endpoint", gitlabSecret.Annotations[constants.CheEclipseOrgScmServerEndpoint])
+	assert.Equal(t, "gitlab-endpoint-secret", gitlabSecret.Annotations[constants.CheEclipseOrgScmServerEndpoint])
 	assert.Equal(t, constants.OAuthScmConfiguration, gitlabSecret.Labels[constants.KubernetesComponentLabelKey])
 	assert.Equal(t, constants.CheEclipseOrg, gitlabSecret.Labels[constants.KubernetesPartOfLabelKey])
 
 	bitbucketSecret, err = k8sHelper.GetClientset().CoreV1().Secrets("eclipse-che").Get(context.TODO(), "bitbucket-scm-secret", metav1.GetOptions{})
 	assert.Nil(t, err)
 	assert.Equal(t, "bitbucket", bitbucketSecret.Annotations[constants.CheEclipseOrgOAuthScmServer])
-	assert.Equal(t, "bitbucket-endpoint", bitbucketSecret.Annotations[constants.CheEclipseOrgScmServerEndpoint])
+	assert.Empty(t, bitbucketSecret.Annotations[constants.CheEclipseOrgScmServerEndpoint])
 	assert.Equal(t, constants.OAuthScmConfiguration, bitbucketSecret.Labels[constants.KubernetesComponentLabelKey])
 	assert.Equal(t, constants.CheEclipseOrg, bitbucketSecret.Labels[constants.KubernetesPartOfLabelKey])
 }
+
+func TestValidateScmSecretsShouldThrowError(t *testing.T) {
+	checluster := &v2.CheCluster{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "eclipse-che",
+			Namespace: "eclipse-che",
+		},
+		Spec: v2.CheClusterSpec{
+			GitServices: v2.CheClusterGitServices{
+				GitHub: []v2.GitHubService{
+					{
+						SecretName: "github-scm-secret-with-errors",
+					},
+				},
+			},
+		},
+	}
+
+	err := checluster.ValidateCreate()
+	assert.Error(t, err)
+	assert.Equal(t, "secret 'github-scm-secret-with-errors' not found", err.Error())
+
+	githubSecret := &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: "eclipse-che",
+			Name:      "github-scm-secret-with-errors",
+		},
+	}
+
+	k8sHelper := k8shelper.New()
+	_, err = k8sHelper.GetClientset().CoreV1().Secrets("eclipse-che").Create(context.TODO(), githubSecret, metav1.CreateOptions{})
+	assert.Nil(t, err)
+
+	err = checluster.ValidateCreate()
+	assert.Error(t, err)
+	assert.Equal(t, "secret 'github-scm-secret-with-errors' must contain [id, secret] keys", err.Error())
+}

api/v1/checluster_conversion_from.go

@@ -86,7 +86,6 @@ func (dst *CheCluster) convertFrom_GitServices(src *chev2.CheCluster) error {
 			dst.Spec.GitServices.GitHub,
 			GitHubService{
 				SecretName: github.SecretName,
-				Endpoint:   github.Endpoint,
 			})
 	}
 
@@ -95,7 +94,6 @@ func (dst *CheCluster) convertFrom_GitServices(src *chev2.CheCluster) error {
 			dst.Spec.GitServices.GitLab,
 			GitLabService{
 				SecretName: gitlab.SecretName,
-				Endpoint:   gitlab.Endpoint,
 			})
 	}
 
@@ -104,7 +102,6 @@ func (dst *CheCluster) convertFrom_GitServices(src *chev2.CheCluster) error {
 			dst.Spec.GitServices.BitBucket,
 			BitBucketService{
 				SecretName: bitbucket.SecretName,
-				Endpoint:   bitbucket.Endpoint,
 			})
 	}
 

api/v1/checluster_conversion_to.go

@@ -78,7 +78,6 @@ func (src *CheCluster) convertTo_GitServices(dst *chev2.CheCluster) error {
 			dst.Spec.GitServices.GitHub,
 			chev2.GitHubService{
 				SecretName: github.SecretName,
-				Endpoint:   github.Endpoint,
 			})
 	}
 
@@ -87,7 +86,6 @@ func (src *CheCluster) convertTo_GitServices(dst *chev2.CheCluster) error {
 			dst.Spec.GitServices.GitLab,
 			chev2.GitLabService{
 				SecretName: gitlab.SecretName,
-				Endpoint:   gitlab.Endpoint,
 			})
 	}
 
@@ -96,7 +94,6 @@ func (src *CheCluster) convertTo_GitServices(dst *chev2.CheCluster) error {
 			dst.Spec.GitServices.BitBucket,
 			chev2.BitBucketService{
 				SecretName: bitbucket.SecretName,
-				Endpoint:   bitbucket.Endpoint,
 			})
 	}
 

api/v1/checluster_types.go

@@ -809,47 +809,44 @@ type CheClusterGitServices struct {
 
 // GitHubService enables users to work with repositories hosted on GitHub (GitHub.com or GitHub Enterprise).
 type GitHubService struct {
-	// Kubernetes secret, that contains Base64-encoded GitHub OAuth Client id and GitHub OAuth Client secret,
-	// that stored in `id` and `secret` keys respectively.
-	// See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.
+	// Kubernetes secret, that contains Base64-encoded GitHub OAuth Client id and GitHub OAuth Client secret.
+	// See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.
 	// +kubebuilder:validation:Required
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors="urn:alm:descriptor:io.kubernetes:Secret"
 	SecretName string `json:"secretName"`
 	// GitHub server endpoint URL.
-	// +kubebuilder:validation:Required
-	// +kubebuilder:default:="https://github.com"
-	Endpoint string `json:"endpoint"`
+	// Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation.
+	// See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.
+	// +optional
+	Endpoint string `json:"endpoint,omitempty"`
 }
 
 // GitLabService enables users to work with repositories hosted on GitLab (gitlab.com or self-hosted).
 type GitLabService struct {
-	// Kubernetes secret, that contains Base64-encoded GitHub Application id and GitLab Application Client secret,
-	// that stored in `id` and `secret` keys respectively.
+	// Kubernetes secret, that contains Base64-encoded GitHub Application id and GitLab Application Client secret.
 	// See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.
 	// +kubebuilder:validation:Required
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors="urn:alm:descriptor:io.kubernetes:Secret"
 	SecretName string `json:"secretName"`
 	// GitLab server endpoint URL.
-	// +kubebuilder:validation:Required
-	// +kubebuilder:default:="https://gitlab.com"
-	Endpoint string `json:"endpoint"`
+	// Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation.
+	// See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.
+	// +optional
+	Endpoint string `json:"endpoint,omitempty"`
 }
 
 // BitBucketService enables users to work with repositories hosted on Bitbucket (bitbucket.org or self-hosted).
 type BitBucketService struct {
 	// Kubernetes secret, that contains Base64-encoded Bitbucket OAuth 1.0 or OAuth 2.0 data.
-	// For OAuth 1.0: private key, Bitbucket Application link consumer key and Bitbucket Application link shared secret must be stored
-	// in `private.key`, `consumer.key` and `shared_secret` keys respectively.
-	// See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.
-	// For OAuth 2.0: Bitbucket OAuth consumer key and Bitbucket OAuth consumer secret must be stored
-	// in `id` and `secret` keys respectively.
-	// See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.
+	// See the following pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/
+	// and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.
 	// +kubebuilder:validation:Required
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors="urn:alm:descriptor:io.kubernetes:Secret"
 	SecretName string `json:"secretName"`
 	// Bitbucket server endpoint URL.
-	// +kubebuilder:validation:Required
-	// +kubebuilder:default:="https://bitbucket.org"
+	// Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation.
+	// See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.
+	// +optional
 	Endpoint string `json:"endpoint,omitempty"`
 }
 

api/v2/checluster_types.go

@@ -613,50 +613,49 @@ type CheClusterGitServices struct {
 
 // GitHubService enables users to work with repositories hosted on GitHub (GitHub.com or GitHub Enterprise).
 type GitHubService struct {
-	// Kubernetes secret, that contains Base64-encoded GitHub OAuth Client id and GitHub OAuth Client secret,
-	// that stored in `id` and `secret` keys respectively.
-	// See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.
+	// Kubernetes secret, that contains Base64-encoded GitHub OAuth Client id and GitHub OAuth Client secret.
+	// See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.
 	// +kubebuilder:validation:Required
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors="urn:alm:descriptor:io.kubernetes:Secret"
 	SecretName string `json:"secretName"`
 	// GitHub server endpoint URL.
-	// +kubebuilder:validation:Required
-	// +kubebuilder:default:="https://github.com"
-	Endpoint string `json:"endpoint"`
+	// Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation.
+	// See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.
+	// +optional
+	Endpoint string `json:"endpoint,omitempty"`
 	// Disables subdomain isolation.
+	// Deprecated in favor of `che.eclipse.org/scm-github-disable-subdomain-isolation` annotation.
+	// See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.
 	// +optional
 	DisableSubdomainIsolation *bool `json:"disableSubdomainIsolation,omitempty"`
 }
 
 // GitLabService enables users to work with repositories hosted on GitLab (gitlab.com or self-hosted).
 type GitLabService struct {
-	// Kubernetes secret, that contains Base64-encoded GitHub Application id and GitLab Application Client secret,
-	// that stored in `id` and `secret` keys respectively.
+	// Kubernetes secret, that contains Base64-encoded GitHub Application id and GitLab Application Client secret.
 	// See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.
 	// +kubebuilder:validation:Required
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors="urn:alm:descriptor:io.kubernetes:Secret"
 	SecretName string `json:"secretName"`
 	// GitLab server endpoint URL.
-	// +kubebuilder:validation:Required
-	// +kubebuilder:default:="https://gitlab.com"
-	Endpoint string `json:"endpoint"`
+	// Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation.
+	// See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.
+	// +optional
+	Endpoint string `json:"endpoint,omitempty"`
 }
 
 // BitBucketService enables users to work with repositories hosted on Bitbucket (bitbucket.org or self-hosted).
 type BitBucketService struct {
 	// Kubernetes secret, that contains Base64-encoded Bitbucket OAuth 1.0 or OAuth 2.0 data.
-	// For OAuth 1.0: private key, Bitbucket Application link consumer key and Bitbucket Application link shared secret must be stored
-	// in `private.key`, `consumer.key` and `shared_secret` keys respectively.
-	// See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.
-	// For OAuth 2.0: Bitbucket OAuth consumer key and Bitbucket OAuth consumer secret must be stored
-	// in `id` and `secret` keys respectively.
-	// See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.
+	// See the following pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/
+	// and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.
 	// +kubebuilder:validation:Required
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors="urn:alm:descriptor:io.kubernetes:Secret"
 	SecretName string `json:"secretName"`
 	// Bitbucket server endpoint URL.
-	// +kubebuilder:validation:Required
-	// +kubebuilder:default:="https://bitbucket.org"
+	// Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation.
+	// See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.
+	// +optional
 	Endpoint string `json:"endpoint,omitempty"`
 }
 

api/v2/checluster_webhook.go

@@ -15,9 +15,11 @@ package v2
 import (
 	"context"
 	"fmt"
+	"strconv"
 	"strings"
 
 	"golang.org/x/mod/semver"
+	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/utils/pointer"
 
 	"github.com/eclipse-che/che-operator/pkg/common/constants"
@@ -125,19 +127,19 @@ func ensureSingletonCheCluster() error {
 
 func validate(checluster *CheCluster) error {
 	for _, github := range checluster.Spec.GitServices.GitHub {
-		if err := validateGitHubOAuthSecret(github, checluster.Namespace); err != nil {
+		if err := validateOAuthSecret(github.SecretName, "github", github.Endpoint, github.DisableSubdomainIsolation, checluster.Namespace); err != nil {
 			return err
 		}
 	}
 
 	for _, gitlab := range checluster.Spec.GitServices.GitLab {
-		if err := validateGitLabOAuthSecret(gitlab, checluster.Namespace); err != nil {
+		if err := validateOAuthSecret(gitlab.SecretName, "gitlab", gitlab.Endpoint, nil, checluster.Namespace); err != nil {
 			return err
 		}
 	}
 
 	for _, bitbucket := range checluster.Spec.GitServices.BitBucket {
-		if err := validateBitBucketOAuthSecret(bitbucket, checluster.Namespace); err != nil {
+		if err := validateOAuthSecret(bitbucket.SecretName, "bitbucket", bitbucket.Endpoint, nil, checluster.Namespace); err != nil {
 			return err
 		}
 	}
@@ -145,60 +147,71 @@ func validate(checluster *CheCluster) error {
 	return nil
 }
 
-func validateGitHubOAuthSecret(github GitHubService, namespace string) error {
-	if github.SecretName == "" {
+func validateOAuthSecret(secretName string, scmProvider string, serverEndpoint string, disableSubdomainIsolation *bool, namespace string) error {
+	if secretName == "" {
 		return nil
 	}
 
+	k8sHelper := k8shelper.New()
+	secret, err := k8sHelper.GetClientset().CoreV1().Secrets(namespace).Get(context.TODO(), secretName, metav1.GetOptions{})
+	if err != nil {
+		if errors.IsNotFound(err) {
+			return fmt.Errorf("secret '%s' not found", secretName)
+		}
+		return fmt.Errorf("error reading '%s' secret", err.Error())
+	}
+
+	if err := ensureScmLabelsAndAnnotations(secret, scmProvider, serverEndpoint, disableSubdomainIsolation); err != nil {
+		return err
+	}
+
+	switch scmProvider {
+	case "github":
+		if err := validateGitHubOAuthSecretDataKeys(secret); err != nil {
+			return err
+		}
+	case "gitlab":
+		if err := validateGitLabOAuthSecretDataKeys(secret); err != nil {
+			return err
+		}
+	case "bitbucket":
+		if err := validateBitBucketOAuthSecretDataKeys(secret); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func validateGitHubOAuthSecretDataKeys(secret *corev1.Secret) error {
 	keys2validate := []string{constants.GitHubOAuthConfigClientIdFileName, constants.GitHubOAuthConfigClientSecretFileName}
-	if err := validateSecretKeys(keys2validate, github.SecretName, namespace); err != nil {
-		return err
-	}
-	if err := ensureScmLabelsAndAnnotations("github", github.Endpoint, github.SecretName, namespace); err != nil {
-		return err
-	}
-	return nil
+	return validateOAuthSecretDataKeys(secret, keys2validate)
 }
 
-func validateGitLabOAuthSecret(gitlab GitLabService, namespace string) error {
-	if gitlab.SecretName == "" {
-		return nil
-	}
-
+func validateGitLabOAuthSecretDataKeys(secret *corev1.Secret) error {
 	keys2validate := []string{constants.GitLabOAuthConfigClientIdFileName, constants.GitLabOAuthConfigClientSecretFileName}
-	if err := validateSecretKeys(keys2validate, gitlab.SecretName, namespace); err != nil {
-		return err
-	}
-	if err := ensureScmLabelsAndAnnotations("gitlab", gitlab.Endpoint, gitlab.SecretName, namespace); err != nil {
-		return err
-	}
-	return nil
+	return validateOAuthSecretDataKeys(secret, keys2validate)
 }
 
-func validateBitBucketOAuthSecret(bitbucket BitBucketService, namespace string) error {
-	if bitbucket.SecretName == "" {
-		return nil
-	}
-
+func validateBitBucketOAuthSecretDataKeys(secret *corev1.Secret) error {
 	oauth1Keys2validate := []string{constants.BitBucketOAuthConfigPrivateKeyFileName, constants.BitBucketOAuthConfigConsumerKeyFileName}
-	errOauth1Keys := validateSecretKeys(oauth1Keys2validate, bitbucket.SecretName, namespace)
+	errOauth1Keys := validateOAuthSecretDataKeys(secret, oauth1Keys2validate)
+
 	oauth2Keys2validate := []string{constants.BitBucketOAuthConfigClientIdFileName, constants.BitBucketOAuthConfigClientSecretFileName}
-	errOauth2Keys := validateSecretKeys(oauth2Keys2validate, bitbucket.SecretName, namespace)
+	errOauth2Keys := validateOAuthSecretDataKeys(secret, oauth2Keys2validate)
+
 	if errOauth1Keys != nil && errOauth2Keys != nil {
 		return fmt.Errorf("secret must contain either [%s] or [%s] keys", strings.Join(oauth1Keys2validate, ", "), strings.Join(oauth2Keys2validate, ", "))
 	}
-	if err := ensureScmLabelsAndAnnotations("bitbucket", bitbucket.Endpoint, bitbucket.SecretName, namespace); err != nil {
-		return err
-	}
+
 	return nil
 }
 
-func ensureScmLabelsAndAnnotations(scmProvider string, endpointUrl string, secretName string, namespace string) error {
+func ensureScmLabelsAndAnnotations(secret *corev1.Secret, scmProvider string, serverEndpoint string, disableSubdomainIsolation *bool) error {
 	patch := corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Annotations: map[string]string{
-				constants.CheEclipseOrgOAuthScmServer:    scmProvider,
-				constants.CheEclipseOrgScmServerEndpoint: endpointUrl,
+				constants.CheEclipseOrgOAuthScmServer: scmProvider,
 			},
 			Labels: map[string]string{
 				constants.KubernetesPartOfLabelKey:    constants.CheEclipseOrg,
@@ -206,26 +219,33 @@ func ensureScmLabelsAndAnnotations(scmProvider string, endpointUrl string, secre
 			},
 		},
 	}
-	patchData, _ := json.Marshal(patch)
 
+	if disableSubdomainIsolation != nil && secret.Annotations[constants.CheEclipseOrgScmGitHubDisableSubdomainIsolation] == "" {
+		// for backward compatability, copy CheCluster CR value into annotation
+		patch.Annotations[constants.CheEclipseOrgScmGitHubDisableSubdomainIsolation] = strconv.FormatBool(*disableSubdomainIsolation)
+	}
+	if serverEndpoint != "" && secret.Annotations[constants.CheEclipseOrgScmServerEndpoint] == "" {
+		// for backward compatability, copy CheCluster CR value into annotation
+		patch.Annotations[constants.CheEclipseOrgScmServerEndpoint] = serverEndpoint
+	}
+
+	patchData, _ := json.Marshal(patch)
 	k8sHelper := k8shelper.New()
-	if _, err := k8sHelper.GetClientset().CoreV1().Secrets(namespace).Patch(context.TODO(), secretName, types.MergePatchType, patchData, metav1.PatchOptions{}); err != nil {
+	if _, err := k8sHelper.
+		GetClientset().
+		CoreV1().
+		Secrets(secret.Namespace).
+		Patch(context.TODO(), secret.Name, types.MergePatchType, patchData, metav1.PatchOptions{}); err != nil {
 		return err
 	}
 
 	return nil
 }
 
-func validateSecretKeys(keys []string, secretName string, namespace string) error {
-	k8sHelper := k8shelper.New()
-	secret, err := k8sHelper.GetClientset().CoreV1().Secrets(namespace).Get(context.TODO(), secretName, metav1.GetOptions{})
-	if err != nil {
-		return err
-	}
-
+func validateOAuthSecretDataKeys(secret *corev1.Secret, keys []string) error {
 	for _, key := range keys {
 		if len(secret.Data[key]) == 0 {
-			return fmt.Errorf("secret must contain [%s] keys", strings.Join(keys, ", "))
+			return fmt.Errorf("secret '%s' must contain [%s] keys", secret.Name, strings.Join(keys, ", "))
 		}
 	}
 

bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml

@@ -77,7 +77,7 @@ metadata:
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
     repository: https://github.com/eclipse-che/che-operator
     support: Eclipse Foundation
-  name: eclipse-che.v7.61.0-758.next
+  name: eclipse-che.v7.61.0-760.next
   namespace: placeholder
 spec:
   apiservicedefinitions: {}
@@ -146,13 +146,8 @@ spec:
             displayName: Bitbucket
             path: gitServices.bitbucket
           - description: 'Kubernetes secret, that contains Base64-encoded Bitbucket
-              OAuth 1.0 or OAuth 2.0 data. For OAuth 1.0: private key, Bitbucket Application
-              link consumer key and Bitbucket Application link shared secret must
-              be stored in `private.key`, `consumer.key` and `shared_secret` keys
-              respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.
-              For OAuth 2.0: Bitbucket OAuth consumer key and Bitbucket OAuth consumer
-              secret must be stored in `id` and `secret` keys respectively. See the
-              following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
+              OAuth 1.0 or OAuth 2.0 data. See the following pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/
+              and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
             displayName: Secret Name
             path: gitServices.bitbucket[0].secretName
             x-descriptors:
@@ -162,8 +157,8 @@ spec:
             displayName: GitHub
             path: gitServices.github
           - description: 'Kubernetes secret, that contains Base64-encoded GitHub OAuth
-              Client id and GitHub OAuth Client secret, that stored in `id` and `secret`
-              keys respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
+              Client id and GitHub OAuth Client secret. See the following page for
+              details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
             displayName: Secret Name
             path: gitServices.github[0].secretName
             x-descriptors:
@@ -173,8 +168,7 @@ spec:
             displayName: GitLab
             path: gitServices.gitlab
           - description: 'Kubernetes secret, that contains Base64-encoded GitHub Application
-              id and GitLab Application Client secret, that stored in `id` and `secret`
-              keys respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
+              id and GitLab Application Client secret. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
             displayName: Secret Name
             path: gitServices.gitlab[0].secretName
             x-descriptors:
@@ -310,13 +304,8 @@ spec:
             displayName: Bitbucket
             path: gitServices.bitbucket
           - description: 'Kubernetes secret, that contains Base64-encoded Bitbucket
-              OAuth 1.0 or OAuth 2.0 data. For OAuth 1.0: private key, Bitbucket Application
-              link consumer key and Bitbucket Application link shared secret must
-              be stored in `private.key`, `consumer.key` and `shared_secret` keys
-              respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.
-              For OAuth 2.0: Bitbucket OAuth consumer key and Bitbucket OAuth consumer
-              secret must be stored in `id` and `secret` keys respectively. See the
-              following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
+              OAuth 1.0 or OAuth 2.0 data. See the following pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/
+              and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
             displayName: Secret Name
             path: gitServices.bitbucket[0].secretName
             x-descriptors:
@@ -326,8 +315,8 @@ spec:
             displayName: GitHub
             path: gitServices.github
           - description: 'Kubernetes secret, that contains Base64-encoded GitHub OAuth
-              Client id and GitHub OAuth Client secret, that stored in `id` and `secret`
-              keys respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
+              Client id and GitHub OAuth Client secret. See the following page for
+              details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
             displayName: Secret Name
             path: gitServices.github[0].secretName
             x-descriptors:
@@ -337,8 +326,7 @@ spec:
             displayName: GitLab
             path: gitServices.gitlab
           - description: 'Kubernetes secret, that contains Base64-encoded GitHub Application
-              id and GitLab Application Client secret, that stored in `id` and `secret`
-              keys respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
+              id and GitLab Application Client secret. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
             displayName: Secret Name
             path: gitServices.gitlab[0].secretName
             x-descriptors:
@@ -1233,7 +1221,7 @@ spec:
   minKubeVersion: 1.19.0
   provider:
     name: Eclipse Foundation
-  version: 7.61.0-758.next
+  version: 7.61.0-760.next
   webhookdefinitions:
     - admissionReviewVersions:
         - v1

bundle/next/eclipse-che/manifests/org.eclipse.che_checlusters.yaml

@@ -1150,19 +1150,15 @@ spec:
                           hosted on Bitbucket (bitbucket.org or self-hosted).
                         properties:
                           endpoint:
-                            default: https://bitbucket.org
-                            description: Bitbucket server endpoint URL.
+                            description: 'Bitbucket server endpoint URL. Deprecated
+                              in favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                              See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.'
                             type: string
                           secretName:
                             description: 'Kubernetes secret, that contains Base64-encoded
-                              Bitbucket OAuth 1.0 or OAuth 2.0 data. For OAuth 1.0:
-                              private key, Bitbucket Application link consumer key
-                              and Bitbucket Application link shared secret must be
-                              stored in `private.key`, `consumer.key` and `shared_secret`
-                              keys respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.
-                              For OAuth 2.0: Bitbucket OAuth consumer key and Bitbucket
-                              OAuth consumer secret must be stored in `id` and `secret`
-                              keys respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
+                              Bitbucket OAuth 1.0 or OAuth 2.0 data. See the following
+                              pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/
+                              and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
                             type: string
                         required:
                           - secretName
@@ -1176,17 +1172,16 @@ spec:
                           hosted on GitHub (GitHub.com or GitHub Enterprise).
                         properties:
                           endpoint:
-                            default: https://github.com
-                            description: GitHub server endpoint URL.
+                            description: 'GitHub server endpoint URL. Deprecated in
+                              favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                              See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                             type: string
                           secretName:
                             description: 'Kubernetes secret, that contains Base64-encoded
-                              GitHub OAuth Client id and GitHub OAuth Client secret,
-                              that stored in `id` and `secret` keys respectively.
-                              See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
+                              GitHub OAuth Client id and GitHub OAuth Client secret.
+                              See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                             type: string
                         required:
-                          - endpoint
                           - secretName
                         type: object
                       type: array
@@ -1198,17 +1193,16 @@ spec:
                           hosted on GitLab (gitlab.com or self-hosted).
                         properties:
                           endpoint:
-                            default: https://gitlab.com
-                            description: GitLab server endpoint URL.
+                            description: 'GitLab server endpoint URL. Deprecated in
+                              favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                              See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                             type: string
                           secretName:
                             description: 'Kubernetes secret, that contains Base64-encoded
                               GitHub Application id and GitLab Application Client
-                              secret, that stored in `id` and `secret` keys respectively.
-                              See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
+                              secret. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                             type: string
                         required:
-                          - endpoint
                           - secretName
                         type: object
                       type: array
@@ -7148,19 +7142,15 @@ spec:
                           hosted on Bitbucket (bitbucket.org or self-hosted).
                         properties:
                           endpoint:
-                            default: https://bitbucket.org
-                            description: Bitbucket server endpoint URL.
+                            description: 'Bitbucket server endpoint URL. Deprecated
+                              in favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                              See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.'
                             type: string
                           secretName:
                             description: 'Kubernetes secret, that contains Base64-encoded
-                              Bitbucket OAuth 1.0 or OAuth 2.0 data. For OAuth 1.0:
-                              private key, Bitbucket Application link consumer key
-                              and Bitbucket Application link shared secret must be
-                              stored in `private.key`, `consumer.key` and `shared_secret`
-                              keys respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.
-                              For OAuth 2.0: Bitbucket OAuth consumer key and Bitbucket
-                              OAuth consumer secret must be stored in `id` and `secret`
-                              keys respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
+                              Bitbucket OAuth 1.0 or OAuth 2.0 data. See the following
+                              pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/
+                              and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
                             type: string
                         required:
                           - secretName
@@ -7174,20 +7164,21 @@ spec:
                           hosted on GitHub (GitHub.com or GitHub Enterprise).
                         properties:
                           disableSubdomainIsolation:
-                            description: Disables subdomain isolation.
+                            description: 'Disables subdomain isolation. Deprecated
+                              in favor of `che.eclipse.org/scm-github-disable-subdomain-isolation`
+                              annotation. See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                             type: boolean
                           endpoint:
-                            default: https://github.com
-                            description: GitHub server endpoint URL.
+                            description: 'GitHub server endpoint URL. Deprecated in
+                              favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                              See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                             type: string
                           secretName:
                             description: 'Kubernetes secret, that contains Base64-encoded
-                              GitHub OAuth Client id and GitHub OAuth Client secret,
-                              that stored in `id` and `secret` keys respectively.
-                              See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
+                              GitHub OAuth Client id and GitHub OAuth Client secret.
+                              See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                             type: string
                         required:
-                          - endpoint
                           - secretName
                         type: object
                       type: array
@@ -7199,17 +7190,16 @@ spec:
                           hosted on GitLab (gitlab.com or self-hosted).
                         properties:
                           endpoint:
-                            default: https://gitlab.com
-                            description: GitLab server endpoint URL.
+                            description: 'GitLab server endpoint URL. Deprecated in
+                              favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                              See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                             type: string
                           secretName:
                             description: 'Kubernetes secret, that contains Base64-encoded
                               GitHub Application id and GitLab Application Client
-                              secret, that stored in `id` and `secret` keys respectively.
-                              See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
+                              secret. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                             type: string
                         required:
-                          - endpoint
                           - secretName
                         type: object
                       type: array

config/crd/bases/org.eclipse.che_checlusters.yaml

@@ -1109,19 +1109,15 @@ spec:
                         hosted on Bitbucket (bitbucket.org or self-hosted).
                       properties:
                         endpoint:
-                          default: https://bitbucket.org
-                          description: Bitbucket server endpoint URL.
+                          description: 'Bitbucket server endpoint URL. Deprecated
+                            in favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            Bitbucket OAuth 1.0 or OAuth 2.0 data. For OAuth 1.0:
-                            private key, Bitbucket Application link consumer key and
-                            Bitbucket Application link shared secret must be stored
-                            in `private.key`, `consumer.key` and `shared_secret` keys
-                            respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.
-                            For OAuth 2.0: Bitbucket OAuth consumer key and Bitbucket
-                            OAuth consumer secret must be stored in `id` and `secret`
-                            keys respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
+                            Bitbucket OAuth 1.0 or OAuth 2.0 data. See the following
+                            pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/
+                            and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
                           type: string
                       required:
                       - secretName
@@ -1135,17 +1131,16 @@ spec:
                         hosted on GitHub (GitHub.com or GitHub Enterprise).
                       properties:
                         endpoint:
-                          default: https://github.com
-                          description: GitHub server endpoint URL.
+                          description: 'GitHub server endpoint URL. Deprecated in
+                            favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            GitHub OAuth Client id and GitHub OAuth Client secret,
-                            that stored in `id` and `secret` keys respectively. See
-                            the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
+                            GitHub OAuth Client id and GitHub OAuth Client secret.
+                            See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: string
                       required:
-                      - endpoint
                       - secretName
                       type: object
                     type: array
@@ -1157,17 +1152,16 @@ spec:
                         hosted on GitLab (gitlab.com or self-hosted).
                       properties:
                         endpoint:
-                          default: https://gitlab.com
-                          description: GitLab server endpoint URL.
+                          description: 'GitLab server endpoint URL. Deprecated in
+                            favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            GitHub Application id and GitLab Application Client secret,
-                            that stored in `id` and `secret` keys respectively. See
-                            the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
+                            GitHub Application id and GitLab Application Client secret.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                           type: string
                       required:
-                      - endpoint
                       - secretName
                       type: object
                     type: array
@@ -6955,19 +6949,15 @@ spec:
                         hosted on Bitbucket (bitbucket.org or self-hosted).
                       properties:
                         endpoint:
-                          default: https://bitbucket.org
-                          description: Bitbucket server endpoint URL.
+                          description: 'Bitbucket server endpoint URL. Deprecated
+                            in favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            Bitbucket OAuth 1.0 or OAuth 2.0 data. For OAuth 1.0:
-                            private key, Bitbucket Application link consumer key and
-                            Bitbucket Application link shared secret must be stored
-                            in `private.key`, `consumer.key` and `shared_secret` keys
-                            respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.
-                            For OAuth 2.0: Bitbucket OAuth consumer key and Bitbucket
-                            OAuth consumer secret must be stored in `id` and `secret`
-                            keys respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
+                            Bitbucket OAuth 1.0 or OAuth 2.0 data. See the following
+                            pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/
+                            and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
                           type: string
                       required:
                       - secretName
@@ -6981,20 +6971,21 @@ spec:
                         hosted on GitHub (GitHub.com or GitHub Enterprise).
                       properties:
                         disableSubdomainIsolation:
-                          description: Disables subdomain isolation.
+                          description: 'Disables subdomain isolation. Deprecated in
+                            favor of `che.eclipse.org/scm-github-disable-subdomain-isolation`
+                            annotation. See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: boolean
                         endpoint:
-                          default: https://github.com
-                          description: GitHub server endpoint URL.
+                          description: 'GitHub server endpoint URL. Deprecated in
+                            favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            GitHub OAuth Client id and GitHub OAuth Client secret,
-                            that stored in `id` and `secret` keys respectively. See
-                            the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
+                            GitHub OAuth Client id and GitHub OAuth Client secret.
+                            See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: string
                       required:
-                      - endpoint
                       - secretName
                       type: object
                     type: array
@@ -7006,17 +6997,16 @@ spec:
                         hosted on GitLab (gitlab.com or self-hosted).
                       properties:
                         endpoint:
-                          default: https://gitlab.com
-                          description: GitLab server endpoint URL.
+                          description: 'GitLab server endpoint URL. Deprecated in
+                            favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            GitHub Application id and GitLab Application Client secret,
-                            that stored in `id` and `secret` keys respectively. See
-                            the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
+                            GitHub Application id and GitLab Application Client secret.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                           type: string
                       required:
-                      - endpoint
                       - secretName
                       type: object
                     type: array

config/manifests/bases/che-operator.clusterserviceversion.yaml

@@ -93,13 +93,8 @@ spec:
         displayName: Bitbucket
         path: gitServices.bitbucket
       - description: 'Kubernetes secret, that contains Base64-encoded Bitbucket OAuth
-          1.0 or OAuth 2.0 data. For OAuth 1.0: private key, Bitbucket Application
-          link consumer key and Bitbucket Application link shared secret must be stored
-          in `private.key`, `consumer.key` and `shared_secret` keys respectively.
-          See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.
-          For OAuth 2.0: Bitbucket OAuth consumer key and Bitbucket OAuth consumer
-          secret must be stored in `id` and `secret` keys respectively. See the following
-          page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
+          1.0 or OAuth 2.0 data. See the following pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/
+          and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
         displayName: Secret Name
         path: gitServices.bitbucket[0].secretName
         x-descriptors:
@@ -109,8 +104,8 @@ spec:
         displayName: GitHub
         path: gitServices.github
       - description: 'Kubernetes secret, that contains Base64-encoded GitHub OAuth
-          Client id and GitHub OAuth Client secret, that stored in `id` and `secret`
-          keys respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
+          Client id and GitHub OAuth Client secret. See the following page for details:
+          https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
         displayName: Secret Name
         path: gitServices.github[0].secretName
         x-descriptors:
@@ -120,8 +115,7 @@ spec:
         displayName: GitLab
         path: gitServices.gitlab
       - description: 'Kubernetes secret, that contains Base64-encoded GitHub Application
-          id and GitLab Application Client secret, that stored in `id` and `secret`
-          keys respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
+          id and GitLab Application Client secret. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
         displayName: Secret Name
         path: gitServices.gitlab[0].secretName
         x-descriptors:
@@ -256,13 +250,8 @@ spec:
         displayName: Bitbucket
         path: gitServices.bitbucket
       - description: 'Kubernetes secret, that contains Base64-encoded Bitbucket OAuth
-          1.0 or OAuth 2.0 data. For OAuth 1.0: private key, Bitbucket Application
-          link consumer key and Bitbucket Application link shared secret must be stored
-          in `private.key`, `consumer.key` and `shared_secret` keys respectively.
-          See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.
-          For OAuth 2.0: Bitbucket OAuth consumer key and Bitbucket OAuth consumer
-          secret must be stored in `id` and `secret` keys respectively. See the following
-          page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
+          1.0 or OAuth 2.0 data. See the following pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/
+          and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
         displayName: Secret Name
         path: gitServices.bitbucket[0].secretName
         x-descriptors:
@@ -272,8 +261,8 @@ spec:
         displayName: GitHub
         path: gitServices.github
       - description: 'Kubernetes secret, that contains Base64-encoded GitHub OAuth
-          Client id and GitHub OAuth Client secret, that stored in `id` and `secret`
-          keys respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
+          Client id and GitHub OAuth Client secret. See the following page for details:
+          https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
         displayName: Secret Name
         path: gitServices.github[0].secretName
         x-descriptors:
@@ -283,8 +272,7 @@ spec:
         displayName: GitLab
         path: gitServices.gitlab
       - description: 'Kubernetes secret, that contains Base64-encoded GitHub Application
-          id and GitLab Application Client secret, that stored in `id` and `secret`
-          keys respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
+          id and GitLab Application Client secret. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
         displayName: Secret Name
         path: gitServices.gitlab[0].secretName
         x-descriptors:

deploy/deployment/kubernetes/combined.yaml

@@ -1128,19 +1128,15 @@ spec:
                         hosted on Bitbucket (bitbucket.org or self-hosted).
                       properties:
                         endpoint:
-                          default: https://bitbucket.org
-                          description: Bitbucket server endpoint URL.
+                          description: 'Bitbucket server endpoint URL. Deprecated
+                            in favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            Bitbucket OAuth 1.0 or OAuth 2.0 data. For OAuth 1.0:
-                            private key, Bitbucket Application link consumer key and
-                            Bitbucket Application link shared secret must be stored
-                            in `private.key`, `consumer.key` and `shared_secret` keys
-                            respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.
-                            For OAuth 2.0: Bitbucket OAuth consumer key and Bitbucket
-                            OAuth consumer secret must be stored in `id` and `secret`
-                            keys respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
+                            Bitbucket OAuth 1.0 or OAuth 2.0 data. See the following
+                            pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/
+                            and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
                           type: string
                       required:
                       - secretName
@@ -1154,17 +1150,16 @@ spec:
                         hosted on GitHub (GitHub.com or GitHub Enterprise).
                       properties:
                         endpoint:
-                          default: https://github.com
-                          description: GitHub server endpoint URL.
+                          description: 'GitHub server endpoint URL. Deprecated in
+                            favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            GitHub OAuth Client id and GitHub OAuth Client secret,
-                            that stored in `id` and `secret` keys respectively. See
-                            the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
+                            GitHub OAuth Client id and GitHub OAuth Client secret.
+                            See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: string
                       required:
-                      - endpoint
                       - secretName
                       type: object
                     type: array
@@ -1176,17 +1171,16 @@ spec:
                         hosted on GitLab (gitlab.com or self-hosted).
                       properties:
                         endpoint:
-                          default: https://gitlab.com
-                          description: GitLab server endpoint URL.
+                          description: 'GitLab server endpoint URL. Deprecated in
+                            favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            GitHub Application id and GitLab Application Client secret,
-                            that stored in `id` and `secret` keys respectively. See
-                            the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
+                            GitHub Application id and GitLab Application Client secret.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                           type: string
                       required:
-                      - endpoint
                       - secretName
                       type: object
                     type: array
@@ -6974,19 +6968,15 @@ spec:
                         hosted on Bitbucket (bitbucket.org or self-hosted).
                       properties:
                         endpoint:
-                          default: https://bitbucket.org
-                          description: Bitbucket server endpoint URL.
+                          description: 'Bitbucket server endpoint URL. Deprecated
+                            in favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            Bitbucket OAuth 1.0 or OAuth 2.0 data. For OAuth 1.0:
-                            private key, Bitbucket Application link consumer key and
-                            Bitbucket Application link shared secret must be stored
-                            in `private.key`, `consumer.key` and `shared_secret` keys
-                            respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.
-                            For OAuth 2.0: Bitbucket OAuth consumer key and Bitbucket
-                            OAuth consumer secret must be stored in `id` and `secret`
-                            keys respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
+                            Bitbucket OAuth 1.0 or OAuth 2.0 data. See the following
+                            pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/
+                            and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
                           type: string
                       required:
                       - secretName
@@ -7000,20 +6990,21 @@ spec:
                         hosted on GitHub (GitHub.com or GitHub Enterprise).
                       properties:
                         disableSubdomainIsolation:
-                          description: Disables subdomain isolation.
+                          description: 'Disables subdomain isolation. Deprecated in
+                            favor of `che.eclipse.org/scm-github-disable-subdomain-isolation`
+                            annotation. See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: boolean
                         endpoint:
-                          default: https://github.com
-                          description: GitHub server endpoint URL.
+                          description: 'GitHub server endpoint URL. Deprecated in
+                            favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            GitHub OAuth Client id and GitHub OAuth Client secret,
-                            that stored in `id` and `secret` keys respectively. See
-                            the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
+                            GitHub OAuth Client id and GitHub OAuth Client secret.
+                            See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: string
                       required:
-                      - endpoint
                       - secretName
                       type: object
                     type: array
@@ -7025,17 +7016,16 @@ spec:
                         hosted on GitLab (gitlab.com or self-hosted).
                       properties:
                         endpoint:
-                          default: https://gitlab.com
-                          description: GitLab server endpoint URL.
+                          description: 'GitLab server endpoint URL. Deprecated in
+                            favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            GitHub Application id and GitLab Application Client secret,
-                            that stored in `id` and `secret` keys respectively. See
-                            the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
+                            GitHub Application id and GitLab Application Client secret.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                           type: string
                       required:
-                      - endpoint
                       - secretName
                       type: object
                     type: array

deploy/deployment/kubernetes/objects/checlusters.org.eclipse.che.CustomResourceDefinition.yaml

@@ -1123,19 +1123,15 @@ spec:
                         hosted on Bitbucket (bitbucket.org or self-hosted).
                       properties:
                         endpoint:
-                          default: https://bitbucket.org
-                          description: Bitbucket server endpoint URL.
+                          description: 'Bitbucket server endpoint URL. Deprecated
+                            in favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            Bitbucket OAuth 1.0 or OAuth 2.0 data. For OAuth 1.0:
-                            private key, Bitbucket Application link consumer key and
-                            Bitbucket Application link shared secret must be stored
-                            in `private.key`, `consumer.key` and `shared_secret` keys
-                            respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.
-                            For OAuth 2.0: Bitbucket OAuth consumer key and Bitbucket
-                            OAuth consumer secret must be stored in `id` and `secret`
-                            keys respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
+                            Bitbucket OAuth 1.0 or OAuth 2.0 data. See the following
+                            pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/
+                            and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
                           type: string
                       required:
                       - secretName
@@ -1149,17 +1145,16 @@ spec:
                         hosted on GitHub (GitHub.com or GitHub Enterprise).
                       properties:
                         endpoint:
-                          default: https://github.com
-                          description: GitHub server endpoint URL.
+                          description: 'GitHub server endpoint URL. Deprecated in
+                            favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            GitHub OAuth Client id and GitHub OAuth Client secret,
-                            that stored in `id` and `secret` keys respectively. See
-                            the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
+                            GitHub OAuth Client id and GitHub OAuth Client secret.
+                            See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: string
                       required:
-                      - endpoint
                       - secretName
                       type: object
                     type: array
@@ -1171,17 +1166,16 @@ spec:
                         hosted on GitLab (gitlab.com or self-hosted).
                       properties:
                         endpoint:
-                          default: https://gitlab.com
-                          description: GitLab server endpoint URL.
+                          description: 'GitLab server endpoint URL. Deprecated in
+                            favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            GitHub Application id and GitLab Application Client secret,
-                            that stored in `id` and `secret` keys respectively. See
-                            the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
+                            GitHub Application id and GitLab Application Client secret.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                           type: string
                       required:
-                      - endpoint
                       - secretName
                       type: object
                     type: array
@@ -6969,19 +6963,15 @@ spec:
                         hosted on Bitbucket (bitbucket.org or self-hosted).
                       properties:
                         endpoint:
-                          default: https://bitbucket.org
-                          description: Bitbucket server endpoint URL.
+                          description: 'Bitbucket server endpoint URL. Deprecated
+                            in favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            Bitbucket OAuth 1.0 or OAuth 2.0 data. For OAuth 1.0:
-                            private key, Bitbucket Application link consumer key and
-                            Bitbucket Application link shared secret must be stored
-                            in `private.key`, `consumer.key` and `shared_secret` keys
-                            respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.
-                            For OAuth 2.0: Bitbucket OAuth consumer key and Bitbucket
-                            OAuth consumer secret must be stored in `id` and `secret`
-                            keys respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
+                            Bitbucket OAuth 1.0 or OAuth 2.0 data. See the following
+                            pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/
+                            and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
                           type: string
                       required:
                       - secretName
@@ -6995,20 +6985,21 @@ spec:
                         hosted on GitHub (GitHub.com or GitHub Enterprise).
                       properties:
                         disableSubdomainIsolation:
-                          description: Disables subdomain isolation.
+                          description: 'Disables subdomain isolation. Deprecated in
+                            favor of `che.eclipse.org/scm-github-disable-subdomain-isolation`
+                            annotation. See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: boolean
                         endpoint:
-                          default: https://github.com
-                          description: GitHub server endpoint URL.
+                          description: 'GitHub server endpoint URL. Deprecated in
+                            favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            GitHub OAuth Client id and GitHub OAuth Client secret,
-                            that stored in `id` and `secret` keys respectively. See
-                            the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
+                            GitHub OAuth Client id and GitHub OAuth Client secret.
+                            See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: string
                       required:
-                      - endpoint
                       - secretName
                       type: object
                     type: array
@@ -7020,17 +7011,16 @@ spec:
                         hosted on GitLab (gitlab.com or self-hosted).
                       properties:
                         endpoint:
-                          default: https://gitlab.com
-                          description: GitLab server endpoint URL.
+                          description: 'GitLab server endpoint URL. Deprecated in
+                            favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            GitHub Application id and GitLab Application Client secret,
-                            that stored in `id` and `secret` keys respectively. See
-                            the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
+                            GitHub Application id and GitLab Application Client secret.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                           type: string
                       required:
-                      - endpoint
                       - secretName
                       type: object
                     type: array

deploy/deployment/openshift/combined.yaml

@@ -1128,19 +1128,15 @@ spec:
                         hosted on Bitbucket (bitbucket.org or self-hosted).
                       properties:
                         endpoint:
-                          default: https://bitbucket.org
-                          description: Bitbucket server endpoint URL.
+                          description: 'Bitbucket server endpoint URL. Deprecated
+                            in favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            Bitbucket OAuth 1.0 or OAuth 2.0 data. For OAuth 1.0:
-                            private key, Bitbucket Application link consumer key and
-                            Bitbucket Application link shared secret must be stored
-                            in `private.key`, `consumer.key` and `shared_secret` keys
-                            respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.
-                            For OAuth 2.0: Bitbucket OAuth consumer key and Bitbucket
-                            OAuth consumer secret must be stored in `id` and `secret`
-                            keys respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
+                            Bitbucket OAuth 1.0 or OAuth 2.0 data. See the following
+                            pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/
+                            and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
                           type: string
                       required:
                       - secretName
@@ -1154,17 +1150,16 @@ spec:
                         hosted on GitHub (GitHub.com or GitHub Enterprise).
                       properties:
                         endpoint:
-                          default: https://github.com
-                          description: GitHub server endpoint URL.
+                          description: 'GitHub server endpoint URL. Deprecated in
+                            favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            GitHub OAuth Client id and GitHub OAuth Client secret,
-                            that stored in `id` and `secret` keys respectively. See
-                            the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
+                            GitHub OAuth Client id and GitHub OAuth Client secret.
+                            See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: string
                       required:
-                      - endpoint
                       - secretName
                       type: object
                     type: array
@@ -1176,17 +1171,16 @@ spec:
                         hosted on GitLab (gitlab.com or self-hosted).
                       properties:
                         endpoint:
-                          default: https://gitlab.com
-                          description: GitLab server endpoint URL.
+                          description: 'GitLab server endpoint URL. Deprecated in
+                            favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            GitHub Application id and GitLab Application Client secret,
-                            that stored in `id` and `secret` keys respectively. See
-                            the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
+                            GitHub Application id and GitLab Application Client secret.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                           type: string
                       required:
-                      - endpoint
                       - secretName
                       type: object
                     type: array
@@ -6974,19 +6968,15 @@ spec:
                         hosted on Bitbucket (bitbucket.org or self-hosted).
                       properties:
                         endpoint:
-                          default: https://bitbucket.org
-                          description: Bitbucket server endpoint URL.
+                          description: 'Bitbucket server endpoint URL. Deprecated
+                            in favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            Bitbucket OAuth 1.0 or OAuth 2.0 data. For OAuth 1.0:
-                            private key, Bitbucket Application link consumer key and
-                            Bitbucket Application link shared secret must be stored
-                            in `private.key`, `consumer.key` and `shared_secret` keys
-                            respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.
-                            For OAuth 2.0: Bitbucket OAuth consumer key and Bitbucket
-                            OAuth consumer secret must be stored in `id` and `secret`
-                            keys respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
+                            Bitbucket OAuth 1.0 or OAuth 2.0 data. See the following
+                            pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/
+                            and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
                           type: string
                       required:
                       - secretName
@@ -7000,20 +6990,21 @@ spec:
                         hosted on GitHub (GitHub.com or GitHub Enterprise).
                       properties:
                         disableSubdomainIsolation:
-                          description: Disables subdomain isolation.
+                          description: 'Disables subdomain isolation. Deprecated in
+                            favor of `che.eclipse.org/scm-github-disable-subdomain-isolation`
+                            annotation. See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: boolean
                         endpoint:
-                          default: https://github.com
-                          description: GitHub server endpoint URL.
+                          description: 'GitHub server endpoint URL. Deprecated in
+                            favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            GitHub OAuth Client id and GitHub OAuth Client secret,
-                            that stored in `id` and `secret` keys respectively. See
-                            the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
+                            GitHub OAuth Client id and GitHub OAuth Client secret.
+                            See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: string
                       required:
-                      - endpoint
                       - secretName
                       type: object
                     type: array
@@ -7025,17 +7016,16 @@ spec:
                         hosted on GitLab (gitlab.com or self-hosted).
                       properties:
                         endpoint:
-                          default: https://gitlab.com
-                          description: GitLab server endpoint URL.
+                          description: 'GitLab server endpoint URL. Deprecated in
+                            favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            GitHub Application id and GitLab Application Client secret,
-                            that stored in `id` and `secret` keys respectively. See
-                            the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
+                            GitHub Application id and GitLab Application Client secret.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                           type: string
                       required:
-                      - endpoint
                       - secretName
                       type: object
                     type: array

deploy/deployment/openshift/objects/checlusters.org.eclipse.che.CustomResourceDefinition.yaml

@@ -1123,19 +1123,15 @@ spec:
                         hosted on Bitbucket (bitbucket.org or self-hosted).
                       properties:
                         endpoint:
-                          default: https://bitbucket.org
-                          description: Bitbucket server endpoint URL.
+                          description: 'Bitbucket server endpoint URL. Deprecated
+                            in favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            Bitbucket OAuth 1.0 or OAuth 2.0 data. For OAuth 1.0:
-                            private key, Bitbucket Application link consumer key and
-                            Bitbucket Application link shared secret must be stored
-                            in `private.key`, `consumer.key` and `shared_secret` keys
-                            respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.
-                            For OAuth 2.0: Bitbucket OAuth consumer key and Bitbucket
-                            OAuth consumer secret must be stored in `id` and `secret`
-                            keys respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
+                            Bitbucket OAuth 1.0 or OAuth 2.0 data. See the following
+                            pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/
+                            and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
                           type: string
                       required:
                       - secretName
@@ -1149,17 +1145,16 @@ spec:
                         hosted on GitHub (GitHub.com or GitHub Enterprise).
                       properties:
                         endpoint:
-                          default: https://github.com
-                          description: GitHub server endpoint URL.
+                          description: 'GitHub server endpoint URL. Deprecated in
+                            favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            GitHub OAuth Client id and GitHub OAuth Client secret,
-                            that stored in `id` and `secret` keys respectively. See
-                            the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
+                            GitHub OAuth Client id and GitHub OAuth Client secret.
+                            See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: string
                       required:
-                      - endpoint
                       - secretName
                       type: object
                     type: array
@@ -1171,17 +1166,16 @@ spec:
                         hosted on GitLab (gitlab.com or self-hosted).
                       properties:
                         endpoint:
-                          default: https://gitlab.com
-                          description: GitLab server endpoint URL.
+                          description: 'GitLab server endpoint URL. Deprecated in
+                            favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            GitHub Application id and GitLab Application Client secret,
-                            that stored in `id` and `secret` keys respectively. See
-                            the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
+                            GitHub Application id and GitLab Application Client secret.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                           type: string
                       required:
-                      - endpoint
                       - secretName
                       type: object
                     type: array
@@ -6969,19 +6963,15 @@ spec:
                         hosted on Bitbucket (bitbucket.org or self-hosted).
                       properties:
                         endpoint:
-                          default: https://bitbucket.org
-                          description: Bitbucket server endpoint URL.
+                          description: 'Bitbucket server endpoint URL. Deprecated
+                            in favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            Bitbucket OAuth 1.0 or OAuth 2.0 data. For OAuth 1.0:
-                            private key, Bitbucket Application link consumer key and
-                            Bitbucket Application link shared secret must be stored
-                            in `private.key`, `consumer.key` and `shared_secret` keys
-                            respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.
-                            For OAuth 2.0: Bitbucket OAuth consumer key and Bitbucket
-                            OAuth consumer secret must be stored in `id` and `secret`
-                            keys respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
+                            Bitbucket OAuth 1.0 or OAuth 2.0 data. See the following
+                            pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/
+                            and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
                           type: string
                       required:
                       - secretName
@@ -6995,20 +6985,21 @@ spec:
                         hosted on GitHub (GitHub.com or GitHub Enterprise).
                       properties:
                         disableSubdomainIsolation:
-                          description: Disables subdomain isolation.
+                          description: 'Disables subdomain isolation. Deprecated in
+                            favor of `che.eclipse.org/scm-github-disable-subdomain-isolation`
+                            annotation. See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: boolean
                         endpoint:
-                          default: https://github.com
-                          description: GitHub server endpoint URL.
+                          description: 'GitHub server endpoint URL. Deprecated in
+                            favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            GitHub OAuth Client id and GitHub OAuth Client secret,
-                            that stored in `id` and `secret` keys respectively. See
-                            the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
+                            GitHub OAuth Client id and GitHub OAuth Client secret.
+                            See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: string
                       required:
-                      - endpoint
                       - secretName
                       type: object
                     type: array
@@ -7020,17 +7011,16 @@ spec:
                         hosted on GitLab (gitlab.com or self-hosted).
                       properties:
                         endpoint:
-                          default: https://gitlab.com
-                          description: GitLab server endpoint URL.
+                          description: 'GitLab server endpoint URL. Deprecated in
+                            favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            GitHub Application id and GitLab Application Client secret,
-                            that stored in `id` and `secret` keys respectively. See
-                            the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
+                            GitHub Application id and GitLab Application Client secret.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                           type: string
                       required:
-                      - endpoint
                       - secretName
                       type: object
                     type: array

helmcharts/next/crds/checlusters.org.eclipse.che.CustomResourceDefinition.yaml

@@ -1123,19 +1123,15 @@ spec:
                         hosted on Bitbucket (bitbucket.org or self-hosted).
                       properties:
                         endpoint:
-                          default: https://bitbucket.org
-                          description: Bitbucket server endpoint URL.
+                          description: 'Bitbucket server endpoint URL. Deprecated
+                            in favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            Bitbucket OAuth 1.0 or OAuth 2.0 data. For OAuth 1.0:
-                            private key, Bitbucket Application link consumer key and
-                            Bitbucket Application link shared secret must be stored
-                            in `private.key`, `consumer.key` and `shared_secret` keys
-                            respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.
-                            For OAuth 2.0: Bitbucket OAuth consumer key and Bitbucket
-                            OAuth consumer secret must be stored in `id` and `secret`
-                            keys respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
+                            Bitbucket OAuth 1.0 or OAuth 2.0 data. See the following
+                            pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/
+                            and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
                           type: string
                       required:
                       - secretName
@@ -1149,17 +1145,16 @@ spec:
                         hosted on GitHub (GitHub.com or GitHub Enterprise).
                       properties:
                         endpoint:
-                          default: https://github.com
-                          description: GitHub server endpoint URL.
+                          description: 'GitHub server endpoint URL. Deprecated in
+                            favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            GitHub OAuth Client id and GitHub OAuth Client secret,
-                            that stored in `id` and `secret` keys respectively. See
-                            the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
+                            GitHub OAuth Client id and GitHub OAuth Client secret.
+                            See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: string
                       required:
-                      - endpoint
                       - secretName
                       type: object
                     type: array
@@ -1171,17 +1166,16 @@ spec:
                         hosted on GitLab (gitlab.com or self-hosted).
                       properties:
                         endpoint:
-                          default: https://gitlab.com
-                          description: GitLab server endpoint URL.
+                          description: 'GitLab server endpoint URL. Deprecated in
+                            favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            GitHub Application id and GitLab Application Client secret,
-                            that stored in `id` and `secret` keys respectively. See
-                            the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
+                            GitHub Application id and GitLab Application Client secret.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                           type: string
                       required:
-                      - endpoint
                       - secretName
                       type: object
                     type: array
@@ -6969,19 +6963,15 @@ spec:
                         hosted on Bitbucket (bitbucket.org or self-hosted).
                       properties:
                         endpoint:
-                          default: https://bitbucket.org
-                          description: Bitbucket server endpoint URL.
+                          description: 'Bitbucket server endpoint URL. Deprecated
+                            in favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            Bitbucket OAuth 1.0 or OAuth 2.0 data. For OAuth 1.0:
-                            private key, Bitbucket Application link consumer key and
-                            Bitbucket Application link shared secret must be stored
-                            in `private.key`, `consumer.key` and `shared_secret` keys
-                            respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.
-                            For OAuth 2.0: Bitbucket OAuth consumer key and Bitbucket
-                            OAuth consumer secret must be stored in `id` and `secret`
-                            keys respectively. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
+                            Bitbucket OAuth 1.0 or OAuth 2.0 data. See the following
+                            pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/
+                            and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
                           type: string
                       required:
                       - secretName
@@ -6995,20 +6985,21 @@ spec:
                         hosted on GitHub (GitHub.com or GitHub Enterprise).
                       properties:
                         disableSubdomainIsolation:
-                          description: Disables subdomain isolation.
+                          description: 'Disables subdomain isolation. Deprecated in
+                            favor of `che.eclipse.org/scm-github-disable-subdomain-isolation`
+                            annotation. See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: boolean
                         endpoint:
-                          default: https://github.com
-                          description: GitHub server endpoint URL.
+                          description: 'GitHub server endpoint URL. Deprecated in
+                            favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            GitHub OAuth Client id and GitHub OAuth Client secret,
-                            that stored in `id` and `secret` keys respectively. See
-                            the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
+                            GitHub OAuth Client id and GitHub OAuth Client secret.
+                            See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
                           type: string
                       required:
-                      - endpoint
                       - secretName
                       type: object
                     type: array
@@ -7020,17 +7011,16 @@ spec:
                         hosted on GitLab (gitlab.com or self-hosted).
                       properties:
                         endpoint:
-                          default: https://gitlab.com
-                          description: GitLab server endpoint URL.
+                          description: 'GitLab server endpoint URL. Deprecated in
+                            favor of `che.eclipse.org/scm-server-endpoint` annotation.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                           type: string
                         secretName:
                           description: 'Kubernetes secret, that contains Base64-encoded
-                            GitHub Application id and GitLab Application Client secret,
-                            that stored in `id` and `secret` keys respectively. See
-                            the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
+                            GitHub Application id and GitLab Application Client secret.
+                            See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
                           type: string
                       required:
-                      - endpoint
                       - secretName
                       type: object
                     type: array

pkg/common/constants/constants.go

@@ -94,13 +94,14 @@ const (
 	KubernetesNameLabelKey      = "app.kubernetes.io/name"
 
 	// Annotations
-	CheEclipseOrgMountPath                = "che.eclipse.org/mount-path"
-	CheEclipseOrgMountAs                  = "che.eclipse.org/mount-as"
-	CheEclipseOrgEnvName                  = "che.eclipse.org/env-name"
-	CheEclipseOrgNamespace                = "che.eclipse.org/namespace"
-	CheEclipseOrgOAuthScmServer           = "che.eclipse.org/oauth-scm-server"
-	CheEclipseOrgScmServerEndpoint        = "che.eclipse.org/scm-server-endpoint"
-	CheEclipseOrgManagedAnnotationsDigest = "che.eclipse.org/managed-annotations-digest"
+	CheEclipseOrgMountPath                          = "che.eclipse.org/mount-path"
+	CheEclipseOrgMountAs                            = "che.eclipse.org/mount-as"
+	CheEclipseOrgEnvName                            = "che.eclipse.org/env-name"
+	CheEclipseOrgNamespace                          = "che.eclipse.org/namespace"
+	CheEclipseOrgOAuthScmServer                     = "che.eclipse.org/oauth-scm-server"
+	CheEclipseOrgScmServerEndpoint                  = "che.eclipse.org/scm-server-endpoint"
+	CheEclipseOrgManagedAnnotationsDigest           = "che.eclipse.org/managed-annotations-digest"
+	CheEclipseOrgScmGitHubDisableSubdomainIsolation = "che.eclipse.org/scm-github-disable-subdomain-isolation"
 
 	// DevEnvironments
 	PerUserPVCStorageStrategy      = "per-user"

pkg/deploy/server/server_deployment.go

@@ -12,8 +12,6 @@
 package server
 
 import (
-	"strconv"
-
 	"github.com/eclipse-che/che-operator/pkg/common/chetypes"
 	"github.com/eclipse-che/che-operator/pkg/common/constants"
 	defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults"
@@ -348,12 +346,8 @@ func MountGitHubOAuthConfig(ctx *chetypes.DeployContext, deployment *appsv1.Depl
 		mountEnv(deployment, "CHE_INTEGRATION_GITHUB_OAUTH__ENDPOINT", oauthEndpoint)
 	}
 
-	for _, gitHubService := range ctx.CheCluster.Spec.GitServices.GitHub {
-		if gitHubService.SecretName == secret.Name {
-			if gitHubService.DisableSubdomainIsolation != nil {
-				mountEnv(deployment, "CHE_INTEGRATION_GITHUB_DISABLE__SUBDOMAIN__ISOLATION", strconv.FormatBool(*gitHubService.DisableSubdomainIsolation))
-			}
-		}
+	if secret.Annotations[constants.CheEclipseOrgScmGitHubDisableSubdomainIsolation] != "" {
+		mountEnv(deployment, "CHE_INTEGRATION_GITHUB_DISABLE__SUBDOMAIN__ISOLATION", secret.Annotations[constants.CheEclipseOrgScmGitHubDisableSubdomainIsolation])
 	}
 
 	return nil

pkg/deploy/server/server_deployment_test.go

@@ -14,8 +14,6 @@ package server
 import (
 	"os"
 
-	"k8s.io/utils/pointer"
-
 	"k8s.io/apimachinery/pkg/api/resource"
 
 	"github.com/eclipse-che/che-operator/pkg/common/chetypes"
@@ -303,13 +301,14 @@ func TestMountBitbucketOAuthEnvVar(t *testing.T) {
 
 func TestMountGitHubOAuthEnvVar(t *testing.T) {
 	type testCase struct {
-		name                  string
-		initObjects           []runtime.Object
-		expectedIdKeyPath     string
-		expectedSecretKeyPath string
-		expectedOAuthEndpoint string
-		expectedVolume        corev1.Volume
-		expectedVolumeMount   corev1.VolumeMount
+		name                              string
+		initObjects                       []runtime.Object
+		expectedIdKeyPath                 string
+		expectedSecretKeyPath             string
+		expectedOAuthEndpoint             string
+		expectedDisableSubdomainIsolation string
+		expectedVolume                    corev1.Volume
+		expectedVolumeMount               corev1.VolumeMount
 	}
 
 	testCases := []testCase{
@@ -329,8 +328,9 @@ func TestMountGitHubOAuthEnvVar(t *testing.T) {
 							"app.kubernetes.io/component": "oauth-scm-configuration",
 						},
 						Annotations: map[string]string{
-							"che.eclipse.org/oauth-scm-server":    "github",
-							"che.eclipse.org/scm-server-endpoint": "endpoint_1",
+							"che.eclipse.org/oauth-scm-server":                       "github",
+							"che.eclipse.org/scm-server-endpoint":                    "endpoint_1",
+							"che.eclipse.org/scm-github-disable-subdomain-isolation": "true",
 						},
 					},
 					Data: map[string][]byte{
@@ -339,9 +339,10 @@ func TestMountGitHubOAuthEnvVar(t *testing.T) {
 					},
 				},
 			},
-			expectedIdKeyPath:     "/che-conf/oauth/github/id",
-			expectedSecretKeyPath: "/che-conf/oauth/github/secret",
-			expectedOAuthEndpoint: "endpoint_1",
+			expectedIdKeyPath:                 "/che-conf/oauth/github/id",
+			expectedSecretKeyPath:             "/che-conf/oauth/github/secret",
+			expectedOAuthEndpoint:             "endpoint_1",
+			expectedDisableSubdomainIsolation: "true",
 			expectedVolume: corev1.Volume{
 				Name: "github-oauth-config",
 				VolumeSource: corev1.VolumeSource{
@@ -376,6 +377,9 @@ func TestMountGitHubOAuthEnvVar(t *testing.T) {
 			value = utils.GetEnvByName("CHE_INTEGRATION_GITHUB_OAUTH__ENDPOINT", container.Env)
 			assert.Equal(t, testCase.expectedOAuthEndpoint, value)
 
+			value = utils.GetEnvByName("CHE_INTEGRATION_GITHUB_DISABLE__SUBDOMAIN__ISOLATION", container.Env)
+			assert.Equal(t, testCase.expectedDisableSubdomainIsolation, value)
+
 			volume := test.FindVolume(deployment.Spec.Template.Spec.Volumes, "github-oauth-config")
 			assert.NotNil(t, volume)
 			assert.Equal(t, testCase.expectedVolume, volume)
@@ -472,185 +476,3 @@ func TestMountGitLabOAuthEnvVar(t *testing.T) {
 		})
 	}
 }
-
-func TestMountGitHubDisableSubdomainIsolationEnvVar(t *testing.T) {
-	type testCase struct {
-		name                              string
-		cheCluster                        *chev2.CheCluster
-		initObjects                       []runtime.Object
-		expectedDisableSubdomainIsolation string
-	}
-
-	testCases := []testCase{
-		{
-			name: "Test #1",
-			cheCluster: &chev2.CheCluster{
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      "eclipse-che",
-					Namespace: "eclipse-che",
-				},
-				Spec: chev2.CheClusterSpec{
-					GitServices: chev2.CheClusterGitServices{
-						GitHub: []chev2.GitHubService{
-							{
-								DisableSubdomainIsolation: pointer.BoolPtr(true),
-								SecretName:                "github-oauth-config",
-							},
-						},
-					},
-				},
-			},
-			initObjects: []runtime.Object{
-				&corev1.Secret{
-					TypeMeta: metav1.TypeMeta{
-						Kind:       "Secret",
-						APIVersion: "v1",
-					},
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "github-oauth-config",
-						Namespace: "eclipse-che",
-						Labels: map[string]string{
-							"app.kubernetes.io/part-of":   "che.eclipse.org",
-							"app.kubernetes.io/component": "oauth-scm-configuration",
-						},
-						Annotations: map[string]string{
-							"che.eclipse.org/oauth-scm-server": "github",
-						},
-					},
-				},
-			},
-			expectedDisableSubdomainIsolation: "true",
-		},
-		{
-			name: "Test #2",
-			cheCluster: &chev2.CheCluster{
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      "eclipse-che",
-					Namespace: "eclipse-che",
-				},
-				Spec: chev2.CheClusterSpec{
-					GitServices: chev2.CheClusterGitServices{
-						GitHub: []chev2.GitHubService{
-							{
-								DisableSubdomainIsolation: pointer.BoolPtr(false),
-								SecretName:                "github-oauth-config",
-							},
-						},
-					},
-				},
-			},
-			initObjects: []runtime.Object{
-				&corev1.Secret{
-					TypeMeta: metav1.TypeMeta{
-						Kind:       "Secret",
-						APIVersion: "v1",
-					},
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "github-oauth-config",
-						Namespace: "eclipse-che",
-						Labels: map[string]string{
-							"app.kubernetes.io/part-of":   "che.eclipse.org",
-							"app.kubernetes.io/component": "oauth-scm-configuration",
-						},
-						Annotations: map[string]string{
-							"che.eclipse.org/oauth-scm-server": "github",
-						},
-					},
-				},
-			},
-			expectedDisableSubdomainIsolation: "false",
-		},
-		{
-			name: "Test #3",
-			cheCluster: &chev2.CheCluster{
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      "eclipse-che",
-					Namespace: "eclipse-che",
-				},
-				Spec: chev2.CheClusterSpec{
-					GitServices: chev2.CheClusterGitServices{
-						GitHub: []chev2.GitHubService{
-							{
-								SecretName: "github-oauth-config",
-							},
-						},
-					},
-				},
-			},
-			initObjects: []runtime.Object{
-				&corev1.Secret{
-					TypeMeta: metav1.TypeMeta{
-						Kind:       "Secret",
-						APIVersion: "v1",
-					},
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "github-oauth-config",
-						Namespace: "eclipse-che",
-						Labels: map[string]string{
-							"app.kubernetes.io/part-of":   "che.eclipse.org",
-							"app.kubernetes.io/component": "oauth-scm-configuration",
-						},
-						Annotations: map[string]string{
-							"che.eclipse.org/oauth-scm-server": "github",
-						},
-					},
-				},
-			},
-			expectedDisableSubdomainIsolation: "",
-		},
-		{
-			name: "Test #4",
-			cheCluster: &chev2.CheCluster{
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      "eclipse-che",
-					Namespace: "eclipse-che",
-				},
-				Spec: chev2.CheClusterSpec{
-					GitServices: chev2.CheClusterGitServices{
-						GitHub: []chev2.GitHubService{
-							{
-								SecretName:                "NOT-FOUND-SECRET",
-								DisableSubdomainIsolation: pointer.BoolPtr(true),
-							},
-						},
-					},
-				},
-			},
-			initObjects: []runtime.Object{
-				&corev1.Secret{
-					TypeMeta: metav1.TypeMeta{
-						Kind:       "Secret",
-						APIVersion: "v1",
-					},
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "github-oauth-config",
-						Namespace: "eclipse-che",
-						Labels: map[string]string{
-							"app.kubernetes.io/part-of":   "che.eclipse.org",
-							"app.kubernetes.io/component": "oauth-scm-configuration",
-						},
-						Annotations: map[string]string{
-							"che.eclipse.org/oauth-scm-server": "github",
-						},
-					},
-				},
-			},
-			expectedDisableSubdomainIsolation: "",
-		},
-	}
-
-	for _, testCase := range testCases {
-		t.Run(testCase.name, func(t *testing.T) {
-			ctx := test.GetDeployContext(testCase.cheCluster, testCase.initObjects)
-
-			server := NewCheServerReconciler()
-			deployment, err := server.getDeploymentSpec(ctx)
-			assert.Nil(t, err, "Unexpected error %v", err)
-
-			container := &deployment.Spec.Template.Spec.Containers[0]
-
-			value := utils.GetEnvByName("CHE_INTEGRATION_GITHUB_DISABLE__SUBDOMAIN__ISOLATION", container.Env)
-			assert.Equal(t, testCase.expectedDisableSubdomainIsolation, value)
-		})
-	}
-}