Fixx after suggestions
Signed-off-by: Flavius Lacatusu <flacatus@redhat.com>pull/670/head
Flavius Lacatusu
parent
04ad1777e5
commit
f0317c0634
|
|
@ -27,7 +27,7 @@ overrideDefaults() {
|
|||
runTests() {
|
||||
"${OPERATOR_REPO}"/olm/testUpdate.sh "openshift" "stable" ${NAMESPACE}
|
||||
waitEclipseCheDeployed ${LAST_PACKAGE_VERSION}
|
||||
oauthProvisioned
|
||||
provisionOAuth
|
||||
provisionPostgres
|
||||
startNewWorkspace
|
||||
waitWorkspaceStart
|
||||
|
|
@ -35,6 +35,6 @@ runTests() {
|
|||
|
||||
init
|
||||
overrideDefaults
|
||||
provisionOpenshiftUsers
|
||||
provisionOpenShiftOAuthUser
|
||||
initStableTemplates "openshift" "stable"
|
||||
runTests
|
||||
|
|
|
|||
|
|
@ -30,22 +30,21 @@ trap "catchFinish" EXIT SIGINT
|
|||
overrideDefaults() {
|
||||
# CI_CHE_OPERATOR_IMAGE it is che operator image builded in openshift CI job workflow. More info about how works image dependencies in ci:https://github.com/openshift/ci-tools/blob/master/TEMPLATES.md#parameters-available-to-templates
|
||||
export OPERATOR_IMAGE=${CI_CHE_OPERATOR_IMAGE:-"quay.io/eclipse/che-operator:nightly"}
|
||||
export OAUTH="true"
|
||||
}
|
||||
|
||||
runTests() {
|
||||
# Deploy Eclipse Che applying CR
|
||||
applyOlmCR
|
||||
waitEclipseCheDeployed "nightly"
|
||||
oauthProvisioned
|
||||
provisionOAuth
|
||||
provisionPostgres
|
||||
startNewWorkspace
|
||||
waitWorkspaceStart
|
||||
}
|
||||
|
||||
init
|
||||
provisionOpenshiftUsers
|
||||
overrideDefaults
|
||||
provisionOpenShiftOAuthUser
|
||||
patchEclipseCheOperatorSubscription
|
||||
printOlmCheObjects
|
||||
runTests
|
||||
|
|
|
|||
|
|
@ -31,14 +31,13 @@ overrideDefaults() {
|
|||
# CI_CHE_OPERATOR_IMAGE it is che operator image builded in openshift CI job workflow. More info about how works image dependencies in ci:https://github.com/openshift/ci-tools/blob/master/TEMPLATES.md#parameters-available-to-templates
|
||||
export OPERATOR_IMAGE=${CI_CHE_OPERATOR_IMAGE:-"quay.io/eclipse/che-operator:nightly"}
|
||||
export CHE_EXPOSURE_STRATEGY="single-host"
|
||||
export OAUTH="true"
|
||||
}
|
||||
|
||||
runTests() {
|
||||
# Deploy Eclipse Che applying CR
|
||||
applyOlmCR
|
||||
waitEclipseCheDeployed "nightly"
|
||||
oauthProvisioned
|
||||
provisionOAuth
|
||||
provisionPostgres
|
||||
startNewWorkspace
|
||||
waitWorkspaceStart
|
||||
|
|
@ -46,7 +45,7 @@ runTests() {
|
|||
|
||||
init
|
||||
overrideDefaults
|
||||
provisionOpenshiftUsers
|
||||
provisionOpenShiftOAuthUser
|
||||
patchEclipseCheOperatorSubscription
|
||||
printOlmCheObjects
|
||||
runTests
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ init() {
|
|||
export OPERATOR_IMAGE="quay.io/eclipse/che-operator:test"
|
||||
export DEFAULT_DEVFILE="https://raw.githubusercontent.com/eclipse/che-devfile-registry/master/devfiles/quarkus/devfile.yaml"
|
||||
export CHE_EXPOSURE_STRATEGY="multi-host"
|
||||
export OAUTH="false"
|
||||
export OAUTH="true"
|
||||
|
||||
export XDG_DATA_HOME=/tmp/xdg_data
|
||||
export XDG_CACHE_HOME=/tmp/xdg_cache
|
||||
|
|
@ -309,7 +309,7 @@ applyOlmCR() {
|
|||
}
|
||||
|
||||
# Create admin user inside of openshift cluster and login
|
||||
function provisionOpenshiftUsers() {
|
||||
function provisionOpenShiftOAuthUser() {
|
||||
oc create secret generic htpass-secret --from-file=htpasswd="${OPERATOR_REPO}"/.github/bin/resources/users.htpasswd -n openshift-config
|
||||
oc apply -f "${OPERATOR_REPO}"/.github/bin/resources/htpasswdProvider.yaml
|
||||
oc adm policy add-cluster-role-to-user cluster-admin user
|
||||
|
|
|
|||
|
|
@ -16,12 +16,14 @@ set -o pipefail
|
|||
set -u
|
||||
|
||||
# Link ocp account with Keycloak IDP
|
||||
function oauthProvisioned() {
|
||||
function provisionOAuth() {
|
||||
OCP_USER_UID=$(oc get user user -o=jsonpath='{.metadata.uid}')
|
||||
|
||||
IDP_USER="admin"
|
||||
# Get Eclipse Che IDP secrets and decode to use to connect to IDP
|
||||
IDP_PASSWORD=$(oc get secret che-identity-secret -n eclipse-che -o=jsonpath='{.data.password}' | base64 --decode)
|
||||
|
||||
# Get Auth Route
|
||||
if [[ "${CHE_EXPOSURE_STRATEGY}" == "single-host" ]]; then
|
||||
IDP_HOST="https://"$(oc get route che -n eclipse-che -o=jsonpath='{.spec.host}')
|
||||
fi
|
||||
|
|
@ -30,24 +32,28 @@ function oauthProvisioned() {
|
|||
IDP_HOST="https://"$(oc get route keycloak -n eclipse-che -o=jsonpath='{.spec.host}')
|
||||
fi
|
||||
|
||||
# Get the oauth client from Eclipse Che Custom Resource
|
||||
OAUTH_CLIENT_NAME=$(oc get checluster eclipse-che -n eclipse-che -o=jsonpath='{.spec.auth.oAuthClientName}')
|
||||
|
||||
TOKEN_RESULT=$(curl -k --location --request POST ''$IDP_HOST'/auth/realms/master/protocol/openid-connect/token' \
|
||||
# Obtain from Keycloak the token to make api request authentication
|
||||
IDP_TOKEN=$(curl -k --location --request POST ''$IDP_HOST'/auth/realms/master/protocol/openid-connect/token' \
|
||||
--header 'Content-Type: application/x-www-form-urlencoded' \
|
||||
--data-urlencode 'username=admin' \
|
||||
--data-urlencode 'password='$IDP_PASSWORD'' \
|
||||
--data-urlencode 'grant_type=password' \
|
||||
--data-urlencode 'client_id=admin-cli' | jq -r .access_token)
|
||||
|
||||
echo -e "[INFO] Token: $TOKEN_RESULT"
|
||||
echo -e "[INFO] IDP Token: $IDP_TOKEN"
|
||||
|
||||
USER_ID=$(curl --location -k --request GET ''$IDP_HOST'/auth/admin/realms/che/users' \
|
||||
--header 'Authorization: Bearer '$TOKEN_RESULT'' | jq -r '.[] | select(.username == "admin").id' )
|
||||
# Get admin user id from IDP
|
||||
CHE_USER_ID=$(curl --location -k --request GET ''$IDP_HOST'/auth/admin/realms/che/users' \
|
||||
--header 'Authorization: Bearer '$IDP_TOKEN'' | jq -r '.[] | select(.username == "admin").id' )
|
||||
|
||||
echo -e "[INFO] user id: $USER_ID"
|
||||
echo -e "[INFO] Eclipse CHE user ID: $CHE_USER_ID"
|
||||
|
||||
curl --location -k --request POST ''$IDP_HOST'/auth/admin/realms/che/users/'$USER_ID'/federated-identity/openshift-v4' \
|
||||
--header 'Authorization: Bearer '$TOKEN_RESULT'' \
|
||||
# Request to link Openshift user with Identity Provider user. In this case we are linked an existed user in IDP
|
||||
curl --location -k --request POST ''$IDP_HOST'/auth/admin/realms/che/users/'$CHE_USER_ID'/federated-identity/openshift-v4' \
|
||||
--header 'Authorization: Bearer '$IDP_TOKEN'' \
|
||||
--header 'Content-Type: application/json' \
|
||||
--data '{
|
||||
"identityProvider": "openshift-v4",
|
||||
|
|
@ -55,6 +61,7 @@ function oauthProvisioned() {
|
|||
"userName": "admin"
|
||||
}'
|
||||
|
||||
# Create OAuthClientAuthorization object for Eclipse Che in Cluster.
|
||||
OAUTHCLIENTAuthorization=$(
|
||||
oc create -f - -o jsonpath='{.metadata.name}' <<EOF
|
||||
apiVersion: oauth.openshift.io/v1
|
||||
|
|
@ -69,12 +76,8 @@ scopes:
|
|||
- 'user:full'
|
||||
EOF
|
||||
)
|
||||
|
||||
# Create SQL script
|
||||
echo -e "Created authorization client: $OAUTHCLIENTAuthorization"
|
||||
}
|
||||
|
||||
# Insert in Keycloak Database openshift token after linking ocp user with IDP user
|
||||
function provisionPostgres() {
|
||||
cat << 'EOF' > path.sql
|
||||
UPDATE federated_identity SET token ='{"access_token":"INSERT_TOKEN_HERE","expires_in":86400,"scope":"user:full","token_type":"Bearer"}'
|
||||
WHERE federated_username = 'admin'
|
||||
|
|
@ -83,8 +86,8 @@ EOF
|
|||
TOKEN=$(oc whoami -t)
|
||||
sed -i "s|INSERT_TOKEN_HERE|$TOKEN|g" path.sql
|
||||
|
||||
# Insert sql script inside of postgres and execute it.
|
||||
POSTGRES_POD=$(oc get pods -o json -n eclipse-che | jq -r '.items[] | select(.metadata.name | test("postgres-")).metadata.name')
|
||||
|
||||
oc cp path.sql "${POSTGRES_POD}":/tmp/ -n eclipse-che
|
||||
oc exec -it "${POSTGRES_POD}" -n eclipse-che -- bash -c "psql -U postgres -d keycloak -d keycloak -f /tmp/path.sql"
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue