* Fix the oauth_provision file for CRW
- Replaces `jq` tool calls by equivalent `sed` calls
- Moves the `xxx_provision` files out of `deploy` (more for yamls) (should fix new issue https://issues.jboss.org/browse/CRW-482 at the same time)
- Replace a hard-coded value of the clientId (`che-public`) in the `token-exchange` feature on CRW
- Correctly enables the RHSSO preview features required for `token-exchange` (the way to activate them slightly differs from the upstream Che case)
Signed-off-by: David Festal <dfestal@redhat.com>
* Add openapi gen flags
* Get code to compile with new OpenApi field names
Signed-off-by: Tom George <tg82490@gmail.com>
* Complete the doc & fix optional management
* Rename the CRD to the initial name.
* Correctly update the CRD file
* remove unused and error-prone CRD file
* Update OLM packages with new OpenApi defs
Signed-off-by: David Festal <dfestal@redhat.com>
* Enable the `token-exchange` preview KC feature
* Add what should be done on the Che side
* Automatic token-exchange permissions config
* fix oauth provision script
* Fail-safe removal of the `openshift` id provider
* Fix possible inconsistencies in OS OAuth status
* Update README.md according to suggestion
Co-Authored-By: Robert Krátký <rkratky@redhat.com>
Signed-off-by: David Festal <dfestal@redhat.com>
* Make the OS 4 API url retrieval more robust
Signed-off-by: David Festal <dfestal@redhat.com>
* Fix a bug when removing openshift v4 provider
On Openshift arbitrary user mode.
Signed-off-by: David Festal <dfestal@redhat.com>
* Roll-update Keycloak when certificates changed
Signed-off-by: David Festal <dfestal@redhat.com>
* Don't loose the controller ref on Keycloak update
Signed-off-by: David Festal <dfestal@redhat.com>
* Remove the finalizer when disabling OS OAuth
Signed-off-by: David Festal <dfestal@redhat.com>
* Upgrade defaults to `7.0.0-RC-2.0`
Signed-off-by: David Festal <dfestal@redhat.com>
* fix wrong whitespaces
Signed-off-by: David Festal <dfestal@redhat.com>
* Support the new `openshift-v4` identity provider
* Add permissions for the Openshift v4 provider and reduce
the requested permissions to manage the OAuth client
* Use `7.0.0-beta-5.0` Keycloak docker image
* use `/scripts` as home dir for `kcadm`
* Add `runAsUser` on Postgres for k8s
* Update k8s security context from upstream
* update the CR with security context settings
* Fix a bug with `openshiftoAuth: true` on K8S
Signed-off-by: David Festal <dfestal@redhat.com>
Anatoliy Bazko