* Fix the oauth_provision file for CRW
- Replaces `jq` tool calls by equivalent `sed` calls
- Moves the `xxx_provision` files out of `deploy` (more for yamls) (should fix new issue https://issues.jboss.org/browse/CRW-482 at the same time)
- Replace a hard-coded value of the clientId (`che-public`) in the `token-exchange` feature on CRW
- Correctly enables the RHSSO preview features required for `token-exchange` (the way to activate them slightly differs from the upstream Che case)
Signed-off-by: David Festal <dfestal@redhat.com>
* Add openapi gen flags
* Get code to compile with new OpenApi field names
Signed-off-by: Tom George <tg82490@gmail.com>
* Complete the doc & fix optional management
* Rename the CRD to the initial name.
* Correctly update the CRD file
* remove unused and error-prone CRD file
* Update OLM packages with new OpenApi defs
Signed-off-by: David Festal <dfestal@redhat.com>
* Enable the `token-exchange` preview KC feature
* Add what should be done on the Che side
* Automatic token-exchange permissions config
* fix oauth provision script
* Fail-safe removal of the `openshift` id provider
* Fix possible inconsistencies in OS OAuth status
* Update README.md according to suggestion
Co-Authored-By: Robert Krátký <rkratky@redhat.com>
Signed-off-by: David Festal <dfestal@redhat.com>
* First round of impl in the Go code
* Correct management of the status
* Add `users` permisions in cluster role
* Upgrade `operator-sdk` CLI pre-req to `v0.10.0`
* Produce a CSV diff to help reviews
* fix trailing spaces that break `gen-csv` desc mgt
* Update nightly CSVs
* Add the new OLM descriptors in the new nightly CSVs
Signed-off-by: David Festal <dfestal@redhat.com>
* Make the example CR consistent with OLM files
* Add nighty registry images in the last nightly CSV for the `nightly` channel of the openshift preview OLM package
Signed-off-by: David Festal <dfestal@redhat.com>
Implementation of issue https://github.com/eclipse/che/issues/13780
* complete cluster role
* update operator.yaml
* Add OLM files for openshift in beta-5 state
* Add RC 2 release CSV
* Reordered beta 5 csv in alphabetic order
* Add first bits of OLM files management
* lowercase `RC` and remove readiness probe
* pre-release (with `rc-2.0`) and nightly channels
* Add the kubernetes version of the OLM package
* Adding operator sources
* `OperatorSource`s should be in distinct namespaces
* Change proposed by @l0rd
* scripts to update nightly CSVs
* script to release OLM files
* Add the script to push OLM files as Quay apps
* Add script to prepare `community-operators` PRs
* script to release the operator Go code
* Rename `*-test-*` to `*-preview-*` and rename the `pre-releases` channel to `stable`
* `9.9.9` as semver-compliant prefix for nightlies
Signed-off-by: David Festal <dfestal@redhat.com>
* Support the new `openshift-v4` identity provider
* Add permissions for the Openshift v4 provider and reduce
the requested permissions to manage the OAuth client
* Add field for workspace cluster role to operator
* Update Che controller test to verify custom role.
Signed-off-by: John Collier <John.J.Collier@ibm.com>
* Use `7.0.0-beta-5.0` Keycloak docker image
* use `/scripts` as home dir for `kcadm`
* Add `runAsUser` on Postgres for k8s
* Update k8s security context from upstream
* update the CR with security context settings
* Fix a bug with `openshiftoAuth: true` on K8S
Signed-off-by: David Festal <dfestal@redhat.com>
David Festal