diff --git a/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties b/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties index c539aa3054..e602f03989 100644 --- a/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties +++ b/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties @@ -22,12 +22,15 @@ che.database=${che.home}/storage che.api=http://${CHE_HOST}:${CHE_PORT}/api # API service internal network URL. Back-end services should initiate REST communications to {prod-short} server with this URL -che.api.internal=http://${CHE_HOST}:${CHE_PORT}/api +che.api.internal=NULL # {prod-short} WebSocket major endpoint. Provides basic communication endpoint # for major WebSocket interactions and messaging. che.websocket.endpoint=ws://${CHE_HOST}:${CHE_PORT}/api/websocket +# {prod-short} WebSocket major internal endpoint. Provides basic communication endpoint +# for major WebSocket interactions and messaging. +che.websocket.internal.endpoint=NULL # Your projects are synchronized from the {prod-short} server into the machine running each # workspace. This is the directory in the machine where your projects are placed. @@ -742,9 +745,9 @@ che.infra.kubernetes.async.storage.image=quay.io/eclipse/che-workspace-data-sync # key=value pairs, for example: `disktype=ssd,cpu=xlarge,foo=bar` che.workspace.pod.node_selector=NULL -# Optionally configures tolerations for workspace Pod. Format is a string representing a JSON Array of taint tolerations, -# or `NULL` to disable it. The objects contained in the array have to follow the -# link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#toleration-v1-core[toleration v1 core specifications]. +# Optionally configures tolerations for workspace Pod. Format is a string representing a JSON Array of taint tolerations, +# or `NULL` to disable it. The objects contained in the array have to follow the +# link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#toleration-v1-core[toleration v1 core specifications]. # Example: `[{"effect":"NoExecute","key":"aNodeTaint","operator":"Equal","value":"aValue"}]` che.workspace.pod.tolerations_json=NULL diff --git a/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/multiuser.properties b/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/multiuser.properties index d3cf3598e4..b88cff9ffb 100644 --- a/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/multiuser.properties +++ b/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/multiuser.properties @@ -110,7 +110,7 @@ che.keycloak.realm=che # Keycloak client identifier in `che.keycloak.realm` to authenticate users in the dashboard, the IDE, and the CLI. che.keycloak.client_id=che-public - + # URL to access OSO OAuth tokens che.keycloak.oso.endpoint=NULL diff --git a/deploy/kubernetes/helm/che/templates/configmap.yaml b/deploy/kubernetes/helm/che/templates/configmap.yaml index 5ac63297ad..7f278d8817 100644 --- a/deploy/kubernetes/helm/che/templates/configmap.yaml +++ b/deploy/kubernetes/helm/che/templates/configmap.yaml @@ -21,8 +21,6 @@ data: CHE_API: https://{{ template "cheHost" . }}/api {{- if .Values.global.useInternalClusterSVCNames }} CHE_API_INTERNAL: http://che-host.{{ .Release.Namespace }}.svc:8080/api - {{- else }} - CHE_API_INTERNAL: https://{{ template "cheHost" . }}/api {{- end }} CHE_WEBSOCKET_ENDPOINT: wss://{{ template "cheHost" . }}/api/websocket CHE_INFRA_KUBERNETES_BOOTSTRAPPER_BINARY__URL: https://{{ template "cheHost" . }}/agent-binaries/linux_amd64/bootstrapper/bootstrapper @@ -30,12 +28,14 @@ data: CHE_API: http://{{ template "cheHost" . }}/api {{- if .Values.global.useInternalClusterSVCNames }} CHE_API_INTERNAL: http://che-host.{{ .Release.Namespace }}.svc:8080/api - {{- else }} - CHE_API_INTERNAL: http://{{ template "cheHost" . }}/api {{- end }} CHE_WEBSOCKET_ENDPOINT: ws://{{ template "cheHost" . }}/api/websocket CHE_WEBSOCKET_ENDPOINT__MINOR: ws://{{ template "cheHost" . }}/api/websocket-minor CHE_INFRA_KUBERNETES_BOOTSTRAPPER_BINARY__URL: http://{{ template "cheHost" . }}/agent-binaries/linux_amd64/bootstrapper/bootstrapper +{{- end }} +{{- if .Values.global.useInternalClusterSVCNames }} + CHE_WEBSOCKET_INTERNAL_ENDPOINT: ws://che-host.{{ .Release.Namespace }}.svc:8080/api/websocket + CHE_WEBSOCKET_INTERNAL_ENDPOINT__MINOR: ws://che-host.{{ .Release.Namespace }}.svc:8080/api/websocket-minor {{- end }} CHE_DEBUG_SERVER: "true" CHE_INFRASTRUCTURE_ACTIVE: "kubernetes" @@ -54,8 +54,6 @@ data: CHE_KEYCLOAK_AUTH__SERVER__URL: {{ template "keycloakAuthUrl" . }} {{- if .Values.global.useInternalClusterSVCNames }} CHE_KEYCLOAK_AUTH__INTERNAL__SERVER__URL: http://keycloak.{{ .Release.Namespace }}.svc:5050/auth - {{- else }} - CHE_KEYCLOAK_AUTH__INTERNAL__SERVER__URL: {{ template "keycloakAuthUrl" . }} {{- end }} CHE_KEYCLOAK_REALM: {{ .Values.cheKeycloakRealm }} {{- end }} @@ -121,24 +119,18 @@ data: {{- end }} {{- if .Values.che.workspace.devfileRegistryUrl }} CHE_WORKSPACE_DEVFILE__REGISTRY__URL: {{ .Values.che.workspace.devfileRegistryUrl | quote }} - CHE_WORKSPACE_DEVFILE__REGISTRY__INTERNAL__URL: {{ .Values.che.workspace.devfileRegistryUrl | quote }} {{- else if .Values.cheDevfileRegistry.deploy }} CHE_WORKSPACE_DEVFILE__REGISTRY__URL: {{ template "devfileRegistryUrl" . }} {{- if .Values.global.useInternalClusterSVCNames }} CHE_WORKSPACE_DEVFILE__REGISTRY__INTERNAL__URL: http://devfile-registry.{{ .Release.Namespace }}.svc:8080 - {{- else }} - CHE_WORKSPACE_DEVFILE__REGISTRY__INTERNAL__URL: {{ template "devfileRegistryUrl" . }} {{- end }} {{- end }} {{- if .Values.che.workspace.pluginRegistryUrl }} CHE_WORKSPACE_PLUGIN__REGISTRY__URL: {{ .Values.che.workspace.pluginRegistryUrl | quote }} - CHE_WORKSPACE_PLUGIN__REGISTRY__INTERNAL__URL: {{ .Values.che.workspace.pluginRegistryUrl | quote }} {{- else if .Values.chePluginRegistry.deploy }} CHE_WORKSPACE_PLUGIN__REGISTRY__URL: {{ template "pluginRegistryUrl" . }} {{- if .Values.global.useInternalClusterSVCNames }} CHE_WORKSPACE_PLUGIN__REGISTRY__INTERNAL__URL: http://plugin-registry.{{ .Release.Namespace }}.svc:8080/v3 - {{- else }} - CHE_WORKSPACE_PLUGIN__REGISTRY__INTERNAL__URL: {{ template "pluginRegistryUrl" . }} {{- end }} {{- end }} {{- if .Values.che.workspace.pluginBroker }} diff --git a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/provision/KubernetesCheApiExternalEnvVarProvider.java b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/provision/KubernetesCheApiExternalEnvVarProvider.java index b414ae5b29..7e9edaf513 100644 --- a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/provision/KubernetesCheApiExternalEnvVarProvider.java +++ b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/provision/KubernetesCheApiExternalEnvVarProvider.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2018 Red Hat, Inc. + * Copyright (c) 2012-2021 Red Hat, Inc. * This program and the accompanying materials are made * available under the terms of the Eclipse Public License 2.0 * which is available at https://www.eclipse.org/legal/epl-2.0/ diff --git a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/provision/KubernetesCheApiInternalEnvVarProvider.java b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/provision/KubernetesCheApiInternalEnvVarProvider.java index 63ee78858d..db2e6ab3d3 100644 --- a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/provision/KubernetesCheApiInternalEnvVarProvider.java +++ b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/provision/KubernetesCheApiInternalEnvVarProvider.java @@ -11,11 +11,14 @@ */ package org.eclipse.che.workspace.infrastructure.kubernetes.provision; +import static com.google.common.base.Strings.isNullOrEmpty; + import javax.inject.Inject; import javax.inject.Named; import org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity; import org.eclipse.che.api.workspace.server.spi.InfrastructureException; import org.eclipse.che.api.workspace.server.spi.provision.env.CheApiInternalEnvVarProvider; +import org.eclipse.che.commons.annotation.Nullable; import org.eclipse.che.commons.lang.Pair; /** @@ -29,12 +32,15 @@ public class KubernetesCheApiInternalEnvVarProvider implements CheApiInternalEnv @Inject public KubernetesCheApiInternalEnvVarProvider( - @Named("che.api.internal") String cheServerEndpoint) { + @Nullable @Named("che.api.internal") String cheServerEndpoint) { this.cheServerEndpoint = cheServerEndpoint; } @Override public Pair get(RuntimeIdentity runtimeIdentity) throws InfrastructureException { + if (isNullOrEmpty(this.cheServerEndpoint)) { + return null; + } return Pair.of(CHE_API_INTERNAL_VARIABLE, cheServerEndpoint); } } diff --git a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/wsplugins/brokerphases/BrokerEnvironmentFactory.java b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/wsplugins/brokerphases/BrokerEnvironmentFactory.java index e04a1b57cf..83720f5bd3 100644 --- a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/wsplugins/brokerphases/BrokerEnvironmentFactory.java +++ b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/wsplugins/brokerphases/BrokerEnvironmentFactory.java @@ -85,24 +85,30 @@ public abstract class BrokerEnvironmentFactory public BrokerEnvironmentFactory( String cheWebsocketEndpoint, + String cheWebsocketInternalEndpoint, String brokerPullPolicy, AgentAuthEnableEnvVarProvider authEnableEnvVarProvider, MachineTokenEnvVarProvider machineTokenEnvVarProvider, String artifactsBrokerImage, String metadataBrokerImage, - String pluginRegistryUrl, + String pluginRegistryExternalUrl, String pluginRegistryInternalUrl, TrustedCAProvisioner trustedCAProvisioner, String certificateMountPath, CertificateProvisioner certProvisioner) { - this.cheWebsocketEndpoint = cheWebsocketEndpoint; + this.cheWebsocketEndpoint = + isNullOrEmpty(cheWebsocketInternalEndpoint) + ? cheWebsocketEndpoint + : cheWebsocketInternalEndpoint; this.brokerPullPolicy = brokerPullPolicy; this.authEnableEnvVarProvider = authEnableEnvVarProvider; this.machineTokenEnvVarProvider = machineTokenEnvVarProvider; this.artifactsBrokerImage = artifactsBrokerImage; this.metadataBrokerImage = metadataBrokerImage; this.pluginRegistryUrl = - isNullOrEmpty(pluginRegistryInternalUrl) ? pluginRegistryUrl : pluginRegistryInternalUrl; + isNullOrEmpty(pluginRegistryInternalUrl) + ? pluginRegistryExternalUrl + : pluginRegistryInternalUrl; this.trustedCAProvisioner = trustedCAProvisioner; this.certificateMountPath = certificateMountPath; this.certProvisioner = certProvisioner; diff --git a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/wsplugins/brokerphases/KubernetesBrokerEnvironmentFactory.java b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/wsplugins/brokerphases/KubernetesBrokerEnvironmentFactory.java index fd983315c5..53852f8e9e 100644 --- a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/wsplugins/brokerphases/KubernetesBrokerEnvironmentFactory.java +++ b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/wsplugins/brokerphases/KubernetesBrokerEnvironmentFactory.java @@ -35,25 +35,27 @@ public class KubernetesBrokerEnvironmentFactory @Inject public KubernetesBrokerEnvironmentFactory( @Named("che.websocket.endpoint") String cheWebsocketEndpoint, + @Nullable @Named("che.websocket.internal.endpoint") String cheWebsocketInternalEndpoint, @Named("che.workspace.plugin_broker.pull_policy") String brokerPullPolicy, @Named("che.infra.kubernetes.trusted_ca.mount_path") String certificateMountPath, AgentAuthEnableEnvVarProvider authEnableEnvVarProvider, MachineTokenEnvVarProvider machineTokenEnvVarProvider, @Named("che.workspace.plugin_broker.artifacts.image") String artifactsBrokerImage, @Named("che.workspace.plugin_broker.metadata.image") String metadataBrokerImage, - @Nullable @Named("che.workspace.plugin_registry_url") String pluginRegistryUrl, + @Nullable @Named("che.workspace.plugin_registry_url") String pluginRegistryExternalUrl, @Nullable @Named("che.workspace.plugin_registry_internal_url") String pluginRegistryInternalUrl, KubernetesTrustedCAProvisioner trustedCAProvisioner, CertificateProvisioner certProvisioner) { super( cheWebsocketEndpoint, + cheWebsocketInternalEndpoint, brokerPullPolicy, authEnableEnvVarProvider, machineTokenEnvVarProvider, artifactsBrokerImage, metadataBrokerImage, - pluginRegistryUrl, + pluginRegistryExternalUrl, pluginRegistryInternalUrl, trustedCAProvisioner, certificateMountPath, diff --git a/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/wsplugins/brokerphases/BrokerEnvironmentFactoryTest.java b/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/wsplugins/brokerphases/BrokerEnvironmentFactoryTest.java index 4816d44080..7daae2d733 100644 --- a/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/wsplugins/brokerphases/BrokerEnvironmentFactoryTest.java +++ b/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/wsplugins/brokerphases/BrokerEnvironmentFactoryTest.java @@ -72,6 +72,7 @@ public class BrokerEnvironmentFactoryTest { spy( new BrokerEnvironmentFactory( PUSH_ENDPOINT, + null, IMAGE_PULL_POLICY, authEnableEnvVarProvider, machineTokenEnvVarProvider, diff --git a/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/wsplugins/brokerphases/OpenshiftBrokerEnvironmentFactory.java b/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/wsplugins/brokerphases/OpenshiftBrokerEnvironmentFactory.java index a288cba138..db87151114 100644 --- a/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/wsplugins/brokerphases/OpenshiftBrokerEnvironmentFactory.java +++ b/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/wsplugins/brokerphases/OpenshiftBrokerEnvironmentFactory.java @@ -33,6 +33,7 @@ public class OpenshiftBrokerEnvironmentFactory @Inject public OpenshiftBrokerEnvironmentFactory( @Named("che.websocket.endpoint") String cheWebsocketEndpoint, + @Nullable @Named("che.websocket.internal.endpoint") String cheWebsocketInternalEndpoint, @Named("che.workspace.plugin_broker.pull_policy") String brokerPullPolicy, AgentAuthEnableEnvVarProvider authEnableEnvVarProvider, MachineTokenEnvVarProvider machineTokenEnvVarProvider, @@ -46,6 +47,7 @@ public class OpenshiftBrokerEnvironmentFactory OpenshiftTrustedCAProvisioner trustedCAProvisioner) { super( cheWebsocketEndpoint, + cheWebsocketInternalEndpoint, brokerPullPolicy, authEnableEnvVarProvider, machineTokenEnvVarProvider, diff --git a/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/KeycloakJwkProvider.java b/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/KeycloakJwkProvider.java index 3db151e42c..bcc0091728 100644 --- a/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/KeycloakJwkProvider.java +++ b/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/KeycloakJwkProvider.java @@ -11,6 +11,8 @@ */ package org.eclipse.che.multiuser.keycloak.server; +import static com.google.common.base.Strings.isNullOrEmpty; + import com.auth0.jwk.GuavaCachedJwkProvider; import com.auth0.jwk.JwkProvider; import com.auth0.jwk.UrlJwkProvider; @@ -27,7 +29,10 @@ public class KeycloakJwkProvider implements Provider { @Inject public KeycloakJwkProvider(OIDCInfo oidcInfo) throws MalformedURLException { - final String jwksUrl = oidcInfo.getJwksUri(); + final String jwksUrl = + isNullOrEmpty(oidcInfo.getJwksInternalUri()) + ? oidcInfo.getJwksPublicUri() + : oidcInfo.getJwksInternalUri(); if (jwksUrl == null) { throw new ConfigurationException("Jwks endpoint url not found in keycloak settings"); diff --git a/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/KeycloakProfileRetriever.java b/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/KeycloakProfileRetriever.java index 314a0c4508..e0ab9ff74a 100644 --- a/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/KeycloakProfileRetriever.java +++ b/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/KeycloakProfileRetriever.java @@ -11,6 +11,8 @@ */ package org.eclipse.che.multiuser.keycloak.server; +import static com.google.common.base.Strings.isNullOrEmpty; + import java.io.IOException; import java.util.Map; import javax.inject.Inject; @@ -37,7 +39,10 @@ public class KeycloakProfileRetriever { @Inject public KeycloakProfileRetriever(OIDCInfo oidcInfo, HttpJsonRequestFactory requestFactory) { this.requestFactory = requestFactory; - this.keyclockCurrentUserInfoUrl = oidcInfo.getUserInfoEndpoint(); + this.keyclockCurrentUserInfoUrl = + isNullOrEmpty(oidcInfo.getUserInfoInternalEndpoint()) + ? oidcInfo.getUserInfoPublicEndpoint() + : oidcInfo.getUserInfoInternalEndpoint(); } /** diff --git a/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/OIDCInfo.java b/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/OIDCInfo.java index 593a39df44..eb76cd805a 100644 --- a/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/OIDCInfo.java +++ b/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/OIDCInfo.java @@ -17,9 +17,9 @@ public class OIDCInfo { private final String tokenPublicEndpoint; private final String endSessionPublicEndpoint; private final String userInfoPublicEndpoint; - private final String userInfoEndpoint; + private final String userInfoInternalEndpoint; private final String jwksPublicUri; - private final String jwksUri; + private final String jwksInternalUri; private final String authServerURL; private final String authServerPublicURL; @@ -27,17 +27,17 @@ public class OIDCInfo { String tokenPublicEndpoint, String endSessionPublicEndpoint, String userInfoPublicEndpoint, - String userInfoEndpoint, + String userInfoInternalEndpoint, String jwksPublicUri, - String jwksUri, + String jwksInternalUri, String authServerURL, String authServerPublicURL) { this.tokenPublicEndpoint = tokenPublicEndpoint; this.endSessionPublicEndpoint = endSessionPublicEndpoint; this.userInfoPublicEndpoint = userInfoPublicEndpoint; - this.userInfoEndpoint = userInfoEndpoint; + this.userInfoInternalEndpoint = userInfoInternalEndpoint; this.jwksPublicUri = jwksPublicUri; - this.jwksUri = jwksUri; + this.jwksInternalUri = jwksInternalUri; this.authServerURL = authServerURL; this.authServerPublicURL = authServerPublicURL; @@ -58,12 +58,9 @@ public class OIDCInfo { return userInfoPublicEndpoint; } - /** - * @return url to get user profile information. Url will be internal if internal network enabled, - * otherwise url will be public. - */ - public String getUserInfoEndpoint() { - return userInfoEndpoint; + /** @return internal network url to get user profile information. */ + public String getUserInfoInternalEndpoint() { + return userInfoInternalEndpoint; } /** @return public url to retrieve JWK public key for token validation. */ @@ -71,12 +68,9 @@ public class OIDCInfo { return jwksPublicUri; } - /** - * @return url to retrieve JWK public key for token validation. Url will be internal if internal - * network enabled, otherwise url will be public. - */ - public String getJwksUri() { - return jwksUri; + /** @return internal network url to retrieve JWK public key for token validation. */ + public String getJwksInternalUri() { + return jwksInternalUri; } /** diff --git a/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/OIDCInfoProvider.java b/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/OIDCInfoProvider.java index a15537345a..ad3ab74253 100644 --- a/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/OIDCInfoProvider.java +++ b/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/OIDCInfoProvider.java @@ -86,16 +86,16 @@ public class OIDCInfoProvider implements Provider { String endSessionPublicEndpoint = setPublicUrl((String) openIdConfiguration.get("end_session_endpoint")); String jwksPublicUri = setPublicUrl((String) openIdConfiguration.get("jwks_uri")); - String jwksUri = setInternalUrl(jwksPublicUri); - String userInfoEndpoint = setInternalUrl(userInfoPublicEndpoint); + String jwksInternalUri = setInternalUrl(jwksPublicUri); + String userInfoInternalEndpoint = setInternalUrl(userInfoPublicEndpoint); return new OIDCInfo( tokenPublicEndPoint, endSessionPublicEndpoint, userInfoPublicEndpoint, - userInfoEndpoint, + userInfoInternalEndpoint, jwksPublicUri, - jwksUri, + jwksInternalUri, serverAuthUrl, serverURL); } catch (IOException e) { @@ -136,7 +136,7 @@ public class OIDCInfoProvider implements Provider { if (serverURL != null && serverInternalURL != null) { return endpointUrl.replace(serverURL, serverInternalURL); } - return endpointUrl; + return null; } private String setPublicUrl(String endpointUrl) { diff --git a/multiuser/keycloak/che-multiuser-keycloak-server/src/test/java/org/eclipse/che/multiuser/keycloak/server/OIDCInfoProviderTest.java b/multiuser/keycloak/che-multiuser-keycloak-server/src/test/java/org/eclipse/che/multiuser/keycloak/server/OIDCInfoProviderTest.java index 3ffa44da92..815c7a4266 100644 --- a/multiuser/keycloak/che-multiuser-keycloak-server/src/test/java/org/eclipse/che/multiuser/keycloak/server/OIDCInfoProviderTest.java +++ b/multiuser/keycloak/che-multiuser-keycloak-server/src/test/java/org/eclipse/che/multiuser/keycloak/server/OIDCInfoProviderTest.java @@ -17,6 +17,7 @@ import static com.github.tomakehurst.wiremock.client.WireMock.stubFor; import static com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo; import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig; import static org.testng.Assert.assertEquals; +import static org.testng.Assert.assertNull; import com.github.tomakehurst.wiremock.WireMockServer; import com.github.tomakehurst.wiremock.client.WireMock; @@ -110,12 +111,8 @@ public class OIDCInfoProviderTest { assertEquals( serverUrl + "/realms/" + CHE_REALM + "/protocol/openid-connect/logout", oidcInfo.getEndSessionPublicEndpoint()); - assertEquals( - serverUrl + "/realms/" + CHE_REALM + "/protocol/openid-connect/userinfo", - oidcInfo.getUserInfoEndpoint()); - assertEquals( - serverUrl + "/realms/" + CHE_REALM + "/protocol/openid-connect/certs", - oidcInfo.getJwksUri()); + assertNull(oidcInfo.getUserInfoInternalEndpoint()); + assertNull(oidcInfo.getJwksInternalUri()); } @Test @@ -174,10 +171,10 @@ public class OIDCInfoProviderTest { assertEquals( serverUrl + "/realms/" + CHE_REALM + "/protocol/openid-connect/certs", - oidcInfo.getJwksUri()); + oidcInfo.getJwksInternalUri()); assertEquals( serverUrl + "/realms/" + CHE_REALM + "/protocol/openid-connect/userinfo", - oidcInfo.getUserInfoEndpoint()); + oidcInfo.getUserInfoInternalEndpoint()); assertEquals(serverUrl, oidcInfo.getAuthServerURL()); } @@ -239,10 +236,10 @@ public class OIDCInfoProviderTest { assertEquals( serverInternalUrl + "/realms/" + CHE_REALM + "/protocol/openid-connect/certs", - oidcInfo.getJwksUri()); + oidcInfo.getJwksInternalUri()); assertEquals( serverInternalUrl + "/realms/" + CHE_REALM + "/protocol/openid-connect/userinfo", - oidcInfo.getUserInfoEndpoint()); + oidcInfo.getUserInfoInternalEndpoint()); assertEquals(serverInternalUrl, oidcInfo.getAuthServerURL()); assertEquals(serverPublicUrl, oidcInfo.getAuthServerPublicURL()); @@ -271,10 +268,10 @@ public class OIDCInfoProviderTest { oidcInfo.getEndSessionPublicEndpoint()); assertEquals( serverUrl + "/realms/" + CHE_REALM + "/protocol/openid-connect/userinfo", - oidcInfo.getUserInfoEndpoint()); + oidcInfo.getUserInfoInternalEndpoint()); assertEquals( serverUrl + "/realms/" + CHE_REALM + "/protocol/openid-connect/certs", - oidcInfo.getJwksUri()); + oidcInfo.getJwksInternalUri()); } @Test( diff --git a/wsmaster/che-core-api-workspace/src/main/java/org/eclipse/che/api/workspace/server/spi/provision/env/CheApiEnvVarProvider.java b/wsmaster/che-core-api-workspace/src/main/java/org/eclipse/che/api/workspace/server/spi/provision/env/CheApiEnvVarProvider.java index b6c4a2a68a..1558f0200e 100644 --- a/wsmaster/che-core-api-workspace/src/main/java/org/eclipse/che/api/workspace/server/spi/provision/env/CheApiEnvVarProvider.java +++ b/wsmaster/che-core-api-workspace/src/main/java/org/eclipse/che/api/workspace/server/spi/provision/env/CheApiEnvVarProvider.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2018 Red Hat, Inc. + * Copyright (c) 2012-2021 Red Hat, Inc. * This program and the accompanying materials are made * available under the terms of the Eclipse Public License 2.0 * which is available at https://www.eclipse.org/legal/epl-2.0/ @@ -32,10 +32,14 @@ public class CheApiEnvVarProvider implements EnvVarProvider { public static final String CHE_API_VARIABLE = "CHE_API"; private final CheApiInternalEnvVarProvider cheApiInternalEnvVarProvider; + private final CheApiExternalEnvVarProvider cheApiExternalEnvVarProvider; @Inject - public CheApiEnvVarProvider(CheApiInternalEnvVarProvider cheApiInternalEnvVarProvider) { + public CheApiEnvVarProvider( + CheApiInternalEnvVarProvider cheApiInternalEnvVarProvider, + CheApiExternalEnvVarProvider cheApiExternalEnvVarProvider) { this.cheApiInternalEnvVarProvider = cheApiInternalEnvVarProvider; + this.cheApiExternalEnvVarProvider = cheApiExternalEnvVarProvider; } /** @@ -45,6 +49,9 @@ public class CheApiEnvVarProvider implements EnvVarProvider { */ @Override public Pair get(RuntimeIdentity runtimeIdentity) throws InfrastructureException { - return Pair.of(CHE_API_VARIABLE, cheApiInternalEnvVarProvider.get(runtimeIdentity).second); + if (cheApiInternalEnvVarProvider.get(runtimeIdentity) != null) { + return Pair.of(CHE_API_VARIABLE, cheApiInternalEnvVarProvider.get(runtimeIdentity).second); + } + return Pair.of(CHE_API_VARIABLE, cheApiExternalEnvVarProvider.get(runtimeIdentity).second); } }