From 3b5da630173d6adbeccc0fd20b69306d866bb67a Mon Sep 17 00:00:00 2001 From: xbaran4 Date: Mon, 11 Oct 2021 21:47:13 +0200 Subject: [PATCH 1/3] feat: added label and annotation for git credentials secret Signed-off-by: xbaran4 --- .../KubernetesGitCredentialManager.java | 15 ++++++++++++--- .../secret/KubernetesSecretAnnotationNames.java | 7 +++++++ 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesGitCredentialManager.java b/infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesGitCredentialManager.java index 2e927df7d2..0bf1ad4929 100644 --- a/infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesGitCredentialManager.java +++ b/infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesGitCredentialManager.java @@ -14,9 +14,11 @@ package org.eclipse.che.api.factory.server.scm.kubernetes; import static java.lang.String.format; import static java.nio.charset.StandardCharsets.UTF_8; import static org.eclipse.che.workspace.infrastructure.kubernetes.provision.secret.KubernetesSecretAnnotationNames.ANNOTATION_AUTOMOUNT; +import static org.eclipse.che.workspace.infrastructure.kubernetes.provision.secret.KubernetesSecretAnnotationNames.ANNOTATION_DEV_WORKSPACE_MOUNT_PATH; import static org.eclipse.che.workspace.infrastructure.kubernetes.provision.secret.KubernetesSecretAnnotationNames.ANNOTATION_GIT_CREDENTIALS; import static org.eclipse.che.workspace.infrastructure.kubernetes.provision.secret.KubernetesSecretAnnotationNames.ANNOTATION_MOUNT_AS; import static org.eclipse.che.workspace.infrastructure.kubernetes.provision.secret.KubernetesSecretAnnotationNames.ANNOTATION_MOUNT_PATH; +import static org.eclipse.che.workspace.infrastructure.kubernetes.provision.secret.KubernetesSecretAnnotationNames.DEV_WORKSPACE_PREFIX; import com.google.common.collect.ImmutableMap; import io.fabric8.kubernetes.api.model.ObjectMeta; @@ -54,18 +56,25 @@ public class KubernetesGitCredentialManager implements GitCredentialManager { public static final String ANNOTATION_SCM_URL = "che.eclipse.org/scm-url"; public static final String ANNOTATION_SCM_USERNAME = "che.eclipse.org/scm-username"; public static final String ANNOTATION_CHE_USERID = "che.eclipse.org/che-userid"; + public static final String CREDENTIALS_MOUNT_PATH = "/home/theia/.git-credentials"; private static final Map LABELS = ImmutableMap.of( - "app.kubernetes.io/part-of", "che.eclipse.org", - "app.kubernetes.io/component", "workspace-secret"); + "app.kubernetes.io/part-of", + "che.eclipse.org", + "app.kubernetes.io/component", + "workspace-secret", + DEV_WORKSPACE_PREFIX + "/git-credential", + "true"); static final Map DEFAULT_SECRET_ANNOTATIONS = ImmutableMap.of( ANNOTATION_AUTOMOUNT, "true", ANNOTATION_MOUNT_PATH, - "/home/theia/.git-credentials", + CREDENTIALS_MOUNT_PATH, + ANNOTATION_DEV_WORKSPACE_MOUNT_PATH, + CREDENTIALS_MOUNT_PATH, ANNOTATION_MOUNT_AS, "file", ANNOTATION_GIT_CREDENTIALS, diff --git a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/provision/secret/KubernetesSecretAnnotationNames.java b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/provision/secret/KubernetesSecretAnnotationNames.java index 62d385309c..b1fd1407e4 100644 --- a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/provision/secret/KubernetesSecretAnnotationNames.java +++ b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/provision/secret/KubernetesSecretAnnotationNames.java @@ -42,5 +42,12 @@ public class KubernetesSecretAnnotationNames { /** For 'env' type secrets defines the environment variable name template to mount secret with */ public static final String ANNOTATION_ENV_NAME_TEMPLATE = ANNOTATION_PREFIX + "/%s_" + "env-name"; + /** Common prefix for annotations associated with devworkspaces */ + public static final String DEV_WORKSPACE_PREFIX = "controller.devfile.io"; + + /** For 'file' type secrets defines the path where ih should be mount */ + public static final String ANNOTATION_DEV_WORKSPACE_MOUNT_PATH = + DEV_WORKSPACE_PREFIX + "/" + "mount-path"; + private KubernetesSecretAnnotationNames() {} } From 75ed9268b412a1dcca181303b5c804d656a9258b Mon Sep 17 00:00:00 2001 From: xbaran4 Date: Wed, 13 Oct 2021 11:39:37 +0200 Subject: [PATCH 2/3] feat: moved label and annotation to secret creation Signed-off-by: xbaran4 --- .../KubernetesGitCredentialManager.java | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesGitCredentialManager.java b/infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesGitCredentialManager.java index 0bf1ad4929..f61e68876a 100644 --- a/infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesGitCredentialManager.java +++ b/infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesGitCredentialManager.java @@ -57,15 +57,14 @@ public class KubernetesGitCredentialManager implements GitCredentialManager { public static final String ANNOTATION_SCM_USERNAME = "che.eclipse.org/scm-username"; public static final String ANNOTATION_CHE_USERID = "che.eclipse.org/che-userid"; public static final String CREDENTIALS_MOUNT_PATH = "/home/theia/.git-credentials"; - + public static final String LABEL_DEV_WORKSPACE_CREDENTIAL = + DEV_WORKSPACE_PREFIX + "/git-credential"; private static final Map LABELS = ImmutableMap.of( "app.kubernetes.io/part-of", "che.eclipse.org", "app.kubernetes.io/component", - "workspace-secret", - DEV_WORKSPACE_PREFIX + "/git-credential", - "true"); + "workspace-secret"); static final Map DEFAULT_SECRET_ANNOTATIONS = ImmutableMap.of( @@ -73,8 +72,6 @@ public class KubernetesGitCredentialManager implements GitCredentialManager { "true", ANNOTATION_MOUNT_PATH, CREDENTIALS_MOUNT_PATH, - ANNOTATION_DEV_WORKSPACE_MOUNT_PATH, - CREDENTIALS_MOUNT_PATH, ANNOTATION_MOUNT_AS, "file", ANNOTATION_GIT_CREDENTIALS, @@ -133,11 +130,16 @@ public class KubernetesGitCredentialManager implements GitCredentialManager { annotations.put(ANNOTATION_SCM_URL, personalAccessToken.getScmProviderUrl()); annotations.put(ANNOTATION_SCM_USERNAME, personalAccessToken.getScmUserName()); annotations.put(ANNOTATION_CHE_USERID, personalAccessToken.getCheUserId()); + annotations.put(ANNOTATION_DEV_WORKSPACE_MOUNT_PATH, CREDENTIALS_MOUNT_PATH); + // Adding devworkspace label here and not in the default map, + // in case of a secret from previous version that does not have it + Map labels = new HashMap<>(LABELS); + labels.put(LABEL_DEV_WORKSPACE_CREDENTIAL, "true"); ObjectMeta meta = new ObjectMetaBuilder() .withName(NameGenerator.generate(NAME_PATTERN, 5)) .withAnnotations(annotations) - .withLabels(LABELS) + .withLabels(labels) .build(); return new SecretBuilder().withMetadata(meta).build(); }); From 8a3121784042c133a0a29e5098609d98ffce8513 Mon Sep 17 00:00:00 2001 From: xbaran4 Date: Tue, 19 Oct 2021 11:10:07 +0200 Subject: [PATCH 3/3] refactor: moved label and annotation to static maps Signed-off-by: xbaran4 --- .../KubernetesGitCredentialManager.java | 38 +++++++++---------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesGitCredentialManager.java b/infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesGitCredentialManager.java index f61e68876a..3b763c4ea6 100644 --- a/infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesGitCredentialManager.java +++ b/infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesGitCredentialManager.java @@ -59,23 +59,26 @@ public class KubernetesGitCredentialManager implements GitCredentialManager { public static final String CREDENTIALS_MOUNT_PATH = "/home/theia/.git-credentials"; public static final String LABEL_DEV_WORKSPACE_CREDENTIAL = DEV_WORKSPACE_PREFIX + "/git-credential"; - private static final Map LABELS = + + // Labels that that are use to search for already existing secret. + private static final Map SEARCH_LABELS = ImmutableMap.of( - "app.kubernetes.io/part-of", - "che.eclipse.org", - "app.kubernetes.io/component", - "workspace-secret"); + "app.kubernetes.io/part-of", "che.eclipse.org", + "app.kubernetes.io/component", "workspace-secret"); + // Labels that will be added to newly created secret. + private static final Map NEW_SECRET_LABELS = + ImmutableMap.builder() + .putAll(SEARCH_LABELS) + .put(LABEL_DEV_WORKSPACE_CREDENTIAL, "true") + .build(); static final Map DEFAULT_SECRET_ANNOTATIONS = ImmutableMap.of( - ANNOTATION_AUTOMOUNT, - "true", - ANNOTATION_MOUNT_PATH, - CREDENTIALS_MOUNT_PATH, - ANNOTATION_MOUNT_AS, - "file", - ANNOTATION_GIT_CREDENTIALS, - "true"); + ANNOTATION_AUTOMOUNT, "true", + ANNOTATION_MOUNT_PATH, CREDENTIALS_MOUNT_PATH, + ANNOTATION_MOUNT_AS, "file", + ANNOTATION_GIT_CREDENTIALS, "true", + ANNOTATION_DEV_WORKSPACE_MOUNT_PATH, CREDENTIALS_MOUNT_PATH); private final KubernetesNamespaceFactory namespaceFactory; private final KubernetesClientFactory clientFactory; @@ -99,7 +102,7 @@ public class KubernetesGitCredentialManager implements GitCredentialManager { client .secrets() .inNamespace(namespace) - .withLabels(LABELS) + .withLabels(SEARCH_LABELS) .list() .getItems() .stream() @@ -130,16 +133,11 @@ public class KubernetesGitCredentialManager implements GitCredentialManager { annotations.put(ANNOTATION_SCM_URL, personalAccessToken.getScmProviderUrl()); annotations.put(ANNOTATION_SCM_USERNAME, personalAccessToken.getScmUserName()); annotations.put(ANNOTATION_CHE_USERID, personalAccessToken.getCheUserId()); - annotations.put(ANNOTATION_DEV_WORKSPACE_MOUNT_PATH, CREDENTIALS_MOUNT_PATH); - // Adding devworkspace label here and not in the default map, - // in case of a secret from previous version that does not have it - Map labels = new HashMap<>(LABELS); - labels.put(LABEL_DEV_WORKSPACE_CREDENTIAL, "true"); ObjectMeta meta = new ObjectMetaBuilder() .withName(NameGenerator.generate(NAME_PATTERN, 5)) .withAnnotations(annotations) - .withLabels(labels) + .withLabels(NEW_SECRET_LABELS) .build(); return new SecretBuilder().withMetadata(meta).build(); });