Basic support of the Eclipse Ceylon language support, with the following features:
- language description,
- syntax highlighting,
- project creation.
Signed-off-by: David Festal <dfestal@redhat.com>
* Support private docker registry in Che on Kubernetes / Openshift : related to issue https://github.com/redhat-developer/rh-che/issues/680
* Extract the `AuthConfig` and related classes to a new module
Signed-off-by: David Festal <dfestal@redhat.com>
* Improve wsmaster OpenIdConnect configurability, and helm deployment scripts
- Make username claim configurable in cases
Oidc provider does not support the default claim (default is "preferred_user")
- Introduce fallback for username (issuer+subject) if the username claim is not present
in the token
- Extend helm scripts to take customOidcProvider and customOidcUsernameClaim
parameters into account when deploying che master.
- Introduce cheDedicatedKeycloak global param, conditioning if dedicated che
keycloak server should be deployed, and waited on by the master.
- default value for cheDedicatedKeycloak (if not defined) is true
if the cheDedicatedKeycloak parameter is defined and is false,
customOidcProvicer must be supplied, when using multiuser mode.
Signed-off-by: Sergey Kuperman <sergey.kuperman@sap.com>
* Code review fixes
Remove the extra if condition in configmap.yaml
Remove extra line in requirements.yaml
fix typo in deployment.yaml
* Add che.keycloak.username_claim property as NULL into multiuser.properties
* Simplify helm conditions, when deploying che master with or without keycloak
if multiuser = true, and .Values.customOidcProvider was supplied, assumption is that
we work with no keycloak (no waiting in deployment)
global.cheDedicatedKeycloak is still needed as separate variable for requirements.yaml to determine whether keycloak chart should be installed
so for keycloak deployment, no parameters need to be passed beside global.multiuser=true,
for custom OIDC :
.Values.customOidcProvider=http://url, and global.cheDedicatedKeycloak=false
both need to be set
* Support identity provider token retrieval in both JSON or URL formats.
That's required because some identity providers (such a `openshift-v3`)
correctly return the token information in JSON, as expected. So
switching to the url-based syntax should only used when the returned
json is invalid.
Signed-off-by: David Festal <dfestal@redhat.com>
* Introduce an `OpenShiftClientConfigFactory` to allow customizing the OpenShift config returned according to the current context (workspace ID, current user)
Signed-off-by: David Festal <dfestal@redhat.com>
* Openshift Infra + Multi-user => allow using OpenShift identity provider to connect to openshift with the OS oauth token of the current Che user.
This introduces a new property:
`che.infra.openshift.oauth_identity_provider`
Signed-off-by: David Festal <dfestal@redhat.com>
* Notify the user when a workspace cannot be started from the nav bar.
Signed-off-by: David Festal <dfestal@redhat.com>
* Add the ability to install the Openshift certificate into Keycloak
Signed-off-by: David Festal <dfestal@redhat.com>
* Add a yaml file to provide the openshift certificate as a secret,
in case it has to be installed into the dedicated Keycloak server.
Then the commands to install Che multiuser on Minishift with this
certificate are:
```
oc new-project che
oc process -f multi/openshift-certificate-secret.yaml -p
CERTIFICATE="$(minishift ssh docker exec origin /bin/cat
./openshift.local.config/master/ca.crt)" | oc apply -f -; \
oc new-app -f multi/postgres-template.yaml; \
oc new-app -f multi/keycloak-template.yaml -p ROUTING_SUFFIX=$(minishift
ip).nip.io; \
oc apply -f pvc/che-server-pvc.yaml; \
oc new-app -f che-server-template.yaml -p ROUTING_SUFFIX=$(minishift
ip).nip.io -p CHE_MULTIUSER=true -p
CHE_INFRA_OPENSHIFT_OAUTH__IDENTITY__PROVIDER=openshift-v3; \
oc set volume dc/che --add -m /data --name=che-data-volume
--claim-name=che-data-volume
```
Of course it's still needed to register the `openshift-v3` identity
provider in the Keycloak server, as well as, add the corresponding
`OAuthClient` object in Minihshift.
Signed-off-by: David Festal <dfestal@redhat.com>
Set correct bindings of generics, fix generics;
Add missing properties in che.properties and kubectl deployment.
Signed-off-by: Oleksandr Garagatyi <ogaragat@redhat.com>
Introduce an External Server Exposer Strategy,
responsible for exposing service ports associated with external servers,
making them accessible from outside the cluster.
Move server exposure to shared k8s infra level:
- multi-host: unique hostname for each component, like Che Openshift infrastructure.
- single-host: single hostname for all components. Can be used in conjunction with TLS.
- default-host: default ingress hostname. Can be used for local development without dynamic DNS (based on ingress IP).
Add basic TLS support.
Signed-off-by: Guy Daich <guy.daich@sap.com>
Enable single-level DNS domains (*.domain.tld) in SINGLE_PORT mode to simplify HTTPS setup.
Use whole folder for traefik conf to inject SSL certificates and custom configuration.
CHE_SINGLEPORT_WILDCARD__DOMAIN_IPLESS to che.env.
Signed-off-by: Hanno Kolvenbach <kolvenbach@silexica.com>
Allow switching to an alternate OIDC provider (provided that it emits access tokens as JWT tokens).
This is the implementation required in upstream Che, for issues
redhat-developer/rh-che#502 and
redhat-developer/rh-che#525
Signed-off-by: David Festal <dfestal@redhat.com>
* Introduce logger REST API to manage log level at runtime
It's possible to create new logger with log level, list all loggers defined with log level, change level on a given logger, etc
Change-Id: I1c105aca33cc88f90270ade4d792d3a75191740a
Signed-off-by: Florent BENOIT <fbenoit@redhat.com>
Ilya Buziuk