* Support identity provider token retrieval in both JSON or URL formats.
That's required because some identity providers (such a `openshift-v3`)
correctly return the token information in JSON, as expected. So
switching to the url-based syntax should only used when the returned
json is invalid.
Signed-off-by: David Festal <dfestal@redhat.com>
* Introduce an `OpenShiftClientConfigFactory` to allow customizing the OpenShift config returned according to the current context (workspace ID, current user)
Signed-off-by: David Festal <dfestal@redhat.com>
* Openshift Infra + Multi-user => allow using OpenShift identity provider to connect to openshift with the OS oauth token of the current Che user.
This introduces a new property:
`che.infra.openshift.oauth_identity_provider`
Signed-off-by: David Festal <dfestal@redhat.com>
* Notify the user when a workspace cannot be started from the nav bar.
Signed-off-by: David Festal <dfestal@redhat.com>
* Add the ability to install the Openshift certificate into Keycloak
Signed-off-by: David Festal <dfestal@redhat.com>
* Add a yaml file to provide the openshift certificate as a secret,
in case it has to be installed into the dedicated Keycloak server.
Then the commands to install Che multiuser on Minishift with this
certificate are:
```
oc new-project che
oc process -f multi/openshift-certificate-secret.yaml -p
CERTIFICATE="$(minishift ssh docker exec origin /bin/cat
./openshift.local.config/master/ca.crt)" | oc apply -f -; \
oc new-app -f multi/postgres-template.yaml; \
oc new-app -f multi/keycloak-template.yaml -p ROUTING_SUFFIX=$(minishift
ip).nip.io; \
oc apply -f pvc/che-server-pvc.yaml; \
oc new-app -f che-server-template.yaml -p ROUTING_SUFFIX=$(minishift
ip).nip.io -p CHE_MULTIUSER=true -p
CHE_INFRA_OPENSHIFT_OAUTH__IDENTITY__PROVIDER=openshift-v3; \
oc set volume dc/che --add -m /data --name=che-data-volume
--claim-name=che-data-volume
```
Of course it's still needed to register the `openshift-v3` identity
provider in the Keycloak server, as well as, add the corresponding
`OAuthClient` object in Minihshift.
Signed-off-by: David Festal <dfestal@redhat.com>
* Use templates only to deploy Che to OpenShift
* Avoid breaking existing scripts
* Avoid breaking existing scripts
* Fixes
* Cleanup
* Cleanup
* Fixup
* New line and typos
* New line and typos
* Update dc/che. Env variables
* Remove creationtimestamp
* Template cleanup. Update README
* Fix DB URL env
* Add missing keycloak param
* Changes to ocp.sh to use new templates. Fix Keycloak template
* Env support
* Update server yaml. Update ocp.sh
* Configure CHE_IMAGE and CHE_TAG
* Add recycler
* Revern recycler sa
* Using credentials and creating ws in separate namespaces
* Use custom Keycloak image
* Use custom Keycloak image
* Remove use of credentials
* Experimenting with deployment config based approach to Che multi user on OCP
* Service pod
* Remove s2i
* Remove s2i
* EOF
* Cleanup
* Cleanup
* Cleanup
* Cleanup
* Make Keycloak util image configurable
* Update webdriver.sh
Mykhailo Kuznietsov