From 0843dc0d45c802f9a762d4dc027f56358ca88093 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Tue, 27 Jan 2026 12:30:17 +0100 Subject: [PATCH 1/7] feat: OpenShift external IDP Signed-off-by: Anatolii Bazko --- api/checluster_conversion_from_test.go | 6 +- api/checluster_conversion_to_test.go | 4 +- api/checluster_round_conversion_test.go | 4 +- api/init_test.go | 4 +- api/v1/checluster_conversion_from.go | 2 +- api/v1/checluster_conversion_to.go | 2 +- api/v2/checluster_types.go | 4 +- api/v2/checluster_types_test.go | 13 +- api/v2/checluster_webhook.go | 2 +- cmd/main.go | 52 +++---- controllers/che/checluster_controller.go | 4 +- controllers/che/checluster_validator.go | 2 +- controllers/che/init_test.go | 4 +- controllers/che/proxy.go | 2 +- controllers/devworkspace/controller.go | 2 +- controllers/devworkspace/controller_test.go | 4 +- controllers/devworkspace/init_test.go | 4 +- .../devworkspace/solver/che_routing.go | 4 +- .../che_routing_external_tls_config_test.go | 4 +- .../devworkspace/solver/che_routing_test.go | 20 +-- controllers/devworkspace/solver/init_test.go | 4 +- controllers/namespacecache/init_test.go | 4 +- controllers/namespacecache/namespacecache.go | 2 +- .../namespacecache/namespacecache_test.go | 6 +- controllers/usernamespace/init_test.go | 4 +- .../usernamespace/usernamespace_controller.go | 2 +- .../usernamespace_controller_test.go | 10 +- controllers/workspaceconfig/init_test.go | 4 +- .../workspaces_config_controller.go | 2 +- pkg/common/chetypes/types.go | 6 - pkg/common/infrastructure/cluster.go | 145 ++++++++++++++++++ pkg/common/k8s-helper/k8s_helper.go | 1 - pkg/common/operator-defaults/defaults.go | 41 +++-- pkg/common/utils/utils.go | 23 --- pkg/deploy/consolelink/consolelink.go | 7 - pkg/deploy/consolelink/init_test.go | 4 +- .../container-capabilities/init_test.go | 4 +- pkg/deploy/dashboard/dashboard_test.go | 2 +- pkg/deploy/dashboard/deployment_dashboard.go | 3 +- pkg/deploy/dashboard/init_test.go | 4 +- pkg/deploy/dashboard/rbac.go | 12 -- pkg/deploy/deployment.go | 2 +- pkg/deploy/dev-workspace-config/init_test.go | 4 +- pkg/deploy/devfileregistry/init_test.go | 4 +- pkg/deploy/editors-definitions/init_test.go | 4 +- pkg/deploy/expose/expose.go | 2 +- pkg/deploy/gateway/gateway.go | 35 +---- pkg/deploy/gateway/gateway_test.go | 4 +- pkg/deploy/gateway/init_test.go | 4 +- pkg/deploy/gateway/kube_rbac_proxy.go | 17 +- pkg/deploy/gateway/oauth_proxy.go | 48 +++--- pkg/deploy/gateway/oauth_proxy_test.go | 2 +- pkg/deploy/identity-provider/init_test.go | 4 +- pkg/deploy/image-puller/imagepuller.go | 5 +- pkg/deploy/image-puller/init_test.go | 4 +- pkg/deploy/init_test.go | 4 +- .../checluster-defaults-cleaner_test.go | 20 +-- .../checluster-defaults-cleanupfunc.go | 2 +- pkg/deploy/migration/init_test.go | 4 +- .../on-reconcile-one-time-migration.go | 8 +- pkg/deploy/pluginregistry/init_test.go | 4 +- pkg/deploy/rbac/init_test.go | 4 +- pkg/deploy/server/chehost_reconciler.go | 2 +- pkg/deploy/server/init_test.go | 4 +- pkg/deploy/server/rbac.go | 2 +- pkg/deploy/server/server_configmap.go | 14 +- pkg/deploy/server/server_configmap_test.go | 1 - pkg/deploy/tls/certificates.go | 2 +- pkg/deploy/tls/init_test.go | 4 +- pkg/deploy/tls/tls_secret.go | 2 +- pkg/deploy/tls/tls_utils.go | 2 +- 71 files changed, 371 insertions(+), 280 deletions(-) create mode 100644 pkg/common/infrastructure/cluster.go diff --git a/api/checluster_conversion_from_test.go b/api/checluster_conversion_from_test.go index 90f1634c52..e0ed268f74 100644 --- a/api/checluster_conversion_from_test.go +++ b/api/checluster_conversion_from_test.go @@ -18,9 +18,9 @@ import ( "k8s.io/apimachinery/pkg/api/resource" devfile "github.com/devfile/api/v2/pkg/apis/workspaces/v1alpha2" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev1 "github.com/eclipse-che/che-operator/api/v1" chev2 "github.com/eclipse-che/che-operator/api/v2" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -68,7 +68,7 @@ func TestConvertFromIngressOnK8s(t *testing.T) { } func TestConvertFromIngressOnOpenShift(t *testing.T) { - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) checlusterv2 := &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ @@ -523,7 +523,7 @@ func TestConvertFrom(t *testing.T) { } func TestShouldConvertFromWhenOnlyMemoryResourceSpecified(t *testing.T) { - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) memoryRequest := resource.MustParse("128Mi") memoryLimit := resource.MustParse("228Mi") diff --git a/api/checluster_conversion_to_test.go b/api/checluster_conversion_to_test.go index 62a9978152..9f043c721a 100644 --- a/api/checluster_conversion_to_test.go +++ b/api/checluster_conversion_to_test.go @@ -19,10 +19,10 @@ import ( "k8s.io/utils/pointer" devfile "github.com/devfile/api/v2/pkg/apis/workspaces/v1alpha2" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev1 "github.com/eclipse-che/che-operator/api/v1" chev2 "github.com/eclipse-che/che-operator/api/v2" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" @@ -38,7 +38,7 @@ func TestConvertToEmptyCheCluster(t *testing.T) { } func TestConvertToIngressOnOpenShift(t *testing.T) { - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) checlusterv1 := &chev1.CheCluster{ ObjectMeta: metav1.ObjectMeta{ diff --git a/api/checluster_round_conversion_test.go b/api/checluster_round_conversion_test.go index 0056d8681b..cd2883215c 100644 --- a/api/checluster_round_conversion_test.go +++ b/api/checluster_round_conversion_test.go @@ -15,7 +15,7 @@ package org import ( "testing" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" @@ -325,6 +325,6 @@ func onKubernetes(f func()) { } func onOpenShift(f func()) { - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) f() } diff --git a/api/init_test.go b/api/init_test.go index bde524f915..45d52a8bd9 100644 --- a/api/init_test.go +++ b/api/init_test.go @@ -13,7 +13,7 @@ package org import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../config/manager/manager.yaml") } diff --git a/api/v1/checluster_conversion_from.go b/api/v1/checluster_conversion_from.go index 753e4c86cc..991824534e 100644 --- a/api/v1/checluster_conversion_from.go +++ b/api/v1/checluster_conversion_from.go @@ -21,9 +21,9 @@ import ( "github.com/eclipse-che/che-operator/pkg/common/utils" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev2 "github.com/eclipse-che/che-operator/api/v2" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" k8shelper "github.com/eclipse-che/che-operator/pkg/common/k8s-helper" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/conversion" diff --git a/api/v1/checluster_conversion_to.go b/api/v1/checluster_conversion_to.go index 5273f983d8..ff596ccd81 100644 --- a/api/v1/checluster_conversion_to.go +++ b/api/v1/checluster_conversion_to.go @@ -23,9 +23,9 @@ import ( "github.com/eclipse-che/che-operator/pkg/common/utils" ctrl "sigs.k8s.io/controller-runtime" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev2 "github.com/eclipse-che/che-operator/api/v2" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" k8shelper "github.com/eclipse-che/che-operator/pkg/common/k8s-helper" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" corev1 "k8s.io/api/core/v1" diff --git a/api/v2/checluster_types.go b/api/v2/checluster_types.go index 0f2cc4d63f..a40c79cdd8 100644 --- a/api/v2/checluster_types.go +++ b/api/v2/checluster_types.go @@ -19,13 +19,13 @@ import ( "strconv" "strings" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "k8s.io/utils/pointer" ctrl "sigs.k8s.io/controller-runtime" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/constants" controllerv1alpha1 "github.com/devfile/devworkspace-operator/apis/controller/v1alpha1" @@ -1099,7 +1099,7 @@ func (c *CheCluster) GetIdentityToken() string { return c.Spec.Networking.Auth.IdentityToken } - if infrastructure.IsOpenShift() { + if infrastructure.IsOpenShiftOAuthEnabled() { return constants.AccessToken } return constants.IdToken diff --git a/api/v2/checluster_types_test.go b/api/v2/checluster_types_test.go index 72e1802292..16f2dd2d66 100644 --- a/api/v2/checluster_types_test.go +++ b/api/v2/checluster_types_test.go @@ -16,11 +16,11 @@ import ( "reflect" "testing" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/stretchr/testify/assert" ) -func TestIsAccesTokenConfigured(t *testing.T) { +func TestIsAccessTokenConfigured(t *testing.T) { t.Run("TestIsAccesTokenConfigured when access_token defined", func(t *testing.T) { cheCluster := &CheCluster{ Spec: CheClusterSpec{ @@ -98,7 +98,7 @@ func TestGetIdentityToken(t *testing.T) { }, }}, } - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) assert.Equal(t, "access_token", cheCluster.GetIdentityToken(), "'access_token' should be used") @@ -113,7 +113,7 @@ func TestGetIdentityToken(t *testing.T) { }, }}, } - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) assert.Equal(t, "id_token", cheCluster.GetIdentityToken(), "'id_token' should be used") @@ -126,7 +126,7 @@ func TestGetIdentityToken(t *testing.T) { Auth: Auth{}, }}, } - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) assert.Equal(t, "access_token", cheCluster.GetIdentityToken(), "'access_token' should be used") @@ -141,9 +141,8 @@ func TestGetDefaultIdentityToken(t *testing.T) { infrastructure infrastructure.Type identityToken string }{ - {infrastructure.OpenShiftv4, "access_token"}, + {infrastructure.OpenShiftV4, "access_token"}, {infrastructure.Kubernetes, "id_token"}, - {infrastructure.Unsupported, "id_token"}, } for _, test := range tests { infrastructure.InitializeForTesting(test.infrastructure) diff --git a/api/v2/checluster_webhook.go b/api/v2/checluster_webhook.go index 52c7e12d56..993bb691eb 100644 --- a/api/v2/checluster_webhook.go +++ b/api/v2/checluster_webhook.go @@ -22,7 +22,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "k8s.io/utils/pointer" "github.com/eclipse-che/che-operator/pkg/common/constants" diff --git a/cmd/main.go b/cmd/main.go index d3afbb9784..a5a1879d81 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -17,6 +17,9 @@ import ( "os" "time" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" + oauthv1 "github.com/openshift/api/oauth/v1" + userv1 "github.com/openshift/api/user/v1" "sigs.k8s.io/controller-runtime/pkg/webhook" "github.com/eclipse-che/che-operator/controllers/namespacecache" @@ -33,8 +36,6 @@ import ( securityv1 "github.com/openshift/api/security/v1" dwoApi "github.com/devfile/devworkspace-operator/apis/controller/v1alpha1" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" - devworkspaceinfra "github.com/devfile/devworkspace-operator/pkg/infrastructure" "go.uber.org/zap/zapcore" "github.com/eclipse-che/che-operator/controllers/devworkspace" @@ -63,11 +64,9 @@ import ( "github.com/go-logr/logr" configv1 "github.com/openshift/api/config/v1" consolev1 "github.com/openshift/api/console/v1" - oauthv1 "github.com/openshift/api/oauth/v1" templatev1 "github.com/openshift/api/template/v1" checontroller "github.com/eclipse-che/che-operator/controllers/che" - "github.com/eclipse-che/che-operator/pkg/common/utils" admissionregistrationv1 "k8s.io/api/admissionregistration/v1" utilruntime "k8s.io/apimachinery/pkg/util/runtime" @@ -80,7 +79,6 @@ import ( imagepullerapi "github.com/che-incubator/kubernetes-image-puller-operator/api/v1alpha1" projectv1 "github.com/openshift/api/project/v1" routev1 "github.com/openshift/api/route/v1" - userv1 "github.com/openshift/api/user/v1" appsv1 "k8s.io/api/apps/v1" batchv1 "k8s.io/api/batch/v1" corev1 "k8s.io/api/core/v1" @@ -102,10 +100,6 @@ var ( renewDeadline = 30 * time.Second ) -const ( - leasesApiResourceName = "leases" -) - func init() { flag.StringVar(&metricsAddr, "metrics-bind-address", ":60000", "The address the metric endpoint binds to.") flag.StringVar(&probeAddr, "health-probe-bind-address", ":6789", "The address the probe endpoint binds to.") @@ -123,11 +117,6 @@ func init() { logger := zap.New(zap.UseFlagOptions(&opts)) ctrl.SetLogger(logger) - if err := infrastructure.Initialize(); err != nil { - logger.Error(err, "Unable determine installation platform") - os.Exit(1) - } - defaults.Initialize() printVersion(logger) @@ -146,15 +135,20 @@ func init() { utilruntime.Must(corev1.AddToScheme(scheme)) if infrastructure.IsOpenShift() { - utilruntime.Must(routev1.AddToScheme(scheme)) - utilruntime.Must(oauthv1.AddToScheme(scheme)) - utilruntime.Must(userv1.AddToScheme(scheme)) - utilruntime.Must(configv1.AddToScheme(scheme)) - utilruntime.Must(consolev1.AddToScheme(scheme)) - utilruntime.Must(projectv1.AddToScheme(scheme)) + utilruntime.Must(routev1.Install(scheme)) + utilruntime.Must(configv1.Install(scheme)) + utilruntime.Must(consolev1.Install(scheme)) + utilruntime.Must(projectv1.Install(scheme)) utilruntime.Must(securityv1.Install(scheme)) utilruntime.Must(templatev1.Install(scheme)) } + + // User and OAuthClient API are disabled in case of external IDP + // Check API before adding to the scheme + if infrastructure.IsOpenShiftOAuthEnabled() { + utilruntime.Must(userv1.Install(scheme)) + utilruntime.Must(oauthv1.Install(scheme)) + } } func getLogLevel() zapcore.Level { @@ -182,7 +176,7 @@ func printVersion(logger logr.Logger) { infra := "Kubernetes" if infrastructure.IsOpenShift() { - infra = "OpenShift v4.x" + infra = "OpenShift" } logger.Info("Operator is running on ", "Infrastructure", infra) } @@ -217,8 +211,8 @@ func main() { os.Exit(1) } - if !utils.IsK8SResourceServed(discoveryClient, leasesApiResourceName) { - setupLog.Info("Leader election was disabled", "Cause:", leasesApiResourceName+"k8s api resource is an absent.") + if !infrastructure.IsLeaderElectionEnabled() { + setupLog.Info("Leader election disabled") enableLeaderElection = false } @@ -228,13 +222,6 @@ func main() { os.Exit(1) } - // DWO use the infrastructure package for openshift detection. It needs to be initialized - // but only supports OpenShift v4 or Kubernetes. - if err := devworkspaceinfra.Initialize(); err != nil { - setupLog.Error(err, "failed to evaluate infrastructure which is needed for DevWorkspace support") - os.Exit(1) - } - cacheFunction, err := getCacheFunc() if err != nil { setupLog.Error(err, "failed to create cache function") @@ -403,11 +390,14 @@ func getCacheFunc() (cache.NewCacheFunc, error) { } if infrastructure.IsOpenShift() { - selectors[&oauthv1.OAuthClient{}] = cache.ByObject{Label: partOfCheObjectSelector} selectors[&routev1.Route{}] = cache.ByObject{Label: partOfCheObjectSelector} selectors[&templatev1.Template{}] = cache.ByObject{Label: partOfCheObjectSelector} } + if infrastructure.IsOpenShiftOAuthEnabled() { + selectors[&oauthv1.OAuthClient{}] = cache.ByObject{Label: partOfCheObjectSelector} + } + return func(config *rest.Config, opts cache.Options) (cache.Cache, error) { opts.ByObject = selectors return cache.New(config, opts) diff --git a/controllers/che/checluster_controller.go b/controllers/che/checluster_controller.go index 975319401a..6044e65e4a 100644 --- a/controllers/che/checluster_controller.go +++ b/controllers/che/checluster_controller.go @@ -31,8 +31,8 @@ import ( "github.com/eclipse-che/che-operator/pkg/common/test" containerbuild "github.com/eclipse-che/che-operator/pkg/deploy/container-capabilities" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/chetypes" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/utils" "github.com/eclipse-che/che-operator/pkg/deploy" "github.com/eclipse-che/che-operator/pkg/deploy/consolelink" @@ -110,7 +110,7 @@ func NewReconciler( // resources since che host is used for dashboard deployment and che config map reconcilerManager.AddReconciler(server.NewCheHostReconciler()) reconcilerManager.AddReconciler(postgres.NewPostgresReconciler()) - if infrastructure.IsOpenShift() { + if infrastructure.IsOpenShiftOAuthEnabled() { reconcilerManager.AddReconciler(identityprovider.NewIdentityProviderReconciler()) } reconcilerManager.AddReconciler(devfileregistry.NewDevfileRegistryReconciler()) diff --git a/controllers/che/checluster_validator.go b/controllers/che/checluster_validator.go index dc79c9e598..9ff1c8f778 100644 --- a/controllers/che/checluster_validator.go +++ b/controllers/che/checluster_validator.go @@ -15,8 +15,8 @@ package che import ( "fmt" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/chetypes" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/reconciler" "sigs.k8s.io/controller-runtime/pkg/reconcile" ) diff --git a/controllers/che/init_test.go b/controllers/che/init_test.go index 2331220e68..2e5795b345 100644 --- a/controllers/che/init_test.go +++ b/controllers/che/init_test.go @@ -13,7 +13,7 @@ package che import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../config/manager/manager.yaml") } diff --git a/controllers/che/proxy.go b/controllers/che/proxy.go index 264cfaa442..1a42d4bd6f 100644 --- a/controllers/che/proxy.go +++ b/controllers/che/proxy.go @@ -15,8 +15,8 @@ package che import ( "os" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/chetypes" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/deploy" configv1 "github.com/openshift/api/config/v1" ) diff --git a/controllers/devworkspace/controller.go b/controllers/devworkspace/controller.go index 39c2936102..3742f2740d 100644 --- a/controllers/devworkspace/controller.go +++ b/controllers/devworkspace/controller.go @@ -26,9 +26,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/reconcile" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev2 "github.com/eclipse-che/che-operator/api/v2" "github.com/eclipse-che/che-operator/controllers/devworkspace/defaults" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" routev1 "github.com/openshift/api/route/v1" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" diff --git a/controllers/devworkspace/controller_test.go b/controllers/devworkspace/controller_test.go index 4ff0068c87..5cf698ff03 100644 --- a/controllers/devworkspace/controller_test.go +++ b/controllers/devworkspace/controller_test.go @@ -22,9 +22,9 @@ import ( defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev2 "github.com/eclipse-che/che-operator/api/v2" devworkspacedefaults "github.com/eclipse-che/che-operator/controllers/devworkspace/defaults" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" @@ -464,6 +464,6 @@ func onKubernetes(f func()) { } func onOpenShift(f func()) { - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) f() } diff --git a/controllers/devworkspace/init_test.go b/controllers/devworkspace/init_test.go index 03dd65c1ff..12cbc994ae 100644 --- a/controllers/devworkspace/init_test.go +++ b/controllers/devworkspace/init_test.go @@ -13,7 +13,7 @@ package devworkspace import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../config/manager/manager.yaml") } diff --git a/controllers/devworkspace/solver/che_routing.go b/controllers/devworkspace/solver/che_routing.go index c2e137ea79..4e676b46f8 100644 --- a/controllers/devworkspace/solver/che_routing.go +++ b/controllers/devworkspace/solver/che_routing.go @@ -35,9 +35,9 @@ import ( "github.com/devfile/devworkspace-operator/controllers/controller/devworkspacerouting/solvers" "github.com/devfile/devworkspace-operator/pkg/common" dwconstants "github.com/devfile/devworkspace-operator/pkg/constants" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev2 "github.com/eclipse-che/che-operator/api/v2" dwdefaults "github.com/eclipse-che/che-operator/controllers/devworkspace/defaults" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" routeV1 "github.com/openshift/api/route/v1" corev1 "k8s.io/api/core/v1" networkingv1 "k8s.io/api/networking/v1" @@ -677,7 +677,7 @@ func routeForHealthzEndpoint(cfg *gateway.TraefikConfig, dwId string, endpoints for _, e := range endpoints { if e.Attributes.GetString(string(dwo.TypeEndpointAttribute), nil) == string(dwo.MainEndpointType) { middlewares := []string{dwId + gateway.StripPrefixMiddlewareSuffix} - if infrastructure.IsOpenShift() { + if infrastructure.IsOpenShiftOAuthEnabled() { middlewares = append(middlewares, dwId+gateway.HeaderRewriteMiddlewareSuffix) } routeName, endpointPath := endpointStrategy.getEndpointPath(&e, componentName) diff --git a/controllers/devworkspace/solver/che_routing_external_tls_config_test.go b/controllers/devworkspace/solver/che_routing_external_tls_config_test.go index 54a44e8f72..ecc9317577 100644 --- a/controllers/devworkspace/solver/che_routing_external_tls_config_test.go +++ b/controllers/devworkspace/solver/che_routing_external_tls_config_test.go @@ -15,9 +15,9 @@ package solver import ( "testing" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev2 "github.com/eclipse-che/che-operator/api/v2" controller "github.com/eclipse-che/che-operator/controllers/devworkspace" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" routev1 "github.com/openshift/api/route/v1" "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" @@ -100,7 +100,7 @@ func TestExternalTLSConfigForIngresses(t *testing.T) { } func TestExternalTLSConfigForRoutes(t *testing.T) { - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) mgr := &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ diff --git a/controllers/devworkspace/solver/che_routing_test.go b/controllers/devworkspace/solver/che_routing_test.go index 3733c3489a..c0a60f5219 100644 --- a/controllers/devworkspace/solver/che_routing_test.go +++ b/controllers/devworkspace/solver/che_routing_test.go @@ -26,11 +26,11 @@ import ( dwCommon "github.com/devfile/devworkspace-operator/pkg/common" dwConstants "github.com/devfile/devworkspace-operator/pkg/constants" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev2 "github.com/eclipse-che/che-operator/api/v2" controller "github.com/eclipse-che/che-operator/controllers/devworkspace" "github.com/eclipse-che/che-operator/controllers/devworkspace/defaults" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/deploy/gateway" corev1 "k8s.io/api/core/v1" apiext "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" @@ -643,7 +643,7 @@ func TestCreateRelocatedObjectsK8SLegacy(t *testing.T) { } func TestCreateRelocatedObjectsOpenshift(t *testing.T) { - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) cl, _, objs := getSpecObjects(t, relocatableDevWorkspaceRouting()) @@ -747,7 +747,7 @@ func TestCreateRelocatedObjectsOpenshift(t *testing.T) { } func TestCreateRelocatedObjectsOpenshiftLegacy(t *testing.T) { - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) cl, _, objs := getSpecObjectsForManager(t, &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ @@ -857,7 +857,7 @@ func TestCreateRelocatedObjectsOpenshiftLegacy(t *testing.T) { func TestUniqueMainEndpoint(t *testing.T) { wsid := "wsid123" - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) cl, _, _ := getSpecObjects(t, &dwo.DevWorkspaceRouting{ ObjectMeta: metav1.ObjectMeta{ Name: "routing", @@ -940,7 +940,7 @@ func TestUniqueMainEndpoint(t *testing.T) { func TestUniqueMainEndpointLegacy(t *testing.T) { wsid := "wsid123" - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) routing := &dwo.DevWorkspaceRouting{ ObjectMeta: metav1.ObjectMeta{ @@ -1096,7 +1096,7 @@ func TestCreateSubDomainObjects(t *testing.T) { }) t.Run("expectedRoutes", func(t *testing.T) { - objs := testCommon(infrastructure.OpenShiftv4) + objs := testCommon(infrastructure.OpenShiftV4) if len(objs.Routes) != 3 { t.Error("Expected 3 Routes, found ", len(objs.Routes)) } @@ -1179,7 +1179,7 @@ func TestCreateSubDomainObjectsLegacy(t *testing.T) { }) t.Run("expectedRoutes", func(t *testing.T) { - objs := testCommon(infrastructure.OpenShiftv4) + objs := testCommon(infrastructure.OpenShiftV4) if len(objs.Routes) != 3 { t.Error("Expected 3 Routes, found ", len(objs.Routes)) } @@ -1870,7 +1870,7 @@ func TestUsesEndpointAnnotationsForWorkspaceEndpointIngresses(t *testing.T) { } func TestUsesEndpointAnnotationsForWorkspaceEndpointRoutes(t *testing.T) { - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) mgr := &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ @@ -1914,7 +1914,7 @@ func TestUsesEndpointAnnotationsForWorkspaceEndpointRoutes(t *testing.T) { } func TestUsesEndpointServiceWithDiscoverableAttributeSetRoutes(t *testing.T) { - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) mgr := &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ @@ -2094,7 +2094,7 @@ func TestUsesCustomCertificateForWorkspaceEndpointIngresses(t *testing.T) { } func TestUsesCustomCertificateForWorkspaceEndpointRoutes(t *testing.T) { - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) mgr := &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ diff --git a/controllers/devworkspace/solver/init_test.go b/controllers/devworkspace/solver/init_test.go index 73e1d967f8..8ca9e97ed7 100644 --- a/controllers/devworkspace/solver/init_test.go +++ b/controllers/devworkspace/solver/init_test.go @@ -13,7 +13,7 @@ package solver import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/controllers/namespacecache/init_test.go b/controllers/namespacecache/init_test.go index 11e61f3018..1e8ee0c1a2 100644 --- a/controllers/namespacecache/init_test.go +++ b/controllers/namespacecache/init_test.go @@ -13,7 +13,7 @@ package namespacecache import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../config/manager/manager.yaml") } diff --git a/controllers/namespacecache/namespacecache.go b/controllers/namespacecache/namespacecache.go index c689c93bc9..5a86256d09 100644 --- a/controllers/namespacecache/namespacecache.go +++ b/controllers/namespacecache/namespacecache.go @@ -16,7 +16,7 @@ import ( "context" "sync" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" projectv1 "github.com/openshift/api/project/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" diff --git a/controllers/namespacecache/namespacecache_test.go b/controllers/namespacecache/namespacecache_test.go index 078f0bf6ca..aa8269c166 100644 --- a/controllers/namespacecache/namespacecache_test.go +++ b/controllers/namespacecache/namespacecache_test.go @@ -19,7 +19,7 @@ import ( "github.com/eclipse-che/che-operator/pkg/common/test" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/stretchr/testify/assert" projectv1 "github.com/openshift/api/project/v1" @@ -53,7 +53,7 @@ func TestGetNamespaceInfoReadsFromCache(t *testing.T) { }, }) - test(infrastructure.OpenShiftv4, &projectv1.Project{ + test(infrastructure.OpenShiftV4, &projectv1.Project{ ObjectMeta: metav1.ObjectMeta{ Name: "prj", }, @@ -113,7 +113,7 @@ func TestExamineUpdatesCache(t *testing.T) { }, }) - test(infrastructure.OpenShiftv4, &projectv1.Project{ + test(infrastructure.OpenShiftV4, &projectv1.Project{ ObjectMeta: metav1.ObjectMeta{ Name: "prj", }, diff --git a/controllers/usernamespace/init_test.go b/controllers/usernamespace/init_test.go index b77fdf77ee..6e5d662fb3 100644 --- a/controllers/usernamespace/init_test.go +++ b/controllers/usernamespace/init_test.go @@ -13,7 +13,7 @@ package usernamespace import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../config/manager/manager.yaml") } diff --git a/controllers/usernamespace/usernamespace_controller.go b/controllers/usernamespace/usernamespace_controller.go index 36dec29207..4dc3be895b 100644 --- a/controllers/usernamespace/usernamespace_controller.go +++ b/controllers/usernamespace/usernamespace_controller.go @@ -34,10 +34,10 @@ import ( "github.com/eclipse-che/che-operator/pkg/deploy/tls" dwconstants "github.com/devfile/devworkspace-operator/pkg/constants" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev2 "github.com/eclipse-che/che-operator/api/v2" "github.com/eclipse-che/che-operator/controllers/che" "github.com/eclipse-che/che-operator/controllers/devworkspace/defaults" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/deploy" projectv1 "github.com/openshift/api/project/v1" "github.com/sirupsen/logrus" diff --git a/controllers/usernamespace/usernamespace_controller_test.go b/controllers/usernamespace/usernamespace_controller_test.go index d9b2b26a64..94a5dbeb9c 100644 --- a/controllers/usernamespace/usernamespace_controller_test.go +++ b/controllers/usernamespace/usernamespace_controller_test.go @@ -27,10 +27,10 @@ import ( rbacv1 "k8s.io/api/rbac/v1" dwconstants "github.com/devfile/devworkspace-operator/pkg/constants" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev2 "github.com/eclipse-che/che-operator/api/v2" "github.com/eclipse-che/che-operator/controllers/devworkspace" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/deploy/tls" configv1 "github.com/openshift/api/config/v1" projectv1 "github.com/openshift/api/project/v1" @@ -221,7 +221,7 @@ func TestSkipsUnlabeledNamespaces(t *testing.T) { }) t.Run("openshift", func(t *testing.T) { - test(t, infrastructure.OpenShiftv4, &projectv1.Project{ + test(t, infrastructure.OpenShiftV4, &projectv1.Project{ ObjectMeta: metav1.ObjectMeta{ Name: "prj", }, @@ -317,7 +317,7 @@ func TestCreatesDataInNamespace(t *testing.T) { }) t.Run("openshift", func(t *testing.T) { - test(t, infrastructure.OpenShiftv4, + test(t, infrastructure.OpenShiftV4, &corev1.Namespace{ ObjectMeta: metav1.ObjectMeta{ Name: "prj", @@ -348,7 +348,7 @@ func TestCreatesDataInNamespace(t *testing.T) { } func TestUpdateSccClusterRoleBinding(t *testing.T) { - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) pr1 := &projectv1.Project{ ObjectMeta: metav1.ObjectMeta{ @@ -400,7 +400,7 @@ func TestUpdateSccClusterRoleBinding(t *testing.T) { } allObjs := []client.Object{ns1, pr1, cheCluster} - scheme, cl, usernamespaceReconciler := setup(infrastructure.OpenShiftv4, allObjs...) + scheme, cl, usernamespaceReconciler := setup(infrastructure.OpenShiftV4, allObjs...) // the reconciliation needs to run twice for it to be truly finished - we're setting up finalizers etc... devworkspaceReconciler := devworkspace.New(cl, scheme) diff --git a/controllers/workspaceconfig/init_test.go b/controllers/workspaceconfig/init_test.go index 26613fb7e1..6b935cc230 100644 --- a/controllers/workspaceconfig/init_test.go +++ b/controllers/workspaceconfig/init_test.go @@ -13,7 +13,7 @@ package workspace_config import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../config/manager/manager.yaml") } diff --git a/controllers/workspaceconfig/workspaces_config_controller.go b/controllers/workspaceconfig/workspaces_config_controller.go index 1f5854fe98..05495d8de2 100644 --- a/controllers/workspaceconfig/workspaces_config_controller.go +++ b/controllers/workspaceconfig/workspaces_config_controller.go @@ -29,8 +29,8 @@ import ( rbacv1 "k8s.io/api/rbac/v1" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/utils" "github.com/eclipse-che/che-operator/pkg/deploy" templatev1 "github.com/openshift/api/template/v1" diff --git a/pkg/common/chetypes/types.go b/pkg/common/chetypes/types.go index 9fc05f26bf..2ae4adecbd 100644 --- a/pkg/common/chetypes/types.go +++ b/pkg/common/chetypes/types.go @@ -20,12 +20,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" ) -type ProvisioningStatus struct { - Continue bool - Requeue bool - Err error -} - type DeployContext struct { CheCluster *chev2.CheCluster ClusterAPI ClusterAPI diff --git a/pkg/common/infrastructure/cluster.go b/pkg/common/infrastructure/cluster.go new file mode 100644 index 0000000000..491c6ea1e9 --- /dev/null +++ b/pkg/common/infrastructure/cluster.go @@ -0,0 +1,145 @@ +// +// Copyright (c) 2019-2026 Red Hat, Inc. +// This program and the accompanying materials are made +// available under the terms of the Eclipse Public License 2.0 +// which is available at https://www.eclipse.org/legal/epl-2.0/ +// +// SPDX-License-Identifier: EPL-2.0 +// +// Contributors: +// Red Hat, Inc. - initial API and implementation +// + +package infrastructure + +import ( + "os" + "strings" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/discovery" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client/config" +) + +type Type int + +const ( + Unknown Type = iota + Kubernetes + OpenShiftV4 + OpenShiftV5 + + LeasesResources = "leases" + OAuthClientsResources = "oauthclients" + KubernetesImagePullerResources = "kubernetesimagepullers" +) + +var ( + infrastructure = Unknown + + isOpenShiftOAuthEnabled bool + isLeaderElectionEnabled bool + isKubernetesImagePullerEnabled bool + + logger = ctrl.Log.WithName("infrastructure") +) + +func GetOperatorNamespace() (string, error) { + nsBytes, err := os.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace") + if err != nil { + return "", err + } + + ns := strings.TrimSpace(string(nsBytes)) + return ns, nil +} + +func IsOpenShift() bool { + initializeIfNeeded() + return infrastructure == OpenShiftV4 || infrastructure == OpenShiftV5 +} + +func IsOpenShiftOAuthEnabled() bool { + initializeIfNeeded() + return isOpenShiftOAuthEnabled +} + +func IsLeaderElectionEnabled() bool { + initializeIfNeeded() + return isLeaderElectionEnabled +} + +func IsKubernetesImagePullerEnabled() bool { + initializeIfNeeded() + return isKubernetesImagePullerEnabled +} + +func InitializeForTesting(desiredInfrastructure Type) { + infrastructure = desiredInfrastructure + if infrastructure == OpenShiftV4 { + isOpenShiftOAuthEnabled = true + } else { + isOpenShiftOAuthEnabled = false + } + + isKubernetesImagePullerEnabled = true + isLeaderElectionEnabled = true +} + +func initializeIfNeeded() { + if infrastructure != Unknown { + return + } + + kubeCfg, err := config.GetConfig() + if err != nil { + logger.Error(err, "Failed to get kubeconfig") + os.Exit(1) + } + + discoveryClient, err := discovery.NewDiscoveryClientForConfig(kubeCfg) + if err != nil { + logger.Error(err, "Failed to create discovery client") + os.Exit(1) + } + + apiGroups, apiResources, err := discoveryClient.ServerGroupsAndResources() + if err != nil { + logger.Error(err, "Failed to get API Groups and Resources") + os.Exit(1) + } + + if hasAPIGroup(apiGroups, "route.openshift.io") { + infrastructure = Kubernetes + isOpenShiftOAuthEnabled = false + } else { + infrastructure = OpenShiftV4 + isOpenShiftOAuthEnabled = hasAPIResource(apiResources, OAuthClientsResources) + } + + isLeaderElectionEnabled = hasAPIResource(apiResources, LeasesResources) + isKubernetesImagePullerEnabled = hasAPIResource(apiResources, KubernetesImagePullerResources) +} + +func hasAPIGroup(source []*metav1.APIGroup, apiName string) bool { + for i := 0; i < len(source); i++ { + if source[i].Name == apiName { + return true + } + } + + return false +} + +func hasAPIResource(resources []*metav1.APIResourceList, resourceName string) bool { + for _, resource := range resources { + for _, r := range resource.APIResources { + if r.Name == resourceName { + return true + } + } + } + + return false +} diff --git a/pkg/common/k8s-helper/k8s_helper.go b/pkg/common/k8s-helper/k8s_helper.go index d7f0f4178b..4d8e98bee9 100644 --- a/pkg/common/k8s-helper/k8s_helper.go +++ b/pkg/common/k8s-helper/k8s_helper.go @@ -17,7 +17,6 @@ import ( "os" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" "sigs.k8s.io/controller-runtime/pkg/client" fakeclient "sigs.k8s.io/controller-runtime/pkg/client/fake" diff --git a/pkg/common/operator-defaults/defaults.go b/pkg/common/operator-defaults/defaults.go index b5726b6494..7c7d6b6412 100644 --- a/pkg/common/operator-defaults/defaults.go +++ b/pkg/common/operator-defaults/defaults.go @@ -17,10 +17,10 @@ import ( "os" "strings" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" util "github.com/eclipse-che/che-operator/pkg/common/utils" "github.com/sirupsen/logrus" appsv1 "k8s.io/api/apps/v1" @@ -35,8 +35,10 @@ var ( defaultCheTLSSecretsCreationJobImage string defaultSingleHostGatewayImage string defaultSingleHostGatewayConfigSidecarImage string - defaultGatewayAuthenticationSidecarImage string - defaultGatewayAuthorizationSidecarImage string + defaultGatewayKubernetesAuthenticationSidecarImage string + defaultGatewayKubernetesAuthorizationSidecarImage string + defaultGatewayOpenShiftAuthenticationSidecarImage string + defaultGatewayOpenShiftAuthorizationSidecarImage string defaultConsoleLinkName string defaultConsoleLinkDisplayName string defaultConsoleLinkSection string @@ -90,14 +92,15 @@ func Initialize() { defaultPluginRegistryImage = ensureEnv(util.GetArchitectureDependentEnvName("RELATED_IMAGE_plugin_registry")) defaultSingleHostGatewayImage = ensureEnv(util.GetArchitectureDependentEnvName("RELATED_IMAGE_single_host_gateway")) defaultSingleHostGatewayConfigSidecarImage = ensureEnv(util.GetArchitectureDependentEnvName("RELATED_IMAGE_single_host_gateway_config_sidecar")) - defaultGatewayAuthenticationSidecarImage = ensureEnv(util.GetArchitectureDependentEnvName("RELATED_IMAGE_gateway_authentication_sidecar")) - defaultGatewayAuthorizationSidecarImage = ensureEnv(util.GetArchitectureDependentEnvName("RELATED_IMAGE_gateway_authorization_sidecar")) + + defaultGatewayOpenShiftAuthenticationSidecarImage = ensureEnv(util.GetArchitectureDependentEnvName("RELATED_IMAGE_gateway_authentication_sidecar")) + defaultGatewayOpenShiftAuthorizationSidecarImage = ensureEnv(util.GetArchitectureDependentEnvName("RELATED_IMAGE_gateway_authorization_sidecar")) + defaultGatewayKubernetesAuthenticationSidecarImage = ensureEnv(util.GetArchitectureDependentEnvName("RELATED_IMAGE_gateway_authentication_sidecar_k8s")) + defaultGatewayKubernetesAuthorizationSidecarImage = ensureEnv(util.GetArchitectureDependentEnvName("RELATED_IMAGE_gateway_authorization_sidecar_k8s")) // Don't get some k8s specific env if !infrastructure.IsOpenShift() { defaultCheTLSSecretsCreationJobImage = ensureEnv(util.GetArchitectureDependentEnvName("RELATED_IMAGE_che_tls_secrets_creation_job")) - defaultGatewayAuthenticationSidecarImage = ensureEnv(util.GetArchitectureDependentEnvName("RELATED_IMAGE_gateway_authentication_sidecar_k8s")) - defaultGatewayAuthorizationSidecarImage = ensureEnv(util.GetArchitectureDependentEnvName("RELATED_IMAGE_gateway_authorization_sidecar_k8s")) } initialized = true @@ -168,20 +171,36 @@ func GetGatewayConfigSidecarImage(checluster interface{}) string { return PatchDefaultImageName(checluster, defaultSingleHostGatewayConfigSidecarImage) } -func GetGatewayAuthenticationSidecarImage(checluster interface{}) string { +func GetGatewayKubernetesAuthenticationSidecarImage(checluster interface{}) string { + if !initialized { + logrus.Fatalf("Operator defaults are not initialized.") + } + + return PatchDefaultImageName(checluster, defaultGatewayKubernetesAuthenticationSidecarImage) +} + +func GetGatewayKubernetesAuthorizationSidecarImage(checluster interface{}) string { + if !initialized { + logrus.Fatalf("Operator defaults are not initialized.") + } + + return PatchDefaultImageName(checluster, defaultGatewayKubernetesAuthorizationSidecarImage) +} + +func GetGatewayOpenShiftAuthenticationSidecarImage(checluster interface{}) string { if !initialized { logrus.Fatalf("Operator defaults are not initialized.") } - return PatchDefaultImageName(checluster, defaultGatewayAuthenticationSidecarImage) + return PatchDefaultImageName(checluster, defaultGatewayOpenShiftAuthenticationSidecarImage) } -func GetGatewayAuthorizationSidecarImage(checluster interface{}) string { +func GetGatewayOpenShiftAuthorizationSidecarImage(checluster interface{}) string { if !initialized { logrus.Fatalf("Operator defaults are not initialized.") } - return PatchDefaultImageName(checluster, defaultGatewayAuthorizationSidecarImage) + return PatchDefaultImageName(checluster, defaultGatewayOpenShiftAuthorizationSidecarImage) } func GetCheFlavor() string { diff --git a/pkg/common/utils/utils.go b/pkg/common/utils/utils.go index f4264e53ce..5367b0ea8c 100644 --- a/pkg/common/utils/utils.go +++ b/pkg/common/utils/utils.go @@ -22,8 +22,6 @@ import ( "k8s.io/apimachinery/pkg/labels" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/discovery" "sigs.k8s.io/controller-runtime/pkg/event" "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/yaml" @@ -61,27 +59,6 @@ func GeneratePassword(stringLength int) (passwd string) { return passwd } -func IsK8SResourceServed(discoveryClient discovery.DiscoveryInterface, resourceName string) bool { - _, resourceList, err := discoveryClient.ServerGroupsAndResources() - if err != nil { - return false - } - - return hasAPIResourceNameInList(resourceName, resourceList) -} - -func hasAPIResourceNameInList(name string, resources []*metav1.APIResourceList) bool { - for _, l := range resources { - for _, r := range l.APIResources { - if r.Name == name { - return true - } - } - } - - return false -} - func GetValue(value string, defaultValue string) string { if value == "" { value = defaultValue diff --git a/pkg/deploy/consolelink/consolelink.go b/pkg/deploy/consolelink/consolelink.go index 0403274bc1..145cea9058 100644 --- a/pkg/deploy/consolelink/consolelink.go +++ b/pkg/deploy/consolelink/consolelink.go @@ -19,7 +19,6 @@ import ( "github.com/eclipse-che/che-operator/pkg/common/chetypes" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/reconciler" - "github.com/eclipse-che/che-operator/pkg/common/utils" "github.com/eclipse-che/che-operator/pkg/deploy" "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" @@ -32,7 +31,6 @@ import ( const ( ConsoleLinkFinalizerName = "consolelink.finalizers.che.eclipse.org" - ConsoleLinksResourceName = "consolelinks" ) var consoleLinkDiffOpts = cmp.Options{ @@ -48,11 +46,6 @@ func NewConsoleLinkReconciler() *ConsoleLinkReconciler { } func (c *ConsoleLinkReconciler) Reconcile(ctx *chetypes.DeployContext) (reconcile.Result, bool, error) { - if !utils.IsK8SResourceServed(ctx.ClusterAPI.DiscoveryClient, ConsoleLinksResourceName) { - logrus.Debug("Console link won't be created. ConsoleLinks is not supported by kubernetes cluster.") - return reconcile.Result{}, true, nil - } - done, err := c.syncConsoleLink(ctx) if !done { return reconcile.Result{RequeueAfter: time.Second}, false, err diff --git a/pkg/deploy/consolelink/init_test.go b/pkg/deploy/consolelink/init_test.go index 6e2a817166..0413d58f97 100644 --- a/pkg/deploy/consolelink/init_test.go +++ b/pkg/deploy/consolelink/init_test.go @@ -13,7 +13,7 @@ package consolelink import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/pkg/deploy/container-capabilities/init_test.go b/pkg/deploy/container-capabilities/init_test.go index 4afcee3d44..e0807cc7b8 100644 --- a/pkg/deploy/container-capabilities/init_test.go +++ b/pkg/deploy/container-capabilities/init_test.go @@ -13,7 +13,7 @@ package containercapabilities import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/pkg/deploy/dashboard/dashboard_test.go b/pkg/deploy/dashboard/dashboard_test.go index 296ef26602..feea6e0d73 100644 --- a/pkg/deploy/dashboard/dashboard_test.go +++ b/pkg/deploy/dashboard/dashboard_test.go @@ -13,7 +13,7 @@ package dashboard import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/test" "github.com/eclipse-che/che-operator/pkg/common/utils" "github.com/stretchr/testify/assert" diff --git a/pkg/deploy/dashboard/deployment_dashboard.go b/pkg/deploy/dashboard/deployment_dashboard.go index 8106ff4c2c..de49f3c408 100644 --- a/pkg/deploy/dashboard/deployment_dashboard.go +++ b/pkg/deploy/dashboard/deployment_dashboard.go @@ -18,6 +18,7 @@ import ( "github.com/eclipse-che/che-operator/pkg/common/chetypes" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/utils" "github.com/eclipse-che/che-operator/pkg/deploy" @@ -117,7 +118,7 @@ func (d *DashboardReconciler) getDashboardDeploymentSpec(ctx *chetypes.DeployCon // Mount CheCluster default values envVars = append(envVars, utils.GetEnvsByRegExp("^CHE_DEFAULT_SPEC.*")...) - if utils.IsK8SResourceServed(ctx.ClusterAPI.DiscoveryClient, ConsoleLinksResourceName) { + if infrastructure.IsOpenShift() { envVars = append(envVars, corev1.EnvVar{ Name: "OPENSHIFT_CONSOLE_URL", diff --git a/pkg/deploy/dashboard/init_test.go b/pkg/deploy/dashboard/init_test.go index 54b8cf2297..019199e273 100644 --- a/pkg/deploy/dashboard/init_test.go +++ b/pkg/deploy/dashboard/init_test.go @@ -13,7 +13,7 @@ package dashboard import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/pkg/deploy/dashboard/rbac.go b/pkg/deploy/dashboard/rbac.go index 85a30cb2de..6b15b00ac6 100644 --- a/pkg/deploy/dashboard/rbac.go +++ b/pkg/deploy/dashboard/rbac.go @@ -15,7 +15,6 @@ package dashboard import ( "fmt" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/chetypes" rbacv1 "k8s.io/api/rbac/v1" ) @@ -55,17 +54,6 @@ func GetPrivilegedPoliciesRulesForKubernetes() []rbacv1.PolicyRule { }, } - if !infrastructure.IsOpenShift() { - rules = append(rules, - // on Kubernetes, Dashboard stores user preferences in secrets with SA - // until native auth is not implemented there as well - rbacv1.PolicyRule{ - APIGroups: []string{""}, - Resources: []string{"secrets"}, - Verbs: []string{"get", "create", "update", "list"}, - }) - } - return rules } diff --git a/pkg/deploy/deployment.go b/pkg/deploy/deployment.go index ec1863b79b..a6585f4984 100644 --- a/pkg/deploy/deployment.go +++ b/pkg/deploy/deployment.go @@ -26,10 +26,10 @@ import ( "k8s.io/utils/pointer" "sigs.k8s.io/controller-runtime/pkg/client" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev2 "github.com/eclipse-che/che-operator/api/v2" "github.com/eclipse-che/che-operator/pkg/common/chetypes" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/test" "github.com/eclipse-che/che-operator/pkg/common/utils" "github.com/google/go-cmp/cmp" diff --git a/pkg/deploy/dev-workspace-config/init_test.go b/pkg/deploy/dev-workspace-config/init_test.go index 9a034318cf..c6c8789da6 100644 --- a/pkg/deploy/dev-workspace-config/init_test.go +++ b/pkg/deploy/dev-workspace-config/init_test.go @@ -13,7 +13,7 @@ package devworkspaceconfig import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/pkg/deploy/devfileregistry/init_test.go b/pkg/deploy/devfileregistry/init_test.go index 198a4ad18b..e7d46e3a25 100644 --- a/pkg/deploy/devfileregistry/init_test.go +++ b/pkg/deploy/devfileregistry/init_test.go @@ -13,7 +13,7 @@ package devfileregistry import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/pkg/deploy/editors-definitions/init_test.go b/pkg/deploy/editors-definitions/init_test.go index 94526d0f00..3f5305f0cc 100644 --- a/pkg/deploy/editors-definitions/init_test.go +++ b/pkg/deploy/editors-definitions/init_test.go @@ -13,7 +13,7 @@ package editorsdefinitions import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,7 +21,7 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") editorsDefinitionsDir = "./test-editors-definitions" diff --git a/pkg/deploy/expose/expose.go b/pkg/deploy/expose/expose.go index 9149a20c78..859bd166fc 100644 --- a/pkg/deploy/expose/expose.go +++ b/pkg/deploy/expose/expose.go @@ -17,7 +17,7 @@ import ( "github.com/eclipse-che/che-operator/pkg/common/diffs" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" routev1 "github.com/openshift/api/route/v1" "github.com/eclipse-che/che-operator/pkg/common/chetypes" diff --git a/pkg/deploy/gateway/gateway.go b/pkg/deploy/gateway/gateway.go index e00df11811..60c99186e1 100644 --- a/pkg/deploy/gateway/gateway.go +++ b/pkg/deploy/gateway/gateway.go @@ -13,17 +13,16 @@ package gateway import ( - "context" "encoding/base64" "fmt" "io/ioutil" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/reconciler" "k8s.io/apimachinery/pkg/api/resource" "sigs.k8s.io/yaml" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/sirupsen/logrus" "github.com/eclipse-che/che-operator/pkg/common/chetypes" @@ -38,12 +37,10 @@ import ( appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" rbac "k8s.io/api/rbac/v1" - "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/util/intstr" - "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" "sigs.k8s.io/controller-runtime/pkg/reconcile" ) @@ -209,31 +206,6 @@ func generateOauthSecretSpec(deployContext *chetypes.DeployContext) *corev1.Secr } } -func delete(clusterAPI chetypes.ClusterAPI, obj metav1.Object) error { - key := client.ObjectKey{Name: obj.GetName(), Namespace: obj.GetNamespace()} - ro := obj.(client.Object) - if getErr := clusterAPI.Client.Get(context.TODO(), key, ro); getErr == nil { - if err := clusterAPI.Client.Delete(context.TODO(), ro); err != nil { - if !errors.IsNotFound(err) { - return err - } - } - } - - return nil -} - -func DeleteGatewayRouteConfig(componentName string, deployContext *chetypes.DeployContext) error { - obj := &corev1.ConfigMap{ - ObjectMeta: metav1.ObjectMeta{ - Name: GatewayConfigMapNamePrefix + componentName, - Namespace: deployContext.CheCluster.Namespace, - }, - } - - return delete(deployContext.ClusterAPI, obj) -} - // below functions declare the desired states of the various objects required for the gateway func getGatewayServerConfigSpec(deployContext *chetypes.DeployContext) (corev1.ConfigMap, error) { @@ -247,7 +219,8 @@ func getGatewayServerConfigSpec(deployContext *chetypes.DeployContext) (corev1.C if deployContext.CheCluster.IsAccessTokenConfigured() { cfg.AddAuthHeaderRewrite(serverComponentName) } - if infrastructure.IsOpenShift() { + + if infrastructure.IsOpenShiftOAuthEnabled() { // native user mode is currently only available on OpenShift but let's be defensive here so that // this doesn't break once we enable it on Kubernetes, too. Token check will have to work // differently on Kuberentes. @@ -624,7 +597,7 @@ func getContainersSpec(ctx *chetypes.DeployContext) []corev1.Container { containers = append(containers, getOauthProxyContainerSpec(ctx), - getKubeRbacProxyContainerSpec(ctx.CheCluster)) + getKubeRbacProxyContainerSpec(ctx)) return containers } diff --git a/pkg/deploy/gateway/gateway_test.go b/pkg/deploy/gateway/gateway_test.go index a87fbe8a13..5e66aae5ec 100644 --- a/pkg/deploy/gateway/gateway_test.go +++ b/pkg/deploy/gateway/gateway_test.go @@ -262,10 +262,10 @@ func TestCustomizeGatewayDeploymentSingleImage(t *testing.T) { assert.Equal(t, defaults.GetGatewayConfigSidecarImage(checluster), containers[1].Image) assert.Equal(t, constants.GatewayAuthenticationContainerName, containers[2].Name) - assert.Equal(t, defaults.GetGatewayAuthenticationSidecarImage(checluster), containers[2].Image) + assert.Equal(t, defaults.GetGatewayOpenShiftAuthenticationSidecarImage(checluster), containers[2].Image) assert.Equal(t, constants.GatewayAuthorizationContainerName, containers[3].Name) - assert.Equal(t, defaults.GetGatewayAuthorizationSidecarImage(checluster), containers[3].Image) + assert.Equal(t, defaults.GetGatewayOpenShiftAuthorizationSidecarImage(checluster), containers[3].Image) } func TestTraefikLogLevel(t *testing.T) { diff --git a/pkg/deploy/gateway/init_test.go b/pkg/deploy/gateway/init_test.go index df9479d1cf..6f7639bea2 100644 --- a/pkg/deploy/gateway/init_test.go +++ b/pkg/deploy/gateway/init_test.go @@ -13,7 +13,7 @@ package gateway import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/pkg/deploy/gateway/kube_rbac_proxy.go b/pkg/deploy/gateway/kube_rbac_proxy.go index 830a685b09..8bc533cf6d 100644 --- a/pkg/deploy/gateway/kube_rbac_proxy.go +++ b/pkg/deploy/gateway/kube_rbac_proxy.go @@ -15,6 +15,8 @@ package gateway import ( "strconv" + "github.com/eclipse-che/che-operator/pkg/common/chetypes" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "k8s.io/apimachinery/pkg/util/intstr" chev2 "github.com/eclipse-che/che-operator/api/v2" @@ -52,15 +54,22 @@ authorization: } } -func getKubeRbacProxyContainerSpec(instance *chev2.CheCluster) corev1.Container { +func getKubeRbacProxyContainerSpec(ctx *chetypes.DeployContext) corev1.Container { logLevel := constants.DefaultKubeRbacProxyLogLevel - if instance.Spec.Networking.Auth.Gateway.KubeRbacProxy != nil && instance.Spec.Networking.Auth.Gateway.KubeRbacProxy.LogLevel != nil { - logLevel = *instance.Spec.Networking.Auth.Gateway.KubeRbacProxy.LogLevel + if ctx.CheCluster.Spec.Networking.Auth.Gateway.KubeRbacProxy != nil && ctx.CheCluster.Spec.Networking.Auth.Gateway.KubeRbacProxy.LogLevel != nil { + logLevel = *ctx.CheCluster.Spec.Networking.Auth.Gateway.KubeRbacProxy.LogLevel + } + + var image string + if infrastructure.IsOpenShiftOAuthEnabled() { + image = defaults.GetGatewayOpenShiftAuthorizationSidecarImage(ctx.CheCluster) + } else { + image = defaults.GetGatewayKubernetesAuthorizationSidecarImage(ctx.CheCluster) } return corev1.Container{ Name: "kube-rbac-proxy", - Image: defaults.GetGatewayAuthorizationSidecarImage(instance), + Image: image, ImagePullPolicy: corev1.PullIfNotPresent, Args: []string{ "--insecure-listen-address=0.0.0.0:8089", diff --git a/pkg/deploy/gateway/oauth_proxy.go b/pkg/deploy/gateway/oauth_proxy.go index 91e58fa525..c1524eb2a7 100644 --- a/pkg/deploy/gateway/oauth_proxy.go +++ b/pkg/deploy/gateway/oauth_proxy.go @@ -16,13 +16,13 @@ import ( "fmt" "strings" - "k8s.io/apimachinery/pkg/util/intstr" - + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" identityprovider "github.com/eclipse-che/che-operator/pkg/deploy/identity-provider" "github.com/sirupsen/logrus" + "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/apimachinery/pkg/api/resource" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev2 "github.com/eclipse-che/che-operator/api/v2" "github.com/eclipse-che/che-operator/pkg/common/chetypes" "github.com/eclipse-che/che-operator/pkg/common/constants" @@ -34,10 +34,8 @@ import ( ) func getGatewayOauthProxyConfigSpec(ctx *chetypes.DeployContext, cookieSecret string) corev1.ConfigMap { - instance := ctx.CheCluster - var config string - if infrastructure.IsOpenShift() { + if infrastructure.IsOpenShiftOAuthEnabled() { config = openshiftOauthProxyConfig(ctx, cookieSecret) } else { config = kubernetesOauthProxyConfig(ctx, cookieSecret) @@ -49,7 +47,7 @@ func getGatewayOauthProxyConfigSpec(ctx *chetypes.DeployContext, cookieSecret st }, ObjectMeta: metav1.ObjectMeta{ Name: "che-gateway-config-oauth-proxy", - Namespace: instance.Namespace, + Namespace: ctx.CheCluster.Namespace, Labels: deploy.GetLabels(GatewayServiceName), }, Data: map[string]string{ @@ -169,7 +167,7 @@ func skipAuthConfig(instance *chev2.CheCluster) string { skipAuthPaths = append(skipAuthPaths, fmt.Sprintf("^%s$", defaults.GetConsoleLinkImage())) if len(skipAuthPaths) > 0 { propName := "skip_auth_routes" - if infrastructure.IsOpenShift() { + if infrastructure.IsOpenShiftOAuthEnabled() { propName = "skip_auth_regex" } return fmt.Sprintf("%s = \"%s\"", propName, strings.Join(skipAuthPaths, "|")) @@ -200,19 +198,29 @@ func getOauthProxyContainerSpec(ctx *chetypes.DeployContext) corev1.Container { exists, _ := deploy.GetNamespacedObject(ctx, "che-gateway-config-oauth-proxy", cm) configMapRevision := map[bool]string{true: cm.GetResourceVersion(), false: ""}[exists] + var image, probePath string + var args []string + if infrastructure.IsOpenShiftOAuthEnabled() { + image = defaults.GetGatewayOpenShiftAuthenticationSidecarImage(ctx.CheCluster) + probePath = "/oauth/healthz" + args = []string{ + "--config=/etc/oauth-proxy/oauth-proxy.cfg", + } + } else { + image = defaults.GetGatewayKubernetesAuthenticationSidecarImage(ctx.CheCluster) + probePath = "/ping" + args = []string{ + "--config=/etc/oauth-proxy/oauth-proxy.cfg", + "--ping-path=/ping", + "--exclude-logging-path=/ping", + } + } + return corev1.Container{ Name: "oauth-proxy", - Image: defaults.GetGatewayAuthenticationSidecarImage(ctx.CheCluster), + Image: image, ImagePullPolicy: corev1.PullIfNotPresent, - Args: map[bool][]string{ - true: { - "--config=/etc/oauth-proxy/oauth-proxy.cfg", - }, - false: { - "--config=/etc/oauth-proxy/oauth-proxy.cfg", - "--ping-path=/ping", - "--exclude-logging-path=/ping"}, - }[infrastructure.IsOpenShift()], + Args: args, VolumeMounts: []corev1.VolumeMount{ { Name: "oauth-proxy-config", @@ -253,7 +261,7 @@ func getOauthProxyContainerSpec(ctx *chetypes.DeployContext) corev1.Container { ReadinessProbe: &corev1.Probe{ ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ - Path: map[bool]string{true: "/oauth/healthz", false: "/ping"}[infrastructure.IsOpenShift()], + Path: probePath, Port: intstr.IntOrString{ Type: intstr.Int, IntVal: int32(8080), @@ -270,7 +278,7 @@ func getOauthProxyContainerSpec(ctx *chetypes.DeployContext) corev1.Container { LivenessProbe: &corev1.Probe{ ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ - Path: map[bool]string{true: "/oauth/healthz", false: "/ping"}[infrastructure.IsOpenShift()], + Path: probePath, Port: intstr.IntOrString{ Type: intstr.Int, IntVal: int32(8080), diff --git a/pkg/deploy/gateway/oauth_proxy_test.go b/pkg/deploy/gateway/oauth_proxy_test.go index a0cd74aeb7..66bd9275b7 100644 --- a/pkg/deploy/gateway/oauth_proxy_test.go +++ b/pkg/deploy/gateway/oauth_proxy_test.go @@ -17,9 +17,9 @@ import ( "k8s.io/utils/pointer" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev2 "github.com/eclipse-che/che-operator/api/v2" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/test" "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" diff --git a/pkg/deploy/identity-provider/init_test.go b/pkg/deploy/identity-provider/init_test.go index 0a331d3535..619406f788 100644 --- a/pkg/deploy/identity-provider/init_test.go +++ b/pkg/deploy/identity-provider/init_test.go @@ -13,7 +13,7 @@ package identityprovider import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/pkg/deploy/image-puller/imagepuller.go b/pkg/deploy/image-puller/imagepuller.go index b728c7cc01..2705c22abb 100644 --- a/pkg/deploy/image-puller/imagepuller.go +++ b/pkg/deploy/image-puller/imagepuller.go @@ -20,6 +20,7 @@ import ( "github.com/eclipse-che/che-operator/pkg/common/chetypes" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/reconciler" "github.com/eclipse-che/che-operator/pkg/common/utils" "github.com/google/go-cmp/cmp/cmpopts" @@ -84,7 +85,7 @@ func (ip *ImagePuller) Reconcile(ctx *chetypes.DeployContext) (reconcile.Result, } if ctx.CheCluster.Spec.Components.ImagePuller.Enable { - if !utils.IsK8SResourceServed(ctx.ClusterAPI.DiscoveryClient, resourceName) { + if !infrastructure.IsKubernetesImagePullerEnabled() { errMsg := "Kubernetes Image Puller is not installed, in order to enable the property admin should install the operator first" return reconcile.Result{}, false, errors.New(errMsg) } @@ -114,7 +115,7 @@ func (ip *ImagePuller) uninstallImagePuller(ctx *chetypes.DeployContext) (bool, return false, err } - if utils.IsK8SResourceServed(ctx.ClusterAPI.DiscoveryClient, resourceName) { + if infrastructure.IsKubernetesImagePullerEnabled() { if done, err := deploy.DeleteByKeyWithClient( ctx.ClusterAPI.NonCachingClient, types.NamespacedName{ diff --git a/pkg/deploy/image-puller/init_test.go b/pkg/deploy/image-puller/init_test.go index 3e541a35d9..f603cec86c 100644 --- a/pkg/deploy/image-puller/init_test.go +++ b/pkg/deploy/image-puller/init_test.go @@ -13,7 +13,7 @@ package imagepuller import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/pkg/deploy/init_test.go b/pkg/deploy/init_test.go index 2e3dd6b4ae..eb7e1f6490 100644 --- a/pkg/deploy/init_test.go +++ b/pkg/deploy/init_test.go @@ -13,7 +13,7 @@ package deploy import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../config/manager/manager.yaml") } diff --git a/pkg/deploy/migration/checluster-defaults-cleaner_test.go b/pkg/deploy/migration/checluster-defaults-cleaner_test.go index e8f2ef5c99..bf54f858a6 100644 --- a/pkg/deploy/migration/checluster-defaults-cleaner_test.go +++ b/pkg/deploy/migration/checluster-defaults-cleaner_test.go @@ -21,7 +21,7 @@ import ( devfile "github.com/devfile/api/v2/pkg/apis/workspaces/v1alpha2" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/test" "github.com/stretchr/testify/assert" @@ -43,7 +43,7 @@ func TestCheClusterDefaultsCleanerShouldNotChangeValuesOnInstallation(t *testing testCases := []testCase{ { name: "Che is being installed, nothing changed", - infra: infrastructure.OpenShiftv4, + infra: infrastructure.OpenShiftV4, cheCluster: &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ Name: "eclipse-che", @@ -132,7 +132,7 @@ func TestCheClusterDefaultsCleanerDefaultEditor(t *testing.T) { testCases := []testCase{ { name: "Case #1", - infra: infrastructure.OpenShiftv4, + infra: infrastructure.OpenShiftV4, cheCluster: &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ Name: "eclipse-che", @@ -146,7 +146,7 @@ func TestCheClusterDefaultsCleanerDefaultEditor(t *testing.T) { }, { name: "Case #2", - infra: infrastructure.OpenShiftv4, + infra: infrastructure.OpenShiftV4, cheCluster: &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ Name: "eclipse-che", @@ -165,7 +165,7 @@ func TestCheClusterDefaultsCleanerDefaultEditor(t *testing.T) { }, { name: "Case #3", - infra: infrastructure.OpenShiftv4, + infra: infrastructure.OpenShiftV4, cheCluster: &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ Name: "eclipse-che", @@ -216,7 +216,7 @@ func TestCheClusterDefaultsCleanerDefaultComponents(t *testing.T) { testCases := []testCase{ { name: "Case #1", - infra: infrastructure.OpenShiftv4, + infra: infrastructure.OpenShiftV4, cheCluster: &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ Name: "eclipse-che", @@ -230,7 +230,7 @@ func TestCheClusterDefaultsCleanerDefaultComponents(t *testing.T) { }, { name: "Case #2", - infra: infrastructure.OpenShiftv4, + infra: infrastructure.OpenShiftV4, cheCluster: &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ Name: "eclipse-che", @@ -260,7 +260,7 @@ func TestCheClusterDefaultsCleanerDefaultComponents(t *testing.T) { }, { name: "Case #3", - infra: infrastructure.OpenShiftv4, + infra: infrastructure.OpenShiftV4, cheCluster: &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ Name: "eclipse-che", @@ -530,7 +530,7 @@ func TestCheClusterDefaultsCleanerDisableContainerBuildCapabilities(t *testing.T testCases := []testCase{ { name: "OpenShift case #1", - infra: infrastructure.OpenShiftv4, + infra: infrastructure.OpenShiftV4, cheCluster: &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ Name: "eclipse-che", @@ -544,7 +544,7 @@ func TestCheClusterDefaultsCleanerDisableContainerBuildCapabilities(t *testing.T }, { name: "OpenShift case #2", - infra: infrastructure.OpenShiftv4, + infra: infrastructure.OpenShiftV4, cheCluster: &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ Name: "eclipse-che", diff --git a/pkg/deploy/migration/checluster-defaults-cleanupfunc.go b/pkg/deploy/migration/checluster-defaults-cleanupfunc.go index 0854d72485..0bcd99ad93 100644 --- a/pkg/deploy/migration/checluster-defaults-cleanupfunc.go +++ b/pkg/deploy/migration/checluster-defaults-cleanupfunc.go @@ -18,7 +18,7 @@ import ( chev2 "github.com/eclipse-che/che-operator/api/v2" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/google/go-cmp/cmp/cmpopts" diff --git a/pkg/deploy/migration/init_test.go b/pkg/deploy/migration/init_test.go index e0f8210779..29bb2e66d1 100644 --- a/pkg/deploy/migration/init_test.go +++ b/pkg/deploy/migration/init_test.go @@ -13,7 +13,7 @@ package migration import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/pkg/deploy/migration/on-reconcile-one-time-migration.go b/pkg/deploy/migration/on-reconcile-one-time-migration.go index 63c3081aa2..ef2fcd657e 100644 --- a/pkg/deploy/migration/on-reconcile-one-time-migration.go +++ b/pkg/deploy/migration/on-reconcile-one-time-migration.go @@ -17,9 +17,9 @@ import ( "fmt" "time" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/chetypes" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/reconciler" "github.com/eclipse-che/che-operator/pkg/common/utils" @@ -218,13 +218,17 @@ func addPartOfCheLabelForObjectsWithLabel(ctx *chetypes.DeployContext, labelKey &rbacv1.ClusterRoleBindingList{}, &corev1.PersistentVolumeClaimList{}, } + if infrastructure.IsOpenShift() { kindsToMigrate = append(kindsToMigrate, &routev1.RouteList{}) - kindsToMigrate = append(kindsToMigrate, &oauthv1.OAuthClientList{}) } else { kindsToMigrate = append(kindsToMigrate, &networkingv1.IngressList{}) } + if infrastructure.IsOpenShiftOAuthEnabled() { + kindsToMigrate = append(kindsToMigrate, &oauthv1.OAuthClientList{}) + } + for _, listToGet := range kindsToMigrate { if err := addPartOfCheLabelToObjectsBySelector(ctx, listOptions, listToGet); err != nil { return err diff --git a/pkg/deploy/pluginregistry/init_test.go b/pkg/deploy/pluginregistry/init_test.go index 1af13a41fe..18110aee69 100644 --- a/pkg/deploy/pluginregistry/init_test.go +++ b/pkg/deploy/pluginregistry/init_test.go @@ -13,7 +13,7 @@ package pluginregistry import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/pkg/deploy/rbac/init_test.go b/pkg/deploy/rbac/init_test.go index b30720b90e..6ec2cd15d6 100644 --- a/pkg/deploy/rbac/init_test.go +++ b/pkg/deploy/rbac/init_test.go @@ -13,7 +13,7 @@ package rbac import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/pkg/deploy/server/chehost_reconciler.go b/pkg/deploy/server/chehost_reconciler.go index 8032b7661a..70ab449e22 100644 --- a/pkg/deploy/server/chehost_reconciler.go +++ b/pkg/deploy/server/chehost_reconciler.go @@ -13,9 +13,9 @@ package server import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/chetypes" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/reconciler" "github.com/eclipse-che/che-operator/pkg/deploy" "github.com/eclipse-che/che-operator/pkg/deploy/gateway" diff --git a/pkg/deploy/server/init_test.go b/pkg/deploy/server/init_test.go index 0855f8d6d5..547b6b0eb9 100644 --- a/pkg/deploy/server/init_test.go +++ b/pkg/deploy/server/init_test.go @@ -13,7 +13,7 @@ package server import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/pkg/deploy/server/rbac.go b/pkg/deploy/server/rbac.go index e621014f94..44fa101af6 100644 --- a/pkg/deploy/server/rbac.go +++ b/pkg/deploy/server/rbac.go @@ -16,7 +16,7 @@ import ( "fmt" "strings" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" util "github.com/eclipse-che/che-operator/pkg/common/utils" "github.com/sirupsen/logrus" diff --git a/pkg/deploy/server/server_configmap.go b/pkg/deploy/server/server_configmap.go index 710121e84c..aab4c54905 100644 --- a/pkg/deploy/server/server_configmap.go +++ b/pkg/deploy/server/server_configmap.go @@ -18,9 +18,9 @@ import ( "strconv" "strings" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/chetypes" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/utils" "github.com/eclipse-che/che-operator/pkg/deploy" @@ -54,11 +54,9 @@ type CheConfigMap struct { PvcClaimSize string `json:"CHE_INFRA_KUBERNETES_PVC_QUANTITY"` WorkspacePvcStorageClassName string `json:"CHE_INFRA_KUBERNETES_PVC_STORAGE__CLASS__NAME"` TlsSupport string `json:"CHE_INFRA_OPENSHIFT_TLS__ENABLED"` + OpenShiftOAuthEnabled string `json:"CHE_INFRA_OPENSHIFT_OAUTH__ENABLED"` K8STrustCerts string `json:"CHE_INFRA_KUBERNETES_TRUST__CERTS"` CheLogLevel string `json:"CHE_LOG_LEVEL"` - IdentityProviderUrl string `json:"CHE_OIDC_AUTH__SERVER__URL,omitempty"` - IdentityProviderInternalURL string `json:"CHE_OIDC_AUTH__INTERNAL__SERVER__URL,omitempty"` - OpenShiftIdentityProvider string `json:"CHE_INFRA_OPENSHIFT_OAUTH__IDENTITY__PROVIDER"` JavaOpts string `json:"JAVA_OPTS"` PluginRegistryUrl string `json:"CHE_WORKSPACE_PLUGIN__REGISTRY__URL,omitempty"` PluginRegistryInternalUrl string `json:"CHE_WORKSPACE_PLUGIN__REGISTRY__INTERNAL__URL,omitempty"` @@ -74,13 +72,9 @@ type CheConfigMap struct { // GetCheConfigMapData gets env values from CR spec and returns a map with key:value // which is used in CheCluster ConfigMap to configure CheCluster master behavior func (s *CheServerReconciler) getCheConfigMapData(ctx *chetypes.DeployContext) (cheEnv map[string]string, err error) { - identityProviderURL := ctx.CheCluster.Spec.Networking.Auth.IdentityProviderURL - infra := "kubernetes" - openShiftIdentityProviderId := "NULL" if infrastructure.IsOpenShift() { infra = "openshift" - openShiftIdentityProviderId = "openshift-v4" } proxyJavaOpts := "" @@ -167,7 +161,6 @@ func (s *CheServerReconciler) getCheConfigMapData(ctx *chetypes.DeployContext) ( TlsSupport: "true", K8STrustCerts: "true", CheLogLevel: cheLogLevel, - OpenShiftIdentityProvider: openShiftIdentityProviderId, JavaOpts: constants.DefaultJavaOpts + " " + proxyJavaOpts, PluginRegistryUrl: pluginRegistryURL, PluginRegistryInternalUrl: pluginRegistryInternalURL, @@ -178,6 +171,7 @@ func (s *CheServerReconciler) getCheConfigMapData(ctx *chetypes.DeployContext) ( WorkspaceExposure: "gateway", SingleHostGatewayConfigMapLabels: singleHostGatewayConfigMapLabels, CheDevWorkspacesEnabled: strconv.FormatBool(true), + OpenShiftOAuthEnabled: strconv.FormatBool(infrastructure.IsOpenShiftOAuthEnabled()), // Disable HTTP2 protocol. // Fix issue with creating config maps on the cluster https://issues.redhat.com/browse/CRW-2677 // The root cause is in the HTTP2 protocol support of the okttp3 library that is used by fabric8.kubernetes-client that is used by che-server @@ -185,8 +179,6 @@ func (s *CheServerReconciler) getCheConfigMapData(ctx *chetypes.DeployContext) ( Http2Disable: strconv.FormatBool(true), } - data.IdentityProviderUrl = identityProviderURL - out, err := json.Marshal(data) if err != nil { fmt.Println(err) diff --git a/pkg/deploy/server/server_configmap_test.go b/pkg/deploy/server/server_configmap_test.go index edc7d17d5e..518d28665a 100644 --- a/pkg/deploy/server/server_configmap_test.go +++ b/pkg/deploy/server/server_configmap_test.go @@ -58,7 +58,6 @@ func TestNewCheConfigMap(t *testing.T) { }, }, expectedData: map[string]string{ - "CHE_INFRA_OPENSHIFT_OAUTH__IDENTITY__PROVIDER": "openshift-v4", "CHE_API": "https://che-host/api", "CHE_WORKSPACE_NO_PROXY": "myproxy.myhostname.com", }, diff --git a/pkg/deploy/tls/certificates.go b/pkg/deploy/tls/certificates.go index 44d884dda2..c740e71dd1 100644 --- a/pkg/deploy/tls/certificates.go +++ b/pkg/deploy/tls/certificates.go @@ -25,7 +25,7 @@ import ( "github.com/eclipse-che/che-operator/pkg/common/utils" dwconstants "github.com/devfile/devworkspace-operator/pkg/constants" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/eclipse-che/che-operator/pkg/common/chetypes" diff --git a/pkg/deploy/tls/init_test.go b/pkg/deploy/tls/init_test.go index c9cebbd4db..9210b26953 100644 --- a/pkg/deploy/tls/init_test.go +++ b/pkg/deploy/tls/init_test.go @@ -13,7 +13,7 @@ package tls import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/pkg/deploy/tls/tls_secret.go b/pkg/deploy/tls/tls_secret.go index 6ecfa36092..51b4630539 100644 --- a/pkg/deploy/tls/tls_secret.go +++ b/pkg/deploy/tls/tls_secret.go @@ -13,9 +13,9 @@ package tls import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/chetypes" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/reconciler" "sigs.k8s.io/controller-runtime/pkg/reconcile" ) diff --git a/pkg/deploy/tls/tls_utils.go b/pkg/deploy/tls/tls_utils.go index 2dd9b7f0f3..76ba54c585 100644 --- a/pkg/deploy/tls/tls_utils.go +++ b/pkg/deploy/tls/tls_utils.go @@ -23,9 +23,9 @@ import ( "strings" "time" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/chetypes" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" k8shelper "github.com/eclipse-che/che-operator/pkg/common/k8s-helper" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" From 98fc0766c0369e55af29c14a745fb8da3db3a677 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Tue, 27 Jan 2026 15:42:25 +0100 Subject: [PATCH 2/7] fixup Signed-off-by: Anatolii Bazko --- pkg/common/infrastructure/cluster.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/common/infrastructure/cluster.go b/pkg/common/infrastructure/cluster.go index 491c6ea1e9..6c3a7c8e96 100644 --- a/pkg/common/infrastructure/cluster.go +++ b/pkg/common/infrastructure/cluster.go @@ -111,11 +111,11 @@ func initializeIfNeeded() { } if hasAPIGroup(apiGroups, "route.openshift.io") { - infrastructure = Kubernetes - isOpenShiftOAuthEnabled = false - } else { infrastructure = OpenShiftV4 isOpenShiftOAuthEnabled = hasAPIResource(apiResources, OAuthClientsResources) + } else { + infrastructure = Kubernetes + isOpenShiftOAuthEnabled = false } isLeaderElectionEnabled = hasAPIResource(apiResources, LeasesResources) From 4f9cba6a8445695c2c3d23b118b6e51c32cd9116 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Tue, 27 Jan 2026 16:41:09 +0100 Subject: [PATCH 3/7] fixup Signed-off-by: Anatolii Bazko --- cmd/main.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cmd/main.go b/cmd/main.go index a5a1879d81..fed861dd5b 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -17,6 +17,7 @@ import ( "os" "time" + dwInfra "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/infrastructure" oauthv1 "github.com/openshift/api/oauth/v1" userv1 "github.com/openshift/api/user/v1" @@ -197,6 +198,11 @@ func getWatchNamespace() (string, error) { } func main() { + if err := dwInfra.Initialize(); err != nil { + setupLog.Error(err, "Failed to initialize infrastructure") + os.Exit(1) + } + watchNamespace, err := getWatchNamespace() if err != nil { setupLog.Error(err, "unable to get WatchNamespace, "+ From 460a114aab73db2fc512de7d1704ea098effe07f Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Wed, 28 Jan 2026 16:37:46 +0100 Subject: [PATCH 4/7] fixup Signed-off-by: Anatolii Bazko --- pkg/deploy/server/server_configmap.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkg/deploy/server/server_configmap.go b/pkg/deploy/server/server_configmap.go index aab4c54905..0ddb37604e 100644 --- a/pkg/deploy/server/server_configmap.go +++ b/pkg/deploy/server/server_configmap.go @@ -57,6 +57,9 @@ type CheConfigMap struct { OpenShiftOAuthEnabled string `json:"CHE_INFRA_OPENSHIFT_OAUTH__ENABLED"` K8STrustCerts string `json:"CHE_INFRA_KUBERNETES_TRUST__CERTS"` CheLogLevel string `json:"CHE_LOG_LEVEL"` + IdentityProviderUrl string `json:"CHE_OIDC_AUTH__SERVER__URL,omitempty"` + IdentityProviderInternalURL string `json:"CHE_OIDC_AUTH__INTERNAL__SERVER__URL,omitempty"` + OpenShiftIdentityProvider string `json:"CHE_INFRA_OPENSHIFT_OAUTH__IDENTITY__PROVIDER"` JavaOpts string `json:"JAVA_OPTS"` PluginRegistryUrl string `json:"CHE_WORKSPACE_PLUGIN__REGISTRY__URL,omitempty"` PluginRegistryInternalUrl string `json:"CHE_WORKSPACE_PLUGIN__REGISTRY__INTERNAL__URL,omitempty"` @@ -72,9 +75,12 @@ type CheConfigMap struct { // GetCheConfigMapData gets env values from CR spec and returns a map with key:value // which is used in CheCluster ConfigMap to configure CheCluster master behavior func (s *CheServerReconciler) getCheConfigMapData(ctx *chetypes.DeployContext) (cheEnv map[string]string, err error) { + identityProviderURL := ctx.CheCluster.Spec.Networking.Auth.IdentityProviderURL infra := "kubernetes" + openShiftIdentityProviderId := "NULL" if infrastructure.IsOpenShift() { infra = "openshift" + openShiftIdentityProviderId = "openshift-v4" } proxyJavaOpts := "" @@ -161,6 +167,7 @@ func (s *CheServerReconciler) getCheConfigMapData(ctx *chetypes.DeployContext) ( TlsSupport: "true", K8STrustCerts: "true", CheLogLevel: cheLogLevel, + OpenShiftIdentityProvider: openShiftIdentityProviderId, JavaOpts: constants.DefaultJavaOpts + " " + proxyJavaOpts, PluginRegistryUrl: pluginRegistryURL, PluginRegistryInternalUrl: pluginRegistryInternalURL, From 940d0c3502df93b455a2dee438b993a7cc2eefd6 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Wed, 28 Jan 2026 16:39:18 +0100 Subject: [PATCH 5/7] fixup Signed-off-by: Anatolii Bazko --- pkg/deploy/server/server_configmap.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/deploy/server/server_configmap.go b/pkg/deploy/server/server_configmap.go index 0ddb37604e..eae5314427 100644 --- a/pkg/deploy/server/server_configmap.go +++ b/pkg/deploy/server/server_configmap.go @@ -76,6 +76,7 @@ type CheConfigMap struct { // which is used in CheCluster ConfigMap to configure CheCluster master behavior func (s *CheServerReconciler) getCheConfigMapData(ctx *chetypes.DeployContext) (cheEnv map[string]string, err error) { identityProviderURL := ctx.CheCluster.Spec.Networking.Auth.IdentityProviderURL + infra := "kubernetes" openShiftIdentityProviderId := "NULL" if infrastructure.IsOpenShift() { @@ -186,6 +187,7 @@ func (s *CheServerReconciler) getCheConfigMapData(ctx *chetypes.DeployContext) ( Http2Disable: strconv.FormatBool(true), } + data.IdentityProviderUrl = identityProviderURL out, err := json.Marshal(data) if err != nil { fmt.Println(err) From 18f9ee13439d8ac3773d27684d695730fda7817a Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Wed, 28 Jan 2026 17:31:04 +0100 Subject: [PATCH 6/7] fixup Signed-off-by: Anatolii Bazko --- pkg/deploy/server/server_configmap.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/pkg/deploy/server/server_configmap.go b/pkg/deploy/server/server_configmap.go index eae5314427..578080ea85 100644 --- a/pkg/deploy/server/server_configmap.go +++ b/pkg/deploy/server/server_configmap.go @@ -59,7 +59,6 @@ type CheConfigMap struct { CheLogLevel string `json:"CHE_LOG_LEVEL"` IdentityProviderUrl string `json:"CHE_OIDC_AUTH__SERVER__URL,omitempty"` IdentityProviderInternalURL string `json:"CHE_OIDC_AUTH__INTERNAL__SERVER__URL,omitempty"` - OpenShiftIdentityProvider string `json:"CHE_INFRA_OPENSHIFT_OAUTH__IDENTITY__PROVIDER"` JavaOpts string `json:"JAVA_OPTS"` PluginRegistryUrl string `json:"CHE_WORKSPACE_PLUGIN__REGISTRY__URL,omitempty"` PluginRegistryInternalUrl string `json:"CHE_WORKSPACE_PLUGIN__REGISTRY__INTERNAL__URL,omitempty"` @@ -78,10 +77,8 @@ func (s *CheServerReconciler) getCheConfigMapData(ctx *chetypes.DeployContext) ( identityProviderURL := ctx.CheCluster.Spec.Networking.Auth.IdentityProviderURL infra := "kubernetes" - openShiftIdentityProviderId := "NULL" if infrastructure.IsOpenShift() { infra = "openshift" - openShiftIdentityProviderId = "openshift-v4" } proxyJavaOpts := "" @@ -168,7 +165,6 @@ func (s *CheServerReconciler) getCheConfigMapData(ctx *chetypes.DeployContext) ( TlsSupport: "true", K8STrustCerts: "true", CheLogLevel: cheLogLevel, - OpenShiftIdentityProvider: openShiftIdentityProviderId, JavaOpts: constants.DefaultJavaOpts + " " + proxyJavaOpts, PluginRegistryUrl: pluginRegistryURL, PluginRegistryInternalUrl: pluginRegistryInternalURL, From a9644ed33c37f789a6c9516504441c83abe1c72c Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Tue, 3 Feb 2026 11:15:41 +0100 Subject: [PATCH 7/7] feat: Support OpenShift external IDP Signed-off-by: Anatolii Bazko --- pkg/common/infrastructure/cluster.go | 3 ++- pkg/deploy/server/server_configmap.go | 8 ++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/pkg/common/infrastructure/cluster.go b/pkg/common/infrastructure/cluster.go index 6c3a7c8e96..386ffbaecd 100644 --- a/pkg/common/infrastructure/cluster.go +++ b/pkg/common/infrastructure/cluster.go @@ -77,7 +77,8 @@ func IsKubernetesImagePullerEnabled() bool { func InitializeForTesting(desiredInfrastructure Type) { infrastructure = desiredInfrastructure - if infrastructure == OpenShiftV4 { + + if IsOpenShift() { isOpenShiftOAuthEnabled = true } else { isOpenShiftOAuthEnabled = false diff --git a/pkg/deploy/server/server_configmap.go b/pkg/deploy/server/server_configmap.go index 578080ea85..f6015fff69 100644 --- a/pkg/deploy/server/server_configmap.go +++ b/pkg/deploy/server/server_configmap.go @@ -74,11 +74,11 @@ type CheConfigMap struct { // GetCheConfigMapData gets env values from CR spec and returns a map with key:value // which is used in CheCluster ConfigMap to configure CheCluster master behavior func (s *CheServerReconciler) getCheConfigMapData(ctx *chetypes.DeployContext) (cheEnv map[string]string, err error) { - identityProviderURL := ctx.CheCluster.Spec.Networking.Auth.IdentityProviderURL - - infra := "kubernetes" + var infra string if infrastructure.IsOpenShift() { infra = "openshift" + } else { + infra = "kubernetes" } proxyJavaOpts := "" @@ -176,6 +176,7 @@ func (s *CheServerReconciler) getCheConfigMapData(ctx *chetypes.DeployContext) ( SingleHostGatewayConfigMapLabels: singleHostGatewayConfigMapLabels, CheDevWorkspacesEnabled: strconv.FormatBool(true), OpenShiftOAuthEnabled: strconv.FormatBool(infrastructure.IsOpenShiftOAuthEnabled()), + IdentityProviderUrl: ctx.CheCluster.Spec.Networking.Auth.IdentityProviderURL, // Disable HTTP2 protocol. // Fix issue with creating config maps on the cluster https://issues.redhat.com/browse/CRW-2677 // The root cause is in the HTTP2 protocol support of the okttp3 library that is used by fabric8.kubernetes-client that is used by che-server @@ -183,7 +184,6 @@ func (s *CheServerReconciler) getCheConfigMapData(ctx *chetypes.DeployContext) ( Http2Disable: strconv.FormatBool(true), } - data.IdentityProviderUrl = identityProviderURL out, err := json.Marshal(data) if err != nil { fmt.Println(err)