-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add machine token support for GWT-IDE #13137
Add machine token support for GWT-IDE #13137
Conversation
Can one of the admins verify this patch? |
2 similar comments
Can one of the admins verify this patch? |
Can one of the admins verify this patch? |
@monaka can you describe what this pr is doing and how? |
@skabashnyuk I added We've not decided how IDE call APIs that are required Keycloack tokens for now. So I added machine tokens related patches only in this PR. |
I'm confused with this change. Is there any authorization made before this token would be added? |
@skabashnyuk That code is run under IDE sidecar container. AFAIK, all sidecar containers are added their machine token as the environment variable. |
@skabashnyuk Prior the workspace starts, the web browser is authorized by API endpoint and get the This is the reason why we can add the bearer token at Traefik with no authentication. |
ci-test |
Results of automated E2E tests of Eclipse Che Multiuser on OCP: |
Signed-off-by: Masaki Muranaka <monaka@monami-ya.com>
…urces. They are used by GWT-IDE. They have no sensitive data. Signed-off-by: Masaki Muranaka <monaka@monami-ya.com>
Can one of the admins verify this PR? |
@eclipse/eclipse-che-qa can you take a look too? |
Selenium tests execution on Eclipse Che Multiuser on OCP (https://ci.codenvycorp.com/job/che-pullrequests-test-ocp/1718//Selenium_20tests_20report/) doesn't show any regression against this Pull Request. |
ci-build |
@SkorikSergey
|
ci-build |
@SkorikSergey Hmm...? This branch was built with success on my CI server. https://dev.azure.com/pizzafactory/camino/_build/results?buildId=506 |
ci-build |
|
@SkorikSergey Thanks! |
What does this PR do?
Enables to access API server via JWT-proxy from GWT-IDE.
This is a first step.
Some more patches are required to run GWT-IDE with JWT-proxy.
The overview of fixes.
Traefik related fixes are interim. Whole Traefik will be replaced to more lightweight one in the future.
Authorization: Bearer ${CHE_MACHINE_TOKEN}
header to/api
calls.dockerfiles/gwt-ide/traefik.toml
dockerfiles/gwt-ide/traefik_conf.sh
/api/project-template
and/api/installer
by valid machine tokens.multiuser/machine-auth/che-multiuser-machine-authentication/src/main/java/org/eclipse/che/multiuser/machine/authentication/server/MachineAuthModule.java
The
/api/project-template
related fixes will be resolve a part of #12273 .What issues does this PR fix or reference?
refs: #12243 #12273 #12956 #13099