Config Store Theia extension to inject credentials and other config into session pods

[lucas-koehler]

Is your feature request related to a problem? Please describe.

There needs to be a way to inject secrets (such as Git credentials) and other user-specific configuration into user sessions that works for lazy and pre-warmed session pods.

Describe the solution you'd like

Implement a Theia extension that can be added to Theia instances running in Theia Cloud.
This extension offers and endpoint that allows to inject credentials or other text-based configuration to Theia.

Concretely, this should also work for pre-warmed pods where injection via environment variables is not possible.
The idea was to implement a key value store that can be used to read values from env values and values which were configured via a REST endpoint of the session pod.

The new feature is the latter case:
Essentially, the config store is a key value store configurable via a REST endpoint in the cluster. When running in a session pod, the endpoint is implicitly protected by the same OAuth proxy as the rest of the Theia instance and should not allow reading values.

To set configuration for a user, the REST service is extended to enable setting values for the authenticated user. With this, a landing page can add values (e.g. a Git access token) here after a pod was started.

The store offers to get values and be notified when new values are set. Consuming Theia extensions can react to this and, for instance, clone a Git repository with credentials.

Describe alternatives you've considered

Use the existing options to inject credentials via environment variables. However, this cannot work for pre-warmed session pods because environment variables of a running process cannot be changed after the process has been started.

Cluster provider

No response

Additional information

No response