Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Change the git-userdata configmap to secret #1313

Closed
wants to merge 1 commit into from
Closed

Change the git-userdata configmap to secret #1313

wants to merge 1 commit into from

Conversation

vinokurig
Copy link
Contributor

@vinokurig vinokurig commented Feb 10, 2025
edited
Loading

What does this PR do?

Store the gitconfig automaunt content to secret instead of configmap. This is needed to have all gitconfig automaunt values in one secret as devworkspace operator does not support mount to gitconfig from multiple objects.

The goal of having a single place to mount gitconfig values is that we need to mount additional gitconfig section apart from the [user] section. Currently we mount only username and email from the workspace-userdata-gitconfig-configmap configmap but in the scope of the Azure devops server support we also need to mount azure token as an http.extraHeader value:

[http]
    extraHeader: Bearer <azure token>

We can not mount the http section in a separate secret because devworkspace operator does not support gitconfig mount from multiple objects, see https://github.com/devfile/devworkspace-operator/blob/a6ec0bfb254ae1f63283b507475fba69b9768ac5/pkg/provision/automount/common.go#L223-L225.

Screenshot/screencast of this PR

What issues does this PR fix or reference?

eclipse-che/che#23306

Is it tested? How?

  1. Go to the user preferences -> Gitconfig
  2. Set up username and email

See: the data is stored to the devworkspace-gitconfig-automaunt-secret Secret in the user namespace.

Release Notes

Docs PR

@che-bot
Copy link
Contributor

che-bot commented Feb 10, 2025

Click here to review and test in web IDE: Contribute

@vinokurig vinokurig mentioned this pull request Feb 10, 2025
Open
9 tasks
ibuziuk
ibuziuk reviewed Feb 10, 2025
View reviewed changes
Copy link
Member

@ibuziuk ibuziuk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vinokurig what about backward compatibility?

@github-actions GitHub Actions
Copy link

Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1313

kubectl patch command 
kubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1313", name: che-dashboard}]}}]"

@ibuziuk ibuziuk requested review from tolusha and artaleks9 February 10, 2025 15:12
@vinokurig
Copy link
Contributor Author

vinokurig commented Feb 10, 2025
edited
Loading

@ibuziuk

what about backward compatibility?

We do not have the backward compatibility yet. To have it we can:

  • Use the current workspace-userdata-gitconfig-configmap as the single place to store the gitconfig mount. cons:
    • Sensitiva data such as tokens should be stored in a secret.
    • The configmap name is too specific to store other then username and email data.
  • Deprecate the configmap and add a temporary mechanism that will transfer data from the configmap to the new secret.

WDYT?

@codecov Codecov
Copy link

codecov bot commented Feb 10, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91.88%. Comparing base (f2e8000) to head (af05927).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1313      +/-   ##
==========================================
+ Coverage   91.65%   91.88%   +0.23%     
==========================================
  Files         500      500              
  Lines       45489    45494       +5     
  Branches     3173     3187      +14     
==========================================
+ Hits        41691    41803     +112     
+ Misses       3766     3660     -106     
+ Partials       32       31       -1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

olexii4
olexii4 reviewed Feb 10, 2025
View reviewed changes
Copy link
Contributor

@olexii4 olexii4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vinokurig I tested this PR with Dashboard Version 7.99.0-next.

Before update:
Знімок екрана 2025-02-10 о 21 22 36

After update:
Знімок екрана 2025-02-10 о 21 22 43

Let's read the git-userdata(if they exist) from configmap and store it into secret. Then, removed the git-userdata from configmap.

WDYT?

@vinokurig
Copy link
Contributor Author

vinokurig commented Feb 11, 2025
edited
Loading

@olexii4
I have fixed the issue with the previously stored data in the related che-server pull request eclipse-che/che-server#754

olexii4
olexii4 approved these changes Feb 11, 2025
View reviewed changes
Copy link
Contributor

@olexii4 olexii4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@openshift-ci openshift-ci bot added the lgtm label Feb 11, 2025
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Feb 11, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: olexii4, vinokurig

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tolusha
Copy link
Contributor

tolusha commented Feb 12, 2025

I faced the same problem, I can't see gitconfig after switching to the new image.
BTW, we have to update the doc as well
https://eclipse.dev/che/docs/stable/end-user-guide/mounting-git-configuration/

ibuziuk
ibuziuk reviewed Feb 12, 2025
View reviewed changes
packages/dashboard-backend/src/devworkspaceClient/services/gitConfigApi/index.ts
Comment on lines 44 to 47
if (helpers.errors.isKubeClientError(error) && error.statusCode === 404) {
// Create gitconfig configmap if it does not exist
return this.createGitConfigMap(namespace);
// Create gitconfig secret if it does not exist
return this.createGitConfigSecret(namespace);
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm wondering how this change would be working from the backward compatibility perspective?
e.g. if there is a cm with gitconfig once the new version of the project is rolled out would the gitconfig be blank?

@vinokurig vinokurig closed this Feb 12, 2025
@vinokurig
Copy link
Contributor Author

We decided to close this pull request and go with using the current configmap.

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@ibuziuk ibuziuk ibuziuk left review comments

@olexii4 olexii4 olexii4 approved these changes

@akurinnoy akurinnoy Awaiting requested review from akurinnoy akurinnoy is a code owner

@tolusha tolusha Awaiting requested review from tolusha

@artaleks9 artaleks9 Awaiting requested review from artaleks9

Assignees

@olexii4 olexii4

Labels
lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@vinokurig @che-bot @tolusha @ibuziuk @olexii4