Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Eclispe Che Dashboard User Settings to Store SSH Keys or Personal Access Tokens for devfile checkout of Private Git Repositories. #20423

Closed
Mbd06b opened this issue Sep 6, 2021 · 5 comments
Closed

Eclispe Che Dashboard User Settings to Store SSH Keys or Personal Access Tokens for devfile checkout of Private Git Repositories. #20423

Mbd06b opened this issue Sep 6, 2021 · 5 comments
Labels
kind/question Questions that haven't been identified as being feature requests or bugs. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.

Comments

@Mbd06b
Copy link

Mbd06b commented Sep 6, 2021
edited
Loading

Is your enhancement related to a problem? Please describe

As a user, I am frustrated at the difficulty and confusion in documentation for configuring che 7 so that devfiles I (as an author) can checkout code and workspaces form my private repositories.

The configuring GitHub OAuth documentation is painful, because it requires direct configuration of a kubectl secret which introduces confusion over the mismatch between base64 encoded secrets, and the GitHub generated client id and secret strings.
https://www.eclipse.org/che/docs/che-7/administration-guide/configuring-authorization/#enabling-authentication-with-social-accounts-and-brokering_che

Lastly, documentation only refers to keycloak's configuration with Github, but it does not specify what options in the identity provider should be selected for Eclipse Che https://www.keycloak.org/docs/6.0//server_admin/#github

  • Default Scopes?
  • Store Tokens?
  • Store Tokens Readable ?
  • Enabled (assumed yes)
  • Disable User Info ?
  • Trust Email ?
  • GUI Order ?
  • First Login Flow? (assumed first broker login)
  • Post Login Flow?
    Is there documentation out there that specifies? Not that I've found yet.

I also have understood OAuth to be a login feature, but currently don't understand how it might facilitate ssh_key connections to Github. Due to confusion wit the whole oAuth Authentication/Authorization spec itself I might even be barking up the wrong tree here and not even know it.

Describe the solution you'd like

Similarly to Azure Devops, Gitlab, or Github, I would like the ability to store personal access tokens, and ssh keys, to my che user account, in the User Account area of the Che Dashboard, so that devfiles I author can be checked out from private repositories when authoring workspaces.

So avoiding the configuration complexities by providing a similar UI solution.

If that's not an option,
I would like clarification in the documentation how the identity providers should be configured for Che in Keycloak.

And if that doesn't solve my issue,
I want some way of authoring devfiles and checkout code from a private repository, without having to perform in-editor ssh key configurations on every workspace.

Describe alternatives you've considered

Following the configuring Github Authorization. https://www.eclipse.org/che/docs/che-7/administration-guide/configuring-authorization/

I still had no success in the preferences of theia editor... I get this error message saying I need to set something up when trying to pull...
image

Additional context

keycloak
Identity Provider Configuration in Keycloak, I have no idea if this is what is expected.

image
User Preferences could be used for User Configuartion of Github SSH_Keys, or Personal Access Tokens

image
(standard https connections are being deprecated)

currently on Che 7.28.2 (chectl 7.35.2)
@Mbd06b Mbd06b added the kind/enhancement A feature request - must adhere to the feature request template. label Sep 6, 2021
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Sep 6, 2021
@skabashnyuk
Copy link
Contributor

skabashnyuk commented Sep 7, 2021
edited
Loading

@Mbd06b thank you for this report and sorry for that inconvenience. I/we would like to make documentation and product better in this area. To do so I need to know a bit more about your environment. Is this:

  • k8s or OpenShift?
  • How did you install Che? Helm or operator?
  • What was the repo URL?
  • Did you use factories?

@skabashnyuk skabashnyuk added area/che-server area/factory/server Server side of factory implementation team/platform sprint/next and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Sep 7, 2021
@Mbd06b
Copy link
Author

Mbd06b commented Sep 7, 2021
edited
Loading

@Mbd06b thank you for this report and sorry for that inconvenience. I/we would like to make documentation and product better in this area. To do so I need to know a bit more about your environment. Is this:

  • How did you install Che? Helm or operator?
    (I started with helm, but I think I've reinstalled recently with the operator, I maintain almost everything with the chectl)
  • Did you use factories?
    (I just am taking a "getting started" template like the Spring Boot MySql starter that works and replacing the "project.name.source.location" with my private repository (https link) and removing the commitId. Side Question: can the SSH git link be used in the location? EX: "[email protected]:Mbd06b/matriculator.git" )

@RomanNikitenko RomanNikitenko added the severity/P1 Has a major impact to usage or development of the system. label Sep 7, 2021
@skabashnyuk
Copy link
Contributor

skabashnyuk commented Sep 8, 2021
edited
Loading

(I started with helm, but I think I've reinstalled recently with the operator, I maintain almost everything with the chectl)

I believe the helm is the answer to why the secret mentioned in this document https://www.eclipse.org/che/docs/che-7/administration-guide/configuring-authorization/#configuring-github-oauth_che didn't work for you. We forgot to add che-operator to the prerequisites. Document has to be updated.

(I just am taking a "getting started" template like the Spring Boot MySql starter that works and replacing the "project.name.source.location" with my private repository (https link) and removing the commitId.

It is hard for me to understand the desired behavior for your users. If I'm not mistaken at this point, only factories https://www.eclipse.org/che/docs/che-7/end-user-guide/creating-a-workspace-from-remote-devfile/ initiate an automated process to get Github tokens.

ide Question: can the SSH git link be used in the location? EX: "[email protected]:Mbd06b/matriculator.git" )

CC @vinokurig @svor Can you remind me the process with SSH.

@vinokurig
Copy link
Contributor

vinokurig commented Sep 8, 2021
edited
Loading

@Mbd06b

ide Question: can the SSH git link be used in the location? EX: "[email protected]:Mbd06b/matriculator.git" )

Yes, it works in the same way as a usual HTTPS link in case an SSH key has been setup. See https://www.eclipse.org/che/docs/che-7/end-user-guide/version-control/#accessing-a-git-repository-via-ssh_che

@skabashnyuk skabashnyuk added kind/question Questions that haven't been identified as being feature requests or bugs. and removed kind/enhancement A feature request - must adhere to the feature request template. team/platform severity/P1 Has a major impact to usage or development of the system. area/che-server area/factory/server Server side of factory implementation labels Feb 4, 2022
@che-bot
Copy link
Contributor

che-bot commented Aug 3, 2022

Issues go stale after 180 days of inactivity. lifecycle/stale issues rot after an additional 7 days of inactivity and eventually close.

Mark the issue as fresh with /remove-lifecycle stale in a new comment.

If this issue is safe to close now please do so.

Moderators: Add lifecycle/frozen label to avoid stale mode.

@che-bot che-bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 3, 2022
@che-bot che-bot closed this as completed Aug 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/question Questions that haven't been identified as being feature requests or bugs. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@skabashnyuk @RomanNikitenko @vinokurig @Mbd06b @che-bot