Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New blog post about configuring git repositories #24

Closed

Conversation

xbaran4
Copy link

@xbaran4 xbaran4 commented Feb 16, 2022

Blog post about configuring git repositories. Jira issue https://issues.redhat.com/browse/RHDEVDOCS-3501

Copy link
Member

@ibuziuk ibuziuk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks like a few .idea files have been added

Copy link

@max-cx max-cx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please review my suggested changes.
If you don't feel like any suggested change is correct or warranted, please respond in the comment thread so that we can discuss and review it. I'll be happy to suggest an alternative.

_posts/2022-XX-XX-configuring-git-repositories.adoc Outdated Show resolved Hide resolved
_posts/2022-XX-XX-configuring-git-repositories.adoc Outdated Show resolved Hide resolved
_posts/2022-XX-XX-configuring-git-repositories.adoc Outdated Show resolved Hide resolved
_posts/2022-XX-XX-configuring-git-repositories.adoc Outdated Show resolved Hide resolved
_posts/2022-XX-XX-configuring-git-repositories.adoc Outdated Show resolved Hide resolved
_posts/2022-XX-XX-configuring-git-repositories.adoc Outdated Show resolved Hide resolved
_posts/2022-XX-XX-configuring-git-repositories.adoc Outdated Show resolved Hide resolved
_posts/2022-XX-XX-configuring-git-repositories.adoc Outdated Show resolved Hide resolved
_posts/2022-XX-XX-configuring-git-repositories.adoc Outdated Show resolved Hide resolved
_posts/2022-XX-XX-configuring-git-repositories.adoc Outdated Show resolved Hide resolved
xbaran4 and others added 2 commits March 1, 2022 07:25
Co-authored-by: Max Leonov <mleonov@redhat.com>
Co-authored-by: Max Leonov <mleonov@redhat.com>
xbaran4 and others added 2 commits March 2, 2022 10:18
Co-authored-by: Max Leonov <mleonov@redhat.com>
Signed-off-by: Pavol Baran <pbaran@redhat.com>
@xbaran4 xbaran4 marked this pull request as ready for review March 7, 2022 10:10
@ibuziuk
Copy link
Member

ibuziuk commented Mar 16, 2022

@max-cx the suggestions have been applied. Do you plan to approve the PR?

Copy link

@max-cx max-cx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGMT

@@ -0,0 +1,267 @@
---
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@xbaran4 looks like you can now put the date for publication

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the date somewhere specified or is it up to me? The schedule in #19 is oudated.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you can pick the date and update the issue description


$ cat public.pub | sed 's/-----BEGIN PUBLIC KEY-----//g' | sed 's/-----END PUBLIC KEY-----//g' | tr -d '\n' > public-stripped.pub

$ cat privatepkcs8.pem | sed 's/-----BEGIN PRIVATE KEY-----//g' | sed 's/-----END PRIVATE KEY-----//g' | tr -d '\n' > privatepkcs8-stripped.pem
Copy link

@max-cx max-cx Mar 22, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@xbaran4, is there a step where this file gets encoded to Base64? I can't find it. It looks like the procedure for applying the secret requires it encoded to Base64.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No it's not here. But it's not only the private key. The consumer key also needs to be base64 encoded (even though it's created like this openssl rand -base64 24). And I noticed something that's not in our documentation (https://www.eclipse.org/che/docs/che-7/administration-guide/configuring-authorization/#proc_configuring-bitbucket-server-oauth1_che), but is in our testing script. The bitbucket secret also needs to contain the shared secret. I am going to update it.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@xbaran4, by "something that's not in our documentation" do you mean https://github.com/skabashnyuk/gitsrv/blob/main/bitbucket/4_setupche.sh ?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@xbaran4, can I add base64 here then?

Suggested change
$ cat privatepkcs8.pem | sed 's/-----BEGIN PRIVATE KEY-----//g' | sed 's/-----END PRIVATE KEY-----//g' | tr -d '\n' > privatepkcs8-stripped.pem
$ cat privatepkcs8.pem | sed 's/-----BEGIN PRIVATE KEY-----//g' | sed 's/-----END PRIVATE KEY-----//g' | tr -d '\n' | base64 > privatepkcs8-stripped.pem


==== Admin side

After you've created the reference on the Git SCM, your {prod-short} administrator will create the following Kubernetes secret.
Copy link

@max-cx max-cx Mar 23, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@xbaran4, let's say I am a Che user, and I have my own private fork of our team's private project repository because I do my work in my fork. If I set up, let's say a GitHub OAuth App, and the Che admin applies a Secret for it. Will this Secret enable my colleagues to access my private (my fork) repository with whatever (write-repo) permissions that I specified when setting up my GitHub OAuth App?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You need to go through the oauth flow to get an access token (which is then used to read/write etc). This access token is created for your Che user in his k8s namespace. If your colleague wanted his own access token, he would need to go through the oauth flow as well. Which means he would need to login to GitHub with your GitHub credentials.

xbaran4 and others added 2 commits March 28, 2022 09:51
Co-authored-by: Max Leonov <mleonov@redhat.com>
Signed-off-by: Pavol Baran <pbaran@redhat.com>

Before you can access a private Git repository, some actions are required from you as a non-privileged user and from your {prod-short} administrator. Those actions are required for configuring the OAuth authorization so that {prod-short} can act on behalf of the user account on the Git SCM server. GitHub and GitLab use OAuth2, whereas Bitbucket uses OAuth1.

==== User side
Copy link
Contributor

@dkwon17 dkwon17 Mar 28, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello, according to the docs and this comment: eclipse-che/che#21298 (comment) this should be a task meant to be performed by the admin.

Could we remove this User side section since the oauth app creation, retrieving client ID and client secret should be also done by an admin?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good catch 👍
OAuth config is expected to be admin SOP

Co-authored-by: David Kwon <dakwon@redhat.com>
@ibuziuk
Copy link
Member

ibuziuk commented May 7, 2024

Closing as outdated

@ibuziuk ibuziuk closed this May 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants