-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New blog post about configuring git repositories #24
Conversation
c8dba8f
to
c0ee584
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks like a few .idea
files have been added
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please review my suggested changes.
If you don't feel like any suggested change is correct or warranted, please respond in the comment thread so that we can discuss and review it. I'll be happy to suggest an alternative.
Co-authored-by: Max Leonov <mleonov@redhat.com>
Co-authored-by: Max Leonov <mleonov@redhat.com>
Co-authored-by: Max Leonov <mleonov@redhat.com>
Signed-off-by: Pavol Baran <pbaran@redhat.com>
@max-cx the suggestions have been applied. Do you plan to approve the PR? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGMT
@@ -0,0 +1,267 @@ | |||
--- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@xbaran4 looks like you can now put the date for publication
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the date somewhere specified or is it up to me? The schedule in #19 is oudated.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you can pick the date and update the issue description
|
||
$ cat public.pub | sed 's/-----BEGIN PUBLIC KEY-----//g' | sed 's/-----END PUBLIC KEY-----//g' | tr -d '\n' > public-stripped.pub | ||
|
||
$ cat privatepkcs8.pem | sed 's/-----BEGIN PRIVATE KEY-----//g' | sed 's/-----END PRIVATE KEY-----//g' | tr -d '\n' > privatepkcs8-stripped.pem |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@xbaran4, is there a step where this file gets encoded to Base64? I can't find it. It looks like the procedure for applying the secret requires it encoded to Base64.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No it's not here. But it's not only the private key. The consumer key also needs to be base64 encoded (even though it's created like this openssl rand -base64 24
). And I noticed something that's not in our documentation (https://www.eclipse.org/che/docs/che-7/administration-guide/configuring-authorization/#proc_configuring-bitbucket-server-oauth1_che), but is in our testing script. The bitbucket secret also needs to contain the shared secret. I am going to update it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@xbaran4, by "something that's not in our documentation" do you mean https://github.com/skabashnyuk/gitsrv/blob/main/bitbucket/4_setupche.sh ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@xbaran4, can I add base64
here then?
$ cat privatepkcs8.pem | sed 's/-----BEGIN PRIVATE KEY-----//g' | sed 's/-----END PRIVATE KEY-----//g' | tr -d '\n' > privatepkcs8-stripped.pem | |
$ cat privatepkcs8.pem | sed 's/-----BEGIN PRIVATE KEY-----//g' | sed 's/-----END PRIVATE KEY-----//g' | tr -d '\n' | base64 > privatepkcs8-stripped.pem |
|
||
==== Admin side | ||
|
||
After you've created the reference on the Git SCM, your {prod-short} administrator will create the following Kubernetes secret. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@xbaran4, let's say I am a Che user, and I have my own private fork of our team's private project repository because I do my work in my fork. If I set up, let's say a GitHub OAuth App, and the Che admin applies a Secret for it. Will this Secret enable my colleagues to access my private (my fork) repository with whatever (write-repo
) permissions that I specified when setting up my GitHub OAuth App?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You need to go through the oauth flow to get an access token (which is then used to read/write etc). This access token is created for your Che user in his k8s namespace. If your colleague wanted his own access token, he would need to go through the oauth flow as well. Which means he would need to login to GitHub with your GitHub credentials.
Co-authored-by: Max Leonov <mleonov@redhat.com>
Signed-off-by: Pavol Baran <pbaran@redhat.com>
|
||
Before you can access a private Git repository, some actions are required from you as a non-privileged user and from your {prod-short} administrator. Those actions are required for configuring the OAuth authorization so that {prod-short} can act on behalf of the user account on the Git SCM server. GitHub and GitLab use OAuth2, whereas Bitbucket uses OAuth1. | ||
|
||
==== User side |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello, according to the docs and this comment: eclipse-che/che#21298 (comment) this should be a task meant to be performed by the admin.
Could we remove this User side
section since the oauth app creation, retrieving client ID and client secret should be also done by an admin?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good catch 👍
OAuth config is expected to be admin SOP
Co-authored-by: David Kwon <dakwon@redhat.com>
Closing as outdated |
Blog post about configuring git repositories. Jira issue https://issues.redhat.com/browse/RHDEVDOCS-3501