-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[devworkspace-che-operator] Prototype and plan of controller that is reconciling resources in user's namespace #20219
Comments
we should explore what oidc guarantees us for user https://openid.net/specs/openid-connect-core-1_0.html#UserInfo and how it is implemented on OpenShift |
This is what I've got from dex on
Openshift implementation does not have |
According to https://docs.microsoft.com/en-us/azure/active-directory/develop/userinfo the ID token should contain the same information as userinfo.. does openshift oauth give access to the id token? |
IMHO openshift uses only sha256 token so we can't get anything from the token itself. I've never seen anything else on openshift (You can get it in openshift console https://docs.openshift.com/online/pro/cli_reference/get_started_cli.html#installing-the-cli see the 1st paragraph) |
PR eclipse-che/che-operator#1027 and plan #20168 (comment) |
I've compiled a list of "settings" that the che-server is currently provisioning into the workspace pod that are not yet explicitly done in DWO or che-operator. @sleshchenko , @skabashnyuk, could you please take a look if I missed or misinterpreted something there?
|
I've updated #20168 with the list of issues for the above findings and the MVP has been merged into the che-operator, so I'm closing this MVP and planning issue. |
Is your task related to a problem? Please describe.
The goal of this task is to have Prototype and plan version of #20168
Describe the solution you'd like
We need to understand what will be a trigger to start. It could be
If we decide to go in the direction of 1. we need to define a model of this CustomeResource.
Here #20168 we want to reconcile certs and secretes, however
for the prototype I think we can choose one. What is easier.
Describe alternatives you've considered
Trigger on Namespace create/update/delete with proper labels.
Additional context
#20164
The text was updated successfully, but these errors were encountered: