Added MachineTokenProvider interface with different implementations

assembly-multiuser/assembly-wsmaster-war/pom.xml

@@ -103,10 +103,6 @@
             <groupId>org.eclipse.che.multiuser</groupId>
             <artifactId>che-multiuser-sql-schema</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.eclipse.che.multiuser</groupId>
-            <artifactId>multiuser-infrastructure-openshift</artifactId>
-        </dependency>
         <dependency>
             <groupId>org.eclipse.che.plugin</groupId>
             <artifactId>che-plugin-activity-wsmaster</artifactId>

assembly-multiuser/assembly-wsmaster-war/src/main/java/org/eclipse/che/api/deploy/MachineAuthModule.java

@@ -11,9 +11,11 @@
 package org.eclipse.che.api.deploy;
 
 import com.google.inject.AbstractModule;
+import org.eclipse.che.api.workspace.server.MachineTokenProvider;
 import org.eclipse.che.commons.auth.token.ChainedTokenExtractor;
 import org.eclipse.che.commons.auth.token.RequestTokenExtractor;
 import org.eclipse.che.inject.DynaModule;
+import org.eclipse.che.multiuser.machine.authentication.server.MachineTokenProviderImpl;
 
 /**
  * Machine authentication bindings.
@@ -32,5 +34,7 @@ protected void configure() {
     bind(org.eclipse.che.multiuser.machine.authentication.server.MachineTokenRegistry.class);
     bind(org.eclipse.che.multiuser.machine.authentication.server.MachineSessionInvalidator.class);
     bind(RequestTokenExtractor.class).to(ChainedTokenExtractor.class);
+
+    bind(MachineTokenProvider.class).to(MachineTokenProviderImpl.class);
   }
 }

assembly-multiuser/assembly-wsmaster-war/src/main/java/org/eclipse/che/api/deploy/MultiUserCheWsMasterModule.java

@@ -32,16 +32,13 @@
 import org.eclipse.che.security.PBKDF2PasswordEncryptor;
 import org.eclipse.che.security.PasswordEncryptor;
 import org.eclipse.che.workspace.infrastructure.openshift.OpenShiftInfraModule;
-import org.eclipse.che.workspace.infrastructure.openshift.provision.installer.InstallerConfigProvisioner;
-import org.eclipse.che.workspace.infrastructure.openshift.provision.installer.MultiuserInstallerConfigProvisioner;
 
 @DynaModule
 public class MultiUserCheWsMasterModule extends AbstractModule {
 
   @Override
   protected void configure() {
     bind(ServerCheckerFactoryImpl.class).to(AuthServerCheckerFactoryImpl.class);
-    bind(InstallerConfigProvisioner.class).to(MultiuserInstallerConfigProvisioner.class);
     install(new OpenShiftInfraModule());
 
     bind(TemplateProcessor.class).to(STTemplateProcessorImpl.class);

assembly/assembly-wsmaster-war/src/main/java/org/eclipse/che/api/deploy/CheWsMasterModule.java

@@ -14,6 +14,7 @@
 import com.google.inject.name.Names;
 import javax.sql.DataSource;
 import org.eclipse.che.api.user.server.TokenValidator;
+import org.eclipse.che.api.workspace.server.MachineTokenProvider;
 import org.eclipse.che.inject.DynaModule;
 import org.eclipse.che.workspace.infrastructure.docker.DockerInfraModule;
 import org.eclipse.che.workspace.infrastructure.docker.local.LocalDockerModule;
@@ -38,6 +39,7 @@ protected void configure() {
     }
 
     bind(TokenValidator.class).to(org.eclipse.che.api.local.DummyTokenValidator.class);
+    bind(MachineTokenProvider.class).to(MachineTokenProvider.EmptyMachineTokenProvider.class);
 
     bind(org.eclipse.che.api.workspace.server.stack.StackLoader.class);
     bind(DataSource.class).toProvider(org.eclipse.che.core.db.h2.H2DataSourceProvider.class);

core/commons/che-core-commons-test/src/main/java/org/eclipse/che/commons/test/db/H2JpaCleaner.java

@@ -33,12 +33,6 @@ public H2JpaCleaner(DataSource dataSource) {
     this.dataSource = dataSource;
   }
 
-  /** @deprecated use {@link H2JpaCleaner(H2DBTestServer)} instead. */
-  @Deprecated
-  public H2JpaCleaner() {
-    this(H2TestHelper.inMemoryDefault());
-  }
-
   @Override
   public void clean() {
     super.clean();

infrastructures/docker/src/main/java/org/eclipse/che/workspace/infrastructure/docker/provisioner/server/UserTokenEnvVarProvider.java

@@ -12,19 +12,28 @@
 
 import static org.eclipse.che.workspace.infrastructure.docker.DockerMachine.USER_TOKEN;
 
+import javax.inject.Inject;
 import org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity;
-import org.eclipse.che.commons.env.EnvironmentContext;
+import org.eclipse.che.api.workspace.server.MachineTokenProvider;
 import org.eclipse.che.commons.lang.Pair;
 
 /**
  * Provides environment variable with a token that should be used by servers in a container to
  * access Che master API.
  *
  * @author Alexander Garagatyi
+ * @author Sergii Leshchenko
  */
 public class UserTokenEnvVarProvider implements ServerEnvironmentVariableProvider {
+  private final MachineTokenProvider machineTokenProvider;
+
+  @Inject
+  public UserTokenEnvVarProvider(MachineTokenProvider machineTokenProvider) {
+    this.machineTokenProvider = machineTokenProvider;
+  }
+
   @Override
   public Pair<String, String> get(RuntimeIdentity runtimeIdentity) {
-    return Pair.of(USER_TOKEN, EnvironmentContext.getCurrent().getSubject().getToken());
+    return Pair.of(USER_TOKEN, machineTokenProvider.getToken(runtimeIdentity.getWorkspaceId()));
   }
 }

infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/provision/installer/InstallerConfigProvisioner.java

@@ -17,19 +17,17 @@
 import io.fabric8.kubernetes.api.model.Container;
 import io.fabric8.kubernetes.api.model.EnvVar;
 import io.fabric8.kubernetes.api.model.Pod;
-import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import javax.inject.Inject;
 import javax.inject.Named;
-import org.eclipse.che.api.core.model.workspace.config.ServerConfig;
 import org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity;
 import org.eclipse.che.api.installer.shared.model.Installer;
+import org.eclipse.che.api.workspace.server.MachineTokenProvider;
 import org.eclipse.che.api.workspace.server.WsAgentMachineFinderUtil;
 import org.eclipse.che.api.workspace.server.spi.InfrastructureException;
 import org.eclipse.che.api.workspace.server.spi.InternalEnvironment;
 import org.eclipse.che.api.workspace.server.spi.InternalMachineConfig;
-import org.eclipse.che.workspace.infrastructure.openshift.ServerExposer;
 import org.eclipse.che.workspace.infrastructure.openshift.environment.OpenShiftEnvironment;
 import org.eclipse.che.workspace.infrastructure.openshift.provision.ConfigurationProvisioner;
 import org.slf4j.Logger;
@@ -51,14 +49,18 @@
  * @author Sergii Leshchenko
  */
 public class InstallerConfigProvisioner implements ConfigurationProvisioner {
+
   private static final Logger LOG = getLogger(InstallerConfigProvisioner.class);
 
   private static final String ENVIRONMENT_PROPERTY = "environment";
 
+  private final MachineTokenProvider machineTokenProvider;
   private final String cheServerEndpoint;
 
   @Inject
-  public InstallerConfigProvisioner(@Named("che.api") String cheServerEndpoint) {
+  public InstallerConfigProvisioner(
+      MachineTokenProvider machineTokenProvider, @Named("che.api") String cheServerEndpoint) {
+    this.machineTokenProvider = machineTokenProvider;
     this.cheServerEndpoint = cheServerEndpoint;
   }
 
@@ -78,36 +80,28 @@ public void provision(
         String machineName = podName + "/" + containerName;
         InternalMachineConfig machineConf = environment.getMachines().get(machineName);
 
-        doProvisionContainer(osEnv, container, identity, machineName, machineConf);
+        for (Installer installer : machineConf.getInstallers()) {
+          provisionEnv(container, installer.getProperties());
+        }
+
+        // CHE_API is used by installers for agent binary downloading
+        putEnv(container.getEnv(), "CHE_API", cheServerEndpoint);
+
+        putEnv(
+            container.getEnv(),
+            "USER_TOKEN",
+            machineTokenProvider.getToken(identity.getWorkspaceId()));
 
         // TODO incorrect place for env variable addition. workspace ID is needed for wsagent server, not installer
-        // WORKSPACE_ID is required only by workspace agent
+        // WORKSPACE_ID are required only by workspace agent
         if (devMachineName.equals(machineName)) {
           putEnv(container.getEnv(), "CHE_WORKSPACE_ID", identity.getWorkspaceId());
         }
       }
     }
   }
 
-  protected void doProvisionContainer(
-      OpenShiftEnvironment osEnv,
-      Container container,
-      RuntimeIdentity identity,
-      String machineName,
-      InternalMachineConfig machineConf) {
-    Map<String, ServerConfig> name2Server = new HashMap<>();
-    for (Installer installer : machineConf.getInstallers()) {
-      provisionEnv(container, installer.getProperties());
-      name2Server.putAll(installer.getServers());
-    }
-    ServerExposer serverExposer = new ServerExposer(machineName, container, osEnv);
-    serverExposer.expose("agents", name2Server);
-
-    // CHE_API is used by installers for agent binary downloading
-    putEnv(container.getEnv(), "CHE_API", cheServerEndpoint);
-  }
-
-  protected void putEnv(List<EnvVar> envs, String key, String value) {
+  private void putEnv(List<EnvVar> envs, String key, String value) {
     envs.removeIf(env -> key.equals(env.getName()));
     envs.add(new EnvVar(key, value, null));
   }