From 9db79572f099e98da90d6969fd907caac66096bb Mon Sep 17 00:00:00 2001
From: Michal Vala <mvala@redhat.com>
Date: Tue, 30 Nov 2021 13:17:38 +0100
Subject: [PATCH] fix: fix dex configuration, set identity provider in
 checluster (#1864)

* fix: fix dex configuration, set identity provider in checluster

Signed-off-by: Michal Vala <mvala@redhat.com>

* don't show warning message when native user mode enabled

Signed-off-by: Michal Vala <mvala@redhat.com>
---
 resources/dex/configmap.yaml          | 2 +-
 src/commands/server/deploy.ts         | 2 +-
 src/tasks/component-installers/dex.ts | 5 ++++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/resources/dex/configmap.yaml b/resources/dex/configmap.yaml
index bc922c7fa..aa10f5dc5 100644
--- a/resources/dex/configmap.yaml
+++ b/resources/dex/configmap.yaml
@@ -21,7 +21,7 @@ data:
     staticClients:
     - id: {{CLIENT_ID}}
       redirectURIs:
-      - 'https://che-{{NAMESPACE}}.{{DOMAIN}}/oauth/callback'
+      - 'https://{{DOMAIN}}/oauth/callback'
       name: 'Eclipse Che'
       secret: {{CLIENT_SECRET}}
     enablePasswordDB: true
diff --git a/src/commands/server/deploy.ts b/src/commands/server/deploy.ts
index 0600dec73..310125e76 100644
--- a/src/commands/server/deploy.ts
+++ b/src/commands/server/deploy.ts
@@ -339,7 +339,7 @@ export default class Deploy extends Command {
     await this.setPlaformDefaults(flags, ctx)
     await this.config.runHook(DEFAULT_ANALYTIC_HOOK_NAME, { command: Deploy.id, flags })
 
-    if (!flags.batch && isKubernetesPlatformFamily(flags.platform) && (isDevWorkspaceEnabled(ctx) || flags['workspace-engine'] === 'dev-workspace')) {
+    if (!flags.batch && isKubernetesPlatformFamily(flags.platform) && (isDevWorkspaceEnabled(ctx) || flags['workspace-engine'] === 'dev-workspace') && !isNativeUserModeEnabled(ctx)) {
       if (!await cli.confirm('DevWorkspace is experimental feature. It requires direct access to the underlying infrastructure REST API.\nThis results in huge privilege escalation. Do you want to proceed? [y/n]')) {
         cli.exit(0)
       }
diff --git a/src/tasks/component-installers/dex.ts b/src/tasks/component-installers/dex.ts
index 4793f0296..eff81c4f8 100644
--- a/src/tasks/component-installers/dex.ts
+++ b/src/tasks/component-installers/dex.ts
@@ -207,6 +207,10 @@ export class DexTasks {
                   await this.kube.createServiceFromFile(yamlFilePath, DexTasks.NAMESPACE_NAME)
                   task.title = `${task.title}...[OK]`
                 }
+
+                // set service in a CR
+                ctx[ChectlContext.CR_PATCH] = ctx[ChectlContext.CR_PATCH] || {}
+                merge(ctx[ChectlContext.CR_PATCH], { spec: { auth: { identityProviderURL: 'http://dex.dex:5556' } } })
               },
             },
             {
@@ -271,7 +275,6 @@ export class DexTasks {
                   const yamlFilePath = this.getDexResourceFilePath('configmap.yaml')
                   let yamlContent = fs.readFileSync(yamlFilePath).toString()
                   yamlContent = yamlContent.replace(new RegExp(TemplatePlaceholders.DOMAIN, 'g'), this.flags.domain)
-                  yamlContent = yamlContent.replace(new RegExp(TemplatePlaceholders.CHE_NAMESPACE, 'g'), this.flags.chenamespace)
                   yamlContent = yamlContent.replace(new RegExp(TemplatePlaceholders.CLIENT_ID, 'g'), DexTasks.CLIENT_ID)
                   // generate client secret
                   const clientSecret = crypto.randomBytes(32).toString('base64')