From 1ac3a98416e5480377dc80e7f75a5de5604d5c50 Mon Sep 17 00:00:00 2001 From: Igor Vinokur Date: Mon, 28 Oct 2024 14:52:39 +0200 Subject: [PATCH] feat: Allow to configure 2 gitlab providers simultaneously (#1923) --- pkg/common/constants/constants.go | 1 + pkg/deploy/server/server_configmap.go | 2 +- pkg/deploy/server/server_deployment.go | 30 +++- pkg/deploy/server/server_deployment_test.go | 154 +++++++++++--------- 4 files changed, 109 insertions(+), 78 deletions(-) diff --git a/pkg/common/constants/constants.go b/pkg/common/constants/constants.go index 29ade1887..b26bf29d0 100644 --- a/pkg/common/constants/constants.go +++ b/pkg/common/constants/constants.go @@ -66,6 +66,7 @@ const ( AzureDevOpsOAuthConfigMountPath = "/che-conf/oauth/azure-devops" AzureDevOpsOAuthConfigClientIdFileName = "id" AzureDevOpsOAuthConfigClientSecretFileName = "secret" + GitlabOAuth = "gitlab" GitLabOAuthConfigMountPath = "/che-conf/oauth/gitlab" GitLabOAuthConfigClientIdFileName = "id" GitLabOAuthConfigClientSecretFileName = "secret" diff --git a/pkg/deploy/server/server_configmap.go b/pkg/deploy/server/server_configmap.go index 2e53c6c3f..710121e84 100644 --- a/pkg/deploy/server/server_configmap.go +++ b/pkg/deploy/server/server_configmap.go @@ -242,7 +242,7 @@ func (s *CheServerReconciler) getCheConfigMapData(ctx *chetypes.DeployContext) ( s.updateUserClusterRoles(ctx, cheEnv) - for _, oauthProvider := range []string{"bitbucket", "gitlab", constants.AzureDevOpsOAuth} { + for _, oauthProvider := range []string{"bitbucket", constants.AzureDevOpsOAuth} { err := s.updateIntegrationServerEndpoints(ctx, cheEnv, oauthProvider) if err != nil { return nil, err diff --git a/pkg/deploy/server/server_deployment.go b/pkg/deploy/server/server_deployment.go index 1e71dac0f..d02f5fdaa 100644 --- a/pkg/deploy/server/server_deployment.go +++ b/pkg/deploy/server/server_deployment.go @@ -318,18 +318,32 @@ func MountAzureDevOpsOAuthConfig(ctx *chetypes.DeployContext, deployment *appsv1 } func MountGitLabOAuthConfig(ctx *chetypes.DeployContext, deployment *appsv1.Deployment) error { - secret, err := getOAuthConfig(ctx, "gitlab") - if secret == nil { + secrets, err := deploy.GetSecrets(ctx, map[string]string{ + constants.KubernetesPartOfLabelKey: constants.CheEclipseOrg, + constants.KubernetesComponentLabelKey: constants.OAuthScmConfiguration, + }, map[string]string{ + constants.CheEclipseOrgOAuthScmServer: constants.GitlabOAuth, + }) + if err != nil { return err } - mountVolumes(deployment, secret, constants.GitLabOAuthConfigMountPath) - mountEnv(deployment, "CHE_OAUTH2_GITLAB_CLIENTID__FILEPATH", constants.GitLabOAuthConfigMountPath+"/"+constants.GitLabOAuthConfigClientIdFileName) - mountEnv(deployment, "CHE_OAUTH2_GITLAB_CLIENTSECRET__FILEPATH", constants.GitLabOAuthConfigMountPath+"/"+constants.GitLabOAuthConfigClientSecretFileName) + sort.Slice(secrets, func(i, j int) bool { + return strings.Compare(secrets[i].Annotations[constants.CheEclipseOrgScmServerEndpoint], secrets[j].Annotations[constants.CheEclipseOrgScmServerEndpoint]) < 0 + }) + + for i := 0; i < len(secrets); i++ { + secret := secrets[i] + suffix := map[bool]string{false: "__" + strconv.Itoa(i+1), true: ""}[i == 0] - oauthEndpoint := secret.Annotations[constants.CheEclipseOrgScmServerEndpoint] - if oauthEndpoint != "" { - mountEnv(deployment, "CHE_INTEGRATION_GITLAB_OAUTH__ENDPOINT", oauthEndpoint) + mountVolumes(deployment, &secret, constants.GitLabOAuthConfigMountPath+suffix) + mountEnv(deployment, "CHE_OAUTH2_GITLAB_CLIENTID__FILEPATH"+suffix, constants.GitLabOAuthConfigMountPath+suffix+"/"+constants.GitLabOAuthConfigClientIdFileName) + mountEnv(deployment, "CHE_OAUTH2_GITLAB_CLIENTSECRET__FILEPATH"+suffix, constants.GitLabOAuthConfigMountPath+suffix+"/"+constants.GitLabOAuthConfigClientSecretFileName) + + oauthEndpoint := secret.Annotations[constants.CheEclipseOrgScmServerEndpoint] + if oauthEndpoint != "" { + mountEnv(deployment, "CHE_INTEGRATION_GITLAB_OAUTH__ENDPOINT"+suffix, oauthEndpoint) + } } return nil } diff --git a/pkg/deploy/server/server_deployment_test.go b/pkg/deploy/server/server_deployment_test.go index 715a681d0..06738af5a 100644 --- a/pkg/deploy/server/server_deployment_test.go +++ b/pkg/deploy/server/server_deployment_test.go @@ -476,87 +476,103 @@ func TestMountAzureDevOpsOAuthEnvVar(t *testing.T) { } func TestMountGitLabOAuthEnvVar(t *testing.T) { - type testCase struct { - name string - initObjects []runtime.Object - expectedIdKeyPath string - expectedSecretKeyPath string - expectedOAuthEndpoint string - expectedVolume corev1.Volume - expectedVolumeMount corev1.VolumeMount + secret1 := &corev1.Secret{ + TypeMeta: metav1.TypeMeta{ + Kind: "Secret", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "gitlab-oauth-config", + Namespace: "eclipse-che", + Labels: map[string]string{ + "app.kubernetes.io/part-of": "che.eclipse.org", + "app.kubernetes.io/component": "oauth-scm-configuration", + }, + Annotations: map[string]string{ + "che.eclipse.org/oauth-scm-server": "gitlab", + "che.eclipse.org/scm-server-endpoint": "endpoint_1", + "che.eclipse.org/scm-gitlab-disable-subdomain-isolation": "true", + }, + }, + Data: map[string][]byte{ + "id": []byte("some_id_1"), + "secret": []byte("some_secret_1"), + }, } - testCases := []testCase{ - { - name: "Test", - initObjects: []runtime.Object{ - &corev1.Secret{ - TypeMeta: metav1.TypeMeta{ - Kind: "Secret", - APIVersion: "v1", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: "gitlab-oauth-config", - Namespace: "eclipse-che", - Labels: map[string]string{ - "app.kubernetes.io/part-of": "che.eclipse.org", - "app.kubernetes.io/component": "oauth-scm-configuration", - }, - Annotations: map[string]string{ - "che.eclipse.org/oauth-scm-server": "gitlab", - "che.eclipse.org/scm-server-endpoint": "endpoint_1", - }, - }, - Data: map[string][]byte{ - "id": []byte("some_id"), - "secret": []byte("some_secret"), - }, - }, - }, - expectedIdKeyPath: "/che-conf/oauth/gitlab/id", - expectedSecretKeyPath: "/che-conf/oauth/gitlab/secret", - expectedOAuthEndpoint: "endpoint_1", - expectedVolume: corev1.Volume{ - Name: "gitlab-oauth-config", - VolumeSource: corev1.VolumeSource{ - Secret: &corev1.SecretVolumeSource{ - SecretName: "gitlab-oauth-config", - }, - }, + secret2 := &corev1.Secret{ + TypeMeta: metav1.TypeMeta{ + Kind: "Secret", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "gitlab-oauth-config_2", + Namespace: "eclipse-che", + Labels: map[string]string{ + "app.kubernetes.io/part-of": "che.eclipse.org", + "app.kubernetes.io/component": "oauth-scm-configuration", }, - expectedVolumeMount: corev1.VolumeMount{ - Name: "gitlab-oauth-config", - MountPath: "/che-conf/oauth/gitlab", + Annotations: map[string]string{ + "che.eclipse.org/oauth-scm-server": "gitlab", + "che.eclipse.org/scm-server-endpoint": "endpoint_2", }, }, + Data: map[string][]byte{ + "id": []byte("some_id_2"), + "secret": []byte("some_secret_2"), + }, } - for _, testCase := range testCases { - t.Run(testCase.name, func(t *testing.T) { - ctx := test.GetDeployContext(nil, testCase.initObjects) + ctx := test.GetDeployContext(nil, []runtime.Object{secret1, secret2}) - server := NewCheServerReconciler() - deployment, err := server.getDeploymentSpec(ctx) - assert.Nil(t, err, "Unexpected error %v", err) + server := NewCheServerReconciler() + deployment, err := server.getDeploymentSpec(ctx) + assert.Nil(t, err, "Unexpected error %v", err) - container := &deployment.Spec.Template.Spec.Containers[0] + container := &deployment.Spec.Template.Spec.Containers[0] - value := utils.GetEnvByName("CHE_OAUTH2_GITLAB_CLIENTID__FILEPATH", container.Env) - assert.Equal(t, testCase.expectedIdKeyPath, value) + assert.Equal(t, "/che-conf/oauth/gitlab/id", utils.GetEnvByName("CHE_OAUTH2_GITLAB_CLIENTID__FILEPATH", container.Env)) + assert.Equal(t, "/che-conf/oauth/gitlab__2/id", utils.GetEnvByName("CHE_OAUTH2_GITLAB_CLIENTID__FILEPATH__2", container.Env)) - value = utils.GetEnvByName("CHE_OAUTH2_GITLAB_CLIENTSECRET__FILEPATH", container.Env) - assert.Equal(t, testCase.expectedSecretKeyPath, value) + assert.Equal(t, "/che-conf/oauth/gitlab/secret", utils.GetEnvByName("CHE_OAUTH2_GITLAB_CLIENTSECRET__FILEPATH", container.Env)) + assert.Equal(t, "/che-conf/oauth/gitlab__2/secret", utils.GetEnvByName("CHE_OAUTH2_GITLAB_CLIENTSECRET__FILEPATH__2", container.Env)) - value = utils.GetEnvByName("CHE_INTEGRATION_GITLAB_OAUTH__ENDPOINT", container.Env) - assert.Equal(t, testCase.expectedOAuthEndpoint, value) + assert.Equal(t, "endpoint_1", utils.GetEnvByName("CHE_INTEGRATION_GITLAB_OAUTH__ENDPOINT", container.Env)) + assert.Equal(t, "endpoint_2", utils.GetEnvByName("CHE_INTEGRATION_GITLAB_OAUTH__ENDPOINT__2", container.Env)) - volume := test.FindVolume(deployment.Spec.Template.Spec.Volumes, "gitlab-oauth-config") - assert.NotNil(t, volume) - assert.Equal(t, testCase.expectedVolume, volume) + assert.Equal(t, + corev1.Volume{ + Name: "gitlab-oauth-config", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: "gitlab-oauth-config", + }, + }, + }, + test.FindVolume(deployment.Spec.Template.Spec.Volumes, "gitlab-oauth-config")) - volumeMount := test.FindVolumeMount(container.VolumeMounts, "gitlab-oauth-config") - assert.NotNil(t, volumeMount) - assert.Equal(t, testCase.expectedVolumeMount, volumeMount) - }) - } + assert.Equal(t, + corev1.Volume{ + Name: "gitlab-oauth-config_2", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: "gitlab-oauth-config_2", + }, + }, + }, + test.FindVolume(deployment.Spec.Template.Spec.Volumes, "gitlab-oauth-config_2")) + + assert.Equal(t, + corev1.VolumeMount{ + Name: "gitlab-oauth-config", + MountPath: "/che-conf/oauth/gitlab", + }, + test.FindVolumeMount(container.VolumeMounts, "gitlab-oauth-config")) + + assert.Equal(t, + corev1.VolumeMount{ + Name: "gitlab-oauth-config_2", + MountPath: "/che-conf/oauth/gitlab__2", + }, + test.FindVolumeMount(container.VolumeMounts, "gitlab-oauth-config_2")) }