Skip to content

fix: Create project using server SA #997

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
tolusha wants to merge 2 commits into from
Closed

fix: Create project using server SA #997

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
280d51d
fix: Create project using server SA
tolusha Apr 8, 2026
a8df6ac
Remove Develocity configuration (#969)
ribafish Apr 7, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions .github/workflows/build-pr-check.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,8 +45,6 @@ jobs:
registry: quay.io
- name: Build with Maven
run: mvn -B clean install -U -Pintegration
env:
DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_API_TOKEN }}
- name: Build and push images
if: ${{ github.event_name == 'pull_request' && ! github.event.pull_request.head.repo.fork }}
run: ./build/build.sh --tag:${{ env.PR_IMAGE_TAG }} --build-platforms:linux/amd64,linux/ppc64le,linux/arm64,linux/s390x --builder:podman --push-image
Expand Down
2 changes: 0 additions & 2 deletions .github/workflows/next-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,6 @@ jobs:
registry: quay.io
- name: Build with Maven
run: mvn -B clean install -U -Pintegration
env:
DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_API_TOKEN }}
- name: Build and push images
id: build
run: |
Expand Down
3 changes: 0 additions & 3 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,8 +99,5 @@ tests/e2e/load-test-folder
*/.lock-wscript
*/cypress-tests/dist

# Develocity
.mvn/.develocity/develocity-workspace-id

# typescript-dto
/typescript-dto/.pnp.cjs
42 changes: 0 additions & 42 deletions .mvn/develocity.xml
View file
Open in desktop

This file was deleted.

26 changes: 0 additions & 26 deletions .mvn/extensions.xml
View file
Open in desktop

This file was deleted.

14 changes: 0 additions & 14 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,20 +39,6 @@ See the Eclipse Che Documentation about [how you can join our community](https:/

* [![release latest stable](https://github.com/eclipse-che/che-server/actions/workflows/release.yml/badge.svg)](https://github.com/eclipse-che/che-server/actions/workflows/release.yml)

### Develocity

[![Revved up by Develocity](https://img.shields.io/badge/Revved%20up%20by-Develocity-06A0CE?logo=Gradle&labelColor=02303A)](https://develocity-staging.eclipse.org/)

The `che-server` builds are revved up by [Develocity](https://develocity-staging.eclipse.org/scans), which enhances developer productivity through features such as Build Scan for build insights and collaborative troubleshooting, and remote Build Cache for build acceleration. Develocity also provides comprehensive reporting and visualization of build data.

To view the Build Scan produced by a build, click on the generated link at the end of the build. Build Scans are available locally and on GitHub Action CI (limited to users authenticated to publish local scans). You can access all scans published by the `che-server` builds on the [Eclipse Develocity dashboard](https://develocity-staging.eclipse.org) by [searching](https://develocity-staging.eclipse.org/scans?search.rootProjectNames=che%20server) for the `che server` project.

Here are additional useful links with the `che-server` builds data:
- [Build Scans](https://develocity-staging.eclipse.org/scans?search.rootProjectNames=che%20server)
- [Trends dashboard](https://develocity-staging.eclipse.org/scans/trends?search.rootProjectNames=che%20server)
- [Failures dashboard](https://develocity-staging.eclipse.org/scans/failures?search.rootProjectNames=che%20server)
- Failed and flaky [Tests dashboard](https://develocity-staging.eclipse.org/scans/tests?search.rootProjectNames=che%20server)

## SBOM

To enhance supply chain security and offer users clear insight into project components, Eclipse Che now generates a Software Bill of Materials (SBOM) for every release. These are published to the Eclipse Foundation SBOM registry, with access instructions and usage details available in this [documentation](https://eclipse-csi.github.io/security-handbook/sbom/registry.html).
11 changes: 0 additions & 11 deletions assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/multiuser.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,17 +64,6 @@ che.limits.user.workspaces.count=-1
# stop a running workspace to activate another.
che.limits.user.workspaces.run.count=1


### Multi-user-specific OpenShift infrastructure configuration

# Alias of the OpenShift identity provider registered in Keycloak
# that should be used to create workspace OpenShift resources in
# OpenShift namespaces owned by the current Che user.
# Set it to `NULL` if `che.infra.openshift.project`
# is set to a non-empty value.
# See: link:https://www.keycloak.org/docs/latest/server_admin/#openshift-4[OpenShift identity provider]
che.infra.openshift.oauth_identity_provider=NULL

### OIDC configuration

# Url to OIDC identity provider server.
Expand Down
10 changes: 2 additions & 8 deletions ...a/org/eclipse/che/workspace/infrastructure/openshift/project/OpenShiftProjectFactory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@
*/
package org.eclipse.che.workspace.infrastructure.openshift.project;

import static com.google.common.base.Strings.isNullOrEmpty;
import static java.lang.String.format;
import static java.util.Collections.emptyList;
import static java.util.Collections.emptyMap;
Expand Down Expand Up @@ -66,8 +65,6 @@ public class OpenShiftProjectFactory extends KubernetesNamespaceFactory {

private final CheServerKubernetesClientFactory cheServerKubernetesClientFactory;

private final String oAuthIdentityProvider;

@Inject
public OpenShiftProjectFactory(
@Nullable @Named("che.infra.kubernetes.namespace.default") String defaultNamespaceName,
Expand All @@ -84,9 +81,7 @@ public OpenShiftProjectFactory(
PreferenceManager preferenceManager,
KubernetesSharedPool sharedPool,
AuthorizationChecker authorizationChecker,
PermissionsCleaner permissionsCleaner,
@Nullable @Named("che.infra.openshift.oauth_identity_provider")
String oAuthIdentityProvider) {
PermissionsCleaner permissionsCleaner) {
super(
defaultNamespaceName,
namespaceCreationAllowed,
Expand All @@ -104,7 +99,6 @@ public OpenShiftProjectFactory(
this.cheServerKubernetesClientFactory = cheServerKubernetesClientFactory;
this.cheServerOpenshiftClientFactory = cheServerOpenshiftClientFactory;
this.openShiftClientFactory = openShiftClientFactory;
this.oAuthIdentityProvider = oAuthIdentityProvider;
}

public OpenShiftProject getOrCreate(RuntimeIdentity identity) throws InfrastructureException {
Expand All @@ -121,7 +115,7 @@ public OpenShiftProject getOrCreate(RuntimeIdentity identity) throws Infrastruct

osProject.prepare(
canCreateNamespace(),
initWithCheServerSa && !isNullOrEmpty(oAuthIdentityProvider),
initWithCheServerSa,
labelNamespaces ? namespaceLabels : emptyMap(),
annotateNamespaces ? namespaceAnnotationsEvaluated : emptyMap());

Expand Down
60 changes: 20 additions & 40 deletions ...g/eclipse/che/workspace/infrastructure/openshift/project/OpenShiftProjectFactoryTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,8 +103,6 @@ public class OpenShiftProjectFactoryTest {

private static final String USER_ID = "2342-2559-234";
private static final String USER_NAME = "johndoe";
private static final String NO_OAUTH_IDENTITY_PROVIDER = null;
private static final String OAUTH_IDENTITY_PROVIDER = "openshift-v4";
private static final String NAMESPACE_LABEL_NAME = "component";
private static final String NAMESPACE_LABELS = NAMESPACE_LABEL_NAME + "=workspace";
private static final String NAMESPACE_ANNOTATION_NAME = "owner";
Expand Down Expand Up @@ -184,8 +182,7 @@ public void shouldNotThrowExceptionIfDefaultNamespaceIsSpecifiedOnCheckingIfName
preferenceManager,
pool,
authorizationChecker,
permissionsCleaner,
NO_OAUTH_IDENTITY_PROVIDER);
permissionsCleaner);

projectFactory.checkIfNamespaceIsAllowed(USER_NAME + "-che");
}
Expand Down Expand Up @@ -216,8 +213,7 @@ public void shouldNotThrowExceptionIfDefaultNamespaceIsSpecifiedOnCheckingIfName
preferenceManager,
pool,
authorizationChecker,
permissionsCleaner,
NO_OAUTH_IDENTITY_PROVIDER);
permissionsCleaner);
try {
projectFactory.checkIfNamespaceIsAllowed("any-namespace");
} catch (ValidationException e) {
Expand Down Expand Up @@ -248,8 +244,7 @@ public void shouldNotThrowExceptionIfDefaultNamespaceIsSpecifiedOnCheckingIfName
preferenceManager,
pool,
authorizationChecker,
permissionsCleaner,
NO_OAUTH_IDENTITY_PROVIDER);
permissionsCleaner);
}

@Test
Expand Down Expand Up @@ -285,8 +280,7 @@ public void shouldReturnPreparedNamespacesWhenFound() throws InfrastructureExcep
preferenceManager,
pool,
authorizationChecker,
permissionsCleaner,
NO_OAUTH_IDENTITY_PROVIDER);
permissionsCleaner);
EnvironmentContext.getCurrent()
.setSubject(new SubjectImpl("jondoe", Collections.emptyList(), "123", null, false));

Expand Down Expand Up @@ -324,8 +318,7 @@ public void shouldNotThrowAnExceptionWhenNotAllowedToListNamespaces() throws Exc
preferenceManager,
pool,
authorizationChecker,
permissionsCleaner,
NO_OAUTH_IDENTITY_PROVIDER);
permissionsCleaner);
EnvironmentContext.getCurrent()
.setSubject(new SubjectImpl("jondoe", Collections.emptyList(), "u123", null, false));

Expand Down Expand Up @@ -359,8 +352,7 @@ public void throwAnExceptionWhenErrorListingNamespaces() throws Exception {
preferenceManager,
pool,
authorizationChecker,
permissionsCleaner,
NO_OAUTH_IDENTITY_PROVIDER);
permissionsCleaner);

// when
projectFactory.list();
Expand Down Expand Up @@ -403,8 +395,7 @@ public void shouldReturnDefaultProjectWhenItExistsAndUserDefinedIsNotAllowed() t
preferenceManager,
pool,
authorizationChecker,
permissionsCleaner,
NO_OAUTH_IDENTITY_PROVIDER);
permissionsCleaner);

List<KubernetesNamespaceMeta> availableNamespaces = projectFactory.list();
assertEquals(availableNamespaces.size(), 1);
Expand Down Expand Up @@ -441,8 +432,7 @@ public void shouldReturnDefaultProjectWhenItDoesNotExistAndUserDefinedIsNotAllow
preferenceManager,
pool,
authorizationChecker,
permissionsCleaner,
NO_OAUTH_IDENTITY_PROVIDER);
permissionsCleaner);

List<KubernetesNamespaceMeta> availableNamespaces = projectFactory.list();
assertEquals(availableNamespaces.size(), 1);
Expand Down Expand Up @@ -479,8 +469,7 @@ public void shouldThrowExceptionWhenFailedToGetInfoAboutDefaultNamespace() throw
preferenceManager,
pool,
authorizationChecker,
permissionsCleaner,
NO_OAUTH_IDENTITY_PROVIDER);
permissionsCleaner);

projectFactory.list();
}
Expand All @@ -507,8 +496,7 @@ public void shouldThrowExceptionWhenFailedToGetNamespaces() throws Exception {
preferenceManager,
pool,
authorizationChecker,
permissionsCleaner,
NO_OAUTH_IDENTITY_PROVIDER);
permissionsCleaner);

projectFactory.list();
}
Expand Down Expand Up @@ -540,8 +528,7 @@ public void shouldRequireNamespacePriorExistenceIfDifferentFromDefaultAndUserDef
preferenceManager,
pool,
authorizationChecker,
permissionsCleaner,
NO_OAUTH_IDENTITY_PROVIDER));
permissionsCleaner));
OpenShiftProject toReturnProject = mock(OpenShiftProject.class);
prepareProject(toReturnProject);
doReturn(toReturnProject).when(projectFactory).doCreateProjectAccess(any(), any());
Expand All @@ -553,7 +540,7 @@ public void shouldRequireNamespacePriorExistenceIfDifferentFromDefaultAndUserDef

// then
assertEquals(toReturnProject, project);
verify(toReturnProject).prepare(eq(true), eq(false), any(), any());
verify(toReturnProject).prepare(eq(true), eq(true), any(), any());
}

@Test
Expand All @@ -576,8 +563,7 @@ public void shouldCreatePreferencesConfigmapIfNotExists() throws Exception {
preferenceManager,
pool,
authorizationChecker,
permissionsCleaner,
NO_OAUTH_IDENTITY_PROVIDER));
permissionsCleaner));
OpenShiftProject toReturnProject = mock(OpenShiftProject.class);
doReturn(toReturnProject).when(projectFactory).doCreateProjectAccess(any(), any());
when(toReturnProject.getName()).thenReturn("namespace123");
Expand Down Expand Up @@ -620,8 +606,7 @@ public void shouldNotCreatePreferencesConfigmapIfExist() throws Exception {
preferenceManager,
pool,
authorizationChecker,
permissionsCleaner,
NO_OAUTH_IDENTITY_PROVIDER));
permissionsCleaner));
OpenShiftProject toReturnProject = mock(OpenShiftProject.class);
prepareProject(toReturnProject);
doReturn(toReturnProject).when(projectFactory).doCreateProjectAccess(any(), any());
Expand Down Expand Up @@ -666,8 +651,7 @@ public void shouldCallStopWorkspaceRoleProvisionWhenIdentityProviderIsDefined()
preferenceManager,
pool,
authorizationChecker,
permissionsCleaner,
OAUTH_IDENTITY_PROVIDER));
permissionsCleaner));
OpenShiftProject toReturnProject = mock(OpenShiftProject.class);
when(toReturnProject.getName()).thenReturn("workspace123");
prepareProject(toReturnProject);
Expand Down Expand Up @@ -718,8 +702,7 @@ public void testEvalNamespaceNameWhenPreparedNamespacesFound() throws Infrastruc
preferenceManager,
pool,
authorizationChecker,
permissionsCleaner,
NO_OAUTH_IDENTITY_PROVIDER);
permissionsCleaner);

String namespace =
projectFactory.evaluateNamespaceName(
Expand Down Expand Up @@ -752,8 +735,7 @@ public void testUsernamePlaceholderInLabelsIsNotEvaluated() throws Infrastructur
preferenceManager,
pool,
authorizationChecker,
permissionsCleaner,
NO_OAUTH_IDENTITY_PROVIDER);
permissionsCleaner);
EnvironmentContext.getCurrent()
.setSubject(new SubjectImpl("jondoe", Collections.emptyList(), "123", null, false));
projectFactory.list();
Expand Down Expand Up @@ -781,8 +763,7 @@ public void testUsernamePlaceholderInAnnotationsIsEvaluated() throws Infrastruct
preferenceManager,
pool,
authorizationChecker,
permissionsCleaner,
NO_OAUTH_IDENTITY_PROVIDER));
permissionsCleaner));
EnvironmentContext.getCurrent()
.setSubject(new SubjectImpl("jondoe", Collections.emptyList(), "123", null, false));
OpenShiftProject toReturnProject = mock(OpenShiftProject.class);
Expand All @@ -796,7 +777,7 @@ public void testUsernamePlaceholderInAnnotationsIsEvaluated() throws Infrastruct
// then
assertEquals(toReturnProject, project);
verify(toReturnProject)
.prepare(eq(true), eq(false), any(), eq(Map.of("try_placeholder_here", "jondoe")));
.prepare(eq(true), eq(true), any(), eq(Map.of("try_placeholder_here", "jondoe")));
}

@Test
Expand Down Expand Up @@ -824,8 +805,7 @@ public void testAllConfiguratorsAreCalledWhenCreatingProject() throws Infrastruc
preferenceManager,
pool,
authorizationChecker,
permissionsCleaner,
NO_OAUTH_IDENTITY_PROVIDER));
permissionsCleaner));
EnvironmentContext.getCurrent()
.setSubject(new SubjectImpl("jondoe", Collections.emptyList(), "123", null, false));

Expand Down
Loading
Loading