Init operations for workspaces with Git Init as initial implemetation #69 #182
Conversation
jfaltermeier
force-pushed
the
jf/git-init
branch
2 times, most recently
from
c0fe595
to
daaeb3f
Compare
| + ", error=" + error + ", workspace=" + workspace + ", lastActivity=" + lastActivity + "]"; | ||
| + ", error=" + error + ", workspace=" + workspace + ", lastActivity=" + lastActivity | ||
| + ", sessionSecret=" + sessionSecret + ", envVars=" + envVars + ", envVarsFromConfigMaps=" | ||
| + envVarsFromConfigMaps + ", envVarsFromSecrets=" + envVarsFromSecrets + ", initOperations=" |
There was a problem hiding this comment.
Should we omit envVarsFromSecrets here to avoid leaking secrets in logs, etc.?
There was a problem hiding this comment.
Those are just the names of the secrets under which they are stored in k8s and not their actual values
| } | ||
|
|
||
| public static boolean isEphemeral(String workspace) { | ||
| return workspace == null || workspace.isBlank(); | ||
| } | ||
|
|
||
| public static class InitOperation { | ||
|
|
||
| @JsonProperty("id") |
There was a problem hiding this comment.
Should this be required?
There was a problem hiding this comment.
...heia.cloud.common/src/main/java/org/eclipse/theia/cloud/common/k8s/resource/SessionSpec.java
Outdated
Show resolved
Hide resolved
...tor/src/main/java/org/eclipse/theia/cloud/operator/handler/impl/GitInitOperationHandler.java
Outdated
Show resolved
Hide resolved
| if (isHTTP(repository)) { | ||
| if (!injectHTTPRepoCredentials(correlationId, secret, secretName, repository, gitInitContainer)) { | ||
| return; | ||
| } | ||
| } else { | ||
| if (!injectSSHRepoCredentials(correlationId, secret, secretName, repository, gitInitContainer, volumes)) { | ||
| return; | ||
| } | ||
| } |
There was a problem hiding this comment.
What is the purpose of the returns? There is nothing after this. If this is some kind of error, should something be logged?
There was a problem hiding this comment.
All the logging is done in the inject methods itself.
The returns are executed when there was a problem.
Reason is that if we add more init code at the end at some point (e.g. injecting the SSH Key in the IDE) or if an adopter overrides the handler and calls super, we only run this new code if there were no issues.
I've added more comments, because it looks weird indeed.
| String repositoryWithoutProtocol = split[1]; | ||
| if (repositoryWithoutProtocol.contains("@")) { | ||
| if (repositoryWithoutProtocol.split(Pattern.quote("@"))[0].contains(":")) { | ||
| /* username and password part of URL */ |
There was a problem hiding this comment.
Is this if empty on purpose?
There was a problem hiding this comment.
Yes, injectUsername and injectPassword are false by default and we won't inject either if both username and password are part of the repo url.
I've adopted the comment
| LOGGER.info(LogMessageUtil.formatLogMessage(correlationId, | ||
| MessageFormat.format("Inject username: {0}; Inject password: {1}", injectUsername, injectPassword))); |
There was a problem hiding this comment.
Should we log credentials? This might expose secrets in the log.
There was a problem hiding this comment.
This just a boolean whether they will be injected or not
....eclipse.theia.cloud.service/src/main/java/org/eclipse/theia/cloud/service/BaseResource.java
Outdated
Show resolved
Hide resolved
* create init container that can be used to checkout git repositories with https and ssh
* add ability to checkout branches/commits/tags
* add list of InitOperations to Session * introduce binding of multiple InitOperationHandler * implement GitInitOperationHandler * add init container with required environment variables for HTTP(S) Git checkout * checks that the secret is allowed to be used by this user and by this InitOperationHandler
* implement injecting ssh key and password to init container * adjust git init script to work with any user id
* make auth info optional (for public repos) * regenerate open api schema * regenerate typescript API
jfaltermeier
force-pushed
the
jf/git-init
branch
from
daaeb3f
to
f06f15f
Compare
* Extend public API * add verification job for new docker image * do not update all references to @eclipse-theiacloud/common: 0.8.1-alpha.2 yet, since this is not released yet
jfaltermeier
force-pushed
the
jf/git-init
branch
4 times, most recently
from
cc41923
to
01db0af
Compare
jfaltermeier
force-pushed
the
jf/git-init
branch
from
01db0af
to
2ca1612
Compare
|
This PR is stale because it has been open 180 days with no activity. |
|
keep open |
|
Any word on this? This would be amazing for some work we are looking to use Theia Cloud for. |
Thank you for your interest in this feature! Currently, our main priority is transferring the codebase to the Eclipse Foundation. Once this process is complete, we plan to revisit and continue development on earlier work, including this ticket. |
CRD, RBAC changes: https://github.com/eclipsesource/theia-cloud-helm/pull/26/files
theiacloud/theia-cloud-git-init) that can be used to clone a git repository and checkout a specific pointerpython/git-init/README.md(you may have to create/find approriate Git repositories to test though. Note: https://gitlab.eclipse.org allows to create private forks of existing projects in your user namespace!)initOperationsarray of a session. The container is created inGitInitOperationHandlerpython/git-init/README.mdInitOperationHandlernew init operation handlers may be added to the OperatorOpen issues / Known limitations are:
For the credential handling I am not sure if this should be a first level Theia Cloud Feature. We could offer some library/util that helps with creating the secrets/adding the annotations, but I think this should be used from client code, e.g. from a dashboard implementation.