-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Init operations for workspaces with Git Init as initial implemetation #69 #182
base: main
Are you sure you want to change the base?
Conversation
c0fe595
to
daaeb3f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Initial code review. I will test this later.
Code structure and code looks mostly good to me already :) . I added some inline comments.
+ ", error=" + error + ", workspace=" + workspace + ", lastActivity=" + lastActivity + "]"; | ||
+ ", error=" + error + ", workspace=" + workspace + ", lastActivity=" + lastActivity | ||
+ ", sessionSecret=" + sessionSecret + ", envVars=" + envVars + ", envVarsFromConfigMaps=" | ||
+ envVarsFromConfigMaps + ", envVarsFromSecrets=" + envVarsFromSecrets + ", initOperations=" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we omit envVarsFromSecrets
here to avoid leaking secrets in logs, etc.?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Those are just the names of the secrets under which they are stored in k8s and not their actual values
} | ||
|
||
public static boolean isEphemeral(String workspace) { | ||
return workspace == null || workspace.isBlank(); | ||
} | ||
|
||
public static class InitOperation { | ||
|
||
@JsonProperty("id") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this be required?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
...heia.cloud.common/src/main/java/org/eclipse/theia/cloud/common/k8s/resource/SessionSpec.java
Outdated
Show resolved
Hide resolved
...tor/src/main/java/org/eclipse/theia/cloud/operator/handler/impl/GitInitOperationHandler.java
Outdated
Show resolved
Hide resolved
if (isHTTP(repository)) { | ||
if (!injectHTTPRepoCredentials(correlationId, secret, secretName, repository, gitInitContainer)) { | ||
return; | ||
} | ||
} else { | ||
if (!injectSSHRepoCredentials(correlationId, secret, secretName, repository, gitInitContainer, volumes)) { | ||
return; | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is the purpose of the return
s? There is nothing after this. If this is some kind of error, should something be logged?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All the logging is done in the inject methods itself.
The returns are executed when there was a problem.
Reason is that if we add more init code at the end at some point (e.g. injecting the SSH Key in the IDE) or if an adopter overrides the handler and calls super
, we only run this new code if there were no issues.
I've added more comments, because it looks weird indeed.
String repositoryWithoutProtocol = split[1]; | ||
if (repositoryWithoutProtocol.contains("@")) { | ||
if (repositoryWithoutProtocol.split(Pattern.quote("@"))[0].contains(":")) { | ||
/* username and password part of URL */ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this if empty on purpose?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, injectUsername
and injectPassword
are false by default and we won't inject either if both username and password are part of the repo url.
I've adopted the comment
LOGGER.info(LogMessageUtil.formatLogMessage(correlationId, | ||
MessageFormat.format("Inject username: {0}; Inject password: {1}", injectUsername, injectPassword))); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we log credentials? This might expose secrets in the log.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This just a boolean whether they will be injected or not
....eclipse.theia.cloud.service/src/main/java/org/eclipse/theia/cloud/service/BaseResource.java
Outdated
Show resolved
Hide resolved
* create init container that can be used to checkout git repositories with https and ssh
* add ability to checkout branches/commits/tags
* add list of InitOperations to Session * introduce binding of multiple InitOperationHandler * implement GitInitOperationHandler * add init container with required environment variables for HTTP(S) Git checkout * checks that the secret is allowed to be used by this user and by this InitOperationHandler
* implement injecting ssh key and password to init container * adjust git init script to work with any user id
* make auth info optional (for public repos) * regenerate open api schema * regenerate typescript API
daaeb3f
to
f06f15f
Compare
* Extend public API * add verification job for new docker image * do not update all references to @eclipse-theiacloud/common: 0.8.1-alpha.2 yet, since this is not released yet
cc41923
to
01db0af
Compare
01db0af
to
2ca1612
Compare
This PR is stale because it has been open 180 days with no activity. |
keep open |
Any word on this? This would be amazing for some work we are looking to use Theia Cloud for. |
Thank you for your interest in this feature! Currently, our main priority is transferring the codebase to the Eclipse Foundation. Once this process is complete, we plan to revisit and continue development on earlier work, including this ticket. |
CRD, RBAC changes: https://github.com/eclipsesource/theia-cloud-helm/pull/26/files
theiacloud/theia-cloud-git-init
) that can be used to clone a git repository and checkout a specific pointerpython/git-init/README.md
(you may have to create/find approriate Git repositories to test though. Note: https://gitlab.eclipse.org allows to create private forks of existing projects in your user namespace!)initOperations
array of a session. The container is created inGitInitOperationHandler
python/git-init/README.md
InitOperationHandler
new init operation handlers may be added to the OperatorOpen issues / Known limitations are:
For the credential handling I am not sure if this should be a first level Theia Cloud Feature. We could offer some library/util that helps with creating the secrets/adding the annotations, but I think this should be used from client code, e.g. from a dashboard implementation.