Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Importing several private projects in a single devfile fails #18494

Closed
4 of 22 tasks
rromannissen opened this issue Dec 1, 2020 · 13 comments · Fixed by eclipse-che/che-theia#959
Closed
4 of 22 tasks

Importing several private projects in a single devfile fails #18494

rromannissen opened this issue Dec 1, 2020 · 13 comments · Fixed by eclipse-che/che-theia#959
Assignees
Labels
area/factory/server Server side of factory implementation kind/bug Outline of a bug - must adhere to the bug report template. severity/P1 Has a major impact to usage or development of the system.
Milestone

Comments

@rromannissen
Copy link

rromannissen commented Dec 1, 2020

Describe the bug

I have tried importing a devfile with multiple projects stored in private GitHub repositories using the /f?url= API. The result is that Che fails to clone the repositories without even prompting for the credentials. Only the password request for the last repository is prompted (without previously asking for the user):

Screenshot from 2020-12-01 10-38-09

After entering the right password, that last clone fails as well and the projects list ends up empty:

Screenshot from 2020-12-01 10-49-22

The devfile used to reproduce this error is the following:

apiVersion: 1.0.0
metadata:
  name: order-management
projects:
- name: gateway
  source:
    type: git
    location: https://github.com/rromannissen/gateway-crw.git
    branch: master
- name: orders
  source:
    type: git
    location: https://github.com/rromannissen/orders-crw.git
    branch: master
- name: inventory
  source:
    type: git
    location: https://github.com/rromannissen/inventory-crw.git
    branch: master
- name: customers
  source:
    type: git
    location: https://github.com/rromannissen/customers-crw.git
    branch: master

Che version

  • latest
  • nightly
  • other: please specify

Che-Theia@5e48d39 using Theia@e2098321a in https://che.openshift.io and Che-Theia@4587314 using Theia@eb1136b11 in CodeReady Workspaces in OCP 4.6.4.

Steps to reproduce

The devfile used to reproduce this error is the following:

apiVersion: 1.0.0
metadata:
  name: order-management
projects:
- name: gateway
  source:
    type: git
    location: https://github.com/rromannissen/gateway-crw.git
    branch: master
- name: orders
  source:
    type: git
    location: https://github.com/rromannissen/orders-crw.git
    branch: master
- name: inventory
  source:
    type: git
    location: https://github.com/rromannissen/inventory-crw.git
    branch: master
- name: customers
  source:
    type: git
    location: https://github.com/rromannissen/customers-crw.git
    branch: master

Just import it using the /f?url= API.

Expected behavior

Che asks for the credentials of each repository and executes the clone correctly for all projects.

Runtime

  • kubernetes (include output of kubectl version)
  • Openshift (include output of oc version)
  • minikube (include output of minikube version and kubectl version)
  • minishift (include output of minishift version and oc version)
  • docker-desktop + K8S (include output of docker version and kubectl version)
  • other: (please specify)

Reproduced in https://che.openshift.io and CodeReady Workspaces 2.5.0 in OCP 4.6.4.

Installation method

  • chectl
    • provide a full command that was used to deploy Eclipse Che (including the output)
    • provide an output of chectl version command
  • OperatorHub
  • I don't know

OperatorHub for CodeReady Workspaces 2.5.0 in OCP 4.6.4.

Environment

  • my computer
    • Windows
    • Linux
    • macOS
  • Cloud
    • Amazon
    • Azure
    • GCE
    • other (please specify)
  • other: please specify

Reproduced in https://che.openshift.io and CodeReady Workspaces 2.5.0 in OCP 4.6.4.

@rromannissen rromannissen added the kind/bug Outline of a bug - must adhere to the bug report template. label Dec 1, 2020
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Dec 1, 2020
@skabashnyuk skabashnyuk added area/factory/server Server side of factory implementation area/factory/theia labels Dec 1, 2020
@skabashnyuk skabashnyuk added severity/P1 Has a major impact to usage or development of the system. and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Dec 1, 2020
@skabashnyuk
Copy link
Contributor

@l0rd @vinokurig @mshaposhnik
please correct me if I'm wrong. In an ideal world, Theia could look in git.config/.ssh folder depending on git configuration and could initial necessary processes or correctly inform the user about expected actions. Or we could move that to the factory resolution step before Thia. I'm not sure what Is best. WDYT

@rromannissen
Copy link
Author

Yes. Looks like UX is not ideal.
From a technical POV, you can mount GitHub personal access token as described here. https://www.eclipse.org/che/docs/che-7/end-user-guide/mounting-a-secret-as-a-file-or-an-environment-variable-into-a-workspace-container/#mounting-a-git-credential-store-into-a-workspace-container_mounting-a-secret-as-a-file-or-an-environment-variable-into-a-workspace-container

As you said, that solves the problem from a technical POV, but that wouldn't be an option for developers without knowledge about Kubernetes. We are evaluating Che/CRW as the standard development platform for customers with several hundreds of developers with various levels of knowledge/experience with Kubernetes. In large companies, development flows are usually abstracted from the platform for developers, and since Che would be aimed to replace local development environments, Kubernetes knowledge shouldn't be a requirement to use it.

Having this implemented in the UI would greatly ease adoption for that kind of companies, as private repositories are the usual scenario there.

@ericwill
Copy link
Contributor

ericwill commented Dec 1, 2020

This should have been fixed (at least for HTTPS) in #16401

We can investigate next sprint.

@skabashnyuk
Copy link
Contributor

@ericwill wdyt about #18494 (comment)? At which stage, we should validate the existence of ssh keys or git-config?

@l0rd
Copy link
Contributor

l0rd commented Dec 2, 2020

@l0rd @vinokurig @mshaposhnik
please correct me if I'm wrong. In an ideal world, Theia could look in git.config/.ssh folder depending on git configuration and could initial necessary processes or correctly inform the user about expected actions. Or we could move that to the factory resolution step before Thia. I'm not sure what Is best. WDYT

@skabashnyuk agreed. In Theia there should be a git authentication helper that looks at git config or ssh keys before the clone starts and makes things work if it find them. Prompt the user otherwise. But for GitHub that flow should already be possible if the admin adds GitHub as an identity provider in Keycloak. We have created an issue to make it straightforward.

@rromannissen a couple of considerations:

  1. if you are using GitHub you may want to enable GitHub authentication. That will enable the VS Code GitHub authentication flow. Be aware that we recently fixed a bug (will be included in CRW 2.5.1)

  2. in a scenario with hundreds of Che/CRW users, I would want to provision the namespace for each of those users (including RAM/CPU quotas and LimitRanges of that namespace) before the user starts creating workspaces. Such a process will hopefully be automated (using something like this for instance) and secrets containing an automatically generated ssh key pair could be included in that same flow. With that flow, CRW/Che users should only upload the automatically generated public SSH key (sent to them via an email for example) on GitHub.

@ericwill
Copy link
Contributor

ericwill commented Dec 2, 2020

So I was under the impression that factories are gone, right? Doesn't that mean that:

I have tried importing a devfile with multiple projects stored in private GitHub repositories using the /f?url= API.

is not supposed to work?

@l0rd
Copy link
Contributor

l0rd commented Dec 2, 2020

factories are gone, right

@ericwill factories are not gone, it's just that it's not possible to manage factories from the dashboard anymore. The factory menu item has been removed and the corresponding API.

@ericwill
Copy link
Contributor

ericwill commented Dec 2, 2020

Ah, okay. So I investigated and it seems that the factory API portion of the workspace plugin in che-theia (FactoryInitializer) was removed (because there is no factory API anymore), which explains why this is failing. Currently we are checking credentials for cloning git repos, but if it's done via factory this check doesn't happen.

I think this kind of answers your question @skabashnyuk.

I'll have someone from my team investigate further to see what our options are.

@ericwill ericwill mentioned this issue Dec 3, 2020
34 tasks
@sunix sunix self-assigned this Dec 28, 2020
@sunix
Copy link
Contributor

sunix commented Dec 28, 2020

I am having a look

@sunix
Copy link
Contributor

sunix commented Dec 28, 2020

The problem is that the two git clone commands are executed in parallel.
And what has been implemented is not supporting that eclipse-che/che-theia#727

I don't think it make sense to have the commands executed in sequence. Will probably ask the second one to wait for the result of the first one.

@sunix
Copy link
Contributor

sunix commented Jan 12, 2021

so finally implemented in eclipse-che/che-theia#959:

  • clone is still done in parallel but each prompt to the user is done in secquence.
  • Only ask for credentials once if cloning several repos from the same host.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/factory/server Server side of factory implementation kind/bug Outline of a bug - must adhere to the bug report template. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants