Check for Kubernetes secret name in oAuthSecret, fallback to plain te…

…xt (#1836)

* Check for Kubernetes secret name in oAuthSecret, fallback to plain text

* Removed logging, added test cases

* Update documentation

* cleaning up formatting

* update-dev-resources

api/v2/checluster_types.go

@@ -500,6 +500,9 @@ type Auth struct {
 	// +optional
 	OAuthClientName string `json:"oAuthClientName,omitempty"`
 	// Name of the secret set in the OpenShift `OAuthClient` resource used to set up identity federation on the OpenShift side.
+	// For Kubernetes, this can either be the plain text oAuthSecret value, or the name of a kubernetes secret which contains a
+	// key `oAuthSecret` and the value is the secret. NOTE: this secret must exist in the same namespace as the `CheCluster`
+	// resource and contain the label `app.kubernetes.io/part-of=che.eclipse.org`.
 	// +optional
 	OAuthSecret string `json:"oAuthSecret,omitempty"`
 	// Access Token Scope.

config/crd/bases/org.eclipse.che_checlusters.yaml

@@ -1,15 +1,3 @@
-#
-# Copyright (c) 2019-2023 Red Hat, Inc.
-# This program and the accompanying materials are made
-# available under the terms of the Eclipse Public License 2.0
-# which is available at https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-# Contributors:
-#   Red Hat, Inc. - initial API and implementation
-#
-
 
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -8075,9 +8063,13 @@ spec:
                           OpenShift.
                         type: string
                       oAuthSecret:
-                        description: Name of the secret set in the OpenShift `OAuthClient`
+                        description: 'Name of the secret set in the OpenShift `OAuthClient`
                           resource used to set up identity federation on the OpenShift
-                          side.
+                          side. For Kubernetes, this can either be the plain text
+                          oAuthSecret value, or the name of a kubernetes secret which
+                          contains a key `oAuthSecret` and the value is the secret.
+                          NOTE: this secret must exist in the same namespace as the
+                          `CheCluster` resource and contain the label `app.kubernetes.io/part-of=che.eclipse.org`.'
                         type: string
                     type: object
                   domain:

deploy/deployment/kubernetes/combined.yaml

@@ -1,15 +1,3 @@
-#
-# Copyright (c) 2019-2023 Red Hat, Inc.
-# This program and the accompanying materials are made
-# available under the terms of the Eclipse Public License 2.0
-# which is available at https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-# Contributors:
-#   Red Hat, Inc. - initial API and implementation
-#
-
 apiVersion: v1
 kind: Namespace
 metadata:
@@ -8094,9 +8082,13 @@ spec:
                           OpenShift.
                         type: string
                       oAuthSecret:
-                        description: Name of the secret set in the OpenShift `OAuthClient`
+                        description: 'Name of the secret set in the OpenShift `OAuthClient`
                           resource used to set up identity federation on the OpenShift
-                          side.
+                          side. For Kubernetes, this can either be the plain text
+                          oAuthSecret value, or the name of a kubernetes secret which
+                          contains a key `oAuthSecret` and the value is the secret.
+                          NOTE: this secret must exist in the same namespace as the
+                          `CheCluster` resource and contain the label `app.kubernetes.io/part-of=che.eclipse.org`.'
                         type: string
                     type: object
                   domain:

deploy/deployment/kubernetes/objects/che-operator-selfsigned-issuer.Issuer.yaml

@@ -1,15 +1,3 @@
-#
-# Copyright (c) 2019-2023 Red Hat, Inc.
-# This program and the accompanying materials are made
-# available under the terms of the Eclipse Public License 2.0
-# which is available at https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-# Contributors:
-#   Red Hat, Inc. - initial API and implementation
-#
-
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:

deploy/deployment/kubernetes/objects/che-operator-service.Service.yaml

@@ -1,15 +1,3 @@
-#
-# Copyright (c) 2019-2023 Red Hat, Inc.
-# This program and the accompanying materials are made
-# available under the terms of the Eclipse Public License 2.0
-# which is available at https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-# Contributors:
-#   Red Hat, Inc. - initial API and implementation
-#
-
 apiVersion: v1
 kind: Service
 metadata:

deploy/deployment/kubernetes/objects/che-operator-serving-cert.Certificate.yaml

@@ -1,15 +1,3 @@
-#
-# Copyright (c) 2019-2023 Red Hat, Inc.
-# This program and the accompanying materials are made
-# available under the terms of the Eclipse Public License 2.0
-# which is available at https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-# Contributors:
-#   Red Hat, Inc. - initial API and implementation
-#
-
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:

deploy/deployment/kubernetes/objects/che-operator.ClusterRole.yaml

@@ -1,15 +1,3 @@
-#
-# Copyright (c) 2019-2023 Red Hat, Inc.
-# This program and the accompanying materials are made
-# available under the terms of the Eclipse Public License 2.0
-# which is available at https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-# Contributors:
-#   Red Hat, Inc. - initial API and implementation
-#
-
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:

deploy/deployment/kubernetes/objects/che-operator.ClusterRoleBinding.yaml

@@ -1,15 +1,3 @@
-#
-# Copyright (c) 2019-2023 Red Hat, Inc.
-# This program and the accompanying materials are made
-# available under the terms of the Eclipse Public License 2.0
-# which is available at https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-# Contributors:
-#   Red Hat, Inc. - initial API and implementation
-#
-
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:

deploy/deployment/kubernetes/objects/che-operator.Deployment.yaml

@@ -1,15 +1,3 @@
-#
-# Copyright (c) 2019-2023 Red Hat, Inc.
-# This program and the accompanying materials are made
-# available under the terms of the Eclipse Public License 2.0
-# which is available at https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-# Contributors:
-#   Red Hat, Inc. - initial API and implementation
-#
-
 apiVersion: apps/v1
 kind: Deployment
 metadata:

deploy/deployment/kubernetes/objects/che-operator.Role.yaml

@@ -1,15 +1,3 @@
-#
-# Copyright (c) 2019-2023 Red Hat, Inc.
-# This program and the accompanying materials are made
-# available under the terms of the Eclipse Public License 2.0
-# which is available at https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-# Contributors:
-#   Red Hat, Inc. - initial API and implementation
-#
-
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:

deploy/deployment/kubernetes/objects/che-operator.RoleBinding.yaml

@@ -1,15 +1,3 @@
-#
-# Copyright (c) 2019-2023 Red Hat, Inc.
-# This program and the accompanying materials are made
-# available under the terms of the Eclipse Public License 2.0
-# which is available at https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-# Contributors:
-#   Red Hat, Inc. - initial API and implementation
-#
-
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:

deploy/deployment/kubernetes/objects/che-operator.ServiceAccount.yaml

@@ -1,15 +1,3 @@
-#
-# Copyright (c) 2019-2023 Red Hat, Inc.
-# This program and the accompanying materials are made
-# available under the terms of the Eclipse Public License 2.0
-# which is available at https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-# Contributors:
-#   Red Hat, Inc. - initial API and implementation
-#
-
 apiVersion: v1
 kind: ServiceAccount
 metadata:

deploy/deployment/kubernetes/objects/checlusters.org.eclipse.che.CustomResourceDefinition.yaml

@@ -1,15 +1,3 @@
-#
-# Copyright (c) 2019-2023 Red Hat, Inc.
-# This program and the accompanying materials are made
-# available under the terms of the Eclipse Public License 2.0
-# which is available at https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-# Contributors:
-#   Red Hat, Inc. - initial API and implementation
-#
-
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
@@ -8089,9 +8077,13 @@ spec:
                           OpenShift.
                         type: string
                       oAuthSecret:
-                        description: Name of the secret set in the OpenShift `OAuthClient`
+                        description: 'Name of the secret set in the OpenShift `OAuthClient`
                           resource used to set up identity federation on the OpenShift
-                          side.
+                          side. For Kubernetes, this can either be the plain text
+                          oAuthSecret value, or the name of a kubernetes secret which
+                          contains a key `oAuthSecret` and the value is the secret.
+                          NOTE: this secret must exist in the same namespace as the
+                          `CheCluster` resource and contain the label `app.kubernetes.io/part-of=che.eclipse.org`.'
                         type: string
                     type: object
                   domain:

deploy/deployment/kubernetes/objects/eclipse-che.Namespace.yaml

@@ -1,15 +1,3 @@
-#
-# Copyright (c) 2019-2023 Red Hat, Inc.
-# This program and the accompanying materials are made
-# available under the terms of the Eclipse Public License 2.0
-# which is available at https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-# Contributors:
-#   Red Hat, Inc. - initial API and implementation
-#
-
 apiVersion: v1
 kind: Namespace
 metadata:

deploy/deployment/kubernetes/objects/org.eclipse.che.MutatingWebhookConfiguration.yaml

@@ -1,15 +1,3 @@
-#
-# Copyright (c) 2019-2023 Red Hat, Inc.
-# This program and the accompanying materials are made
-# available under the terms of the Eclipse Public License 2.0
-# which is available at https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-# Contributors:
-#   Red Hat, Inc. - initial API and implementation
-#
-
 apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:

deploy/deployment/kubernetes/objects/org.eclipse.che.ValidatingWebhookConfiguration.yaml

@@ -1,15 +1,3 @@
-#
-# Copyright (c) 2019-2023 Red Hat, Inc.
-# This program and the accompanying materials are made
-# available under the terms of the Eclipse Public License 2.0
-# which is available at https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-# Contributors:
-#   Red Hat, Inc. - initial API and implementation
-#
-
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:

deploy/deployment/openshift/combined.yaml

@@ -1,15 +1,3 @@
-#
-# Copyright (c) 2019-2023 Red Hat, Inc.
-# This program and the accompanying materials are made
-# available under the terms of the Eclipse Public License 2.0
-# which is available at https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-# Contributors:
-#   Red Hat, Inc. - initial API and implementation
-#
-
 apiVersion: v1
 kind: Namespace
 metadata:
@@ -8094,9 +8082,13 @@ spec:
                           OpenShift.
                         type: string
                       oAuthSecret:
-                        description: Name of the secret set in the OpenShift `OAuthClient`
+                        description: 'Name of the secret set in the OpenShift `OAuthClient`
                           resource used to set up identity federation on the OpenShift
-                          side.
+                          side. For Kubernetes, this can either be the plain text
+                          oAuthSecret value, or the name of a kubernetes secret which
+                          contains a key `oAuthSecret` and the value is the secret.
+                          NOTE: this secret must exist in the same namespace as the
+                          `CheCluster` resource and contain the label `app.kubernetes.io/part-of=che.eclipse.org`.'
                         type: string
                     type: object
                   domain:

deploy/deployment/openshift/objects/che-operator-service.Service.yaml

@@ -1,15 +1,3 @@
-#
-# Copyright (c) 2019-2023 Red Hat, Inc.
-# This program and the accompanying materials are made
-# available under the terms of the Eclipse Public License 2.0
-# which is available at https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-# Contributors:
-#   Red Hat, Inc. - initial API and implementation
-#
-
 apiVersion: v1
 kind: Service
 metadata:

deploy/deployment/openshift/objects/che-operator.ClusterRole.yaml

@@ -1,15 +1,3 @@
-#
-# Copyright (c) 2019-2023 Red Hat, Inc.
-# This program and the accompanying materials are made
-# available under the terms of the Eclipse Public License 2.0
-# which is available at https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-# Contributors:
-#   Red Hat, Inc. - initial API and implementation
-#
-
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:

deploy/deployment/openshift/objects/che-operator.ClusterRoleBinding.yaml

@@ -1,15 +1,3 @@
-#
-# Copyright (c) 2019-2023 Red Hat, Inc.
-# This program and the accompanying materials are made
-# available under the terms of the Eclipse Public License 2.0
-# which is available at https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-# Contributors:
-#   Red Hat, Inc. - initial API and implementation
-#
-
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:

deploy/deployment/openshift/objects/che-operator.Deployment.yaml

@@ -1,15 +1,3 @@
-#
-# Copyright (c) 2019-2023 Red Hat, Inc.
-# This program and the accompanying materials are made
-# available under the terms of the Eclipse Public License 2.0
-# which is available at https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-# Contributors:
-#   Red Hat, Inc. - initial API and implementation
-#
-
 apiVersion: apps/v1
 kind: Deployment
 metadata: