Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider having more than one git credentials tokens from the same SCM #22821

Open
vinokurig opened this issue Feb 14, 2024 · 0 comments
Open

Consider having more than one git credentials tokens from the same SCM #22821

vinokurig opened this issue Feb 14, 2024 · 0 comments
Assignees
@vinokurig
Labels
area/git/oauth-services OAuth support to authenticate developers with their GitHub, GitLab, Bitbucket etc...accounts kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P2 Has a minor but important impact to the usage or development of the system. team/A This team is responsible for the Che Operator and all its operands as well as chectl and Hosted Che

Comments

@vinokurig
Copy link
Contributor

Is your task related to a problem? Please describe

According to our current logic, we do not propagate more than one scm token with the same scm endpoint and user id: https://github.com/eclipse-che/che-server/blob/4f8a84cb1d4a9a8cd1b698a33457222078114e3c/infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesGitCredentialManager.java#L107-L108
This might cause a problem when user has an oauth token which might be limited in permissions and a Personal Access Token with full permissions. There is a possibility that the oauth token would be propagated to a workspace but not the PAT, so it might cause problems with some git remote operations due to the oauth token restrictions.

Describe the solution you'd like

Rework the current logic of generating the git-credentials secrets.

Describe alternatives you've considered

No response

Additional context

No response
@vinokurig vinokurig added kind/task Internal things, technical debt, and to-do tasks to be performed. area/git/oauth-services OAuth support to authenticate developers with their GitHub, GitLab, Bitbucket etc...accounts team/A This team is responsible for the Che Operator and all its operands as well as chectl and Hosted Che labels Feb 14, 2024
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Feb 14, 2024
@vinokurig vinokurig mentioned this issue Feb 14, 2024
Closed
@ibuziuk ibuziuk added severity/P2 Has a minor but important impact to the usage or development of the system. and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Feb 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vinokurig vinokurig

Labels
area/git/oauth-services OAuth support to authenticate developers with their GitHub, GitLab, Bitbucket etc...accounts kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P2 Has a minor but important impact to the usage or development of the system. team/A This team is responsible for the Che Operator and all its operands as well as chectl and Hosted Che
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ibuziuk @vinokurig @che-bot