diff --git a/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/project/OpenShiftProjectFactory.java b/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/project/OpenShiftProjectFactory.java index 8f64340bad..902c93083c 100644 --- a/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/project/OpenShiftProjectFactory.java +++ b/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/project/OpenShiftProjectFactory.java @@ -119,9 +119,16 @@ public OpenShiftProject getOrCreate(RuntimeIdentity identity) throws Infrastruct Map namespaceAnnotationsEvaluated = evaluateAnnotationPlaceholders(resolutionCtx); + // Use Che server SA when initWithCheServerSa is true and OAuth is configured. + // The string "NULL" is treated as "not configured" to handle property placeholder defaults. + boolean useServerSa = + initWithCheServerSa + && !isNullOrEmpty(oAuthIdentityProvider) + && !"NULL".equals(oAuthIdentityProvider); + osProject.prepare( canCreateNamespace(), - initWithCheServerSa && !isNullOrEmpty(oAuthIdentityProvider), + useServerSa, labelNamespaces ? namespaceLabels : emptyMap(), annotateNamespaces ? namespaceAnnotationsEvaluated : emptyMap()); diff --git a/infrastructures/openshift/src/test/java/org/eclipse/che/workspace/infrastructure/openshift/project/OpenShiftProjectFactoryTest.java b/infrastructures/openshift/src/test/java/org/eclipse/che/workspace/infrastructure/openshift/project/OpenShiftProjectFactoryTest.java index 4bc40e1fd0..e6075e3e66 100644 --- a/infrastructures/openshift/src/test/java/org/eclipse/che/workspace/infrastructure/openshift/project/OpenShiftProjectFactoryTest.java +++ b/infrastructures/openshift/src/test/java/org/eclipse/che/workspace/infrastructure/openshift/project/OpenShiftProjectFactoryTest.java @@ -102,6 +102,7 @@ public class OpenShiftProjectFactoryTest { private static final String USER_ID = "2342-2559-234"; private static final String USER_NAME = "johndoe"; private static final String NO_OAUTH_IDENTITY_PROVIDER = null; + private static final String NULL_STRING_OAUTH_IDENTITY_PROVIDER = "NULL"; private static final String OAUTH_IDENTITY_PROVIDER = "openshift-v4"; private static final String NAMESPACE_LABEL_NAME = "component"; private static final String NAMESPACE_LABELS = NAMESPACE_LABEL_NAME + "=workspace"; @@ -546,6 +547,7 @@ public void shouldRequireNamespacePriorExistenceIfDifferentFromDefaultAndUserDef // then assertEquals(toReturnProject, project); + // When OAuth is NOT configured (null), don't use Che server SA (false) verify(toReturnProject).prepare(eq(true), eq(false), any(), any()); } @@ -676,6 +678,45 @@ public void shouldCallStopWorkspaceRoleProvisionWhenIdentityProviderIsDefined() // then verify(serviceAccount).prepare(); + // When OAuth IS configured, use Che server SA (true) to create projects + verify(toReturnProject).prepare(eq(true), eq(true), any(), any()); + } + + @Test + public void shouldUseCheServerSAWhenOAuthIdentityProviderIsNullString() throws Exception { + // given - when oAuthIdentityProvider is the string "NULL" (property placeholder default), + // it should be treated as if OAuth is not configured (same as null) + projectFactory = + spy( + new OpenShiftProjectFactory( + "-che", + true, + true, + true, + NAMESPACE_LABELS, + NAMESPACE_ANNOTATIONS, + true, + emptySet(), + openShiftClientFactory, + cheServerKubernetesClientFactory, + cheServerOpenshiftClientFactory, + preferenceManager, + pool, + authorizationChecker, + permissionsCleaner, + NULL_STRING_OAUTH_IDENTITY_PROVIDER)); + OpenShiftProject toReturnProject = mock(OpenShiftProject.class); + prepareProject(toReturnProject); + doReturn(toReturnProject).when(projectFactory).doCreateProjectAccess(any(), any()); + + // when + RuntimeIdentity identity = + new RuntimeIdentityImpl("workspace123", null, USER_ID, "workspace123"); + projectFactory.getOrCreate(identity); + + // then - should NOT use Che server SA (false) when oAuthIdentityProvider="NULL" + // because "NULL" is treated the same as null (unconfigured) + verify(toReturnProject).prepare(eq(true), eq(false), any(), any()); } @Ignore