feat: Support OpenShift external IDP (#2078)

* feat: Support OpenShift external IDP

Signed-off-by: Anatolii Bazko <abazko@redhat.com>

Author: tolusha

api/checluster_conversion_from_test.go

@@ -18,9 +18,9 @@ import (
 	"k8s.io/apimachinery/pkg/api/resource"
 
 	devfile "github.com/devfile/api/v2/pkg/apis/workspaces/v1alpha2"
-	"github.com/devfile/devworkspace-operator/pkg/infrastructure"
 	chev1 "github.com/eclipse-che/che-operator/api/v1"
 	chev2 "github.com/eclipse-che/che-operator/api/v2"
+	"github.com/eclipse-che/che-operator/pkg/common/infrastructure"
 	"github.com/stretchr/testify/assert"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -68,7 +68,7 @@ func TestConvertFromIngressOnK8s(t *testing.T) {
 }
 
 func TestConvertFromIngressOnOpenShift(t *testing.T) {
-	infrastructure.InitializeForTesting(infrastructure.OpenShiftv4)
+	infrastructure.InitializeForTesting(infrastructure.OpenShiftV4)
 
 	checlusterv2 := &chev2.CheCluster{
 		ObjectMeta: metav1.ObjectMeta{
@@ -523,7 +523,7 @@ func TestConvertFrom(t *testing.T) {
 }
 
 func TestShouldConvertFromWhenOnlyMemoryResourceSpecified(t *testing.T) {
-	infrastructure.InitializeForTesting(infrastructure.OpenShiftv4)
+	infrastructure.InitializeForTesting(infrastructure.OpenShiftV4)
 
 	memoryRequest := resource.MustParse("128Mi")
 	memoryLimit := resource.MustParse("228Mi")

api/checluster_conversion_to_test.go

@@ -19,10 +19,10 @@ import (
 	"k8s.io/utils/pointer"
 
 	devfile "github.com/devfile/api/v2/pkg/apis/workspaces/v1alpha2"
-	"github.com/devfile/devworkspace-operator/pkg/infrastructure"
 	chev1 "github.com/eclipse-che/che-operator/api/v1"
 	chev2 "github.com/eclipse-che/che-operator/api/v2"
 	"github.com/eclipse-che/che-operator/pkg/common/constants"
+	"github.com/eclipse-che/che-operator/pkg/common/infrastructure"
 	defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults"
 	"github.com/stretchr/testify/assert"
 	corev1 "k8s.io/api/core/v1"
@@ -38,7 +38,7 @@ func TestConvertToEmptyCheCluster(t *testing.T) {
 }
 
 func TestConvertToIngressOnOpenShift(t *testing.T) {
-	infrastructure.InitializeForTesting(infrastructure.OpenShiftv4)
+	infrastructure.InitializeForTesting(infrastructure.OpenShiftV4)
 
 	checlusterv1 := &chev1.CheCluster{
 		ObjectMeta: metav1.ObjectMeta{

api/checluster_round_conversion_test.go

@@ -15,7 +15,7 @@ package org
 import (
 	"testing"
 
-	"github.com/devfile/devworkspace-operator/pkg/infrastructure"
+	"github.com/eclipse-che/che-operator/pkg/common/infrastructure"
 	defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
@@ -325,6 +325,6 @@ func onKubernetes(f func()) {
 }
 
 func onOpenShift(f func()) {
-	infrastructure.InitializeForTesting(infrastructure.OpenShiftv4)
+	infrastructure.InitializeForTesting(infrastructure.OpenShiftV4)
 	f()
 }

api/init_test.go

@@ -13,14 +13,14 @@
 package org
 
 import (
-	"github.com/devfile/devworkspace-operator/pkg/infrastructure"
+	"github.com/eclipse-che/che-operator/pkg/common/infrastructure"
 	defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults"
 	"github.com/eclipse-che/che-operator/pkg/common/test"
 )
 
 func init() {
 	test.EnableTestMode()
 
-	infrastructure.InitializeForTesting(infrastructure.OpenShiftv4)
+	infrastructure.InitializeForTesting(infrastructure.OpenShiftV4)
 	defaults.InitializeForTesting("../config/manager/manager.yaml")
 }

api/v1/checluster_conversion_from.go

@@ -21,9 +21,9 @@ import (
 
 	"github.com/eclipse-che/che-operator/pkg/common/utils"
 
-	"github.com/devfile/devworkspace-operator/pkg/infrastructure"
 	chev2 "github.com/eclipse-che/che-operator/api/v2"
 	"github.com/eclipse-che/che-operator/pkg/common/constants"
+	"github.com/eclipse-che/che-operator/pkg/common/infrastructure"
 	k8shelper "github.com/eclipse-che/che-operator/pkg/common/k8s-helper"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/conversion"

api/v1/checluster_conversion_to.go

@@ -23,9 +23,9 @@ import (
 	"github.com/eclipse-che/che-operator/pkg/common/utils"
 	ctrl "sigs.k8s.io/controller-runtime"
 
-	"github.com/devfile/devworkspace-operator/pkg/infrastructure"
 	chev2 "github.com/eclipse-che/che-operator/api/v2"
 	"github.com/eclipse-che/che-operator/pkg/common/constants"
+	"github.com/eclipse-che/che-operator/pkg/common/infrastructure"
 	k8shelper "github.com/eclipse-che/che-operator/pkg/common/k8s-helper"
 	defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults"
 	corev1 "k8s.io/api/core/v1"

api/v2/checluster_types.go

@@ -19,13 +19,13 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/eclipse-che/che-operator/pkg/common/infrastructure"
 	"k8s.io/utils/pointer"
 
 	ctrl "sigs.k8s.io/controller-runtime"
 
 	defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults"
 
-	"github.com/devfile/devworkspace-operator/pkg/infrastructure"
 	"github.com/eclipse-che/che-operator/pkg/common/constants"
 
 	controllerv1alpha1 "github.com/devfile/devworkspace-operator/apis/controller/v1alpha1"
@@ -1098,7 +1098,7 @@ func (c *CheCluster) GetIdentityToken() string {
 		return c.Spec.Networking.Auth.IdentityToken
 	}
 
-	if infrastructure.IsOpenShift() {
+	if infrastructure.IsOpenShiftOAuthEnabled() {
 		return constants.AccessToken
 	}
 	return constants.IdToken

api/v2/checluster_types_test.go

@@ -16,11 +16,11 @@ import (
 	"reflect"
 	"testing"
 
-	"github.com/devfile/devworkspace-operator/pkg/infrastructure"
+	"github.com/eclipse-che/che-operator/pkg/common/infrastructure"
 	"github.com/stretchr/testify/assert"
 )
 
-func TestIsAccesTokenConfigured(t *testing.T) {
+func TestIsAccessTokenConfigured(t *testing.T) {
 	t.Run("TestIsAccesTokenConfigured when access_token defined", func(t *testing.T) {
 		cheCluster := &CheCluster{
 			Spec: CheClusterSpec{
@@ -98,7 +98,7 @@ func TestGetIdentityToken(t *testing.T) {
 					},
 				}},
 		}
-		infrastructure.InitializeForTesting(infrastructure.OpenShiftv4)
+		infrastructure.InitializeForTesting(infrastructure.OpenShiftV4)
 
 		assert.Equal(t, "access_token", cheCluster.GetIdentityToken(),
 			"'access_token' should be used")
@@ -113,7 +113,7 @@ func TestGetIdentityToken(t *testing.T) {
 					},
 				}},
 		}
-		infrastructure.InitializeForTesting(infrastructure.OpenShiftv4)
+		infrastructure.InitializeForTesting(infrastructure.OpenShiftV4)
 
 		assert.Equal(t, "id_token", cheCluster.GetIdentityToken(),
 			"'id_token' should be used")
@@ -126,7 +126,7 @@ func TestGetIdentityToken(t *testing.T) {
 					Auth: Auth{},
 				}},
 		}
-		infrastructure.InitializeForTesting(infrastructure.OpenShiftv4)
+		infrastructure.InitializeForTesting(infrastructure.OpenShiftV4)
 
 		assert.Equal(t, "access_token", cheCluster.GetIdentityToken(),
 			"'access_token' should be used")
@@ -141,9 +141,8 @@ func TestGetDefaultIdentityToken(t *testing.T) {
 		infrastructure infrastructure.Type
 		identityToken  string
 	}{
-		{infrastructure.OpenShiftv4, "access_token"},
+		{infrastructure.OpenShiftV4, "access_token"},
 		{infrastructure.Kubernetes, "id_token"},
-		{infrastructure.Unsupported, "id_token"},
 	}
 	for _, test := range tests {
 		infrastructure.InitializeForTesting(test.infrastructure)

api/v2/checluster_webhook.go

@@ -20,7 +20,7 @@ import (
 
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 
-	"github.com/devfile/devworkspace-operator/pkg/infrastructure"
+	"github.com/eclipse-che/che-operator/pkg/common/infrastructure"
 	"k8s.io/utils/pointer"
 
 	"github.com/eclipse-che/che-operator/pkg/common/constants"

cmd/main.go

@@ -17,6 +17,10 @@ import (
 	"os"
 	"time"
 
+	dwInfra "github.com/devfile/devworkspace-operator/pkg/infrastructure"
+	"github.com/eclipse-che/che-operator/pkg/common/infrastructure"
+	oauthv1 "github.com/openshift/api/oauth/v1"
+	userv1 "github.com/openshift/api/user/v1"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 
 	"github.com/eclipse-che/che-operator/controllers/namespacecache"
@@ -33,8 +37,6 @@ import (
 	securityv1 "github.com/openshift/api/security/v1"
 
 	dwoApi "github.com/devfile/devworkspace-operator/apis/controller/v1alpha1"
-	"github.com/devfile/devworkspace-operator/pkg/infrastructure"
-	devworkspaceinfra "github.com/devfile/devworkspace-operator/pkg/infrastructure"
 	"go.uber.org/zap/zapcore"
 
 	"github.com/eclipse-che/che-operator/pkg/common/constants"
@@ -62,11 +64,9 @@ import (
 	"github.com/go-logr/logr"
 	configv1 "github.com/openshift/api/config/v1"
 	consolev1 "github.com/openshift/api/console/v1"
-	oauthv1 "github.com/openshift/api/oauth/v1"
 	templatev1 "github.com/openshift/api/template/v1"
 
 	checontroller "github.com/eclipse-che/che-operator/controllers/che"
-	"github.com/eclipse-che/che-operator/pkg/common/utils"
 
 	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
@@ -79,7 +79,6 @@ import (
 	imagepullerapi "github.com/che-incubator/kubernetes-image-puller-operator/api/v1alpha1"
 	projectv1 "github.com/openshift/api/project/v1"
 	routev1 "github.com/openshift/api/route/v1"
-	userv1 "github.com/openshift/api/user/v1"
 	appsv1 "k8s.io/api/apps/v1"
 	batchv1 "k8s.io/api/batch/v1"
 	corev1 "k8s.io/api/core/v1"
@@ -101,10 +100,6 @@ var (
 	renewDeadline = 30 * time.Second
 )
 
-const (
-	leasesApiResourceName = "leases"
-)
-
 func init() {
 	flag.StringVar(&metricsAddr, "metrics-bind-address", ":60000", "The address the metric endpoint binds to.")
 	flag.StringVar(&probeAddr, "health-probe-bind-address", ":6789", "The address the probe endpoint binds to.")
@@ -122,11 +117,6 @@ func init() {
 	logger := zap.New(zap.UseFlagOptions(&opts))
 	ctrl.SetLogger(logger)
 
-	if err := infrastructure.Initialize(); err != nil {
-		logger.Error(err, "Unable determine installation platform")
-		os.Exit(1)
-	}
-
 	defaults.Initialize()
 
 	printVersion(logger)
@@ -145,15 +135,20 @@ func init() {
 	utilruntime.Must(corev1.AddToScheme(scheme))
 
 	if infrastructure.IsOpenShift() {
-		utilruntime.Must(routev1.AddToScheme(scheme))
-		utilruntime.Must(oauthv1.AddToScheme(scheme))
-		utilruntime.Must(userv1.AddToScheme(scheme))
-		utilruntime.Must(configv1.AddToScheme(scheme))
-		utilruntime.Must(consolev1.AddToScheme(scheme))
-		utilruntime.Must(projectv1.AddToScheme(scheme))
+		utilruntime.Must(routev1.Install(scheme))
+		utilruntime.Must(configv1.Install(scheme))
+		utilruntime.Must(consolev1.Install(scheme))
+		utilruntime.Must(projectv1.Install(scheme))
 		utilruntime.Must(securityv1.Install(scheme))
 		utilruntime.Must(templatev1.Install(scheme))
 	}
+
+	// User and OAuthClient API are disabled in case of external IDP
+	// Check API before adding to the scheme
+	if infrastructure.IsOpenShiftOAuthEnabled() {
+		utilruntime.Must(userv1.Install(scheme))
+		utilruntime.Must(oauthv1.Install(scheme))
+	}
 }
 
 func getLogLevel() zapcore.Level {
@@ -181,7 +176,7 @@ func printVersion(logger logr.Logger) {
 
 	infra := "Kubernetes"
 	if infrastructure.IsOpenShift() {
-		infra = "OpenShift v4.x"
+		infra = "OpenShift"
 	}
 	logger.Info("Operator is running on ", "Infrastructure", infra)
 }
@@ -202,6 +197,11 @@ func getWatchNamespace() (string, error) {
 }
 
 func main() {
+	if err := dwInfra.Initialize(); err != nil {
+		setupLog.Error(err, "Failed to initialize infrastructure")
+		os.Exit(1)
+	}
+
 	watchNamespace, err := getWatchNamespace()
 	if err != nil {
 		setupLog.Error(err, "unable to get WatchNamespace, "+
@@ -216,8 +216,8 @@ func main() {
 		os.Exit(1)
 	}
 
-	if !utils.IsK8SResourceServed(discoveryClient, leasesApiResourceName) {
-		setupLog.Info("Leader election was disabled", "Cause:", leasesApiResourceName+"k8s api resource is an absent.")
+	if !infrastructure.IsLeaderElectionEnabled() {
+		setupLog.Info("Leader election disabled")
 		enableLeaderElection = false
 	}
 
@@ -227,13 +227,6 @@ func main() {
 		os.Exit(1)
 	}
 
-	// DWO use the infrastructure package for openshift detection. It needs to be initialized
-	// but only supports OpenShift v4 or Kubernetes.
-	if err := devworkspaceinfra.Initialize(); err != nil {
-		setupLog.Error(err, "failed to evaluate infrastructure which is needed for DevWorkspace support")
-		os.Exit(1)
-	}
-
 	cacheFunction, err := getCacheFunc()
 	if err != nil {
 		setupLog.Error(err, "failed to create cache function")
@@ -394,11 +387,14 @@ func getCacheFunc() (cache.NewCacheFunc, error) {
 	}
 
 	if infrastructure.IsOpenShift() {
-		selectors[&oauthv1.OAuthClient{}] = cache.ByObject{Label: partOfCheObjectSelector}
 		selectors[&routev1.Route{}] = cache.ByObject{Label: partOfCheObjectSelector}
 		selectors[&templatev1.Template{}] = cache.ByObject{Label: partOfCheObjectSelector}
 	}
 
+	if infrastructure.IsOpenShiftOAuthEnabled() {
+		selectors[&oauthv1.OAuthClient{}] = cache.ByObject{Label: partOfCheObjectSelector}
+	}
+
 	return func(config *rest.Config, opts cache.Options) (cache.Cache, error) {
 		opts.ByObject = selectors
 		return cache.New(config, opts)