Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [che-dev] Persist Theia plugin data in a Che workspace

To me, if you take the Github token are personal and
should NOT be per workspace
SHOULD be per user
I cannot see how we could allow another user that has access to my workpace to use my github token

On Fri, Dec 14, 2018 at 3:33 PM Mykola Morhun <mmorhun@xxxxxxxxxx> wrote:
As about scope, I agree with Thomas, they should be per Che workspace.

Talking about user data.
We do not know what kind of data a plugin will save there. It might be a token (at least Github plugin stores it there) or some cache as well or whatever plugin writer wants to save.
The problem is that we just cannot know which kind of data plugin stores...

On Fri, Dec 14, 2018 at 4:21 PM Sergii Kabashniuk <skabashn@xxxxxxxxxx> wrote:
> kinds, including sensitive data. For example, Github plugin stores Github token there.

I think if we taking user data seriously you SHOULD NOT store sensitive data on volume unprotected.
How to do that right - I don't know. Probably (Sergii Leshchenko's suggestion)  https://kubernetes.io/docs/concepts/configuration/secret/   can help us. 
To answer you more concrete each use case should be discussed/studied separately.

On Fri, Dec 14, 2018 at 4:08 PM <tmader@xxxxxxxxxx> wrote:
That's a very good question. I think it should be per Che workspace (careful not to mix the term with VSCode workspaces). VSCode plugins will make the assumption that they run on a single machine. That implies that when they address a file system path, they are addressing the same file or folder. This is not the case when we have two different Che workspaces: "/projects/project1" could mean two completely different projects. So when we have per file metadata, for example, a vscode plugin would key that metadata by the file's path, so we need separate storage locations for each Che workspace. Does that make sense?

/Thomas

On Fri, 2018-12-14 at 08:07 -0500, Gorkem Ercan wrote:
Is this per workspace or per user data ? 

On Fri, Dec 14, 2018 at 7:44 AM Mykola Morhun <mmorhun@xxxxxxxxxx> wrote:
Hello.
I am working on implementing some plugin context API in Theia. The plugin context API specification requires some data of plugin to be persistent, so we need to save it on workspace stop and restore on workspace start. Many plugins use this functionality to store data of many kinds, including sensitive data. For example, Github plugin stores Github token there.
I want to use a volume in Theia sidecar to reach that. Does anyone has any concerns about this approach?


_______________________________________________
che-dev mailing list
che-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/che-dev


--

Sergii Kabashniuk

Principal Software Engineer, DevTools 

Red Hat Ukraine

skabashniuk@xxxxxxxxxx    

_______________________________________________
che-dev mailing list
che-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/che-dev


--

Mykola Morhun

SOFTWARE ENGINEER

Red Hat

_______________________________________________
che-dev mailing list
che-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/che-dev
--

Sun TAN
Senior Java Software Engineer
Eclipse Che - Openshift.io @ Red Hat
Paris JUG team member

Mobile : +33 6 21 02 41 73
Email : sutan@xxxxxxxxxx 
Email Paris JUG : sunix@xxxxxxxxxxxx
Blog: http://blog.sunix.org
twitter: @sunsengdavidtan 


Back to the top