How to get all workpaces info created by users ?

[KOSSOKO]

Hi all, We are trying to show contents created by our scientists inside their workspaces in our platform. Che is included inside this platform thanks to an Iframe. As an admin, I want to get all of workspaces created by the user using the api workspaces/get, but I get just mine. Is it possible to do that ? Thanks in advance

[skabashnyuk]

@KOSSOKO take a look on method GET /workspace/namespace/{namesapcename} @Path("/namespace/{namespace:.*}") . Also make sure you admin is che admin, see che.system.admin_name in configuration.

[KOSSOKO]

@skabashnyuk thanks for your answer. Sorry but I didn't totally understand. For example, when I do this request using swagger as admin http://ipadresse:8088/api/workspace/namespace/kosted I got

{ "message": "User is not authorized to use specified account" }

About @Path("/namespace/{namespace:.*}"), you meant that I have to set the namespace by .* ? I tried, but got the error 404 not found

[skabashnyuk]

When you use che, link to workspace usually contains two parts. Namespace - username or organization name Workspace name - name of the workspace.

example: http://che-eclipse-che.192.168.65.2.nip.io/dashboard/#/ide/che/wksp-27ii

che - is namespace wksp-27ii - workspace name Now

curl -v curl http://che-eclipse-che.192.168.65.2.nip.io/api/workspace/namespace/che
* Rebuilt URL to: curl/
* Could not resolve host: curl
* Closing connection 0
curl: (6) Could not resolve host: curl
*   Trying 192.168.65.2...
* TCP_NODELAY set
* Connected to che-eclipse-che.192.168.65.2.nip.io (192.168.65.2) port 80 (#1)
> GET /api/workspace/namespace/che HTTP/1.1
> Host: che-eclipse-che.192.168.65.2.nip.io
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200
< Set-Cookie: JSESSIONID=D8B482F40CFC16BAFC4DAA4496767BEB; Path=/api; HttpOnly
< Cache-Control: public, no-cache, no-store, no-transform
< ETag: "c81cca8d1f5677e3c17c4ee6bdb235fd"
< Content-Type: application/json
< Transfer-Encoding: chunked
< Vary: Accept-Encoding
< Date: Wed, 24 Oct 2018 08:26:19 GMT
< Set-Cookie: e7e832c4d3d17f241325692f83b9abbe=690baa96a1714e1b15a9354f839ce7cd; path=/; HttpOnly
< Cache-control: private
<
* Connection #1 to host che-eclipse-che.192.168.65.2.nip.io left intact
[{"namespace":"che","links":{"self":"http://che-eclipse-che.192.168.65.2.nip.io/api/workspace/workspaceiyir492wfsai1ijy","ide":"http://che-eclipse-che.192.168.65.2.nip.io/che/wksp-27ii","environment/statusChannel":"ws://che-eclipse-che.192.168.65.2.nip.io/api/websocket","environment/outputChannel":"ws://che-eclipse-che.192.168.65.2.nip.io/api/websocket"},"status":"RUNNING","config":{"environments":{"default":{"recipe":{"contentType":"application/x-yaml","type":"openshift","content":"kind: List\nitems:\n - \n  apiVersion: v1\n  kind: Pod\n  metadata:\n   name: ws\n  spec:\n   containers:\n    - \n     image: 'eclipse/che-dev:nightly'\n     name: dev\n     resources:\n      limits:\n       memory: 2048Mi\n"},"machines":{"ws/dev":{"env":{},"servers":{},"volumes":{"projects":{"path":"/projects"}},"installers":[],"attributes":{"memoryLimitBytes":"2147483648"}}}}},"projects":[{"links":[],"source":{"location":"","type":"","parameters":{}},"mixins":[],"problems":[],"name":"pf","type":"blank","path":"/pf","attributes":{}}],"commands":[{"commandLine":"echo \"hello\"","name":"newCustom","type":"custom","attributes":{"goal":"Run","previewUrl":""}}],"defaultEnv":"default","name":"wksp-27ii","attributes":{"editor":"org.eclipse.che.editor.gwt:1.0.0","plugins":""},"links":[]},"temporary":false,"id":"workspaceiyir492wfsai1ijy","attributes":{"updated":"1540296378867","created":"1540296305884","stackId":"che7-preview"}}

[KOSSOKO]

@skabashnyuk thanks I understand well. I discover also after looking in the che database that the namespace is the username of a user. The problem now is when I run my request outside swagger context, in the java code of my back end, I got the error

token is missing.

How could I generate a token or disable this security? All of my system (Che, Liferay, my back end) are in a protected zone, behind the bastion, so I don't really need this security

[skabashnyuk]

you can use this property to setup che admin

#     Grant system permission for 'che.admin.name' user. If the user already exists it'll happen on
#     component startup, if not - during the first login when user is persisted in the database.
che.system.admin_name=admin

and this page to get info about how to get token https://www.eclipse.org/che/docs/authentication.html#obtaining-token-from-keycloak

[KOSSOKO]

@skabashnyuk thanks a lot

[KOSSOKO]

@skabashnyuk where could I find this che.system.admin_name=admin variable ?

And if I understand well, to allow the admin profile to get all users metadata, I have to setup che.system.admin_name to admin ?

In my code, with all information you gave to me, I have for each user to send a request. But, the problem is that I can't have the password. If I can use the profile admin with the password admin, I can get all workspaces, then in a second time, I can filter to keep only workspaces for the current user, because the pseudo (namespace) of the current user is something I have.

HttpUriRequest request = RequestBuilder.post() .setUri("http://myurl:5050/auth/realms/che/protocol/openid-connect/token") .setHeader("Content-Type", "application/x-www-form-urlencoded") .setHeader("Accept", "application/json") .addParameter("username", "myusername") .addParameter("client_id", "che-public") .addParameter("password", "theUserPassword") .addParameter("grant_type", "password") .build(); HttpClient client = HttpClientBuilder.create().build(); HttpResponse response = client.execute(request); HttpEntity entity = response.getEntity();

[skabashnyuk]

@KOSSOKO We updating our documentation regarding systemAdmin role It should help you. https://github.com/eclipse/che-docs/pull/549/files

[KOSSOKO]

@skabashnyuk thanks a lot.

[skabashnyuk]

Closing. Feel free to reopen if you think it's needed.

[puneetshukla-siemens]

I have multi-host eclipse che deployed in K8s running in aws, As a admin in want all the workspace created by different users. But with admin login I can only see workspace created by admin and workspace comes under organization created by admin. Is there a way to get all the workspace by different users?