fix: enable/disable 'Save Config' whenever auth means are changed (#23780)

[adietish]

fixes eclipse-che/che#23780

"Save Configuration" checkbox should get enabled as soon as:

• a new "Server" is selected
• "Certificate Authority" is changed
• "Client Certificate" and "Client Key" are provided
• a new "Token" is provided
• username or password are changed

Using "RH SSO" or "OpenShift OAuth" are not enabling the "Save Configuration" checkbox.

[coderabbitai]

Warning

Rate limit exceeded

@adietish has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 57 minutes and 14 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: 38e15fa5-1c68-48e5-bb8e-f65dc70cd0ee

📥 Commits

Reviewing files that changed from the base of the PR and between 3b5b85b and 9bc10e8.

📒 Files selected for processing (12)

• .github/workflows/build.yml
• src/main/kotlin/com/redhat/devtools/gateway/kubeconfig/KubeConfigEntries.kt
• src/main/kotlin/com/redhat/devtools/gateway/kubeconfig/KubeConfigUtils.kt
• src/main/kotlin/com/redhat/devtools/gateway/openshift/Cluster.kt
• src/main/kotlin/com/redhat/devtools/gateway/view/steps/DevSpacesServerStepView.kt
• src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/AbstractAuthenticationStrategy.kt
• src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/AuthenticationStrategy.kt
• src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/ClientCertificateAuthenticationStrategy.kt
• src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/OpenShiftCredentialsAuthenticationStrategy.kt
• src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/OpenShiftOAuthAuthenticationStrategy.kt
• src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/RedHatSSOAuthenticationStrategy.kt
• src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/TokenAuthenticationStrategy.kt

📝 Walkthrough

Walkthrough

This PR centralizes kubeconfig user resolution, maps kube user credentials (token, client cert/key, basic auth) into Cluster, adds haveAuthInputsChanged(saved: Cluster) to auth strategies with concrete implementations, and integrates these checks into DevSpacesServerStepView to compute and enable saving configuration changes. CI test job was updated to run a clean Gradle build with build-cache disabled.

Changes

Save Configuration Dirty Detection System

Layer / File(s)	Summary
Kubeconfig user lookup refactoring src/main/kotlin/com/redhat/devtools/gateway/kubeconfig/KubeConfigEntries.kt	New getUserForCluster() helper centralizes user resolution by cluster name. getUserTokenForCluster() and getUserClientCertForCluster() delegate to it; client-cert helper now returns null when the user mapping cannot be resolved.
Cluster model and kubeconfig transformation src/main/kotlin/com/redhat/devtools/gateway/openshift/Cluster.kt, src/main/kotlin/com/redhat/devtools/gateway/kubeconfig/KubeConfigUtils.kt	Cluster adds optional basicUsername and basicPassword. getClusters() and toCluster() now resolve a KubeConfigUser? per namedCluster and populate token, client cert/key, and basic-auth fields from that object.
AuthenticationStrategy dirty-detection contract src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/AuthenticationStrategy.kt, src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/AbstractAuthenticationStrategy.kt, src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/TokenAuthenticationStrategy.kt, src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/ClientCertificateAuthenticationStrategy.kt, src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/OpenShiftCredentialsAuthenticationStrategy.kt, src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/OpenShiftOAuthAuthenticationStrategy.kt	Adds haveAuthInputsChanged(saved: Cluster): Boolean to AuthenticationStrategy. AbstractAuthenticationStrategy defaults to false. TokenAuthenticationStrategy, ClientCertificateAuthenticationStrategy, OpenShiftCredentialsAuthenticationStrategy (adds applyFromCluster() and secure password compare), and OpenShiftOAuthAuthenticationStrategy provide concrete behavior.
View dirty-detection integration src/main/kotlin/com/redhat/devtools/gateway/view/steps/DevSpacesServerStepView.kt	Replaces saveToKubeconfig with saveConfig, tracks currentContextClusterName, derives effective selection via getSelectedCluster()/kubeMatch(), applies credentials from selected cluster, computes isDirty() using cluster/URL/CA/auth diffs (via haveAuthInputsChanged), and gates save operations on saveConfig.

CI Workflow Change

Layer / File(s)	Summary
Test job Gradle invocation .github/workflows/build.yml	Run Tests step updated to run ./gradlew clean check --no-build-cache instead of ./gradlew check.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant View as DevSpacesServerStepView
    participant Strategy as AuthenticationStrategy
    participant Kubeconfig as KubeConfigUtils
    User->>View: Select different cluster
    View->>View: getSelectedCluster() resolves effective selection
    View->>Strategy: applyFromCluster(cluster) populates auth fields
    View->>View: isDirty() checks cluster/CA/URL changes
    View->>Strategy: haveAuthInputsChanged(saved) checks auth state
    Strategy->>Strategy: Compare inputs vs saved kubeconfig values
    Strategy-->>View: true/false (auth changed)
    View->>View: kubeMatch() compares against saved entry
    View->>View: enableSaveConfigCheckbox() based on isDirty()
    View-->>User: Save configuration checkbox enabled/disabled
    User->>View: Click save or next step
    View->>Kubeconfig: saveKubeconfig() if saveConfig==true

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 26.19% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly describes the main change: enabling/disabling the 'Save Config' checkbox when authentication methods change, directly matching the PR's core objective.
Description check	✅ Passed	The description is directly related to the changeset, listing specific conditions under which the 'Save Configuration' checkbox should be enabled.
Linked Issues check	✅ Passed	The PR implements all core requirements from #23780: enabling 'Save Config' when server/cluster is switched, auth inputs change, and tracking dirty state via new haveAuthInputsChanged() methods across all auth strategies.
Out of Scope Changes check	✅ Passed	All changes are in-scope: refactoring kubeconfig user resolution, adding basicAuth support to Cluster, implementing dirty-detection via haveAuthInputsChanged() methods, and updating DevSpacesServerStepView to enable Save Config when auth changes.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/ClientCertificateAuthenticationStrategy.kt`:
- Around line 111-117: The current haveAuthInputsChanged in
ClientCertificateAuthenticationStrategy.kt improperly returns false when either
tfClientCert or tfClientKey is blank, which prevents detecting deletion of
previously saved values; update the method so it always compares the trimmed
current values of tfClientCert.text and tfClientKey.text against
saved.clientCert?.value and saved.clientKey?.value (treating null as empty
string) and return true when either differs — do not short-circuit to false on
blank inputs so clearing a previously saved cert/key is detected as a change.

In
`@src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/OpenShiftCredentialsAuthenticationStrategy.kt`:
- Around line 135-141: haveAuthInputsChanged currently returns false early when
either tfUsername or tfPassword is empty, which causes clearing fields to be
treated as "unchanged"; update the logic in haveAuthInputsChanged (and the
similar block at the other location) to detect when the user has cleared inputs
by returning true if the saved Cluster (saved.basicUsername or
saved.basicPassword) contains non-empty basic-auth values while the current
tfUsername.text.trim() and/or tfPassword.password are empty; use the existing
helpers/passwordDiffersFromKube and fields tfUsername, tfPassword,
saved.basicUsername, saved.basicPassword to implement this check so clearing
saved credentials is reported as a change.

In
`@src/main/kotlin/com/redhat/devtools/gateway/view/steps/DevSpacesServerStepView.kt`:
- Around line 75-86: The saveConfig boolean drifts out of sync with the UI
because saveConfig is only changed in the saveConfigCheckbox ActionListener;
update code so the checkbox is the single source of truth: whenever you
programmatically call saveConfigCheckbox.isSelected = ... (e.g. in
onClusterSelected) or disable the control in enableSaveConfigCheckbox(), also
set saveConfig = saveConfigCheckbox.isSelected (or explicitly set saveConfig =
false when unchecking/ disabling) so saveConfig always reflects the checkbox
state; adjust references to read from saveConfig (or directly from
saveConfigCheckbox.isSelected) consistently across the class
(saveConfigCheckbox, saveConfig, onClusterSelected, enableSaveConfigCheckbox).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: ac8bbec3-1c23-4bae-b108-acd865d8db08

📥 Commits

Reviewing files that changed from the base of the PR and between 69212b4 and b4d503e.

📒 Files selected for processing (10)

• src/main/kotlin/com/redhat/devtools/gateway/kubeconfig/KubeConfigEntries.kt
• src/main/kotlin/com/redhat/devtools/gateway/kubeconfig/KubeConfigUtils.kt
• src/main/kotlin/com/redhat/devtools/gateway/openshift/Cluster.kt
• src/main/kotlin/com/redhat/devtools/gateway/view/steps/DevSpacesServerStepView.kt
• src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/AbstractAuthenticationStrategy.kt
• src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/AuthenticationStrategy.kt
• src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/ClientCertificateAuthenticationStrategy.kt
• src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/OpenShiftCredentialsAuthenticationStrategy.kt
• src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/OpenShiftOAuthAuthenticationStrategy.kt
• src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/TokenAuthenticationStrategy.kt

[codecov-commenter]

Codecov Report

❌ Patch coverage is 11.11111% with 80 lines in your changes missing coverage. Please review.
✅ Project coverage is 22.17%. Comparing base (71098f6) to head (9bc10e8).
⚠️ Report is 349 commits behind head on main.

Files with missing lines	Patch %	Lines
...ools/gateway/view/steps/DevSpacesServerStepView.kt	0.00%	38 Missing ⚠️
...auth/OpenShiftCredentialsAuthenticationStrategy.kt	0.00%	16 Missing ⚠️
...way/view/steps/auth/TokenAuthenticationStrategy.kt	0.00%	10 Missing ⚠️
...hat/devtools/gateway/kubeconfig/KubeConfigUtils.kt	44.44%	0 Missing and 5 partials ⚠️
...ps/auth/ClientCertificateAuthenticationStrategy.kt	0.00%	5 Missing ⚠️
...t/devtools/gateway/kubeconfig/KubeConfigEntries.kt	50.00%	2 Missing and 1 partial ⚠️
.../view/steps/auth/AbstractAuthenticationStrategy.kt	0.00%	1 Missing ⚠️
...steps/auth/OpenShiftOAuthAuthenticationStrategy.kt	0.00%	1 Missing ⚠️
...view/steps/auth/RedHatSSOAuthenticationStrategy.kt	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##            main     #305       +/-   ##
==========================================
+ Coverage   0.00%   22.17%   +22.17%     
==========================================
  Files          4       99       +95     
  Lines         26     4226     +4200     
  Branches       0      772      +772     
==========================================
+ Hits           0      937      +937     
- Misses        26     3170     +3144     
- Partials       0      119      +119     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

Actionable comments posted: 1

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: 65f36aa6-943f-4591-b230-283ee94208a6

📥 Commits

Reviewing files that changed from the base of the PR and between 461e3fe and 3b5b85b.

📒 Files selected for processing (11)

• .github/workflows/build.yml
• src/main/kotlin/com/redhat/devtools/gateway/kubeconfig/KubeConfigEntries.kt
• src/main/kotlin/com/redhat/devtools/gateway/kubeconfig/KubeConfigUtils.kt
• src/main/kotlin/com/redhat/devtools/gateway/openshift/Cluster.kt
• src/main/kotlin/com/redhat/devtools/gateway/view/steps/DevSpacesServerStepView.kt
• src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/AbstractAuthenticationStrategy.kt
• src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/AuthenticationStrategy.kt
• src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/ClientCertificateAuthenticationStrategy.kt
• src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/OpenShiftCredentialsAuthenticationStrategy.kt
• src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/OpenShiftOAuthAuthenticationStrategy.kt
• src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/TokenAuthenticationStrategy.kt

✅ Files skipped from review due to trivial changes (1)

• src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/AbstractAuthenticationStrategy.kt

🚧 Files skipped from review as they are similar to previous changes (8)

• src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/AuthenticationStrategy.kt
• src/main/kotlin/com/redhat/devtools/gateway/openshift/Cluster.kt
• src/main/kotlin/com/redhat/devtools/gateway/kubeconfig/KubeConfigEntries.kt
• .github/workflows/build.yml
• src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/ClientCertificateAuthenticationStrategy.kt
• src/main/kotlin/com/redhat/devtools/gateway/kubeconfig/KubeConfigUtils.kt
• src/main/kotlin/com/redhat/devtools/gateway/view/steps/DevSpacesServerStepView.kt
• src/main/kotlin/com/redhat/devtools/gateway/view/steps/auth/OpenShiftCredentialsAuthenticationStrategy.kt

[vrubezhny]

Looks good to me. Thanks!

[adietish]

@vrubezhny I now show the "Save configuration" checkbox for all tabs