Rwork the token cleanup mechanism

[vinokurig]

What does this PR do?

Rework the token secrets cleanup mechanism by fetching kubernetes secrets and deleting the redundant secrets directly, instead of fetching personal access tokens and then deleting the secrets according to the PAT objects.

Screenshot/screencast of this PR

What issues does this PR fix or reference?

https://issues.redhat.com/browse/CRW-7185

How to test this PR?

1. Deploy che with the PR image: quay.io/eclipse/che-server:pr-719
2. Configure GitHub oauth
3. Enable the experimental feature that forces a refresh of the personal access token on workspace startup
4. Start a workspace from a GitHub repository with a devfile.
5. Go to Dashboard user preferences -> personal access tokens

See: only one personal access token item is present in the list

PR Checklist

As the author of this Pull Request I made sure that:

• The Eclipse Contributor Agreement is valid
• Code produced is complete
• Code builds without errors
• Tests are covering the bugfix
• The repository devfile is up to date and works
• Sections What issues does this PR fix or reference and How to test this PR completed
• Relevant user documentation updated
• Relevant contributing documentation updated
• CI/CD changes implemented, documented and communicated

Release Notes

Fix a bug when the list of PATs in the dashboard has redundant tokens if the refresh mode is enabled.

Reviewers

Reviewers, please comment how you tested the PR when approving it.

[tolusha]

Should we remove all secrets or keep the last one?

[vinokurig]

We need to keep the last one

[tolusha]

It seems we keep the very first one, should it be the last one?

[vinokurig]

Sorry, I mixed up, according to https://github.com/eclipse-che/che-server/pull/719/files#diff-c0fa2851d5bdc5b65a29d8ac5d7d71d4a961b03f526f43c50027e82b7948f775R257 we need to keep the first one - the newest.

[vinokurig]

/retest

[openshift-ci]

@vinokurig: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/v14-gitlab-with-oauth-setup-flow	2d464ea	link	true	/test v14-gitlab-with-oauth-setup-flow

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[SkorikSergey]

Checked on Che 7.91.0 with che-server PR image. There is only one token as expected.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: SkorikSergey, tolusha, vinokurig

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[devstudio-release]

Build 3.17 :: server_3.x/357: Console, Changes, Git Data

[devstudio-release]

Build 3.17 :: sync-to-downstream_3.x/7694: Console, Changes, Git Data

[devstudio-release]

Build 3.17 :: get-sources-rhpkg-container-build_3.x/7686: Console, Changes, Git Data

[devstudio-release]

Build 3.17 :: get-sources-rhpkg-container-build_3.x/7686:

server : 3.x :: Failed in 64104174 : BREW:BUILD/STATUS:UNKNOWN
FAILURE:; copied to quay