use of com.microsoft.identity.common.internal.providers.oauth2.AccessToken in project terra-workspace-manager by DataBiosphere.
the class PrivateResourceCleanupServiceTest method cleanupResourcesSuppressExceptions_cleansApplicationPrivateResource_succeeds.
@Test
@DisabledIfEnvironmentVariable(named = "TEST_ENV", matches = BUFFER_SERVICE_DISABLED_ENVS_REG_EX)
void cleanupResourcesSuppressExceptions_cleansApplicationPrivateResource_succeeds() {
// Default user owns the workspace and group. Secondary user has workspace membership via group.
// Add second user to group
addUserToGroup(groupName, userAccessUtils.getSecondUserEmail(), ownerGroupApi);
// Add group to workspace as writer
SamRethrow.onInterrupted(() -> samService.grantWorkspaceRole(workspace.getWorkspaceId(), userAccessUtils.defaultUserAuthRequest(), WsmIamRole.WRITER, groupEmail), "grantWorkspaceRole");
// Enable the WSM test app in this workspace. This has a test user as the "service account" so
// we can delegate credentials normally.
WsmApplication app = applicationDao.getApplication(TEST_WSM_APP);
AccessToken saAccessToken = userAccessUtils.generateAccessToken(app.getServiceAccount());
AuthenticatedUserRequest appRequest = new AuthenticatedUserRequest().email(app.getServiceAccount()).token(Optional.of(saAccessToken.getTokenValue()));
wsmApplicationService.enableWorkspaceApplication(userAccessUtils.defaultUserAuthRequest(), workspace.getWorkspaceId(), TEST_WSM_APP);
// Create application private bucket assigned to second user.
ControlledResourceFields commonFields = ControlledResourceFixtures.makeDefaultControlledResourceFieldsBuilder().workspaceUuid(workspace.getWorkspaceId()).accessScope(AccessScopeType.ACCESS_SCOPE_PRIVATE).managedBy(ManagedByType.MANAGED_BY_APPLICATION).applicationId(TEST_WSM_APP).assignedUser(userAccessUtils.getSecondUserEmail()).build();
ControlledGcsBucketResource resource = ControlledGcsBucketResource.builder().common(commonFields).bucketName(ControlledResourceFixtures.uniqueBucketName()).build();
ApiGcpGcsBucketCreationParameters creationParameters = new ApiGcpGcsBucketCreationParameters().location("us-central1");
// Create resource as application.
controlledResourceService.createControlledResourceSync(resource, ControlledResourceIamRole.WRITER, appRequest, creationParameters);
// Verify second user can read the private resource in Sam.
SamRethrow.onInterrupted(() -> samService.checkAuthz(userAccessUtils.secondUserAuthRequest(), resource.getCategory().getSamResourceName(), resource.getResourceId().toString(), SamControlledResourceActions.READ_ACTION), "checkResourceAuth");
// Remove second user from workspace via group.
removeUserFromGroup(groupName, userAccessUtils.getSecondUserEmail(), ownerGroupApi);
// Verify second user is no longer in workspace, but still has resource access because cleanup
// hasn't run yet.
assertFalse(SamRethrow.onInterrupted(() -> samService.isAuthorized(userAccessUtils.secondUserAuthRequest(), SamResource.WORKSPACE, resource.getWorkspaceId().toString(), SamWorkspaceAction.READ), "checkResourceAuth"));
assertTrue(SamRethrow.onInterrupted(() -> samService.isAuthorized(userAccessUtils.secondUserAuthRequest(), resource.getCategory().getSamResourceName(), resource.getResourceId().toString(), SamControlledResourceActions.READ_ACTION), "checkResourceAuth"));
// Manually enable and run cleanup.
privateResourceCleanupConfiguration.setEnabled(true);
// Calling "cleanupResources" manually lets us skip waiting for the cronjob to trigger.
privateResourceCleanupService.cleanupResourcesSuppressExceptions();
// Verify second user can no longer read the resource.
assertFalse(SamRethrow.onInterrupted(() -> samService.isAuthorized(userAccessUtils.secondUserAuthRequest(), resource.getCategory().getSamResourceName(), resource.getResourceId().toString(), SamControlledResourceActions.READ_ACTION), "checkResourceAuth"));
// Verify resource is marked "abandoned"
ControlledResource dbResource = resourceDao.getResource(resource.getWorkspaceId(), resource.getResourceId()).castToControlledResource();
assertEquals(PrivateResourceState.ABANDONED, dbResource.getPrivateResourceState().get());
// Application can still read the resource, because applications have EDITOR role on their
// application-private resources.
assertTrue(SamRethrow.onInterrupted(() -> samService.isAuthorized(appRequest, resource.getCategory().getSamResourceName(), resource.getResourceId().toString(), SamControlledResourceActions.READ_ACTION), "checkResourceAuth"));
}
use of com.microsoft.identity.common.internal.providers.oauth2.AccessToken in project java-bigtable by googleapis.
the class BigtableChannelPrimerTest method setup.
@Before
public void setup() throws IOException {
fakeService = new FakeService();
metadataInterceptor = new MetadataInterceptor();
server = FakeServiceBuilder.create(fakeService).intercept(metadataInterceptor).start();
primer = BigtableChannelPrimer.create(OAuth2Credentials.create(new AccessToken(TOKEN_VALUE, null)), "fake-project", "fake-instance", "fake-app-profile", ImmutableList.of("table1", "table2"));
channel = ManagedChannelBuilder.forAddress("localhost", server.getPort()).usePlaintext().build();
logHandler = new LogHandler();
Logger.getLogger(BigtableChannelPrimer.class.toString()).addHandler(logHandler);
}
use of com.microsoft.identity.common.internal.providers.oauth2.AccessToken in project jib by google.
the class CredentialRetrieverFactoryTest method setUp.
@Before
public void setUp() throws CredentialHelperUnhandledServerUrlException, CredentialHelperNotFoundException, IOException {
Mockito.when(mockDockerCredentialHelperFactory.create(Mockito.anyString(), Mockito.any(Path.class), Mockito.anyMap())).thenReturn(mockDockerCredentialHelper);
Mockito.when(mockDockerCredentialHelper.retrieve()).thenReturn(FAKE_CREDENTIALS);
Mockito.when(mockGoogleCredentials.getAccessToken()).thenReturn(new AccessToken("my-token", null));
}
use of com.microsoft.identity.common.internal.providers.oauth2.AccessToken in project apiman by apiman.
the class OAuth2 method authenticate.
@Override
public Authenticator authenticate(Vertx vertx, Map<String, String> config, MultiMap headerMap, Handler<AsyncResult<Void>> resultHandler) {
OAuth2ClientOptions credentials = new OAuth2ClientOptions(mapToJson(config));
if (config.get("oauthUri") != null) {
credentials.setSite(config.get("oauthUri"));
}
if (config.get("clientId") != null) {
credentials.setClientID(config.get("clientId"));
}
OAuth2FlowType flowType = getFlowType(config.get("flowType"));
JsonObject params = new JsonObject();
if (config.get("username") != null) {
params.put("username", config.get("username"));
}
if (config.get("password") != null) {
params.put("password", config.get("password"));
}
OAuth2Auth oauth2 = OAuth2Auth.create(vertx, flowType, credentials);
oauth2.getToken(params, tokenResult -> {
if (tokenResult.succeeded()) {
log.debug("OAuth2 exchange succeeded.");
AccessToken token = tokenResult.result();
headerMap.set("Authorization", "Bearer " + token.principal().getString("access_token"));
resultHandler.handle(Future.succeededFuture());
} else {
log.error("Access Token Error: {0}.", tokenResult.cause().getMessage());
resultHandler.handle(Future.failedFuture(tokenResult.cause()));
}
});
return this;
}
use of com.microsoft.identity.common.internal.providers.oauth2.AccessToken in project java-spanner-jdbc by googleapis.
the class ITJdbcConnectTest method testConnectWithOAuthToken.
@Test
public void testConnectWithOAuthToken() throws Exception {
GoogleCredentials credentials;
if (hasValidKeyFile()) {
credentials = GoogleCredentials.fromStream(new FileInputStream(getKeyFile()));
} else {
try {
credentials = GoogleCredentials.getApplicationDefault();
} catch (IOException e) {
credentials = null;
}
}
// Skip this test if there are no credentials set for the test case or environment.
if (credentials != null) {
credentials = credentials.createScoped(SpannerOptions.getDefaultInstance().getScopes());
AccessToken token = credentials.refreshAccessToken();
String urlWithOAuth = createBaseUrl() + ";OAuthToken=" + token.getTokenValue();
try (Connection connectionWithOAuth = DriverManager.getConnection(urlWithOAuth)) {
// Try to do a query using the connection created with an OAuth token.
testDefaultConnection(connectionWithOAuth);
}
}
}
Aggregations