Search in sources :

Example 1 with TokenReview

use of io.fabric8.kubernetes.api.model.authentication.TokenReview in project cryostat by cryostatio.

the class OpenShiftAuthManager method performTokenReview.

private Future<TokenReviewStatus> performTokenReview(String token) {
    try (OpenShiftClient client = clientProvider.apply(getServiceAccountToken())) {
        TokenReview review = new TokenReviewBuilder().withNewSpec().withToken(token).endSpec().build();
        review = client.tokenReviews().create(review);
        TokenReviewStatus status = review.getStatus();
        if (StringUtils.isNotBlank(status.getError())) {
            return CompletableFuture.failedFuture(new AuthorizationErrorException(status.getError()));
        }
        return CompletableFuture.completedFuture(status);
    } catch (KubernetesClientException e) {
        logger.info(e);
        return CompletableFuture.failedFuture(e);
    } catch (Exception e) {
        logger.error(e);
        return CompletableFuture.failedFuture(e);
    }
}
Also used : TokenReviewBuilder(io.fabric8.kubernetes.api.model.authentication.TokenReviewBuilder) TokenReview(io.fabric8.kubernetes.api.model.authentication.TokenReview) OpenShiftClient(io.fabric8.openshift.client.OpenShiftClient) TokenReviewStatus(io.fabric8.kubernetes.api.model.authentication.TokenReviewStatus) URISyntaxException(java.net.URISyntaxException) KubernetesClientException(io.fabric8.kubernetes.client.KubernetesClientException) IOException(java.io.IOException) ExecutionException(java.util.concurrent.ExecutionException) KubernetesClientException(io.fabric8.kubernetes.client.KubernetesClientException)

Example 2 with TokenReview

use of io.fabric8.kubernetes.api.model.authentication.TokenReview in project cryostat by cryostatio.

the class OpenShiftAuthManagerTest method shouldNotValidateTokenWithNoRequiredPermissionsButNoTokenAccess.

@Test
void shouldNotValidateTokenWithNoRequiredPermissionsButNoTokenAccess() throws Exception {
    TokenReview tokenReview = new TokenReviewBuilder().withNewStatus().withAuthenticated(false).endStatus().build();
    server.expect().post().withPath(TOKEN_REVIEW_API_PATH).andReturn(HttpURLConnection.HTTP_CREATED, tokenReview).once();
    MatcherAssert.assertThat(mgr.validateToken(() -> "userToken", ResourceAction.NONE).get(), Matchers.is(false));
}
Also used : TokenReviewBuilder(io.fabric8.kubernetes.api.model.authentication.TokenReviewBuilder) TokenReview(io.fabric8.kubernetes.api.model.authentication.TokenReview) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 3 with TokenReview

use of io.fabric8.kubernetes.api.model.authentication.TokenReview in project cryostat by cryostatio.

the class OpenShiftAuthManager method performTokenReview.

private Future<TokenReviewStatus> performTokenReview(String token) {
    try {
        TokenReview review = new TokenReviewBuilder().withNewSpec().withToken(token).endSpec().build();
        review = serviceAccountClient.get().tokenReviews().create(review);
        TokenReviewStatus status = review.getStatus();
        if (StringUtils.isNotBlank(status.getError())) {
            return CompletableFuture.failedFuture(new AuthorizationErrorException(status.getError()));
        }
        return CompletableFuture.completedFuture(status);
    } catch (KubernetesClientException e) {
        logger.info(e);
        return CompletableFuture.failedFuture(e);
    } catch (Exception e) {
        logger.error(e);
        return CompletableFuture.failedFuture(e);
    }
}
Also used : AuthorizationErrorException(io.cryostat.net.AuthorizationErrorException) TokenReviewBuilder(io.fabric8.kubernetes.api.model.authentication.TokenReviewBuilder) TokenReview(io.fabric8.kubernetes.api.model.authentication.TokenReview) TokenReviewStatus(io.fabric8.kubernetes.api.model.authentication.TokenReviewStatus) URISyntaxException(java.net.URISyntaxException) MissingEnvironmentVariableException(io.cryostat.net.MissingEnvironmentVariableException) KubernetesClientException(io.fabric8.kubernetes.client.KubernetesClientException) TokenNotFoundException(io.cryostat.net.TokenNotFoundException) AuthorizationErrorException(io.cryostat.net.AuthorizationErrorException) IOException(java.io.IOException) PermissionDeniedException(io.cryostat.net.PermissionDeniedException) ExecutionException(java.util.concurrent.ExecutionException) KubernetesClientException(io.fabric8.kubernetes.client.KubernetesClientException)

Example 4 with TokenReview

use of io.fabric8.kubernetes.api.model.authentication.TokenReview in project cryostat by cryostatio.

the class OpenShiftAuthManagerTest method shouldReturnUserInfo.

@Test
void shouldReturnUserInfo() throws Exception {
    TokenReview tokenReview = new TokenReviewBuilder().withNewStatus().withAuthenticated(true).withNewUser().withUsername("fooUser").endUser().endStatus().build();
    server.expect().post().withPath(TOKEN_REVIEW_API_PATH).andReturn(HttpURLConnection.HTTP_CREATED, tokenReview).once();
    UserInfo userInfo = mgr.getUserInfo(() -> "Bearer abc123").get();
    MatcherAssert.assertThat(userInfo.getUsername(), Matchers.equalTo("fooUser"));
}
Also used : TokenReviewBuilder(io.fabric8.kubernetes.api.model.authentication.TokenReviewBuilder) TokenReview(io.fabric8.kubernetes.api.model.authentication.TokenReview) UserInfo(io.cryostat.net.UserInfo) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 5 with TokenReview

use of io.fabric8.kubernetes.api.model.authentication.TokenReview in project cryostat by cryostatio.

the class OpenShiftAuthManagerTest method shouldValidateTokenWithNoRequiredPermissions.

@Test
void shouldValidateTokenWithNoRequiredPermissions() throws Exception {
    TokenReview tokenReview = new TokenReviewBuilder().withNewStatus().withAuthenticated(true).endStatus().build();
    server.expect().post().withPath(TOKEN_REVIEW_API_PATH).andReturn(HttpURLConnection.HTTP_CREATED, tokenReview).once();
    MatcherAssert.assertThat(mgr.validateToken(() -> "userToken", ResourceAction.NONE).get(), Matchers.is(true));
}
Also used : TokenReviewBuilder(io.fabric8.kubernetes.api.model.authentication.TokenReviewBuilder) TokenReview(io.fabric8.kubernetes.api.model.authentication.TokenReview) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Aggregations

TokenReview (io.fabric8.kubernetes.api.model.authentication.TokenReview)9 TokenReviewBuilder (io.fabric8.kubernetes.api.model.authentication.TokenReviewBuilder)9 Test (org.junit.jupiter.api.Test)7 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)6 BufferedReader (java.io.BufferedReader)3 StringReader (java.io.StringReader)3 TokenReviewStatus (io.fabric8.kubernetes.api.model.authentication.TokenReviewStatus)2 KubernetesClientException (io.fabric8.kubernetes.client.KubernetesClientException)2 IOException (java.io.IOException)2 URISyntaxException (java.net.URISyntaxException)2 ExecutionException (java.util.concurrent.ExecutionException)2 AuthorizationErrorException (io.cryostat.net.AuthorizationErrorException)1 MissingEnvironmentVariableException (io.cryostat.net.MissingEnvironmentVariableException)1 PermissionDeniedException (io.cryostat.net.PermissionDeniedException)1 TokenNotFoundException (io.cryostat.net.TokenNotFoundException)1 UserInfo (io.cryostat.net.UserInfo)1 TokenReviewStatusBuilder (io.fabric8.kubernetes.api.model.authentication.TokenReviewStatusBuilder)1 KubernetesClient (io.fabric8.kubernetes.client.KubernetesClient)1 EnableKubernetesMockClient (io.fabric8.kubernetes.client.server.mock.EnableKubernetesMockClient)1 KubernetesMockServer (io.fabric8.kubernetes.client.server.mock.KubernetesMockServer)1