use of io.fabric8.kubernetes.api.model.authentication.TokenReview in project cryostat by cryostatio.
the class OpenShiftAuthManager method performTokenReview.
private Future<TokenReviewStatus> performTokenReview(String token) {
try (OpenShiftClient client = clientProvider.apply(getServiceAccountToken())) {
TokenReview review = new TokenReviewBuilder().withNewSpec().withToken(token).endSpec().build();
review = client.tokenReviews().create(review);
TokenReviewStatus status = review.getStatus();
if (StringUtils.isNotBlank(status.getError())) {
return CompletableFuture.failedFuture(new AuthorizationErrorException(status.getError()));
}
return CompletableFuture.completedFuture(status);
} catch (KubernetesClientException e) {
logger.info(e);
return CompletableFuture.failedFuture(e);
} catch (Exception e) {
logger.error(e);
return CompletableFuture.failedFuture(e);
}
}
use of io.fabric8.kubernetes.api.model.authentication.TokenReview in project cryostat by cryostatio.
the class OpenShiftAuthManagerTest method shouldNotValidateTokenWithNoRequiredPermissionsButNoTokenAccess.
@Test
void shouldNotValidateTokenWithNoRequiredPermissionsButNoTokenAccess() throws Exception {
TokenReview tokenReview = new TokenReviewBuilder().withNewStatus().withAuthenticated(false).endStatus().build();
server.expect().post().withPath(TOKEN_REVIEW_API_PATH).andReturn(HttpURLConnection.HTTP_CREATED, tokenReview).once();
MatcherAssert.assertThat(mgr.validateToken(() -> "userToken", ResourceAction.NONE).get(), Matchers.is(false));
}
use of io.fabric8.kubernetes.api.model.authentication.TokenReview in project cryostat by cryostatio.
the class OpenShiftAuthManager method performTokenReview.
private Future<TokenReviewStatus> performTokenReview(String token) {
try {
TokenReview review = new TokenReviewBuilder().withNewSpec().withToken(token).endSpec().build();
review = serviceAccountClient.get().tokenReviews().create(review);
TokenReviewStatus status = review.getStatus();
if (StringUtils.isNotBlank(status.getError())) {
return CompletableFuture.failedFuture(new AuthorizationErrorException(status.getError()));
}
return CompletableFuture.completedFuture(status);
} catch (KubernetesClientException e) {
logger.info(e);
return CompletableFuture.failedFuture(e);
} catch (Exception e) {
logger.error(e);
return CompletableFuture.failedFuture(e);
}
}
use of io.fabric8.kubernetes.api.model.authentication.TokenReview in project cryostat by cryostatio.
the class OpenShiftAuthManagerTest method shouldReturnUserInfo.
@Test
void shouldReturnUserInfo() throws Exception {
TokenReview tokenReview = new TokenReviewBuilder().withNewStatus().withAuthenticated(true).withNewUser().withUsername("fooUser").endUser().endStatus().build();
server.expect().post().withPath(TOKEN_REVIEW_API_PATH).andReturn(HttpURLConnection.HTTP_CREATED, tokenReview).once();
UserInfo userInfo = mgr.getUserInfo(() -> "Bearer abc123").get();
MatcherAssert.assertThat(userInfo.getUsername(), Matchers.equalTo("fooUser"));
}
use of io.fabric8.kubernetes.api.model.authentication.TokenReview in project cryostat by cryostatio.
the class OpenShiftAuthManagerTest method shouldValidateTokenWithNoRequiredPermissions.
@Test
void shouldValidateTokenWithNoRequiredPermissions() throws Exception {
TokenReview tokenReview = new TokenReviewBuilder().withNewStatus().withAuthenticated(true).endStatus().build();
server.expect().post().withPath(TOKEN_REVIEW_API_PATH).andReturn(HttpURLConnection.HTTP_CREATED, tokenReview).once();
MatcherAssert.assertThat(mgr.validateToken(() -> "userToken", ResourceAction.NONE).get(), Matchers.is(true));
}
Aggregations