Search in sources :

Example 11 with PersonalAccessToken

use of org.eclipse.che.api.factory.server.scm.PersonalAccessToken in project che-server by eclipse-che.

the class KubernetesPersonalAccessTokenManagerTest method shouldDeleteInvalidTokensOnGet.

@Test
public void shouldDeleteInvalidTokensOnGet() throws Exception {
    // given
    KubernetesNamespaceMeta meta = new KubernetesNamespaceMetaImpl("test");
    when(namespaceFactory.list()).thenReturn(Collections.singletonList(meta));
    KubernetesNamespace kubernetesnamespace = Mockito.mock(KubernetesNamespace.class);
    KubernetesSecrets secrets = Mockito.mock(KubernetesSecrets.class);
    when(namespaceFactory.access(eq(null), eq(meta.getName()))).thenReturn(kubernetesnamespace);
    when(kubernetesnamespace.secrets()).thenReturn(secrets);
    when(scmPersonalAccessTokenFetcher.isValid(any(PersonalAccessToken.class))).thenReturn(false);
    when(clientFactory.create()).thenReturn(kubeClient);
    when(kubeClient.secrets()).thenReturn(secretsMixedOperation);
    when(secretsMixedOperation.inNamespace(eq(meta.getName()))).thenReturn(nonNamespaceOperation);
    Map<String, String> data1 = Map.of("token", Base64.getEncoder().encodeToString("token1".getBytes(UTF_8)));
    ObjectMeta meta1 = new ObjectMetaBuilder().withAnnotations(Map.of(ANNOTATION_CHE_USERID, "user1", ANNOTATION_SCM_URL, "http://host1")).build();
    Secret secret1 = new SecretBuilder().withMetadata(meta1).withData(data1).build();
    when(secrets.get(any(LabelSelector.class))).thenReturn(Arrays.asList(secret1));
    // when
    Optional<PersonalAccessToken> token = personalAccessTokenManager.get(new SubjectImpl("user", "user1", "t1", false), "http://host1");
    // then
    assertFalse(token.isPresent());
    verify(nonNamespaceOperation, times(1)).delete(eq(secret1));
}
Also used : KubernetesNamespaceMetaImpl(org.eclipse.che.workspace.infrastructure.kubernetes.api.server.impls.KubernetesNamespaceMetaImpl) ObjectMeta(io.fabric8.kubernetes.api.model.ObjectMeta) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder) Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) KubernetesSecrets(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesSecrets) PersonalAccessToken(org.eclipse.che.api.factory.server.scm.PersonalAccessToken) KubernetesNamespaceMeta(org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta) SubjectImpl(org.eclipse.che.commons.subject.SubjectImpl) KubernetesNamespace(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespace) Test(org.testng.annotations.Test)

Example 12 with PersonalAccessToken

use of org.eclipse.che.api.factory.server.scm.PersonalAccessToken in project che-server by eclipse-che.

the class KubernetesPersonalAccessTokenManagerTest method shouldReturnFirstValidToken.

@Test(dependsOnMethods = "shouldDeleteInvalidTokensOnGet")
public void shouldReturnFirstValidToken() throws Exception {
    // given
    KubernetesNamespaceMeta meta = new KubernetesNamespaceMetaImpl("test");
    when(namespaceFactory.list()).thenReturn(Collections.singletonList(meta));
    KubernetesNamespace kubernetesnamespace = Mockito.mock(KubernetesNamespace.class);
    KubernetesSecrets secrets = Mockito.mock(KubernetesSecrets.class);
    when(namespaceFactory.access(eq(null), eq(meta.getName()))).thenReturn(kubernetesnamespace);
    when(kubernetesnamespace.secrets()).thenReturn(secrets);
    when(scmPersonalAccessTokenFetcher.isValid(any(PersonalAccessToken.class))).thenAnswer((Answer<Boolean>) invocation -> {
        PersonalAccessToken token = invocation.getArgument(0);
        return "id2".equals(token.getScmTokenId());
    });
    when(clientFactory.create()).thenReturn(kubeClient);
    when(kubeClient.secrets()).thenReturn(secretsMixedOperation);
    when(secretsMixedOperation.inNamespace(eq(meta.getName()))).thenReturn(nonNamespaceOperation);
    Map<String, String> data1 = Map.of("token", Base64.getEncoder().encodeToString("token1".getBytes(UTF_8)));
    Map<String, String> data2 = Map.of("token", Base64.getEncoder().encodeToString("token2".getBytes(UTF_8)));
    ObjectMeta meta1 = new ObjectMetaBuilder().withAnnotations(Map.of(ANNOTATION_CHE_USERID, "user1", ANNOTATION_SCM_URL, "http://host1", ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_ID, "id1")).build();
    ObjectMeta meta2 = new ObjectMetaBuilder().withAnnotations(Map.of(ANNOTATION_CHE_USERID, "user1", ANNOTATION_SCM_URL, "http://host1", ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_ID, "id2")).build();
    Secret secret1 = new SecretBuilder().withMetadata(meta1).withData(data1).build();
    Secret secret2 = new SecretBuilder().withMetadata(meta2).withData(data2).build();
    when(secrets.get(any(LabelSelector.class))).thenReturn(Arrays.asList(secret1, secret2));
    // when
    Optional<PersonalAccessToken> token = personalAccessTokenManager.get(new SubjectImpl("user", "user1", "t1", false), "http://host1");
    // then
    assertTrue(token.isPresent());
    assertEquals(token.get().getScmTokenId(), "id2");
}
Also used : ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) MixedOperation(io.fabric8.kubernetes.client.dsl.MixedOperation) Arrays(java.util.Arrays) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) KubernetesClientFactory(org.eclipse.che.workspace.infrastructure.kubernetes.KubernetesClientFactory) Listeners(org.testng.annotations.Listeners) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Mock(org.mockito.Mock) Assert.assertEquals(org.testng.Assert.assertEquals) Test(org.testng.annotations.Test) KubernetesNamespace(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespace) Answer(org.mockito.stubbing.Answer) Resource(io.fabric8.kubernetes.client.dsl.Resource) ANNOTATION_CHE_USERID(org.eclipse.che.api.factory.server.scm.kubernetes.KubernetesPersonalAccessTokenManager.ANNOTATION_CHE_USERID) ArgumentCaptor(org.mockito.ArgumentCaptor) PersonalAccessToken(org.eclipse.che.api.factory.server.scm.PersonalAccessToken) SecretList(io.fabric8.kubernetes.api.model.SecretList) ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_ID(org.eclipse.che.api.factory.server.scm.kubernetes.KubernetesPersonalAccessTokenManager.ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_ID) Map(java.util.Map) Assert.assertFalse(org.testng.Assert.assertFalse) ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder) ScmPersonalAccessTokenFetcher(org.eclipse.che.api.factory.server.scm.ScmPersonalAccessTokenFetcher) MockitoTestNGListener(org.mockito.testng.MockitoTestNGListener) KubernetesNamespaceMeta(org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta) UTF_8(java.nio.charset.StandardCharsets.UTF_8) ANNOTATION_SCM_URL(org.eclipse.che.api.factory.server.scm.kubernetes.KubernetesPersonalAccessTokenManager.ANNOTATION_SCM_URL) KubernetesSecrets(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesSecrets) BeforeMethod(org.testng.annotations.BeforeMethod) Mockito.times(org.mockito.Mockito.times) Mockito.when(org.mockito.Mockito.when) Assert.assertNotNull(org.testng.Assert.assertNotNull) Mockito.verify(org.mockito.Mockito.verify) KubernetesNamespaceFactory(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespaceFactory) Mockito(org.mockito.Mockito) Base64(java.util.Base64) NonNamespaceOperation(io.fabric8.kubernetes.client.dsl.NonNamespaceOperation) KubernetesNamespaceMetaImpl(org.eclipse.che.workspace.infrastructure.kubernetes.api.server.impls.KubernetesNamespaceMetaImpl) ObjectMeta(io.fabric8.kubernetes.api.model.ObjectMeta) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) Assert.assertTrue(org.testng.Assert.assertTrue) Secret(io.fabric8.kubernetes.api.model.Secret) Optional(java.util.Optional) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) SubjectImpl(org.eclipse.che.commons.subject.SubjectImpl) Collections(java.util.Collections) KubernetesNamespaceMetaImpl(org.eclipse.che.workspace.infrastructure.kubernetes.api.server.impls.KubernetesNamespaceMetaImpl) ObjectMeta(io.fabric8.kubernetes.api.model.ObjectMeta) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder) Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) KubernetesSecrets(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesSecrets) PersonalAccessToken(org.eclipse.che.api.factory.server.scm.PersonalAccessToken) KubernetesNamespaceMeta(org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta) SubjectImpl(org.eclipse.che.commons.subject.SubjectImpl) KubernetesNamespace(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespace) Test(org.testng.annotations.Test)

Example 13 with PersonalAccessToken

use of org.eclipse.che.api.factory.server.scm.PersonalAccessToken in project che-server by eclipse-che.

the class KubernetesPersonalAccessTokenManagerTest method testGetTokenFromNamespace.

@Test
public void testGetTokenFromNamespace() throws Exception {
    KubernetesNamespaceMeta meta = new KubernetesNamespaceMetaImpl("test");
    when(namespaceFactory.list()).thenReturn(Collections.singletonList(meta));
    KubernetesNamespace kubernetesnamespace = Mockito.mock(KubernetesNamespace.class);
    KubernetesSecrets secrets = Mockito.mock(KubernetesSecrets.class);
    when(namespaceFactory.access(eq(null), eq(meta.getName()))).thenReturn(kubernetesnamespace);
    when(kubernetesnamespace.secrets()).thenReturn(secrets);
    when(scmPersonalAccessTokenFetcher.isValid(any(PersonalAccessToken.class))).thenReturn(true);
    Map<String, String> data1 = Map.of("token", Base64.getEncoder().encodeToString("token1".getBytes(UTF_8)));
    Map<String, String> data2 = Map.of("token", Base64.getEncoder().encodeToString("token2".getBytes(UTF_8)));
    Map<String, String> data3 = Map.of("token", Base64.getEncoder().encodeToString("token3".getBytes(UTF_8)));
    ObjectMeta meta1 = new ObjectMetaBuilder().withAnnotations(Map.of(ANNOTATION_CHE_USERID, "user1", ANNOTATION_SCM_URL, "http://host1")).build();
    ObjectMeta meta2 = new ObjectMetaBuilder().withAnnotations(Map.of(ANNOTATION_CHE_USERID, "user1", ANNOTATION_SCM_URL, "http://host2")).build();
    ObjectMeta meta3 = new ObjectMetaBuilder().withAnnotations(Map.of(ANNOTATION_CHE_USERID, "user2", ANNOTATION_SCM_URL, "http://host3")).build();
    Secret secret1 = new SecretBuilder().withMetadata(meta1).withData(data1).build();
    Secret secret2 = new SecretBuilder().withMetadata(meta2).withData(data2).build();
    Secret secret3 = new SecretBuilder().withMetadata(meta3).withData(data3).build();
    when(secrets.get(any(LabelSelector.class))).thenReturn(Arrays.asList(secret1, secret2, secret3));
    // when
    PersonalAccessToken token = personalAccessTokenManager.get(new SubjectImpl("user", "user1", "t1", false), "http://host1").get();
    // then
    assertEquals(token.getCheUserId(), "user1");
    assertEquals(token.getScmProviderUrl(), "http://host1");
    assertEquals(token.getToken(), "token1");
}
Also used : KubernetesNamespaceMetaImpl(org.eclipse.che.workspace.infrastructure.kubernetes.api.server.impls.KubernetesNamespaceMetaImpl) ObjectMeta(io.fabric8.kubernetes.api.model.ObjectMeta) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder) Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) KubernetesSecrets(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesSecrets) PersonalAccessToken(org.eclipse.che.api.factory.server.scm.PersonalAccessToken) KubernetesNamespaceMeta(org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta) SubjectImpl(org.eclipse.che.commons.subject.SubjectImpl) KubernetesNamespace(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespace) Test(org.testng.annotations.Test)

Example 14 with PersonalAccessToken

use of org.eclipse.che.api.factory.server.scm.PersonalAccessToken in project che-server by eclipse-che.

the class BitbucketServerPersonalAccessTokenFetcher method fetchPersonalAccessToken.

@Override
public PersonalAccessToken fetchPersonalAccessToken(Subject cheUser, String scmServerUrl) throws ScmUnauthorizedException, ScmCommunicationException {
    if (!bitbucketServerApiClient.isConnected(scmServerUrl)) {
        LOG.debug("not a  valid url {} for current fetcher ", scmServerUrl);
        return null;
    }
    final String tokenName = format(TOKEN_NAME_TEMPLATE, cheUser.getUserId(), apiEndpoint.getHost());
    try {
        BitbucketUser user = bitbucketServerApiClient.getUser(EnvironmentContext.getCurrent().getSubject());
        LOG.debug("Current bitbucket user {} ", user);
        // cleanup existed
        List<BitbucketPersonalAccessToken> existingTokens = bitbucketServerApiClient.getPersonalAccessTokens(user.getSlug()).stream().filter(p -> p.getName().equals(tokenName)).collect(Collectors.toList());
        for (BitbucketPersonalAccessToken existedToken : existingTokens) {
            LOG.debug("Deleting existed che token {} {}", existedToken.getId(), existedToken.getName());
            bitbucketServerApiClient.deletePersonalAccessTokens(user.getSlug(), existedToken.getId());
        }
        BitbucketPersonalAccessToken token = bitbucketServerApiClient.createPersonalAccessTokens(user.getSlug(), tokenName, DEFAULT_TOKEN_SCOPE);
        LOG.debug("Token created = {} for {}", token.getId(), token.getUser());
        return new PersonalAccessToken(scmServerUrl, EnvironmentContext.getCurrent().getSubject().getUserId(), user.getName(), valueOf(user.getId()), token.getName(), valueOf(token.getId()), token.getToken());
    } catch (ScmBadRequestException | ScmItemNotFoundException e) {
        throw new ScmCommunicationException(e.getMessage(), e);
    }
}
Also used : ScmBadRequestException(org.eclipse.che.api.factory.server.scm.exception.ScmBadRequestException) ImmutableSet(com.google.common.collect.ImmutableSet) Logger(org.slf4j.Logger) URL(java.net.URL) ScmCommunicationException(org.eclipse.che.api.factory.server.scm.exception.ScmCommunicationException) ScmItemNotFoundException(org.eclipse.che.api.factory.server.scm.exception.ScmItemNotFoundException) LoggerFactory(org.slf4j.LoggerFactory) Set(java.util.Set) Collectors(java.util.stream.Collectors) String.format(java.lang.String.format) BitbucketServerApiClient(org.eclipse.che.api.factory.server.bitbucket.server.BitbucketServerApiClient) PersonalAccessTokenFetcher(org.eclipse.che.api.factory.server.scm.PersonalAccessTokenFetcher) ScmUnauthorizedException(org.eclipse.che.api.factory.server.scm.exception.ScmUnauthorizedException) Inject(javax.inject.Inject) List(java.util.List) EnvironmentContext(org.eclipse.che.commons.env.EnvironmentContext) String.valueOf(java.lang.String.valueOf) BitbucketUser(org.eclipse.che.api.factory.server.bitbucket.server.BitbucketUser) PersonalAccessToken(org.eclipse.che.api.factory.server.scm.PersonalAccessToken) Subject(org.eclipse.che.commons.subject.Subject) Optional(java.util.Optional) Named(javax.inject.Named) BitbucketPersonalAccessToken(org.eclipse.che.api.factory.server.bitbucket.server.BitbucketPersonalAccessToken) ScmItemNotFoundException(org.eclipse.che.api.factory.server.scm.exception.ScmItemNotFoundException) PersonalAccessToken(org.eclipse.che.api.factory.server.scm.PersonalAccessToken) BitbucketPersonalAccessToken(org.eclipse.che.api.factory.server.bitbucket.server.BitbucketPersonalAccessToken) ScmCommunicationException(org.eclipse.che.api.factory.server.scm.exception.ScmCommunicationException) BitbucketPersonalAccessToken(org.eclipse.che.api.factory.server.bitbucket.server.BitbucketPersonalAccessToken) BitbucketUser(org.eclipse.che.api.factory.server.bitbucket.server.BitbucketUser) ScmBadRequestException(org.eclipse.che.api.factory.server.scm.exception.ScmBadRequestException)

Example 15 with PersonalAccessToken

use of org.eclipse.che.api.factory.server.scm.PersonalAccessToken in project che-server by eclipse-che.

the class BitbucketServerAuthorizingFileContentProviderTest method shouldFetchContentWithTokenIfPresent.

@Test
public void shouldFetchContentWithTokenIfPresent() throws Exception {
    BitbucketUrl url = new BitbucketUrl().withHostName(TEST_HOSTNAME);
    BitbucketServerAuthorizingFileContentProvider fileContentProvider = new BitbucketServerAuthorizingFileContentProvider(url, urlFetcher, gitCredentialManager, personalAccessTokenManager);
    PersonalAccessToken token = new PersonalAccessToken(TEST_HOSTNAME, "user1", "token");
    when(personalAccessTokenManager.get(any(Subject.class), anyString())).thenReturn(Optional.of(token));
    String fileURL = "https://foo.bar/scm/repo/.devfile";
    // when
    fileContentProvider.fetchContent(fileURL);
    // then
    verify(urlFetcher).fetch(eq(fileURL), eq("Bearer token"));
}
Also used : PersonalAccessToken(org.eclipse.che.api.factory.server.scm.PersonalAccessToken) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Subject(org.eclipse.che.commons.subject.Subject) Test(org.testng.annotations.Test)

Aggregations

PersonalAccessToken (org.eclipse.che.api.factory.server.scm.PersonalAccessToken)54 Test (org.testng.annotations.Test)42 Secret (io.fabric8.kubernetes.api.model.Secret)20 KubernetesNamespaceMeta (org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta)20 Subject (org.eclipse.che.commons.subject.Subject)16 KubernetesNamespaceMetaImpl (org.eclipse.che.workspace.infrastructure.kubernetes.api.server.impls.KubernetesNamespaceMetaImpl)16 ObjectMeta (io.fabric8.kubernetes.api.model.ObjectMeta)12 ObjectMetaBuilder (io.fabric8.kubernetes.api.model.ObjectMetaBuilder)12 SecretBuilder (io.fabric8.kubernetes.api.model.SecretBuilder)12 SubjectImpl (org.eclipse.che.commons.subject.SubjectImpl)12 LabelSelector (io.fabric8.kubernetes.api.model.LabelSelector)8 OAuthToken (org.eclipse.che.api.auth.shared.dto.OAuthToken)8 BitbucketPersonalAccessToken (org.eclipse.che.api.factory.server.bitbucket.server.BitbucketPersonalAccessToken)8 KubernetesNamespace (org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespace)8 KubernetesSecrets (org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesSecrets)8 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)8 Optional (java.util.Optional)6 ScmBadRequestException (org.eclipse.che.api.factory.server.scm.exception.ScmBadRequestException)6 ScmCommunicationException (org.eclipse.che.api.factory.server.scm.exception.ScmCommunicationException)6 ScmItemNotFoundException (org.eclipse.che.api.factory.server.scm.exception.ScmItemNotFoundException)6