use of org.eclipse.che.api.factory.server.scm.PersonalAccessToken in project devspaces-images by redhat-developer.
the class KubernetesPersonalAccessTokenManagerTest method shouldDeleteInvalidTokensOnGet.
@Test
public void shouldDeleteInvalidTokensOnGet() throws Exception {
// given
KubernetesNamespaceMeta meta = new KubernetesNamespaceMetaImpl("test");
when(namespaceFactory.list()).thenReturn(Collections.singletonList(meta));
KubernetesNamespace kubernetesnamespace = Mockito.mock(KubernetesNamespace.class);
KubernetesSecrets secrets = Mockito.mock(KubernetesSecrets.class);
when(namespaceFactory.access(eq(null), eq(meta.getName()))).thenReturn(kubernetesnamespace);
when(kubernetesnamespace.secrets()).thenReturn(secrets);
when(scmPersonalAccessTokenFetcher.isValid(any(PersonalAccessToken.class))).thenReturn(false);
when(clientFactory.create()).thenReturn(kubeClient);
when(kubeClient.secrets()).thenReturn(secretsMixedOperation);
when(secretsMixedOperation.inNamespace(eq(meta.getName()))).thenReturn(nonNamespaceOperation);
Map<String, String> data1 = Map.of("token", Base64.getEncoder().encodeToString("token1".getBytes(UTF_8)));
ObjectMeta meta1 = new ObjectMetaBuilder().withAnnotations(Map.of(ANNOTATION_CHE_USERID, "user1", ANNOTATION_SCM_URL, "http://host1")).build();
Secret secret1 = new SecretBuilder().withMetadata(meta1).withData(data1).build();
when(secrets.get(any(LabelSelector.class))).thenReturn(Arrays.asList(secret1));
// when
Optional<PersonalAccessToken> token = personalAccessTokenManager.get(new SubjectImpl("user", "user1", "t1", false), "http://host1");
// then
assertFalse(token.isPresent());
verify(nonNamespaceOperation, times(1)).delete(eq(secret1));
}
use of org.eclipse.che.api.factory.server.scm.PersonalAccessToken in project devspaces-images by redhat-developer.
the class KubernetesPersonalAccessTokenManager method get.
@Override
public Optional<PersonalAccessToken> get(Subject cheUser, String scmServerUrl) throws ScmConfigurationPersistenceException, ScmUnauthorizedException, ScmCommunicationException {
try {
for (KubernetesNamespaceMeta namespaceMeta : namespaceFactory.list()) {
List<Secret> secrets = namespaceFactory.access(null, namespaceMeta.getName()).secrets().get(KUBERNETES_PERSONAL_ACCESS_TOKEN_LABEL_SELECTOR);
for (Secret secret : secrets) {
Map<String, String> annotations = secret.getMetadata().getAnnotations();
String trimmedUrl = StringUtils.trimEnd(annotations.get(ANNOTATION_SCM_URL), '/');
if (annotations.get(ANNOTATION_CHE_USERID).equals(cheUser.getUserId()) && trimmedUrl.equals(StringUtils.trimEnd(scmServerUrl, '/'))) {
PersonalAccessToken token = new PersonalAccessToken(trimmedUrl, annotations.get(ANNOTATION_CHE_USERID), annotations.get(ANNOTATION_SCM_USERNAME), annotations.get(ANNOTATION_SCM_USERID), annotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME), annotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_ID), new String(Base64.getDecoder().decode(secret.getData().get("token"))));
if (scmPersonalAccessTokenFetcher.isValid(token)) {
return Optional.of(token);
} else {
// Removing token that is no longer valid. If several tokens exist the next one could
// be valid. If no valid token can be found, the caller should react in the same way
// as it reacts if no token exists. Usually, that means that process of new token
// retrieval would be initiated.
clientFactory.create().secrets().inNamespace(namespaceMeta.getName()).delete(secret);
}
}
}
}
} catch (InfrastructureException | UnknownScmProviderException e) {
throw new ScmConfigurationPersistenceException(e.getMessage(), e);
}
return Optional.empty();
}
use of org.eclipse.che.api.factory.server.scm.PersonalAccessToken in project devspaces-images by redhat-developer.
the class KubernetesGitCredentialManagerTest method testUpdateTokenInExistingCredential.
@Test
public void testUpdateTokenInExistingCredential() throws Exception {
KubernetesNamespaceMeta namespaceMeta = new KubernetesNamespaceMetaImpl("test");
PersonalAccessToken token = new PersonalAccessToken("https://bitbucket.com:5648", "cheUser", "username", "userId", "token-name", "tid-23434", "token123");
Map<String, String> annotations = new HashMap<>(DEFAULT_SECRET_ANNOTATIONS);
annotations.put(ANNOTATION_SCM_URL, token.getScmProviderUrl() + "/");
annotations.put(ANNOTATION_SCM_USERNAME, token.getScmUserName());
annotations.put(ANNOTATION_CHE_USERID, token.getCheUserId());
ObjectMeta objectMeta = new ObjectMetaBuilder().withName(NameGenerator.generate(NAME_PATTERN, 5)).withAnnotations(annotations).build();
Secret existing = new SecretBuilder().withMetadata(objectMeta).withData(Map.of("credentials", "foo 123")).build();
when(namespaceFactory.list()).thenReturn(Collections.singletonList(namespaceMeta));
when(clientFactory.create()).thenReturn(kubeClient);
when(kubeClient.secrets()).thenReturn(secretsMixedOperation);
when(secretsMixedOperation.inNamespace(eq(namespaceMeta.getName()))).thenReturn(nonNamespaceOperation);
when(nonNamespaceOperation.withLabels(anyMap())).thenReturn(filterWatchDeletable);
when(filterWatchDeletable.list()).thenReturn(secretList);
when(secretList.getItems()).thenReturn(singletonList(existing));
// when
kubernetesGitCredentialManager.createOrReplace(token);
// then
ArgumentCaptor<Secret> captor = ArgumentCaptor.forClass(Secret.class);
verify(nonNamespaceOperation).createOrReplace(captor.capture());
Secret createdSecret = captor.getValue();
assertNotNull(createdSecret);
assertEquals(new String(Base64.getDecoder().decode(createdSecret.getData().get("credentials"))), "https://username:token123@bitbucket.com:5648");
assertEquals(createdSecret.getMetadata().getName(), objectMeta.getName());
}
use of org.eclipse.che.api.factory.server.scm.PersonalAccessToken in project devspaces-images by redhat-developer.
the class KubernetesGitCredentialManagerTest method testCreateAndSaveNewOAuthGitCredential.
@Test
public void testCreateAndSaveNewOAuthGitCredential() throws Exception {
KubernetesNamespaceMeta meta = new KubernetesNamespaceMetaImpl("test");
when(namespaceFactory.list()).thenReturn(Collections.singletonList(meta));
when(clientFactory.create()).thenReturn(kubeClient);
when(kubeClient.secrets()).thenReturn(secretsMixedOperation);
when(secretsMixedOperation.inNamespace(eq(meta.getName()))).thenReturn(nonNamespaceOperation);
when(nonNamespaceOperation.withLabels(anyMap())).thenReturn(filterWatchDeletable);
when(filterWatchDeletable.list()).thenReturn(secretList);
when(secretList.getItems()).thenReturn(emptyList());
ArgumentCaptor<Secret> captor = ArgumentCaptor.forClass(Secret.class);
PersonalAccessToken token = new PersonalAccessToken("https://bitbucket.com", "cheUser", "username", "userId", "oauth2-token-name", "tid-23434", "token123");
// when
kubernetesGitCredentialManager.createOrReplace(token);
// then
verify(nonNamespaceOperation).createOrReplace(captor.capture());
Secret createdSecret = captor.getValue();
assertNotNull(createdSecret);
assertEquals(new String(Base64.getDecoder().decode(createdSecret.getData().get("credentials"))), "https://oauth2:token123@bitbucket.com");
assertTrue(createdSecret.getMetadata().getName().startsWith(NAME_PATTERN));
assertFalse(createdSecret.getMetadata().getName().contains(token.getScmUserName()));
}
use of org.eclipse.che.api.factory.server.scm.PersonalAccessToken in project devspaces-images by redhat-developer.
the class GithubPersonalAccessTokenFetcherTest method shouldNotValidateSCMServerWithTrailingSlash.
@Test
public void shouldNotValidateSCMServerWithTrailingSlash() throws Exception {
stubFor(get(urlEqualTo("/user")).withHeader(HttpHeaders.AUTHORIZATION, equalTo("token " + githubOauthToken)).willReturn(aResponse().withHeader("Content-Type", "application/json; charset=utf-8").withHeader(GithubApiClient.GITHUB_OAUTH_SCOPES_HEADER, "repo").withBodyFile("github/rest/user/response.json")));
PersonalAccessToken personalAccessToken = new PersonalAccessToken("https://github.com/", "cheUserId", "scmUserName", "scmUserId", "scmTokenName", "scmTokenId", githubOauthToken);
assertTrue(githubPATFetcher.isValid(personalAccessToken).isEmpty(), "Should not validate SCM server with trailing /");
}
Aggregations