Search in sources :

Example 21 with PersonalAccessToken

use of org.eclipse.che.api.factory.server.scm.PersonalAccessToken in project devspaces-images by redhat-developer.

the class KubernetesPersonalAccessTokenManagerTest method shouldDeleteInvalidTokensOnGet.

@Test
public void shouldDeleteInvalidTokensOnGet() throws Exception {
    // given
    KubernetesNamespaceMeta meta = new KubernetesNamespaceMetaImpl("test");
    when(namespaceFactory.list()).thenReturn(Collections.singletonList(meta));
    KubernetesNamespace kubernetesnamespace = Mockito.mock(KubernetesNamespace.class);
    KubernetesSecrets secrets = Mockito.mock(KubernetesSecrets.class);
    when(namespaceFactory.access(eq(null), eq(meta.getName()))).thenReturn(kubernetesnamespace);
    when(kubernetesnamespace.secrets()).thenReturn(secrets);
    when(scmPersonalAccessTokenFetcher.isValid(any(PersonalAccessToken.class))).thenReturn(false);
    when(clientFactory.create()).thenReturn(kubeClient);
    when(kubeClient.secrets()).thenReturn(secretsMixedOperation);
    when(secretsMixedOperation.inNamespace(eq(meta.getName()))).thenReturn(nonNamespaceOperation);
    Map<String, String> data1 = Map.of("token", Base64.getEncoder().encodeToString("token1".getBytes(UTF_8)));
    ObjectMeta meta1 = new ObjectMetaBuilder().withAnnotations(Map.of(ANNOTATION_CHE_USERID, "user1", ANNOTATION_SCM_URL, "http://host1")).build();
    Secret secret1 = new SecretBuilder().withMetadata(meta1).withData(data1).build();
    when(secrets.get(any(LabelSelector.class))).thenReturn(Arrays.asList(secret1));
    // when
    Optional<PersonalAccessToken> token = personalAccessTokenManager.get(new SubjectImpl("user", "user1", "t1", false), "http://host1");
    // then
    assertFalse(token.isPresent());
    verify(nonNamespaceOperation, times(1)).delete(eq(secret1));
}
Also used : KubernetesNamespaceMetaImpl(org.eclipse.che.workspace.infrastructure.kubernetes.api.server.impls.KubernetesNamespaceMetaImpl) ObjectMeta(io.fabric8.kubernetes.api.model.ObjectMeta) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder) Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) KubernetesSecrets(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesSecrets) PersonalAccessToken(org.eclipse.che.api.factory.server.scm.PersonalAccessToken) KubernetesNamespaceMeta(org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta) SubjectImpl(org.eclipse.che.commons.subject.SubjectImpl) KubernetesNamespace(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespace) Test(org.testng.annotations.Test)

Example 22 with PersonalAccessToken

use of org.eclipse.che.api.factory.server.scm.PersonalAccessToken in project devspaces-images by redhat-developer.

the class KubernetesPersonalAccessTokenManager method get.

@Override
public Optional<PersonalAccessToken> get(Subject cheUser, String scmServerUrl) throws ScmConfigurationPersistenceException, ScmUnauthorizedException, ScmCommunicationException {
    try {
        for (KubernetesNamespaceMeta namespaceMeta : namespaceFactory.list()) {
            List<Secret> secrets = namespaceFactory.access(null, namespaceMeta.getName()).secrets().get(KUBERNETES_PERSONAL_ACCESS_TOKEN_LABEL_SELECTOR);
            for (Secret secret : secrets) {
                Map<String, String> annotations = secret.getMetadata().getAnnotations();
                String trimmedUrl = StringUtils.trimEnd(annotations.get(ANNOTATION_SCM_URL), '/');
                if (annotations.get(ANNOTATION_CHE_USERID).equals(cheUser.getUserId()) && trimmedUrl.equals(StringUtils.trimEnd(scmServerUrl, '/'))) {
                    PersonalAccessToken token = new PersonalAccessToken(trimmedUrl, annotations.get(ANNOTATION_CHE_USERID), annotations.get(ANNOTATION_SCM_USERNAME), annotations.get(ANNOTATION_SCM_USERID), annotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME), annotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_ID), new String(Base64.getDecoder().decode(secret.getData().get("token"))));
                    if (scmPersonalAccessTokenFetcher.isValid(token)) {
                        return Optional.of(token);
                    } else {
                        // Removing token that is no longer valid. If several tokens exist the next one could
                        // be valid. If no valid token can be found, the caller should react in the same way
                        // as it reacts if no token exists. Usually, that means that process of new token
                        // retrieval would be initiated.
                        clientFactory.create().secrets().inNamespace(namespaceMeta.getName()).delete(secret);
                    }
                }
            }
        }
    } catch (InfrastructureException | UnknownScmProviderException e) {
        throw new ScmConfigurationPersistenceException(e.getMessage(), e);
    }
    return Optional.empty();
}
Also used : Secret(io.fabric8.kubernetes.api.model.Secret) PersonalAccessToken(org.eclipse.che.api.factory.server.scm.PersonalAccessToken) KubernetesNamespaceMeta(org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta) UnknownScmProviderException(org.eclipse.che.api.factory.server.scm.exception.UnknownScmProviderException) InfrastructureException(org.eclipse.che.api.workspace.server.spi.InfrastructureException) ScmConfigurationPersistenceException(org.eclipse.che.api.factory.server.scm.exception.ScmConfigurationPersistenceException)

Example 23 with PersonalAccessToken

use of org.eclipse.che.api.factory.server.scm.PersonalAccessToken in project devspaces-images by redhat-developer.

the class KubernetesGitCredentialManagerTest method testUpdateTokenInExistingCredential.

@Test
public void testUpdateTokenInExistingCredential() throws Exception {
    KubernetesNamespaceMeta namespaceMeta = new KubernetesNamespaceMetaImpl("test");
    PersonalAccessToken token = new PersonalAccessToken("https://bitbucket.com:5648", "cheUser", "username", "userId", "token-name", "tid-23434", "token123");
    Map<String, String> annotations = new HashMap<>(DEFAULT_SECRET_ANNOTATIONS);
    annotations.put(ANNOTATION_SCM_URL, token.getScmProviderUrl() + "/");
    annotations.put(ANNOTATION_SCM_USERNAME, token.getScmUserName());
    annotations.put(ANNOTATION_CHE_USERID, token.getCheUserId());
    ObjectMeta objectMeta = new ObjectMetaBuilder().withName(NameGenerator.generate(NAME_PATTERN, 5)).withAnnotations(annotations).build();
    Secret existing = new SecretBuilder().withMetadata(objectMeta).withData(Map.of("credentials", "foo 123")).build();
    when(namespaceFactory.list()).thenReturn(Collections.singletonList(namespaceMeta));
    when(clientFactory.create()).thenReturn(kubeClient);
    when(kubeClient.secrets()).thenReturn(secretsMixedOperation);
    when(secretsMixedOperation.inNamespace(eq(namespaceMeta.getName()))).thenReturn(nonNamespaceOperation);
    when(nonNamespaceOperation.withLabels(anyMap())).thenReturn(filterWatchDeletable);
    when(filterWatchDeletable.list()).thenReturn(secretList);
    when(secretList.getItems()).thenReturn(singletonList(existing));
    // when
    kubernetesGitCredentialManager.createOrReplace(token);
    // then
    ArgumentCaptor<Secret> captor = ArgumentCaptor.forClass(Secret.class);
    verify(nonNamespaceOperation).createOrReplace(captor.capture());
    Secret createdSecret = captor.getValue();
    assertNotNull(createdSecret);
    assertEquals(new String(Base64.getDecoder().decode(createdSecret.getData().get("credentials"))), "https://username:token123@bitbucket.com:5648");
    assertEquals(createdSecret.getMetadata().getName(), objectMeta.getName());
}
Also used : Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) KubernetesNamespaceMetaImpl(org.eclipse.che.workspace.infrastructure.kubernetes.api.server.impls.KubernetesNamespaceMetaImpl) ObjectMeta(io.fabric8.kubernetes.api.model.ObjectMeta) HashMap(java.util.HashMap) PersonalAccessToken(org.eclipse.che.api.factory.server.scm.PersonalAccessToken) KubernetesNamespaceMeta(org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta) ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder) Test(org.testng.annotations.Test)

Example 24 with PersonalAccessToken

use of org.eclipse.che.api.factory.server.scm.PersonalAccessToken in project devspaces-images by redhat-developer.

the class KubernetesGitCredentialManagerTest method testCreateAndSaveNewOAuthGitCredential.

@Test
public void testCreateAndSaveNewOAuthGitCredential() throws Exception {
    KubernetesNamespaceMeta meta = new KubernetesNamespaceMetaImpl("test");
    when(namespaceFactory.list()).thenReturn(Collections.singletonList(meta));
    when(clientFactory.create()).thenReturn(kubeClient);
    when(kubeClient.secrets()).thenReturn(secretsMixedOperation);
    when(secretsMixedOperation.inNamespace(eq(meta.getName()))).thenReturn(nonNamespaceOperation);
    when(nonNamespaceOperation.withLabels(anyMap())).thenReturn(filterWatchDeletable);
    when(filterWatchDeletable.list()).thenReturn(secretList);
    when(secretList.getItems()).thenReturn(emptyList());
    ArgumentCaptor<Secret> captor = ArgumentCaptor.forClass(Secret.class);
    PersonalAccessToken token = new PersonalAccessToken("https://bitbucket.com", "cheUser", "username", "userId", "oauth2-token-name", "tid-23434", "token123");
    // when
    kubernetesGitCredentialManager.createOrReplace(token);
    // then
    verify(nonNamespaceOperation).createOrReplace(captor.capture());
    Secret createdSecret = captor.getValue();
    assertNotNull(createdSecret);
    assertEquals(new String(Base64.getDecoder().decode(createdSecret.getData().get("credentials"))), "https://oauth2:token123@bitbucket.com");
    assertTrue(createdSecret.getMetadata().getName().startsWith(NAME_PATTERN));
    assertFalse(createdSecret.getMetadata().getName().contains(token.getScmUserName()));
}
Also used : Secret(io.fabric8.kubernetes.api.model.Secret) KubernetesNamespaceMetaImpl(org.eclipse.che.workspace.infrastructure.kubernetes.api.server.impls.KubernetesNamespaceMetaImpl) PersonalAccessToken(org.eclipse.che.api.factory.server.scm.PersonalAccessToken) KubernetesNamespaceMeta(org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta) Test(org.testng.annotations.Test)

Example 25 with PersonalAccessToken

use of org.eclipse.che.api.factory.server.scm.PersonalAccessToken in project devspaces-images by redhat-developer.

the class GithubPersonalAccessTokenFetcherTest method shouldNotValidateSCMServerWithTrailingSlash.

@Test
public void shouldNotValidateSCMServerWithTrailingSlash() throws Exception {
    stubFor(get(urlEqualTo("/user")).withHeader(HttpHeaders.AUTHORIZATION, equalTo("token " + githubOauthToken)).willReturn(aResponse().withHeader("Content-Type", "application/json; charset=utf-8").withHeader(GithubApiClient.GITHUB_OAUTH_SCOPES_HEADER, "repo").withBodyFile("github/rest/user/response.json")));
    PersonalAccessToken personalAccessToken = new PersonalAccessToken("https://github.com/", "cheUserId", "scmUserName", "scmUserId", "scmTokenName", "scmTokenId", githubOauthToken);
    assertTrue(githubPATFetcher.isValid(personalAccessToken).isEmpty(), "Should not validate SCM server with trailing /");
}
Also used : PersonalAccessToken(org.eclipse.che.api.factory.server.scm.PersonalAccessToken) Test(org.testng.annotations.Test)

Aggregations

PersonalAccessToken (org.eclipse.che.api.factory.server.scm.PersonalAccessToken)54 Test (org.testng.annotations.Test)42 Secret (io.fabric8.kubernetes.api.model.Secret)20 KubernetesNamespaceMeta (org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta)20 Subject (org.eclipse.che.commons.subject.Subject)16 KubernetesNamespaceMetaImpl (org.eclipse.che.workspace.infrastructure.kubernetes.api.server.impls.KubernetesNamespaceMetaImpl)16 ObjectMeta (io.fabric8.kubernetes.api.model.ObjectMeta)12 ObjectMetaBuilder (io.fabric8.kubernetes.api.model.ObjectMetaBuilder)12 SecretBuilder (io.fabric8.kubernetes.api.model.SecretBuilder)12 SubjectImpl (org.eclipse.che.commons.subject.SubjectImpl)12 LabelSelector (io.fabric8.kubernetes.api.model.LabelSelector)8 OAuthToken (org.eclipse.che.api.auth.shared.dto.OAuthToken)8 BitbucketPersonalAccessToken (org.eclipse.che.api.factory.server.bitbucket.server.BitbucketPersonalAccessToken)8 KubernetesNamespace (org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespace)8 KubernetesSecrets (org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesSecrets)8 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)8 Optional (java.util.Optional)6 ScmBadRequestException (org.eclipse.che.api.factory.server.scm.exception.ScmBadRequestException)6 ScmCommunicationException (org.eclipse.che.api.factory.server.scm.exception.ScmCommunicationException)6 ScmItemNotFoundException (org.eclipse.che.api.factory.server.scm.exception.ScmItemNotFoundException)6