Search in sources :

Example 1 with UnsatisfiedScmPreconditionException

use of org.eclipse.che.api.factory.server.scm.exception.UnsatisfiedScmPreconditionException in project che-server by eclipse-che.

the class KubernetesGitCredentialManager method createOrReplace.

@Override
public void createOrReplace(PersonalAccessToken personalAccessToken) throws UnsatisfiedScmPreconditionException, ScmConfigurationPersistenceException {
    try {
        final String namespace = getFirstNamespace();
        final KubernetesClient client = clientFactory.create();
        // to avoid duplicating secrets we try to reuse existing one by matching
        // hostname/username if possible, and update it. Otherwise, create new one.
        Optional<Secret> existing = client.secrets().inNamespace(namespace).withLabels(SEARCH_LABELS).list().getItems().stream().filter(s -> s.getMetadata().getAnnotations() != null).filter(s -> Boolean.parseBoolean(s.getMetadata().getAnnotations().get(ANNOTATION_GIT_CREDENTIALS)) && personalAccessToken.getScmProviderUrl().equals(StringUtils.trimEnd(s.getMetadata().getAnnotations().get(ANNOTATION_SCM_URL), '/')) && personalAccessToken.getCheUserId().equals(s.getMetadata().getAnnotations().get(ANNOTATION_CHE_USERID)) && personalAccessToken.getScmUserName().equals(s.getMetadata().getAnnotations().get(ANNOTATION_SCM_USERNAME))).findFirst();
        Secret secret = existing.orElseGet(() -> {
            Map<String, String> annotations = new HashMap<>(DEFAULT_SECRET_ANNOTATIONS);
            annotations.put(ANNOTATION_SCM_URL, personalAccessToken.getScmProviderUrl());
            annotations.put(ANNOTATION_SCM_USERNAME, personalAccessToken.getScmUserName());
            annotations.put(ANNOTATION_CHE_USERID, personalAccessToken.getCheUserId());
            ObjectMeta meta = new ObjectMetaBuilder().withName(NameGenerator.generate(NAME_PATTERN, 5)).withAnnotations(annotations).withLabels(NEW_SECRET_LABELS).build();
            return new SecretBuilder().withMetadata(meta).build();
        });
        URL scmUrl = new URL(personalAccessToken.getScmProviderUrl());
        secret.setData(Map.of("credentials", Base64.getEncoder().encodeToString(format("%s://%s:%s@%s%s", scmUrl.getProtocol(), personalAccessToken.getScmTokenName().startsWith(OAUTH_2_PREFIX) ? "oauth2" : personalAccessToken.getScmUserName(), URLEncoder.encode(personalAccessToken.getToken(), UTF_8), scmUrl.getHost(), scmUrl.getPort() != 80 && scmUrl.getPort() != -1 ? ":" + scmUrl.getPort() : "").getBytes())));
        client.secrets().inNamespace(namespace).createOrReplace(secret);
    } catch (InfrastructureException | MalformedURLException e) {
        throw new ScmConfigurationPersistenceException(e.getMessage(), e);
    }
}
Also used : ANNOTATION_MOUNT_PATH(org.eclipse.che.workspace.infrastructure.kubernetes.provision.secret.KubernetesSecretAnnotationNames.ANNOTATION_MOUNT_PATH) KubernetesClientFactory(org.eclipse.che.workspace.infrastructure.kubernetes.KubernetesClientFactory) ANNOTATION_DEV_WORKSPACE_MOUNT_PATH(org.eclipse.che.workspace.infrastructure.kubernetes.provision.secret.KubernetesSecretAnnotationNames.ANNOTATION_DEV_WORKSPACE_MOUNT_PATH) URL(java.net.URL) ANNOTATION_AUTOMOUNT(org.eclipse.che.workspace.infrastructure.kubernetes.provision.secret.KubernetesSecretAnnotationNames.ANNOTATION_AUTOMOUNT) HashMap(java.util.HashMap) OAUTH_2_PREFIX(org.eclipse.che.api.factory.server.scm.PersonalAccessTokenFetcher.OAUTH_2_PREFIX) Singleton(javax.inject.Singleton) Inject(javax.inject.Inject) PersonalAccessToken(org.eclipse.che.api.factory.server.scm.PersonalAccessToken) DEV_WORKSPACE_PREFIX(org.eclipse.che.workspace.infrastructure.kubernetes.provision.secret.KubernetesSecretAnnotationNames.DEV_WORKSPACE_PREFIX) Map(java.util.Map) ScmConfigurationPersistenceException(org.eclipse.che.api.factory.server.scm.exception.ScmConfigurationPersistenceException) ANNOTATION_MOUNT_AS(org.eclipse.che.workspace.infrastructure.kubernetes.provision.secret.KubernetesSecretAnnotationNames.ANNOTATION_MOUNT_AS) NameGenerator(org.eclipse.che.commons.lang.NameGenerator) ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder) ImmutableMap(com.google.common.collect.ImmutableMap) MalformedURLException(java.net.MalformedURLException) GitCredentialManager(org.eclipse.che.api.factory.server.scm.GitCredentialManager) KubernetesNamespaceMeta(org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta) UTF_8(java.nio.charset.StandardCharsets.UTF_8) String.format(java.lang.String.format) KubernetesNamespaceFactory(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespaceFactory) InfrastructureException(org.eclipse.che.api.workspace.server.spi.InfrastructureException) URLEncoder(java.net.URLEncoder) Base64(java.util.Base64) UnsatisfiedScmPreconditionException(org.eclipse.che.api.factory.server.scm.exception.UnsatisfiedScmPreconditionException) ANNOTATION_GIT_CREDENTIALS(org.eclipse.che.workspace.infrastructure.kubernetes.provision.secret.KubernetesSecretAnnotationNames.ANNOTATION_GIT_CREDENTIALS) ObjectMeta(io.fabric8.kubernetes.api.model.ObjectMeta) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) Secret(io.fabric8.kubernetes.api.model.Secret) Optional(java.util.Optional) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) StringUtils(org.eclipse.che.commons.lang.StringUtils) ObjectMeta(io.fabric8.kubernetes.api.model.ObjectMeta) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) MalformedURLException(java.net.MalformedURLException) HashMap(java.util.HashMap) ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder) URL(java.net.URL) Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) InfrastructureException(org.eclipse.che.api.workspace.server.spi.InfrastructureException) ScmConfigurationPersistenceException(org.eclipse.che.api.factory.server.scm.exception.ScmConfigurationPersistenceException)

Example 2 with UnsatisfiedScmPreconditionException

use of org.eclipse.che.api.factory.server.scm.exception.UnsatisfiedScmPreconditionException in project che-server by eclipse-che.

the class AuthorizingFileContentProvider method fetchContent.

@Override
public String fetchContent(String fileURL) throws IOException, DevfileException {
    final String requestURL = formatUrl(fileURL);
    try {
        Optional<PersonalAccessToken> token = personalAccessTokenManager.get(EnvironmentContext.getCurrent().getSubject(), remoteFactoryUrl.getHostName());
        if (token.isPresent()) {
            PersonalAccessToken personalAccessToken = token.get();
            String content = urlFetcher.fetch(requestURL, formatAuthorization(personalAccessToken.getToken()));
            gitCredentialManager.createOrReplace(personalAccessToken);
            return content;
        } else {
            try {
                return urlFetcher.fetch(requestURL);
            } catch (IOException exception) {
                if (exception instanceof SSLException) {
                    ScmCommunicationException cause = new ScmCommunicationException(String.format("Failed to fetch a content from URL %s due to TLS key misconfiguration. Please refer to the docs about how to correctly import it. ", requestURL));
                    throw new DevfileException(exception.getMessage(), cause);
                } else if (exception instanceof FileNotFoundException) {
                    if (isPublicRepository(remoteFactoryUrl)) {
                        // for public repo-s return 404 as-is
                        throw exception;
                    }
                }
                // unable to determine exact cause, so let's just try to authorize...
                try {
                    PersonalAccessToken personalAccessToken = personalAccessTokenManager.fetchAndSave(EnvironmentContext.getCurrent().getSubject(), remoteFactoryUrl.getHostName());
                    String content = urlFetcher.fetch(requestURL, formatAuthorization(personalAccessToken.getToken()));
                    gitCredentialManager.createOrReplace(personalAccessToken);
                    return content;
                } catch (ScmUnauthorizedException | UnknownScmProviderException e) {
                    throw new DevfileException(e.getMessage(), e);
                } catch (ScmCommunicationException e) {
                    throw new IOException(String.format("Failed to fetch a content from URL %s. Make sure the URL" + " is correct. For private repository, make sure authentication is configured." + " Additionally, if you're using " + " relative form, make sure the referenced file are actually stored" + " relative to the devfile on the same host," + " or try to specify URL in absolute form. The current attempt to authenticate" + " request, failed with the following error message: %s", fileURL, e.getMessage()), e);
                }
            }
        }
    } catch (ScmConfigurationPersistenceException | UnsatisfiedScmPreconditionException | ScmUnauthorizedException | ScmCommunicationException e) {
        throw new DevfileException(e.getMessage(), e);
    }
}
Also used : ScmCommunicationException(org.eclipse.che.api.factory.server.scm.exception.ScmCommunicationException) FileNotFoundException(java.io.FileNotFoundException) IOException(java.io.IOException) SSLException(javax.net.ssl.SSLException) DevfileException(org.eclipse.che.api.workspace.server.devfile.exception.DevfileException) ScmUnauthorizedException(org.eclipse.che.api.factory.server.scm.exception.ScmUnauthorizedException) UnsatisfiedScmPreconditionException(org.eclipse.che.api.factory.server.scm.exception.UnsatisfiedScmPreconditionException) ScmConfigurationPersistenceException(org.eclipse.che.api.factory.server.scm.exception.ScmConfigurationPersistenceException)

Example 3 with UnsatisfiedScmPreconditionException

use of org.eclipse.che.api.factory.server.scm.exception.UnsatisfiedScmPreconditionException in project devspaces-images by redhat-developer.

the class KubernetesGitCredentialManager method createOrReplace.

@Override
public void createOrReplace(PersonalAccessToken personalAccessToken) throws UnsatisfiedScmPreconditionException, ScmConfigurationPersistenceException {
    try {
        final String namespace = getFirstNamespace();
        final KubernetesClient client = clientFactory.create();
        // to avoid duplicating secrets we try to reuse existing one by matching
        // hostname/username if possible, and update it. Otherwise, create new one.
        Optional<Secret> existing = client.secrets().inNamespace(namespace).withLabels(SEARCH_LABELS).list().getItems().stream().filter(s -> s.getMetadata().getAnnotations() != null).filter(s -> Boolean.parseBoolean(s.getMetadata().getAnnotations().get(ANNOTATION_GIT_CREDENTIALS)) && personalAccessToken.getScmProviderUrl().equals(StringUtils.trimEnd(s.getMetadata().getAnnotations().get(ANNOTATION_SCM_URL), '/')) && personalAccessToken.getCheUserId().equals(s.getMetadata().getAnnotations().get(ANNOTATION_CHE_USERID)) && personalAccessToken.getScmUserName().equals(s.getMetadata().getAnnotations().get(ANNOTATION_SCM_USERNAME))).findFirst();
        Secret secret = existing.orElseGet(() -> {
            Map<String, String> annotations = new HashMap<>(DEFAULT_SECRET_ANNOTATIONS);
            annotations.put(ANNOTATION_SCM_URL, personalAccessToken.getScmProviderUrl());
            annotations.put(ANNOTATION_SCM_USERNAME, personalAccessToken.getScmUserName());
            annotations.put(ANNOTATION_CHE_USERID, personalAccessToken.getCheUserId());
            ObjectMeta meta = new ObjectMetaBuilder().withName(NameGenerator.generate(NAME_PATTERN, 5)).withAnnotations(annotations).withLabels(NEW_SECRET_LABELS).build();
            return new SecretBuilder().withMetadata(meta).build();
        });
        URL scmUrl = new URL(personalAccessToken.getScmProviderUrl());
        secret.setData(Map.of("credentials", Base64.getEncoder().encodeToString(format("%s://%s:%s@%s%s", scmUrl.getProtocol(), personalAccessToken.getScmTokenName().startsWith(OAUTH_2_PREFIX) ? "oauth2" : personalAccessToken.getScmUserName(), URLEncoder.encode(personalAccessToken.getToken(), UTF_8), scmUrl.getHost(), scmUrl.getPort() != 80 && scmUrl.getPort() != -1 ? ":" + scmUrl.getPort() : "").getBytes())));
        client.secrets().inNamespace(namespace).createOrReplace(secret);
    } catch (InfrastructureException | MalformedURLException e) {
        throw new ScmConfigurationPersistenceException(e.getMessage(), e);
    }
}
Also used : ANNOTATION_MOUNT_PATH(org.eclipse.che.workspace.infrastructure.kubernetes.provision.secret.KubernetesSecretAnnotationNames.ANNOTATION_MOUNT_PATH) KubernetesClientFactory(org.eclipse.che.workspace.infrastructure.kubernetes.KubernetesClientFactory) ANNOTATION_DEV_WORKSPACE_MOUNT_PATH(org.eclipse.che.workspace.infrastructure.kubernetes.provision.secret.KubernetesSecretAnnotationNames.ANNOTATION_DEV_WORKSPACE_MOUNT_PATH) URL(java.net.URL) ANNOTATION_AUTOMOUNT(org.eclipse.che.workspace.infrastructure.kubernetes.provision.secret.KubernetesSecretAnnotationNames.ANNOTATION_AUTOMOUNT) HashMap(java.util.HashMap) OAUTH_2_PREFIX(org.eclipse.che.api.factory.server.scm.PersonalAccessTokenFetcher.OAUTH_2_PREFIX) Singleton(javax.inject.Singleton) Inject(javax.inject.Inject) PersonalAccessToken(org.eclipse.che.api.factory.server.scm.PersonalAccessToken) DEV_WORKSPACE_PREFIX(org.eclipse.che.workspace.infrastructure.kubernetes.provision.secret.KubernetesSecretAnnotationNames.DEV_WORKSPACE_PREFIX) Map(java.util.Map) ScmConfigurationPersistenceException(org.eclipse.che.api.factory.server.scm.exception.ScmConfigurationPersistenceException) ANNOTATION_MOUNT_AS(org.eclipse.che.workspace.infrastructure.kubernetes.provision.secret.KubernetesSecretAnnotationNames.ANNOTATION_MOUNT_AS) NameGenerator(org.eclipse.che.commons.lang.NameGenerator) ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder) ImmutableMap(com.google.common.collect.ImmutableMap) MalformedURLException(java.net.MalformedURLException) GitCredentialManager(org.eclipse.che.api.factory.server.scm.GitCredentialManager) KubernetesNamespaceMeta(org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta) UTF_8(java.nio.charset.StandardCharsets.UTF_8) String.format(java.lang.String.format) KubernetesNamespaceFactory(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespaceFactory) InfrastructureException(org.eclipse.che.api.workspace.server.spi.InfrastructureException) URLEncoder(java.net.URLEncoder) Base64(java.util.Base64) UnsatisfiedScmPreconditionException(org.eclipse.che.api.factory.server.scm.exception.UnsatisfiedScmPreconditionException) ANNOTATION_GIT_CREDENTIALS(org.eclipse.che.workspace.infrastructure.kubernetes.provision.secret.KubernetesSecretAnnotationNames.ANNOTATION_GIT_CREDENTIALS) ObjectMeta(io.fabric8.kubernetes.api.model.ObjectMeta) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) Secret(io.fabric8.kubernetes.api.model.Secret) Optional(java.util.Optional) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) StringUtils(org.eclipse.che.commons.lang.StringUtils) ObjectMeta(io.fabric8.kubernetes.api.model.ObjectMeta) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) MalformedURLException(java.net.MalformedURLException) HashMap(java.util.HashMap) ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder) URL(java.net.URL) Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) InfrastructureException(org.eclipse.che.api.workspace.server.spi.InfrastructureException) ScmConfigurationPersistenceException(org.eclipse.che.api.factory.server.scm.exception.ScmConfigurationPersistenceException)

Example 4 with UnsatisfiedScmPreconditionException

use of org.eclipse.che.api.factory.server.scm.exception.UnsatisfiedScmPreconditionException in project devspaces-images by redhat-developer.

the class AuthorizingFileContentProvider method fetchContent.

@Override
public String fetchContent(String fileURL) throws IOException, DevfileException {
    final String requestURL = formatUrl(fileURL);
    try {
        Optional<PersonalAccessToken> token = personalAccessTokenManager.get(EnvironmentContext.getCurrent().getSubject(), remoteFactoryUrl.getHostName());
        if (token.isPresent()) {
            PersonalAccessToken personalAccessToken = token.get();
            String content = urlFetcher.fetch(requestURL, formatAuthorization(personalAccessToken.getToken()));
            gitCredentialManager.createOrReplace(personalAccessToken);
            return content;
        } else {
            try {
                return urlFetcher.fetch(requestURL);
            } catch (IOException exception) {
                if (exception instanceof SSLException) {
                    ScmCommunicationException cause = new ScmCommunicationException(String.format("Failed to fetch a content from URL %s due to TLS key misconfiguration. Please refer to the docs about how to correctly import it. ", requestURL));
                    throw new DevfileException(exception.getMessage(), cause);
                } else if (exception instanceof FileNotFoundException) {
                    if (isPublicRepository(remoteFactoryUrl)) {
                        // for public repo-s return 404 as-is
                        throw exception;
                    }
                }
                // unable to determine exact cause, so let's just try to authorize...
                try {
                    PersonalAccessToken personalAccessToken = personalAccessTokenManager.fetchAndSave(EnvironmentContext.getCurrent().getSubject(), remoteFactoryUrl.getHostName());
                    String content = urlFetcher.fetch(requestURL, formatAuthorization(personalAccessToken.getToken()));
                    gitCredentialManager.createOrReplace(personalAccessToken);
                    return content;
                } catch (ScmUnauthorizedException | UnknownScmProviderException e) {
                    throw new DevfileException(e.getMessage(), e);
                } catch (ScmCommunicationException e) {
                    throw new IOException(String.format("Failed to fetch a content from URL %s. Make sure the URL" + " is correct. For private repository, make sure authentication is configured." + " Additionally, if you're using " + " relative form, make sure the referenced file are actually stored" + " relative to the devfile on the same host," + " or try to specify URL in absolute form. The current attempt to authenticate" + " request, failed with the following error message: %s", fileURL, e.getMessage()), e);
                }
            }
        }
    } catch (ScmConfigurationPersistenceException | UnsatisfiedScmPreconditionException | ScmUnauthorizedException | ScmCommunicationException e) {
        throw new DevfileException(e.getMessage(), e);
    }
}
Also used : ScmCommunicationException(org.eclipse.che.api.factory.server.scm.exception.ScmCommunicationException) FileNotFoundException(java.io.FileNotFoundException) IOException(java.io.IOException) SSLException(javax.net.ssl.SSLException) DevfileException(org.eclipse.che.api.workspace.server.devfile.exception.DevfileException) ScmUnauthorizedException(org.eclipse.che.api.factory.server.scm.exception.ScmUnauthorizedException) UnsatisfiedScmPreconditionException(org.eclipse.che.api.factory.server.scm.exception.UnsatisfiedScmPreconditionException) ScmConfigurationPersistenceException(org.eclipse.che.api.factory.server.scm.exception.ScmConfigurationPersistenceException)

Aggregations

ScmConfigurationPersistenceException (org.eclipse.che.api.factory.server.scm.exception.ScmConfigurationPersistenceException)4 UnsatisfiedScmPreconditionException (org.eclipse.che.api.factory.server.scm.exception.UnsatisfiedScmPreconditionException)4 ImmutableMap (com.google.common.collect.ImmutableMap)2 ObjectMeta (io.fabric8.kubernetes.api.model.ObjectMeta)2 ObjectMetaBuilder (io.fabric8.kubernetes.api.model.ObjectMetaBuilder)2 Secret (io.fabric8.kubernetes.api.model.Secret)2 SecretBuilder (io.fabric8.kubernetes.api.model.SecretBuilder)2 KubernetesClient (io.fabric8.kubernetes.client.KubernetesClient)2 FileNotFoundException (java.io.FileNotFoundException)2 IOException (java.io.IOException)2 String.format (java.lang.String.format)2 MalformedURLException (java.net.MalformedURLException)2 URL (java.net.URL)2 URLEncoder (java.net.URLEncoder)2 UTF_8 (java.nio.charset.StandardCharsets.UTF_8)2 Base64 (java.util.Base64)2 HashMap (java.util.HashMap)2 Map (java.util.Map)2 Optional (java.util.Optional)2 Inject (javax.inject.Inject)2