Search in sources :

Example 11 with KubernetesNamespaceMeta

use of org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta in project che-server by eclipse-che.

the class KubernetesPersonalAccessTokenManagerTest method testGetTokenFromNamespace.

@Test
public void testGetTokenFromNamespace() throws Exception {
    KubernetesNamespaceMeta meta = new KubernetesNamespaceMetaImpl("test");
    when(namespaceFactory.list()).thenReturn(Collections.singletonList(meta));
    KubernetesNamespace kubernetesnamespace = Mockito.mock(KubernetesNamespace.class);
    KubernetesSecrets secrets = Mockito.mock(KubernetesSecrets.class);
    when(namespaceFactory.access(eq(null), eq(meta.getName()))).thenReturn(kubernetesnamespace);
    when(kubernetesnamespace.secrets()).thenReturn(secrets);
    when(scmPersonalAccessTokenFetcher.isValid(any(PersonalAccessToken.class))).thenReturn(true);
    Map<String, String> data1 = Map.of("token", Base64.getEncoder().encodeToString("token1".getBytes(UTF_8)));
    Map<String, String> data2 = Map.of("token", Base64.getEncoder().encodeToString("token2".getBytes(UTF_8)));
    Map<String, String> data3 = Map.of("token", Base64.getEncoder().encodeToString("token3".getBytes(UTF_8)));
    ObjectMeta meta1 = new ObjectMetaBuilder().withAnnotations(Map.of(ANNOTATION_CHE_USERID, "user1", ANNOTATION_SCM_URL, "http://host1")).build();
    ObjectMeta meta2 = new ObjectMetaBuilder().withAnnotations(Map.of(ANNOTATION_CHE_USERID, "user1", ANNOTATION_SCM_URL, "http://host2")).build();
    ObjectMeta meta3 = new ObjectMetaBuilder().withAnnotations(Map.of(ANNOTATION_CHE_USERID, "user2", ANNOTATION_SCM_URL, "http://host3")).build();
    Secret secret1 = new SecretBuilder().withMetadata(meta1).withData(data1).build();
    Secret secret2 = new SecretBuilder().withMetadata(meta2).withData(data2).build();
    Secret secret3 = new SecretBuilder().withMetadata(meta3).withData(data3).build();
    when(secrets.get(any(LabelSelector.class))).thenReturn(Arrays.asList(secret1, secret2, secret3));
    // when
    PersonalAccessToken token = personalAccessTokenManager.get(new SubjectImpl("user", "user1", "t1", false), "http://host1").get();
    // then
    assertEquals(token.getCheUserId(), "user1");
    assertEquals(token.getScmProviderUrl(), "http://host1");
    assertEquals(token.getToken(), "token1");
}
Also used : KubernetesNamespaceMetaImpl(org.eclipse.che.workspace.infrastructure.kubernetes.api.server.impls.KubernetesNamespaceMetaImpl) ObjectMeta(io.fabric8.kubernetes.api.model.ObjectMeta) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder) Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) KubernetesSecrets(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesSecrets) PersonalAccessToken(org.eclipse.che.api.factory.server.scm.PersonalAccessToken) KubernetesNamespaceMeta(org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta) SubjectImpl(org.eclipse.che.commons.subject.SubjectImpl) KubernetesNamespace(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespace) Test(org.testng.annotations.Test)

Example 12 with KubernetesNamespaceMeta

use of org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta in project devspaces-images by redhat-developer.

the class KubernetesPersonalAccessTokenManagerTest method shouldReturnFirstValidToken.

@Test(dependsOnMethods = "shouldDeleteInvalidTokensOnGet")
public void shouldReturnFirstValidToken() throws Exception {
    // given
    KubernetesNamespaceMeta meta = new KubernetesNamespaceMetaImpl("test");
    when(namespaceFactory.list()).thenReturn(Collections.singletonList(meta));
    KubernetesNamespace kubernetesnamespace = Mockito.mock(KubernetesNamespace.class);
    KubernetesSecrets secrets = Mockito.mock(KubernetesSecrets.class);
    when(namespaceFactory.access(eq(null), eq(meta.getName()))).thenReturn(kubernetesnamespace);
    when(kubernetesnamespace.secrets()).thenReturn(secrets);
    when(scmPersonalAccessTokenFetcher.isValid(any(PersonalAccessToken.class))).thenAnswer((Answer<Boolean>) invocation -> {
        PersonalAccessToken token = invocation.getArgument(0);
        return "id2".equals(token.getScmTokenId());
    });
    when(clientFactory.create()).thenReturn(kubeClient);
    when(kubeClient.secrets()).thenReturn(secretsMixedOperation);
    when(secretsMixedOperation.inNamespace(eq(meta.getName()))).thenReturn(nonNamespaceOperation);
    Map<String, String> data1 = Map.of("token", Base64.getEncoder().encodeToString("token1".getBytes(UTF_8)));
    Map<String, String> data2 = Map.of("token", Base64.getEncoder().encodeToString("token2".getBytes(UTF_8)));
    ObjectMeta meta1 = new ObjectMetaBuilder().withAnnotations(Map.of(ANNOTATION_CHE_USERID, "user1", ANNOTATION_SCM_URL, "http://host1", ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_ID, "id1")).build();
    ObjectMeta meta2 = new ObjectMetaBuilder().withAnnotations(Map.of(ANNOTATION_CHE_USERID, "user1", ANNOTATION_SCM_URL, "http://host1", ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_ID, "id2")).build();
    Secret secret1 = new SecretBuilder().withMetadata(meta1).withData(data1).build();
    Secret secret2 = new SecretBuilder().withMetadata(meta2).withData(data2).build();
    when(secrets.get(any(LabelSelector.class))).thenReturn(Arrays.asList(secret1, secret2));
    // when
    Optional<PersonalAccessToken> token = personalAccessTokenManager.get(new SubjectImpl("user", "user1", "t1", false), "http://host1");
    // then
    assertTrue(token.isPresent());
    assertEquals(token.get().getScmTokenId(), "id2");
}
Also used : ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) MixedOperation(io.fabric8.kubernetes.client.dsl.MixedOperation) Arrays(java.util.Arrays) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) KubernetesClientFactory(org.eclipse.che.workspace.infrastructure.kubernetes.KubernetesClientFactory) Listeners(org.testng.annotations.Listeners) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Mock(org.mockito.Mock) Assert.assertEquals(org.testng.Assert.assertEquals) Test(org.testng.annotations.Test) KubernetesNamespace(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespace) Answer(org.mockito.stubbing.Answer) Resource(io.fabric8.kubernetes.client.dsl.Resource) ANNOTATION_CHE_USERID(org.eclipse.che.api.factory.server.scm.kubernetes.KubernetesPersonalAccessTokenManager.ANNOTATION_CHE_USERID) ArgumentCaptor(org.mockito.ArgumentCaptor) PersonalAccessToken(org.eclipse.che.api.factory.server.scm.PersonalAccessToken) SecretList(io.fabric8.kubernetes.api.model.SecretList) ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_ID(org.eclipse.che.api.factory.server.scm.kubernetes.KubernetesPersonalAccessTokenManager.ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_ID) Map(java.util.Map) Assert.assertFalse(org.testng.Assert.assertFalse) ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder) ScmPersonalAccessTokenFetcher(org.eclipse.che.api.factory.server.scm.ScmPersonalAccessTokenFetcher) MockitoTestNGListener(org.mockito.testng.MockitoTestNGListener) KubernetesNamespaceMeta(org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta) UTF_8(java.nio.charset.StandardCharsets.UTF_8) ANNOTATION_SCM_URL(org.eclipse.che.api.factory.server.scm.kubernetes.KubernetesPersonalAccessTokenManager.ANNOTATION_SCM_URL) KubernetesSecrets(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesSecrets) BeforeMethod(org.testng.annotations.BeforeMethod) Mockito.times(org.mockito.Mockito.times) Mockito.when(org.mockito.Mockito.when) Assert.assertNotNull(org.testng.Assert.assertNotNull) Mockito.verify(org.mockito.Mockito.verify) KubernetesNamespaceFactory(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespaceFactory) Mockito(org.mockito.Mockito) Base64(java.util.Base64) NonNamespaceOperation(io.fabric8.kubernetes.client.dsl.NonNamespaceOperation) KubernetesNamespaceMetaImpl(org.eclipse.che.workspace.infrastructure.kubernetes.api.server.impls.KubernetesNamespaceMetaImpl) ObjectMeta(io.fabric8.kubernetes.api.model.ObjectMeta) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) Assert.assertTrue(org.testng.Assert.assertTrue) Secret(io.fabric8.kubernetes.api.model.Secret) Optional(java.util.Optional) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) SubjectImpl(org.eclipse.che.commons.subject.SubjectImpl) Collections(java.util.Collections) KubernetesNamespaceMetaImpl(org.eclipse.che.workspace.infrastructure.kubernetes.api.server.impls.KubernetesNamespaceMetaImpl) ObjectMeta(io.fabric8.kubernetes.api.model.ObjectMeta) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder) Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) KubernetesSecrets(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesSecrets) PersonalAccessToken(org.eclipse.che.api.factory.server.scm.PersonalAccessToken) KubernetesNamespaceMeta(org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta) SubjectImpl(org.eclipse.che.commons.subject.SubjectImpl) KubernetesNamespace(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespace) Test(org.testng.annotations.Test)

Example 13 with KubernetesNamespaceMeta

use of org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta in project devspaces-images by redhat-developer.

the class KubernetesPersonalAccessTokenManagerTest method shouldDeleteInvalidTokensOnGet.

@Test
public void shouldDeleteInvalidTokensOnGet() throws Exception {
    // given
    KubernetesNamespaceMeta meta = new KubernetesNamespaceMetaImpl("test");
    when(namespaceFactory.list()).thenReturn(Collections.singletonList(meta));
    KubernetesNamespace kubernetesnamespace = Mockito.mock(KubernetesNamespace.class);
    KubernetesSecrets secrets = Mockito.mock(KubernetesSecrets.class);
    when(namespaceFactory.access(eq(null), eq(meta.getName()))).thenReturn(kubernetesnamespace);
    when(kubernetesnamespace.secrets()).thenReturn(secrets);
    when(scmPersonalAccessTokenFetcher.isValid(any(PersonalAccessToken.class))).thenReturn(false);
    when(clientFactory.create()).thenReturn(kubeClient);
    when(kubeClient.secrets()).thenReturn(secretsMixedOperation);
    when(secretsMixedOperation.inNamespace(eq(meta.getName()))).thenReturn(nonNamespaceOperation);
    Map<String, String> data1 = Map.of("token", Base64.getEncoder().encodeToString("token1".getBytes(UTF_8)));
    ObjectMeta meta1 = new ObjectMetaBuilder().withAnnotations(Map.of(ANNOTATION_CHE_USERID, "user1", ANNOTATION_SCM_URL, "http://host1")).build();
    Secret secret1 = new SecretBuilder().withMetadata(meta1).withData(data1).build();
    when(secrets.get(any(LabelSelector.class))).thenReturn(Arrays.asList(secret1));
    // when
    Optional<PersonalAccessToken> token = personalAccessTokenManager.get(new SubjectImpl("user", "user1", "t1", false), "http://host1");
    // then
    assertFalse(token.isPresent());
    verify(nonNamespaceOperation, times(1)).delete(eq(secret1));
}
Also used : KubernetesNamespaceMetaImpl(org.eclipse.che.workspace.infrastructure.kubernetes.api.server.impls.KubernetesNamespaceMetaImpl) ObjectMeta(io.fabric8.kubernetes.api.model.ObjectMeta) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder) Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) KubernetesSecrets(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesSecrets) PersonalAccessToken(org.eclipse.che.api.factory.server.scm.PersonalAccessToken) KubernetesNamespaceMeta(org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta) SubjectImpl(org.eclipse.che.commons.subject.SubjectImpl) KubernetesNamespace(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespace) Test(org.testng.annotations.Test)

Example 14 with KubernetesNamespaceMeta

use of org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta in project devspaces-images by redhat-developer.

the class KubernetesPersonalAccessTokenManager method get.

@Override
public Optional<PersonalAccessToken> get(Subject cheUser, String scmServerUrl) throws ScmConfigurationPersistenceException, ScmUnauthorizedException, ScmCommunicationException {
    try {
        for (KubernetesNamespaceMeta namespaceMeta : namespaceFactory.list()) {
            List<Secret> secrets = namespaceFactory.access(null, namespaceMeta.getName()).secrets().get(KUBERNETES_PERSONAL_ACCESS_TOKEN_LABEL_SELECTOR);
            for (Secret secret : secrets) {
                Map<String, String> annotations = secret.getMetadata().getAnnotations();
                String trimmedUrl = StringUtils.trimEnd(annotations.get(ANNOTATION_SCM_URL), '/');
                if (annotations.get(ANNOTATION_CHE_USERID).equals(cheUser.getUserId()) && trimmedUrl.equals(StringUtils.trimEnd(scmServerUrl, '/'))) {
                    PersonalAccessToken token = new PersonalAccessToken(trimmedUrl, annotations.get(ANNOTATION_CHE_USERID), annotations.get(ANNOTATION_SCM_USERNAME), annotations.get(ANNOTATION_SCM_USERID), annotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME), annotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_ID), new String(Base64.getDecoder().decode(secret.getData().get("token"))));
                    if (scmPersonalAccessTokenFetcher.isValid(token)) {
                        return Optional.of(token);
                    } else {
                        // Removing token that is no longer valid. If several tokens exist the next one could
                        // be valid. If no valid token can be found, the caller should react in the same way
                        // as it reacts if no token exists. Usually, that means that process of new token
                        // retrieval would be initiated.
                        clientFactory.create().secrets().inNamespace(namespaceMeta.getName()).delete(secret);
                    }
                }
            }
        }
    } catch (InfrastructureException | UnknownScmProviderException e) {
        throw new ScmConfigurationPersistenceException(e.getMessage(), e);
    }
    return Optional.empty();
}
Also used : Secret(io.fabric8.kubernetes.api.model.Secret) PersonalAccessToken(org.eclipse.che.api.factory.server.scm.PersonalAccessToken) KubernetesNamespaceMeta(org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta) UnknownScmProviderException(org.eclipse.che.api.factory.server.scm.exception.UnknownScmProviderException) InfrastructureException(org.eclipse.che.api.workspace.server.spi.InfrastructureException) ScmConfigurationPersistenceException(org.eclipse.che.api.factory.server.scm.exception.ScmConfigurationPersistenceException)

Example 15 with KubernetesNamespaceMeta

use of org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta in project devspaces-images by redhat-developer.

the class KubernetesGitCredentialManagerTest method testUpdateTokenInExistingCredential.

@Test
public void testUpdateTokenInExistingCredential() throws Exception {
    KubernetesNamespaceMeta namespaceMeta = new KubernetesNamespaceMetaImpl("test");
    PersonalAccessToken token = new PersonalAccessToken("https://bitbucket.com:5648", "cheUser", "username", "userId", "token-name", "tid-23434", "token123");
    Map<String, String> annotations = new HashMap<>(DEFAULT_SECRET_ANNOTATIONS);
    annotations.put(ANNOTATION_SCM_URL, token.getScmProviderUrl() + "/");
    annotations.put(ANNOTATION_SCM_USERNAME, token.getScmUserName());
    annotations.put(ANNOTATION_CHE_USERID, token.getCheUserId());
    ObjectMeta objectMeta = new ObjectMetaBuilder().withName(NameGenerator.generate(NAME_PATTERN, 5)).withAnnotations(annotations).build();
    Secret existing = new SecretBuilder().withMetadata(objectMeta).withData(Map.of("credentials", "foo 123")).build();
    when(namespaceFactory.list()).thenReturn(Collections.singletonList(namespaceMeta));
    when(clientFactory.create()).thenReturn(kubeClient);
    when(kubeClient.secrets()).thenReturn(secretsMixedOperation);
    when(secretsMixedOperation.inNamespace(eq(namespaceMeta.getName()))).thenReturn(nonNamespaceOperation);
    when(nonNamespaceOperation.withLabels(anyMap())).thenReturn(filterWatchDeletable);
    when(filterWatchDeletable.list()).thenReturn(secretList);
    when(secretList.getItems()).thenReturn(singletonList(existing));
    // when
    kubernetesGitCredentialManager.createOrReplace(token);
    // then
    ArgumentCaptor<Secret> captor = ArgumentCaptor.forClass(Secret.class);
    verify(nonNamespaceOperation).createOrReplace(captor.capture());
    Secret createdSecret = captor.getValue();
    assertNotNull(createdSecret);
    assertEquals(new String(Base64.getDecoder().decode(createdSecret.getData().get("credentials"))), "https://username:token123@bitbucket.com:5648");
    assertEquals(createdSecret.getMetadata().getName(), objectMeta.getName());
}
Also used : Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) KubernetesNamespaceMetaImpl(org.eclipse.che.workspace.infrastructure.kubernetes.api.server.impls.KubernetesNamespaceMetaImpl) ObjectMeta(io.fabric8.kubernetes.api.model.ObjectMeta) HashMap(java.util.HashMap) PersonalAccessToken(org.eclipse.che.api.factory.server.scm.PersonalAccessToken) KubernetesNamespaceMeta(org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta) ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder) Test(org.testng.annotations.Test)

Aggregations

KubernetesNamespaceMeta (org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta)42 Test (org.testng.annotations.Test)34 KubernetesNamespaceMetaImpl (org.eclipse.che.workspace.infrastructure.kubernetes.api.server.impls.KubernetesNamespaceMetaImpl)20 Secret (io.fabric8.kubernetes.api.model.Secret)18 PersonalAccessToken (org.eclipse.che.api.factory.server.scm.PersonalAccessToken)18 SubjectImpl (org.eclipse.che.commons.subject.SubjectImpl)16 ObjectMeta (io.fabric8.kubernetes.api.model.ObjectMeta)10 ObjectMetaBuilder (io.fabric8.kubernetes.api.model.ObjectMetaBuilder)10 SecretBuilder (io.fabric8.kubernetes.api.model.SecretBuilder)10 LabelSelector (io.fabric8.kubernetes.api.model.LabelSelector)8 KubernetesNamespace (org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespace)8 KubernetesSecrets (org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesSecrets)8 NamespaceBuilder (io.fabric8.kubernetes.api.model.NamespaceBuilder)6 KubernetesClientException (io.fabric8.kubernetes.client.KubernetesClientException)6 NamespaceResolutionContext (org.eclipse.che.api.workspace.server.spi.NamespaceResolutionContext)6 Namespace (io.fabric8.kubernetes.api.model.Namespace)4 Status (io.fabric8.kubernetes.api.model.Status)4 InfrastructureException (org.eclipse.che.api.workspace.server.spi.InfrastructureException)4 Project (io.fabric8.openshift.api.model.Project)3 SecretList (io.fabric8.kubernetes.api.model.SecretList)2