Search in sources :

Example 56 with AccessToken

use of org.glassfish.jersey.client.oauth1.AccessToken in project cdap by cdapio.

the class GCPRemoteAuthenticatorTest method testRemoteAuthenticatorRefreshesExpiredAccessToken.

@Test
public void testRemoteAuthenticatorRefreshesExpiredAccessToken() throws Exception {
    String expiredAccessTokenValue = "expired-access-token";
    String accessTokenValue = "access-token";
    // This is just an arbitrary fixed point in time.
    Instant fixedInstant = Instant.ofEpochSecond(1646358109);
    Clock fixedClock = Clock.fixed(fixedInstant, ZoneId.systemDefault());
    GoogleCredentials mockGoogleCredentials = mock(GoogleCredentials.class);
    AccessToken expiredAccessToken = new AccessToken(expiredAccessTokenValue, Date.from(fixedInstant.minus(Duration.ofHours(1))));
    AccessToken accessToken = new AccessToken(accessTokenValue, Date.from(fixedInstant.plus(Duration.ofHours(1))));
    when(mockGoogleCredentials.refreshAccessToken()).thenReturn(accessToken);
    GCPRemoteAuthenticator gcpRemoteAuthenticator = new GCPRemoteAuthenticator(mockGoogleCredentials, fixedClock, expiredAccessToken);
    // Verify expected credential value and that refresh was called exactly once.
    Credential credential = gcpRemoteAuthenticator.getCredentials();
    Assert.assertEquals(accessTokenValue, credential.getValue());
    verify(mockGoogleCredentials, times(1)).refreshAccessToken();
}
Also used : Credential(io.cdap.cdap.proto.security.Credential) AccessToken(com.google.auth.oauth2.AccessToken) Instant(java.time.Instant) GoogleCredentials(com.google.auth.oauth2.GoogleCredentials) Clock(java.time.Clock) Test(org.junit.Test)

Example 57 with AccessToken

use of org.glassfish.jersey.client.oauth1.AccessToken in project helios by spotify.

the class AuthenticatingHttpConnector method connect.

@Override
public HttpURLConnection connect(final URI uri, final String method, final byte[] entity, final Map<String, List<String>> headers) throws HeliosException {
    final Endpoint endpoint = endpointIterator.next();
    // convert the URI whose hostname portion is a domain name into a URI where the host is an IP
    // as we expect there to be several different IP addresses besides a common domain name
    final URI ipUri;
    try {
        ipUri = toIpUri(endpoint, uri);
    } catch (URISyntaxException e) {
        throw new HeliosException(e);
    }
    try {
        log.debug("connecting to {}", ipUri);
        final Optional<AccessToken> accessTokenOpt = accessTokenSupplier.get();
        if (accessTokenOpt.isPresent()) {
            final String token = accessTokenOpt.get().getTokenValue();
            headers.put("Authorization", singletonList("Bearer " + token));
            log.debug("Add Authorization header with bearer token");
        }
        if (clientCertificatePath.isPresent()) {
            // prioritize using the certificate file if set
            return connectWithCertificateFile(ipUri, method, entity, headers);
        } else if (agentProxy.isPresent() && !identities.isEmpty()) {
            // ssh-agent based authentication
            return connectWithIdentities(identities, ipUri, method, entity, headers);
        } else {
            // no authentication
            return doConnect(ipUri, method, entity, headers);
        }
    } catch (ConnectException | SocketTimeoutException | UnknownHostException e) {
        // UnknownHostException happens if we can't resolve hostname into IP address.
        // UnknownHostException's getMessage method returns just the hostname which is a
        // useless message, so log the exception class name to provide more info.
        log.debug(e.toString());
        throw new HeliosException("Unable to connect to master: " + ipUri, e);
    } catch (IOException e) {
        throw new HeliosException("Unexpected error connecting to " + ipUri, e);
    }
}
Also used : HeliosException(com.spotify.helios.common.HeliosException) SocketTimeoutException(java.net.SocketTimeoutException) UnknownHostException(java.net.UnknownHostException) AccessToken(com.google.auth.oauth2.AccessToken) URISyntaxException(java.net.URISyntaxException) IOException(java.io.IOException) URI(java.net.URI) ConnectException(java.net.ConnectException)

Example 58 with AccessToken

use of org.glassfish.jersey.client.oauth1.AccessToken in project helios by spotify.

the class AuthenticatingHttpConnectorTest method createAuthenticatingConnectorWithAccessToken.

private AuthenticatingHttpConnector createAuthenticatingConnectorWithAccessToken(final Optional<AgentProxy> proxy, final List<Identity> identities) {
    final EndpointIterator endpointIterator = EndpointIterator.of(endpoints);
    final AccessToken accessToken = new AccessToken("<token>", null);
    return new AuthenticatingHttpConnector(USER, Suppliers.ofInstance(Optional.of(accessToken)), proxy, Optional.<CertKeyPaths>absent(), endpointIterator, connector, identities);
}
Also used : AccessToken(com.google.auth.oauth2.AccessToken)

Example 59 with AccessToken

use of org.glassfish.jersey.client.oauth1.AccessToken in project helios by spotify.

the class GoogleCredentialsAccessTokenSupplierTest method testGetWithStaticToken.

@Test
public void testGetWithStaticToken() {
    final AccessToken token = new AccessToken("token", null);
    final GoogleCredentialsAccessTokenSupplier supplier = new GoogleCredentialsAccessTokenSupplier(true, token, null);
    assertThat(supplier.get(), equalTo(Optional.of(token)));
}
Also used : AccessToken(com.google.auth.oauth2.AccessToken) Test(org.junit.Test)

Example 60 with AccessToken

use of org.glassfish.jersey.client.oauth1.AccessToken in project java by kubernetes-client.

the class KubeConfigTest method testGCPAuthProviderExpiredTokenWithoutGCloud.

@Test
public void testGCPAuthProviderExpiredTokenWithoutGCloud() {
    String gcpConfigExpiredToken = "apiVersion: v1\n" + "contexts:\n" + "- context:\n" + "    user: gke-cluster\n" + "  name: foo-context\n" + "current-context: foo-context\n" + "users:\n" + "- name: gke-cluster\n" + "  user:\n" + "    auth-provider:\n" + "      config:\n" + "        access-token: fake-token\n" + "        expiry: 1970-01-01T00:00:00Z\n" + "      name: gcp";
    String fakeToken = "new-fake-token";
    String fakeTokenExpiry = "2121-08-05T02:30:24Z";
    GoogleCredentials mockGC = Mockito.mock(GoogleCredentials.class);
    Mockito.when(mockGC.getAccessToken()).thenReturn(new AccessToken(fakeToken, Date.from(Instant.parse(fakeTokenExpiry))));
    KubeConfig.registerAuthenticator(new GCPAuthenticator(null, mockGC));
    try {
        KubeConfig kc = KubeConfig.loadKubeConfig(new StringReader(gcpConfigExpiredToken));
        assertEquals(fakeToken, kc.getAccessToken());
    } catch (Exception ex) {
        ex.printStackTrace();
        fail("Unexpected exception: " + ex);
    }
}
Also used : GCPAuthenticator(io.kubernetes.client.util.authenticators.GCPAuthenticator) AccessToken(com.google.auth.oauth2.AccessToken) StringReader(java.io.StringReader) GoogleCredentials(com.google.auth.oauth2.GoogleCredentials) IOException(java.io.IOException) Test(org.junit.Test)

Aggregations

AccessToken (com.google.auth.oauth2.AccessToken)78 Test (org.junit.Test)44 GoogleCredentials (com.google.auth.oauth2.GoogleCredentials)33 Date (java.util.Date)23 IOException (java.io.IOException)20 AccessToken (io.vertx.ext.auth.oauth2.AccessToken)16 Instant (java.time.Instant)10 Client (javax.ws.rs.client.Client)10 AccessToken (org.glassfish.jersey.client.oauth1.AccessToken)10 ConsumerCredentials (org.glassfish.jersey.client.oauth1.ConsumerCredentials)10 JsonObject (io.vertx.core.json.JsonObject)9 URI (java.net.URI)9 Feature (javax.ws.rs.core.Feature)8 JerseyTest (org.glassfish.jersey.test.JerseyTest)8 MockHttpTransport (com.google.api.client.testing.http.MockHttpTransport)6 ServiceAccountCredentials (com.google.auth.oauth2.ServiceAccountCredentials)6 Credential (io.cdap.cdap.proto.security.Credential)6 InputStreamReader (java.io.InputStreamReader)6 Clock (java.time.Clock)6 WebTarget (javax.ws.rs.client.WebTarget)6