use of org.glassfish.jersey.client.oauth1.AccessToken in project data-transfer-project by google.
the class GoogleVideosImporter method importItem.
@Override
public ImportResult importItem(UUID jobId, IdempotentImportExecutor executor, TokensAndUrlAuthData authData, VideosContainerResource data) throws Exception {
if (data == null) {
// Nothing to do
return ImportResult.OK;
}
PhotosLibraryClient client;
if (clientsMap.containsKey(jobId)) {
client = clientsMap.get(jobId);
} else {
PhotosLibrarySettings settings = PhotosLibrarySettings.newBuilder().setCredentialsProvider(FixedCredentialsProvider.create(UserCredentials.newBuilder().setClientId(appCredentials.getKey()).setClientSecret(appCredentials.getSecret()).setAccessToken(new AccessToken(authData.getAccessToken(), new Date())).setRefreshToken(authData.getRefreshToken()).build())).build();
client = PhotosLibraryClient.initialize(settings);
clientsMap.put(jobId, client);
}
long bytes = 0L;
// Uploads videos
final Collection<VideoModel> videos = data.getVideos();
if (videos != null && videos.size() > 0) {
Stream<VideoModel> stream = videos.stream().filter(video -> shouldImport(video, executor)).map(this::transformVideoName);
// We partition into groups of 49 as 50 is the maximum number of items that can be created in
// one call. (We use 49 to avoid potential off by one errors)
// https://developers.google.com/photos/library/guides/upload-media#creating-media-item
final UnmodifiableIterator<List<VideoModel>> batches = Iterators.partition(stream.iterator(), 49);
while (batches.hasNext()) {
long batchBytes = importVideoBatch(batches.next(), client, executor);
bytes += batchBytes;
}
}
final ImportResult result = ImportResult.OK;
return result.copyWithBytes(bytes);
}
use of org.glassfish.jersey.client.oauth1.AccessToken in project cdap by caskdata.
the class GCPRemoteAuthenticatorTest method testRemoteAuthenticatorRefreshesExpiredAccessToken.
@Test
public void testRemoteAuthenticatorRefreshesExpiredAccessToken() throws Exception {
String expiredAccessTokenValue = "expired-access-token";
String accessTokenValue = "access-token";
// This is just an arbitrary fixed point in time.
Instant fixedInstant = Instant.ofEpochSecond(1646358109);
Clock fixedClock = Clock.fixed(fixedInstant, ZoneId.systemDefault());
GoogleCredentials mockGoogleCredentials = mock(GoogleCredentials.class);
AccessToken expiredAccessToken = new AccessToken(expiredAccessTokenValue, Date.from(fixedInstant.minus(Duration.ofHours(1))));
AccessToken accessToken = new AccessToken(accessTokenValue, Date.from(fixedInstant.plus(Duration.ofHours(1))));
when(mockGoogleCredentials.refreshAccessToken()).thenReturn(accessToken);
GCPRemoteAuthenticator gcpRemoteAuthenticator = new GCPRemoteAuthenticator(mockGoogleCredentials, fixedClock, expiredAccessToken);
// Verify expected credential value and that refresh was called exactly once.
Credential credential = gcpRemoteAuthenticator.getCredentials();
Assert.assertEquals(accessTokenValue, credential.getValue());
verify(mockGoogleCredentials, times(1)).refreshAccessToken();
}
use of org.glassfish.jersey.client.oauth1.AccessToken in project cdap by caskdata.
the class GCPRemoteAuthenticatorTest method testRemoteAuthenticatorReturnsValidAccessToken.
@Test
public void testRemoteAuthenticatorReturnsValidAccessToken() throws Exception {
String accessTokenValue = "access-token";
// This is just an arbitrary fixed point in time.
Instant fixedInstant = Instant.ofEpochSecond(1646358109);
Clock fixedClock = Clock.fixed(fixedInstant, ZoneId.systemDefault());
GoogleCredentials mockGoogleCredentials = mock(GoogleCredentials.class);
AccessToken accessToken = new AccessToken(accessTokenValue, Date.from(fixedInstant.plus(Duration.ofHours(1))));
when(mockGoogleCredentials.refreshAccessToken()).thenReturn(accessToken);
GCPRemoteAuthenticator gcpRemoteAuthenticator = new GCPRemoteAuthenticator(mockGoogleCredentials, fixedClock, accessToken);
// Verify expected credential value and that refresh was not called.
Credential credential = gcpRemoteAuthenticator.getCredentials();
Assert.assertEquals(accessTokenValue, credential.getValue());
verify(mockGoogleCredentials, times(0)).refreshAccessToken();
}
use of org.glassfish.jersey.client.oauth1.AccessToken in project terra-workspace-manager by DataBiosphere.
the class EnablePet method doUserJourney.
@Override
protected void doUserJourney(TestUserSpecification testUser, WorkspaceApi userWorkspaceApi) throws Exception {
// Validate that the user cannot impersonate their pet before calling this endpoint.
GoogleApi samGoogleApi = SamClientUtils.samGoogleApi(testUser, server);
String petSaEmail = SamRetry.retry(() -> samGoogleApi.getPetServiceAccount(projectId));
Iam userIamClient = ClientTestUtils.getGcpIamClient(testUser);
assertFalse(canImpersonateSa(userIamClient, petSaEmail));
userWorkspaceApi.enablePet(getWorkspaceId());
assertTrue(canImpersonateSa(userIamClient, petSaEmail));
// Validate that calling this endpoint as the pet does not grant the pet permission to
// impersonate itself.
String rawPetSaToken = SamRetry.retry(() -> samGoogleApi.getPetServiceAccountToken(projectId, ClientTestUtils.TEST_USER_SCOPES));
AccessToken petSaToken = new AccessToken(rawPetSaToken, null);
WorkspaceApi petSaWorkspaceApi = ClientTestUtils.getWorkspaceClientFromToken(petSaToken, server);
petSaWorkspaceApi.enablePet(getWorkspaceId());
// Add second user to the workspace as a reader.
userWorkspaceApi.grantRole(new GrantRoleRequestBody().memberEmail(secondUser.userEmail), getWorkspaceId(), IamRole.READER);
// Validate the second user cannot impersonate either user's pet.
GoogleApi secondUserSamGoogleApi = SamClientUtils.samGoogleApi(secondUser, server);
String secondUserPetSaEmail = SamRetry.retry(() -> secondUserSamGoogleApi.getPetServiceAccount(projectId));
Iam secondUserIamClient = ClientTestUtils.getGcpIamClient(secondUser);
assertFalse(canImpersonateSa(secondUserIamClient, secondUserPetSaEmail));
assertFalse(canImpersonateSa(secondUserIamClient, petSaEmail));
// Enable the second user to impersonate their pet
WorkspaceApi secondUserWorkspaceApi = ClientTestUtils.getWorkspaceClient(secondUser, server);
secondUserWorkspaceApi.enablePet(getWorkspaceId());
assertTrue(canImpersonateSa(secondUserIamClient, secondUserPetSaEmail));
// Second user still cannot impersonate first user's pet
assertFalse(canImpersonateSa(secondUserIamClient, petSaEmail));
// Remove second user from workspace. This should revoke their permission to impersonate their
// pet.
userWorkspaceApi.removeRole(getWorkspaceId(), IamRole.READER, secondUser.userEmail);
assertTrue(ClientTestUtils.getWithRetryOnException(() -> assertCannotImpersonateSa(secondUserIamClient, secondUserPetSaEmail)));
}
use of org.glassfish.jersey.client.oauth1.AccessToken in project terra-workspace-manager by DataBiosphere.
the class BufferServiceConfiguration method getAccessToken.
public String getAccessToken() throws IOException {
try (FileInputStream fileInputStream = new FileInputStream(clientCredentialFilePath)) {
GoogleCredentials credentials = ServiceAccountCredentials.fromStream(fileInputStream).createScoped(BUFFER_SCOPES);
AccessToken token = credentials.refreshAccessToken();
return token.getTokenValue();
}
}
Aggregations