seg_yinzy
/
che-server
mirror of https://github.com/eclipse-che/che-server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Removed SCM user name from git credential secret name (#19715) 

* Removed SCM user name from git credential secret name

Signed-off-by: Sergii Kabashniuk <skabashniuk@redhat.com>
7.30.x
Sergii Kabashniuk 2021-05-01 16:43:02 +03:00 committed by GitHub
parent 28f9543308
commit dc5c2fbe08
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesGitCredentialManager.java
View File

@ -49,7 +49,7 @@ import org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesN
*/
@Singleton
public class KubernetesGitCredentialManager implements GitCredentialManager {
public static final String NAME_PATTERN = "%s-git-credentials-secret-";
public static final String NAME_PATTERN = "git-credentials-secret-";
public static final String ANNOTATION_SCM_URL = "che.eclipse.org/scm-url";
public static final String ANNOTATION_SCM_USERNAME = "che.eclipse.org/scm-username";
public static final String ANNOTATION_CHE_USERID = "che.eclipse.org/che-userid";
@ -59,7 +59,7 @@ public class KubernetesGitCredentialManager implements GitCredentialManager {
"app.kubernetes.io/part-of", "che.eclipse.org",
"app.kubernetes.io/component", "workspace-secret");
private static final Map<String, String> ANNOTATIONS =
static final Map<String, String> DEFAULT_SECRET_ANNOTATIONS =
ImmutableMap.of(
ANNOTATION_AUTOMOUNT,
"true",
@ -116,16 +116,13 @@ public class KubernetesGitCredentialManager implements GitCredentialManager {
Secret secret =
existing.orElseGet(
() -> {
Map<String, String> annotations = new HashMap<>(ANNOTATIONS);
Map<String, String> annotations = new HashMap<>(DEFAULT_SECRET_ANNOTATIONS);
annotations.put(ANNOTATION_SCM_URL, personalAccessToken.getScmProviderUrl());
annotations.put(ANNOTATION_SCM_USERNAME, personalAccessToken.getScmUserName());
annotations.put(ANNOTATION_CHE_USERID, personalAccessToken.getCheUserId());
ObjectMeta meta =
new ObjectMetaBuilder()
.withName(
NameGenerator.generate(
String.format(NAME_PATTERN, personalAccessToken.getScmUserName()),
5))
.withName(NameGenerator.generate(NAME_PATTERN, 5))
.withAnnotations(annotations)
.withLabels(LABELS)
.build();

16
infrastructures/infrastructure-factory/src/test/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesGitCredentialManagerTest.java
View File

@ -13,15 +13,19 @@ package org.eclipse.che.api.factory.server.scm.kubernetes;
import static java.util.Collections.emptyList;
import static java.util.Collections.singletonList;
import static org.eclipse.che.api.factory.server.scm.kubernetes.KubernetesGitCredentialManager.ANNOTATION_CHE_USERID;
import static org.eclipse.che.api.factory.server.scm.kubernetes.KubernetesGitCredentialManager.ANNOTATION_SCM_URL;
import static org.eclipse.che.api.factory.server.scm.kubernetes.KubernetesGitCredentialManager.ANNOTATION_SCM_USERNAME;
import static org.eclipse.che.api.factory.server.scm.kubernetes.KubernetesGitCredentialManager.DEFAULT_SECRET_ANNOTATIONS;
import static org.eclipse.che.api.factory.server.scm.kubernetes.KubernetesGitCredentialManager.NAME_PATTERN;
import static org.mockito.ArgumentMatchers.anyMap;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import static org.testng.Assert.assertEquals;
import static org.testng.Assert.assertFalse;
import static org.testng.Assert.assertNotNull;
import static org.testng.Assert.assertTrue;
import io.fabric8.kubernetes.api.model.DoneableSecret;
import io.fabric8.kubernetes.api.model.ObjectMeta;
@ -115,6 +119,8 @@ public class KubernetesGitCredentialManagerTest {
assertEquals(
new String(Base64.getDecoder().decode(createdSecret.getData().get("credentials"))),
"https://username:token123@bitbucket.com");
assertTrue(createdSecret.getMetadata().getName().startsWith(NAME_PATTERN));
assertFalse(createdSecret.getMetadata().getName().contains(token.getScmUserName()));
}
@Test
@ -130,13 +136,14 @@ public class KubernetesGitCredentialManagerTest {
"tid-23434",
"token123");
Map<String, String> annotations = new HashMap<>();
Map<String, String> annotations = new HashMap<>(DEFAULT_SECRET_ANNOTATIONS);
annotations.put(ANNOTATION_SCM_URL, token.getScmProviderUrl());
annotations.put(ANNOTATION_SCM_USERNAME, token.getScmUserName());
annotations.put(ANNOTATION_CHE_USERID, token.getCheUserId());
ObjectMeta objectMeta =
new ObjectMetaBuilder()
.withName(
String.format(NAME_PATTERN, NameGenerator.generate(token.getScmUserName(), 5)))
.withName(NameGenerator.generate(NAME_PATTERN, 5))
.withAnnotations(annotations)
.build();
Secret existing =
@ -154,16 +161,17 @@ public class KubernetesGitCredentialManagerTest {
when(nonNamespaceOperation.withLabels(anyMap())).thenReturn(filterWatchDeletable);
when(filterWatchDeletable.list()).thenReturn(secretList);
when(secretList.getItems()).thenReturn(singletonList(existing));
ArgumentCaptor<Secret> captor = ArgumentCaptor.forClass(Secret.class);
// when
kubernetesGitCredentialManager.createOrReplace(token);
// then
ArgumentCaptor<Secret> captor = ArgumentCaptor.forClass(Secret.class);
verify(nonNamespaceOperation).createOrReplace(captor.capture());
Secret createdSecret = captor.getValue();
assertNotNull(createdSecret);
assertEquals(
new String(Base64.getDecoder().decode(createdSecret.getData().get("credentials"))),
"https://username:token123@bitbucket.com:5648");
assertEquals(createdSecret.getMetadata().getName(), objectMeta.getName());
}
}