From f5c2a2a7424ecad1fd6a8935b41de3e987224782 Mon Sep 17 00:00:00 2001 From: ivinokur Date: Sun, 28 Jan 2024 13:00:19 +0200 Subject: [PATCH] commit --- .../KubernetesPersonalAccessTokenManager.java | 42 ++++++++++--------- ...ernetesPersonalAccessTokenManagerTest.java | 28 ++++++------- .../che/security/oauth/EmbeddedOAuthAPI.java | 2 +- ...AzureDevOpsPersonalAccessTokenFetcher.java | 5 +++ ...ucketServerPersonalAccessTokenFetcher.java | 5 +++ .../BitbucketPersonalAccessTokenFetcher.java | 5 +++ ...tractGithubPersonalAccessTokenFetcher.java | 5 +++ .../gitlab/GitlabOAuthTokenFetcher.java | 5 +++ .../scm/PersonalAccessTokenFetcher.java | 2 + .../scm/ScmPersonalAccessTokenFetcher.java | 13 +++++- 10 files changed, 75 insertions(+), 37 deletions(-) diff --git a/infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesPersonalAccessTokenManager.java b/infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesPersonalAccessTokenManager.java index 023a812403..7ef4059c90 100644 --- a/infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesPersonalAccessTokenManager.java +++ b/infrastructures/infrastructure-factory/src/main/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesPersonalAccessTokenManager.java @@ -65,8 +65,7 @@ public class KubernetesPersonalAccessTokenManager implements PersonalAccessToken public static final String ANNOTATION_SCM_ORGANIZATION = "che.eclipse.org/scm-organization"; public static final String ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_ID = "che.eclipse.org/scm-personal-access-token-id"; - public static final String ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME = - "che.eclipse.org/scm-personal-access-provider-name"; + public static final String ANNOTATION_SCM_PROVIDER_NAME = "che.eclipse.org/scm-provider-name"; public static final String ANNOTATION_SCM_URL = "che.eclipse.org/scm-url"; public static final String TOKEN_DATA_FIELD = "token"; @@ -102,9 +101,7 @@ public class KubernetesPersonalAccessTokenManager implements PersonalAccessToken .put( ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_ID, personalAccessToken.getScmTokenId()) - .put( - ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME, - personalAccessToken.getScmProviderName()) + .put(ANNOTATION_SCM_PROVIDER_NAME, personalAccessToken.getScmProviderName()) .build()) .withLabels(SECRET_LABELS) .build(); @@ -172,8 +169,7 @@ public class KubernetesPersonalAccessTokenManager implements PersonalAccessToken private Optional doGetPersonalAccessToken( Subject cheUser, @Nullable String oAuthProviderName, @Nullable String scmServerUrl) - throws ScmConfigurationPersistenceException, ScmUnauthorizedException, - ScmCommunicationException { + throws ScmConfigurationPersistenceException { try { for (KubernetesNamespaceMeta namespaceMeta : namespaceFactory.list()) { List secrets = @@ -202,7 +198,7 @@ public class KubernetesPersonalAccessTokenManager implements PersonalAccessToken secretAnnotations.get(ANNOTATION_CHE_USERID), personalAccessTokenParams.getOrganization(), scmUsername.get(), - secretAnnotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME), + secretAnnotations.get(ANNOTATION_SCM_PROVIDER_NAME), personalAccessTokenParams.getScmTokenId(), personalAccessTokenParams.getToken()); return Optional.of(personalAccessToken); @@ -226,18 +222,29 @@ public class KubernetesPersonalAccessTokenManager implements PersonalAccessToken return Optional.empty(); } - private void migrate(Secret secret, String providerName) throws InfrastructureException { + private void migrate(Secret secret, @Nullable String providerName) + throws InfrastructureException { + ; String oldAnnotation = secret.getMetadata().getAnnotations().get("che.eclipse.org/scm-personal-access-token-name"); if (!isNullOrEmpty(oldAnnotation)) { + if (isNullOrEmpty(providerName)) { + Optional providerNameOptional = + scmPersonalAccessTokenFetcher.getScmProviderName( + this.secret2PersonalAccessTokenParams(secret)); + if (providerNameOptional.isPresent()) { + providerName = providerNameOptional.get(); + } else + throw new InfrastructureException( + "Unable to migrate secret " + + secret.getMetadata().getName() + + " to new format. No provider name found."); + } secret .getMetadata() .getAnnotations() .remove("che.eclipse.org/scm-personal-access-token-name"); - secret - .getMetadata() - .getAnnotations() - .put(ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME, providerName); + secret.getMetadata().getAnnotations().put(ANNOTATION_SCM_PROVIDER_NAME, providerName); cheServerKubernetesClientFactory .create() .secrets() @@ -251,8 +258,7 @@ public class KubernetesPersonalAccessTokenManager implements PersonalAccessToken String configuredScmServerUrl = secretAnnotations.get(ANNOTATION_SCM_URL); String configuredCheUserId = secretAnnotations.get(ANNOTATION_CHE_USERID); - String configuredOAuthProviderName = - secretAnnotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME); + String configuredOAuthProviderName = secretAnnotations.get(ANNOTATION_SCM_PROVIDER_NAME); // if any of the required annotations is missing, the secret is not valid if (isNullOrEmpty(configuredScmServerUrl) @@ -273,8 +279,7 @@ public class KubernetesPersonalAccessTokenManager implements PersonalAccessToken Map secretAnnotations = secret.getMetadata().getAnnotations(); String token = new String(Base64.getDecoder().decode(secret.getData().get("token"))).trim(); - String configuredOAuthProviderName = - secretAnnotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME); + String configuredOAuthProviderName = secretAnnotations.get(ANNOTATION_SCM_PROVIDER_NAME); String configuredTokenId = secretAnnotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_ID); String configuredScmOrganization = secretAnnotations.get(ANNOTATION_SCM_ORGANIZATION); String configuredScmServerUrl = secretAnnotations.get(ANNOTATION_SCM_URL); @@ -295,8 +300,7 @@ public class KubernetesPersonalAccessTokenManager implements PersonalAccessToken Map secretAnnotations = secret.getMetadata().getAnnotations(); String configuredScmServerUrl = secretAnnotations.get(ANNOTATION_SCM_URL); String configuredCheUserId = secretAnnotations.get(ANNOTATION_CHE_USERID); - String configuredOAuthProviderName = - secretAnnotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME); + String configuredOAuthProviderName = secretAnnotations.get(ANNOTATION_SCM_PROVIDER_NAME); return (configuredCheUserId.equals(cheUser.getUserId())) && (oAuthProviderName == null || oAuthProviderName.equals(configuredOAuthProviderName)) diff --git a/infrastructures/infrastructure-factory/src/test/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesPersonalAccessTokenManagerTest.java b/infrastructures/infrastructure-factory/src/test/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesPersonalAccessTokenManagerTest.java index 2cd07c0856..8675541d91 100644 --- a/infrastructures/infrastructure-factory/src/test/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesPersonalAccessTokenManagerTest.java +++ b/infrastructures/infrastructure-factory/src/test/java/org/eclipse/che/api/factory/server/scm/kubernetes/KubernetesPersonalAccessTokenManagerTest.java @@ -104,7 +104,7 @@ public class KubernetesPersonalAccessTokenManagerTest { new ObjectMetaBuilder() .withAnnotations( Map.of( - ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME, + ANNOTATION_SCM_PROVIDER_NAME, "github", ANNOTATION_CHE_USERID, "user", @@ -181,7 +181,7 @@ public class KubernetesPersonalAccessTokenManagerTest { new ObjectMetaBuilder() .withAnnotations( Map.of( - ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME, + ANNOTATION_SCM_PROVIDER_NAME, "github", ANNOTATION_CHE_USERID, "user1", @@ -192,7 +192,7 @@ public class KubernetesPersonalAccessTokenManagerTest { new ObjectMetaBuilder() .withAnnotations( Map.of( - ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME, + ANNOTATION_SCM_PROVIDER_NAME, "github", ANNOTATION_CHE_USERID, "user1", @@ -203,7 +203,7 @@ public class KubernetesPersonalAccessTokenManagerTest { new ObjectMetaBuilder() .withAnnotations( Map.of( - ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME, + ANNOTATION_SCM_PROVIDER_NAME, "github", ANNOTATION_CHE_USERID, "user2", @@ -249,7 +249,7 @@ public class KubernetesPersonalAccessTokenManagerTest { new ObjectMetaBuilder() .withAnnotations( Map.of( - ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME, + ANNOTATION_SCM_PROVIDER_NAME, "github", ANNOTATION_CHE_USERID, "user1", @@ -294,7 +294,7 @@ public class KubernetesPersonalAccessTokenManagerTest { new ObjectMetaBuilder() .withAnnotations( Map.of( - ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME, + ANNOTATION_SCM_PROVIDER_NAME, "github", ANNOTATION_CHE_USERID, "user1", @@ -339,7 +339,7 @@ public class KubernetesPersonalAccessTokenManagerTest { new ObjectMetaBuilder() .withAnnotations( Map.of( - ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME, + ANNOTATION_SCM_PROVIDER_NAME, "github", ANNOTATION_CHE_USERID, "user1", @@ -350,7 +350,7 @@ public class KubernetesPersonalAccessTokenManagerTest { new ObjectMetaBuilder() .withAnnotations( Map.of( - ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME, + ANNOTATION_SCM_PROVIDER_NAME, "github", ANNOTATION_CHE_USERID, "user1", @@ -396,11 +396,7 @@ public class KubernetesPersonalAccessTokenManagerTest { new ObjectMetaBuilder() .withNamespace("test") .withAnnotations( - Map.of( - ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME, - "github", - ANNOTATION_CHE_USERID, - "user1")) + Map.of(ANNOTATION_SCM_PROVIDER_NAME, "github", ANNOTATION_CHE_USERID, "user1")) .build(); Secret secret1 = new SecretBuilder().withMetadata(meta1).withData(data1).build(); when(secrets.get(any(LabelSelector.class))).thenReturn(Arrays.asList(secret1)); @@ -433,7 +429,7 @@ public class KubernetesPersonalAccessTokenManagerTest { new ObjectMetaBuilder() .withAnnotations( Map.of( - ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME, + ANNOTATION_SCM_PROVIDER_NAME, "github", ANNOTATION_CHE_USERID, "user1", @@ -480,7 +476,7 @@ public class KubernetesPersonalAccessTokenManagerTest { new ObjectMetaBuilder() .withAnnotations( Map.of( - ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME, + ANNOTATION_SCM_PROVIDER_NAME, "github", ANNOTATION_CHE_USERID, "user1", @@ -493,7 +489,7 @@ public class KubernetesPersonalAccessTokenManagerTest { new ObjectMetaBuilder() .withAnnotations( Map.of( - ANNOTATION_SCM_PERSONAL_ACCESS_PROVIDER_NAME, + ANNOTATION_SCM_PROVIDER_NAME, "github", ANNOTATION_CHE_USERID, "user1", diff --git a/wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth/EmbeddedOAuthAPI.java b/wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth/EmbeddedOAuthAPI.java index 8f5f87309c..41cf7849dc 100644 --- a/wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth/EmbeddedOAuthAPI.java +++ b/wsmaster/che-core-api-auth/src/main/java/org/eclipse/che/security/oauth/EmbeddedOAuthAPI.java @@ -185,7 +185,7 @@ public class EmbeddedOAuthAPI implements OAuthAPI { return token; } Optional tokenOptional = - personalAccessTokenManager.get(subject, oauthProvider); + personalAccessTokenManager.get(subject, oauthProvider, null); if (tokenOptional.isPresent()) { PersonalAccessToken tokenDto = tokenOptional.get(); return newDto(OAuthToken.class).withToken(tokenDto.getToken()); diff --git a/wsmaster/che-core-api-factory-azure-devops/src/main/java/org/eclipse/che/api/factory/server/azure/devops/AzureDevOpsPersonalAccessTokenFetcher.java b/wsmaster/che-core-api-factory-azure-devops/src/main/java/org/eclipse/che/api/factory/server/azure/devops/AzureDevOpsPersonalAccessTokenFetcher.java index 68055c347a..aee3bf05d1 100644 --- a/wsmaster/che-core-api-factory-azure-devops/src/main/java/org/eclipse/che/api/factory/server/azure/devops/AzureDevOpsPersonalAccessTokenFetcher.java +++ b/wsmaster/che-core-api-factory-azure-devops/src/main/java/org/eclipse/che/api/factory/server/azure/devops/AzureDevOpsPersonalAccessTokenFetcher.java @@ -167,6 +167,11 @@ public class AzureDevOpsPersonalAccessTokenFetcher implements PersonalAccessToke } } + @Override + public String getProviderName(PersonalAccessTokenParams params) { + return "azure-devops"; + } + private String getLocalAuthenticateUrl() { return cheApiEndpoint + getAuthenticateUrlPath(scopes); } diff --git a/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerPersonalAccessTokenFetcher.java b/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerPersonalAccessTokenFetcher.java index 2e40d9e409..41341d13c1 100644 --- a/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerPersonalAccessTokenFetcher.java +++ b/wsmaster/che-core-api-factory-bitbucket-server/src/main/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketServerPersonalAccessTokenFetcher.java @@ -177,4 +177,9 @@ public class BitbucketServerPersonalAccessTokenFetcher implements PersonalAccess return Optional.empty(); } } + + @Override + public String getProviderName(PersonalAccessTokenParams params) { + return "bitbucket-server"; + } } diff --git a/wsmaster/che-core-api-factory-bitbucket/src/main/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketPersonalAccessTokenFetcher.java b/wsmaster/che-core-api-factory-bitbucket/src/main/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketPersonalAccessTokenFetcher.java index 7ea861c2ee..a1b6f4036e 100644 --- a/wsmaster/che-core-api-factory-bitbucket/src/main/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketPersonalAccessTokenFetcher.java +++ b/wsmaster/che-core-api-factory-bitbucket/src/main/java/org/eclipse/che/api/factory/server/bitbucket/BitbucketPersonalAccessTokenFetcher.java @@ -168,6 +168,11 @@ public class BitbucketPersonalAccessTokenFetcher implements PersonalAccessTokenF } } + @Override + public String getProviderName(PersonalAccessTokenParams params) { + return OAUTH_PROVIDER_NAME; + } + private String getLocalAuthenticateUrl() { return apiEndpoint + "/oauth/authenticate?oauth_provider=" diff --git a/wsmaster/che-core-api-factory-github-common/src/main/java/org/eclipse/che/api/factory/server/github/AbstractGithubPersonalAccessTokenFetcher.java b/wsmaster/che-core-api-factory-github-common/src/main/java/org/eclipse/che/api/factory/server/github/AbstractGithubPersonalAccessTokenFetcher.java index 62e572592b..e468ef1073 100644 --- a/wsmaster/che-core-api-factory-github-common/src/main/java/org/eclipse/che/api/factory/server/github/AbstractGithubPersonalAccessTokenFetcher.java +++ b/wsmaster/che-core-api-factory-github-common/src/main/java/org/eclipse/che/api/factory/server/github/AbstractGithubPersonalAccessTokenFetcher.java @@ -235,6 +235,11 @@ public abstract class AbstractGithubPersonalAccessTokenFetcher } } + @Override + public String getProviderName(PersonalAccessTokenParams params) { + return providerName; + } + /** * Checks if the tokenScopes array contains the requiredScopes. * diff --git a/wsmaster/che-core-api-factory-gitlab/src/main/java/org/eclipse/che/api/factory/server/gitlab/GitlabOAuthTokenFetcher.java b/wsmaster/che-core-api-factory-gitlab/src/main/java/org/eclipse/che/api/factory/server/gitlab/GitlabOAuthTokenFetcher.java index 77ecf657c7..e6d36da3ad 100644 --- a/wsmaster/che-core-api-factory-gitlab/src/main/java/org/eclipse/che/api/factory/server/gitlab/GitlabOAuthTokenFetcher.java +++ b/wsmaster/che-core-api-factory-gitlab/src/main/java/org/eclipse/che/api/factory/server/gitlab/GitlabOAuthTokenFetcher.java @@ -219,6 +219,11 @@ public class GitlabOAuthTokenFetcher implements PersonalAccessTokenFetcher { } } + @Override + public String getProviderName(PersonalAccessTokenParams params) { + return OAUTH_PROVIDER_NAME; + } + private String getLocalAuthenticateUrl() { return apiEndpoint + "/oauth/authenticate?oauth_provider=" diff --git a/wsmaster/che-core-api-factory/src/main/java/org/eclipse/che/api/factory/server/scm/PersonalAccessTokenFetcher.java b/wsmaster/che-core-api-factory/src/main/java/org/eclipse/che/api/factory/server/scm/PersonalAccessTokenFetcher.java index 6f6173e95d..ead8615d0a 100644 --- a/wsmaster/che-core-api-factory/src/main/java/org/eclipse/che/api/factory/server/scm/PersonalAccessTokenFetcher.java +++ b/wsmaster/che-core-api-factory/src/main/java/org/eclipse/che/api/factory/server/scm/PersonalAccessTokenFetcher.java @@ -66,4 +66,6 @@ public interface PersonalAccessTokenFetcher { * or deny that token is valid. */ Optional> isValid(PersonalAccessTokenParams params); + + String getProviderName(PersonalAccessTokenParams params); } diff --git a/wsmaster/che-core-api-factory/src/main/java/org/eclipse/che/api/factory/server/scm/ScmPersonalAccessTokenFetcher.java b/wsmaster/che-core-api-factory/src/main/java/org/eclipse/che/api/factory/server/scm/ScmPersonalAccessTokenFetcher.java index 5568ec56b3..49e916c89a 100644 --- a/wsmaster/che-core-api-factory/src/main/java/org/eclipse/che/api/factory/server/scm/ScmPersonalAccessTokenFetcher.java +++ b/wsmaster/che-core-api-factory/src/main/java/org/eclipse/che/api/factory/server/scm/ScmPersonalAccessTokenFetcher.java @@ -80,7 +80,8 @@ public class ScmPersonalAccessTokenFetcher { * {@link PersonalAccessTokenFetcher#isValid(PersonalAccessTokenParams)} method. If any of the * fetchers return an scm username, return it. Otherwise, return null. */ - public Optional getScmUsername(PersonalAccessTokenParams params) throws UnknownScmProviderException { + public Optional getScmUsername(PersonalAccessTokenParams params) + throws UnknownScmProviderException { for (PersonalAccessTokenFetcher fetcher : personalAccessTokenFetchers) { Optional> isValid = fetcher.isValid(params); if (isValid.isPresent() && isValid.get().first) { @@ -89,4 +90,14 @@ public class ScmPersonalAccessTokenFetcher { } return Optional.empty(); } + + public Optional getScmProviderName(PersonalAccessTokenParams params) { + for (PersonalAccessTokenFetcher fetcher : personalAccessTokenFetchers) { + Optional> isValid = fetcher.isValid(params); + if (isValid.isPresent() && isValid.get().first) { + return Optional.of(fetcher.getProviderName(params)); + } + } + return Optional.empty(); + } }