Skip to content

Commit

Permalink
Delete personal access tokens without provider name annotation
Browse files Browse the repository at this point in the history
  • Loading branch information
vinokurig committed May 15, 2024
1 parent e072c76 commit a613555
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 33 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -212,7 +212,7 @@ private Optional<PersonalAccessToken> doGetPersonalAccessToken(
PersonalAccessToken personalAccessToken =
new PersonalAccessToken(
personalAccessTokenParams.getScmProviderUrl(),
getScmProviderName(personalAccessTokenParams),
personalAccessTokenParams.getScmProviderName(),
secretAnnotations.get(ANNOTATION_CHE_USERID),
personalAccessTokenParams.getOrganization(),
scmUsername.get(),
Expand Down Expand Up @@ -242,29 +242,14 @@ private Optional<PersonalAccessToken> doGetPersonalAccessToken(
return Optional.empty();
}

/**
* Returns the name of the SCM provider. If the name is not set, the name of the token is used.
* This is used to support back compatibility with the old token secrets, which do not have the
* 'che.eclipse.org/scm-provider-name' annotation.
*
* @param params the parameters of the personal access token
* @return the name of the SCM provider
*/
private String getScmProviderName(PersonalAccessTokenParams params) {
return isNullOrEmpty(params.getScmProviderName())
? params.getScmTokenName()
: params.getScmProviderName();
}

private boolean deleteSecretIfMisconfigured(Secret secret) throws InfrastructureException {
Map<String, String> secretAnnotations = secret.getMetadata().getAnnotations();
LOG.debug("Secret annotations: {}", secretAnnotations);
String configuredScmServerUrl = secretAnnotations.get(ANNOTATION_SCM_URL);
LOG.debug("SCM server URL: {}", configuredScmServerUrl);
String configuredCheUserId = secretAnnotations.get(ANNOTATION_CHE_USERID);
LOG.debug("Che user ID: {}", configuredCheUserId);
String configuredOAuthProviderName =
secretAnnotations.get(ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME);
String configuredOAuthProviderName = secretAnnotations.get(ANNOTATION_SCM_PROVIDER_NAME);
LOG.debug("OAuth provider name: {}", configuredOAuthProviderName);

// if any of the required annotations is missing, the secret is not valid
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ public void shouldTrimBlankCharsInToken() throws Exception {
new ObjectMetaBuilder()
.withAnnotations(
Map.of(
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME,
ANNOTATION_SCM_PROVIDER_NAME,
"github",
ANNOTATION_CHE_USERID,
"user",
Expand Down Expand Up @@ -187,7 +187,7 @@ public void testGetTokenFromNamespace() throws Exception {
new ObjectMetaBuilder()
.withAnnotations(
Map.of(
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME,
ANNOTATION_SCM_PROVIDER_NAME,
"github",
ANNOTATION_CHE_USERID,
"user1",
Expand All @@ -198,7 +198,7 @@ public void testGetTokenFromNamespace() throws Exception {
new ObjectMetaBuilder()
.withAnnotations(
Map.of(
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME,
ANNOTATION_SCM_PROVIDER_NAME,
"github",
ANNOTATION_CHE_USERID,
"user1",
Expand All @@ -209,7 +209,7 @@ public void testGetTokenFromNamespace() throws Exception {
new ObjectMetaBuilder()
.withAnnotations(
Map.of(
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME,
ANNOTATION_SCM_PROVIDER_NAME,
"github",
ANNOTATION_CHE_USERID,
"user2",
Expand Down Expand Up @@ -255,7 +255,7 @@ public void shouldGetTokenFromASecretWithSCMUsername() throws Exception {
new ObjectMetaBuilder()
.withAnnotations(
Map.of(
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME,
ANNOTATION_SCM_PROVIDER_NAME,
"github",
ANNOTATION_CHE_USERID,
"user1",
Expand Down Expand Up @@ -300,7 +300,7 @@ public void shouldGetTokenFromASecretWithoutSCMUsername() throws Exception {
new ObjectMetaBuilder()
.withAnnotations(
Map.of(
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME,
ANNOTATION_SCM_PROVIDER_NAME,
"github",
ANNOTATION_CHE_USERID,
"user1",
Expand Down Expand Up @@ -345,7 +345,7 @@ public void testGetTokenFromNamespaceWithTrailingSlashMismatch() throws Exceptio
new ObjectMetaBuilder()
.withAnnotations(
Map.of(
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME,
ANNOTATION_SCM_PROVIDER_NAME,
"github",
ANNOTATION_CHE_USERID,
"user1",
Expand All @@ -356,7 +356,7 @@ public void testGetTokenFromNamespaceWithTrailingSlashMismatch() throws Exceptio
new ObjectMetaBuilder()
.withAnnotations(
Map.of(
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME,
ANNOTATION_SCM_PROVIDER_NAME,
"github",
ANNOTATION_CHE_USERID,
"user1",
Expand Down Expand Up @@ -402,11 +402,7 @@ public void shouldDeleteMisconfiguredTokensOnGet() throws Exception {
new ObjectMetaBuilder()
.withNamespace("test")
.withAnnotations(
Map.of(
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME,
"github",
ANNOTATION_CHE_USERID,
"user1"))
Map.of(ANNOTATION_SCM_PROVIDER_NAME, "github", ANNOTATION_CHE_USERID, "user1"))
.build();
Secret secret1 = new SecretBuilder().withMetadata(meta1).withData(data1).build();
when(secrets.get(any(LabelSelector.class))).thenReturn(Arrays.asList(secret1));
Expand Down Expand Up @@ -439,7 +435,7 @@ public void shouldDeleteInvalidTokensOnGet() throws Exception {
new ObjectMetaBuilder()
.withAnnotations(
Map.of(
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME,
ANNOTATION_SCM_PROVIDER_NAME,
"github",
ANNOTATION_CHE_USERID,
"user1",
Expand Down Expand Up @@ -486,7 +482,7 @@ public void shouldReturnFirstValidToken() throws Exception {
new ObjectMetaBuilder()
.withAnnotations(
Map.of(
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME,
ANNOTATION_SCM_PROVIDER_NAME,
"github",
ANNOTATION_CHE_USERID,
"user1",
Expand All @@ -499,7 +495,7 @@ public void shouldReturnFirstValidToken() throws Exception {
new ObjectMetaBuilder()
.withAnnotations(
Map.of(
ANNOTATION_SCM_PERSONAL_ACCESS_TOKEN_NAME,
ANNOTATION_SCM_PROVIDER_NAME,
"github",
ANNOTATION_CHE_USERID,
"user1",
Expand Down

0 comments on commit a613555

Please sign in to comment.