Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
gitpod-io
GitHub Repository: gitpod-io/gitpod
 Path: blob/main/test/tests/smoke-test/papi_create_temp_token_test.go
2498 views
1
// Copyright (c) 2024 Gitpod GmbH. All rights reserved.

2
// Licensed under the GNU Affero General Public License (AGPL).

3
// See License.AGPL.txt in the project root for license information.

4


5
package smoketest

6


7
import (

8
	"context"

9
	"fmt"

10
	"os"

11
	"strings"

12
	"testing"

13
	"time"

14


15
	connect "github.com/bufbuild/connect-go"

16
	v1 "github.com/gitpod-io/gitpod/components/public-api/go/v1"

17
	v1connect "github.com/gitpod-io/gitpod/components/public-api/go/v1/v1connect"

18
)

19


20
/*

21
*

22
export TEST_CREATE_TMP_TOKEN=true

23
export GITPOD_HOST=hw-token-exp-1084.preview.gitpod-dev.com

24


25
	export INSTALLATION_ADMIN_PAT=<admin_pat>

26
	# PAT of a member or an owner or a collaborator

27
	export MEMBER_USER_PAT=<other_pat>

28


29
export MEMBER_USER_ID=fffbc8e0-7f70-4afc-a370-63c889f7e644

30
export TARGET_USER_ID=fffbc8e0-7f70-4afc-a370-63c889f7e644

31


32
go test -run "^TestCreateTemporaryAccessToken" github.com/gitpod-io/gitpod/test/tests/smoke-test -v -count=1

33
*/

34
const BUILTIN_INSTLLATION_ADMIN_USER_ID = "f071bb8e-b5d1-46cf-a436-da03ae63bcd2"

35


36
func TestCreateTemporaryAccessToken(t *testing.T) {

37
	if !shouldTestPAPICreateTmpToken() {

38
		t.Skip("skip papi create temporary access token test")

39
		return

40
	}

41
	gitpodHost, _ := os.LookupEnv("GITPOD_HOST")

42
	adminPAT, _ := os.LookupEnv("INSTALLATION_ADMIN_PAT")

43
	targetUserID, _ := os.LookupEnv("TARGET_USER_ID")

44
	ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)

45
	defer cancel()

46


47
	assertGetUser(ctx, t, gitpodHost, adminPAT, BUILTIN_INSTLLATION_ADMIN_USER_ID, "")

48
	newTargetToken := assertTemporaryAccessToken(ctx, t, gitpodHost, adminPAT, targetUserID, 60, "")

49
	if newTargetToken == "" {

50
		return

51
	}

52


53
	assertGetUser(ctx, t, gitpodHost, adminPAT, BUILTIN_INSTLLATION_ADMIN_USER_ID, "")

54
	assertGetUser(ctx, t, gitpodHost, newTargetToken, targetUserID, "")

55
}

56


57
func TestCreateTemporaryAccessTokenDeniedToCreateInstallationAdmin(t *testing.T) {

58
	// because installation admin is not an organization owned user

59
	if !shouldTestPAPICreateTmpToken() {

60
		t.Skip("skip papi create temporary access token test")

61
		return

62
	}

63
	gitpodHost, _ := os.LookupEnv("GITPOD_HOST")

64
	adminPAT, _ := os.LookupEnv("INSTALLATION_ADMIN_PAT")

65
	ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)

66
	defer cancel()

67


68
	assertGetUser(ctx, t, gitpodHost, adminPAT, BUILTIN_INSTLLATION_ADMIN_USER_ID, "")

69
	assertTemporaryAccessToken(ctx, t, gitpodHost, adminPAT, BUILTIN_INSTLLATION_ADMIN_USER_ID, 60, "permission_denied")

70
}

71


72
func TestCreateTemporaryAccessTokenWithNotFoundUser(t *testing.T) {

73
	if !shouldTestPAPICreateTmpToken() {

74
		t.Skip("skip papi create temporary access token test")

75
		return

76
	}

77
	gitpodHost, _ := os.LookupEnv("GITPOD_HOST")

78
	adminPAT, _ := os.LookupEnv("INSTALLATION_ADMIN_PAT")

79
	ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)

80
	defer cancel()

81


82
	assertGetUser(ctx, t, gitpodHost, adminPAT, BUILTIN_INSTLLATION_ADMIN_USER_ID, "")

83
	assertTemporaryAccessToken(ctx, t, gitpodHost, adminPAT, "00000000-0000-0000-0000-000000000000", 60, "not_found")

84
}

85


86
func TestCreateTemporaryAccessTokenViaMember(t *testing.T) {

87
	if !shouldTestPAPICreateTmpToken() {

88
		t.Skip("skip papi create temporary access token test")

89
		return

90
	}

91
	gitpodHost, _ := os.LookupEnv("GITPOD_HOST")

92
	memberUserPAT, _ := os.LookupEnv("MEMBER_USER_PAT")

93
	memberUserID, _ := os.LookupEnv("MEMBER_USER_ID")

94
	targetUserID, _ := os.LookupEnv("TARGET_USER_ID")

95
	ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)

96
	defer cancel()

97


98
	assertGetUser(ctx, t, gitpodHost, memberUserPAT, memberUserID, "")

99
	assertTemporaryAccessToken(ctx, t, gitpodHost, memberUserPAT, targetUserID, 60, "permission_denied")

100
}

101


102
func TestCreateTemporaryAccessTokenExpiry(t *testing.T) {

103
	if !shouldTestPAPICreateTmpToken() {

104
		t.Skip("skip papi create temporary access token test")

105
		return

106
	}

107
	gitpodHost, _ := os.LookupEnv("GITPOD_HOST")

108
	adminPAT, _ := os.LookupEnv("INSTALLATION_ADMIN_PAT")

109
	targetUserID, _ := os.LookupEnv("TARGET_USER_ID")

110
	ctx, cancel := context.WithTimeout(context.Background(), time.Second*10)

111
	defer cancel()

112


113
	assertGetUser(ctx, t, gitpodHost, adminPAT, BUILTIN_INSTLLATION_ADMIN_USER_ID, "")

114
	newTargetToken := assertTemporaryAccessToken(ctx, t, gitpodHost, adminPAT, targetUserID, 3, "")

115
	if newTargetToken == "" {

116
		return

117
	}

118
	assertGetUser(ctx, t, gitpodHost, adminPAT, BUILTIN_INSTLLATION_ADMIN_USER_ID, "")

119
	assertGetUser(ctx, t, gitpodHost, newTargetToken, targetUserID, "")

120


121
	time.Sleep(time.Second * 3)

122


123
	assertGetUser(ctx, t, gitpodHost, newTargetToken, targetUserID, "unauthenticated")

124
}

125


126
func TestCreateTemporaryAccessTokenCreateEnv(t *testing.T) {

127
	if !shouldTestPAPICreateTmpToken() {

128
		t.Skip("skip papi create temporary access token test")

129
		return

130
	}

131
	gitpodHost, _ := os.LookupEnv("GITPOD_HOST")

132
	adminPAT, _ := os.LookupEnv("INSTALLATION_ADMIN_PAT")

133
	targetUserID, _ := os.LookupEnv("TARGET_USER_ID")

134
	ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)

135
	defer cancel()

136


137
	assertGetUser(ctx, t, gitpodHost, adminPAT, BUILTIN_INSTLLATION_ADMIN_USER_ID, "")

138
	newTargetToken := assertTemporaryAccessToken(ctx, t, gitpodHost, adminPAT, targetUserID, 60, "")

139
	if newTargetToken == "" {

140
		return

141
	}

142


143
	assertGetUser(ctx, t, gitpodHost, adminPAT, BUILTIN_INSTLLATION_ADMIN_USER_ID, "")

144
	assertGetUser(ctx, t, gitpodHost, newTargetToken, targetUserID, "")

145


146
	assertCreateEnvVar(ctx, t, gitpodHost, newTargetToken, "foo", "boo")

147
}

148


149
func assertTemporaryAccessToken(ctx context.Context, t *testing.T, gitpodHost, userToken, targetUserID string, expirySeconds int32, wantedErrMsg string) string {

150
	useCookie := !strings.HasPrefix(userToken, "gitpod_pat_")

151
	v1Http, v1Opts, v1Host := getPAPIConnSettings(gitpodHost, userToken, useCookie, false)

152
	v1Client := v1connect.NewTokenServiceClient(v1Http, v1Host, v1Opts...)

153
	targetInfo, err := v1Client.CreateTemporaryAccessToken(ctx, connect.NewRequest(&v1.CreateTemporaryAccessTokenRequest{

154
		UserId:        targetUserID,

155
		ExpirySeconds: expirySeconds,

156
	}))

157
	if wantedErrMsg != "" {

158
		if err == nil {

159
			t.Errorf("CreateTemporaryAccessToken() error = %v", err)

160
		}

161
		if !strings.Contains(err.Error(), wantedErrMsg) {

162
			t.Errorf("CreateTemporaryAccessToken() error = %v, wantErr %v", err, wantedErrMsg)

163
		}

164
		return ""

165
	}

166
	if err != nil && wantedErrMsg == "" {

167
		t.Errorf("CreateTemporaryAccessToken() error = %v", err)

168
		return ""

169
	}

170
	return fmt.Sprintf("%s=%s", targetInfo.Msg.CookieName, targetInfo.Msg.Token)

171
}

172


173
func assertGetUser(ctx context.Context, t *testing.T, gitpodHost, userToken string, wantedUser, wantedErrMsg string) {

174
	useCookie := !strings.HasPrefix(userToken, "gitpod_pat_")

175
	v1Http, v1Opts, v1Host := getPAPIConnSettings(gitpodHost, userToken, useCookie, false)

176
	v1Client := v1connect.NewUserServiceClient(v1Http, v1Host, v1Opts...)

177
	user, err := v1Client.GetAuthenticatedUser(ctx, connect.NewRequest(&v1.GetAuthenticatedUserRequest{}))

178
	if wantedErrMsg != "" {

179
		if err == nil {

180
			t.Errorf("GetAuthenticatedUser() error = nil, wantErr %s", wantedErrMsg)

181
			return

182
		}

183
		if !strings.Contains(err.Error(), wantedErrMsg) {

184
			t.Errorf("GetAuthenticatedUser() error = %v, wantErr %s", err, wantedErrMsg)

185
		}

186
		return

187
	}

188
	if err != nil {

189
		t.Errorf("GetAuthenticatedUser() error = %v", err)

190
		return

191
	}

192
	if user.Msg.User.Id != wantedUser {

193
		t.Errorf("GetAuthenticatedUser() = %v, wantUser %v", user.Msg.User.Id, wantedUser)

194
	}

195
}

196


197
func assertCreateEnvVar(ctx context.Context, t *testing.T, gitpodHost, userToken string, envVarName, envVarVal string) {

198
	useCookie := !strings.HasPrefix(userToken, "gitpod_pat_")

199
	v1Http, v1Opts, v1Host := getPAPIConnSettings(gitpodHost, userToken, useCookie, false)

200
	v1Client := v1connect.NewEnvironmentVariableServiceClient(v1Http, v1Host, v1Opts...)

201


202
	list, err := v1Client.ListUserEnvironmentVariables(ctx, connect.NewRequest(&v1.ListUserEnvironmentVariablesRequest{}))

203
	if err != nil {

204
		t.Errorf("ListUserEnvironmentVariables() error = %v", err)

205
		return

206
	}

207
	var found *v1.UserEnvironmentVariable = nil

208
	for _, envVar := range list.Msg.EnvironmentVariables {

209
		if envVar.Name == envVarName {

210
			found = envVar

211
			break

212
		}

213
	}

214
	if found != nil {

215
		fmt.Printf("found env var %+v\n", found)

216
	}

217
	if found == nil {

218
		_, err := v1Client.CreateUserEnvironmentVariable(ctx, connect.NewRequest(&v1.CreateUserEnvironmentVariableRequest{

219
			Name:              envVarName,

220
			Value:             envVarVal,

221
			RepositoryPattern: "*/*",

222
		}))

223
		if err != nil {

224
			t.Errorf("CreateUserEnvironmentVariable() error = %v", err)

225
			return

226
		}

227
	} else {

228
		scope := "*/*"

229
		_, err := v1Client.UpdateUserEnvironmentVariable(ctx, connect.NewRequest(&v1.UpdateUserEnvironmentVariableRequest{

230
			EnvironmentVariableId: found.Id,

231
			Name:                  &envVarName,

232
			Value:                 &envVarVal,

233
			RepositoryPattern:     &scope,

234
		}))

235
		if err != nil {

236
			t.Errorf("UpdateUserEnvironmentVariable() error = %v", err)

237
			return

238
		}

239
	}

240
	list2, err := v1Client.ListUserEnvironmentVariables(ctx, connect.NewRequest(&v1.ListUserEnvironmentVariablesRequest{}))

241
	if err != nil {

242
		t.Errorf("ListUserEnvironmentVariables() error = %v", err)

243
		return

244
	}

245
	for _, envVar := range list2.Msg.EnvironmentVariables {

246
		if envVar.Name == envVarName && envVar.Value == envVarVal {

247
			return

248
		}

249
	}

250
	t.Errorf("Cannot found env var %s=%s", envVarName, envVarVal)

251
}

252


253
func shouldTestPAPICreateTmpToken() bool {

254
	should, _ := os.LookupEnv("TEST_CREATE_TMP_TOKEN")

255
	return should == "true"

256
}

257


258