Skip to content

Added authorization operations #146

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 7 commits into from
Closed

Added authorization operations #146

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
e1b75bf
Added authorization operations
skavanagh Sep 8, 2014
7c57ba0
Updated comments and documentation
skavanagh Sep 10, 2014
d50233c
Added authorization token constructor
skavanagh Sep 10, 2014
4b25c4d
Fixed erroneous parameter in delete request
skavanagh Sep 10, 2014
7ce63e7
Updated comments and documentation
skavanagh Sep 11, 2014
1e109e8
Fixed incorrectly edited file license and contributors
skavanagh Sep 11, 2014
45cbda3
Added expires_in parameter
skavanagh Sep 18, 2014
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,6 @@
target
bin
.metadata
**/integrationTest.properties
.idea
*.iml
**/integrationTest.properties
64 changes: 64 additions & 0 deletions src/main/java/com/openshift/client/IAuthorization.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
/*******************************************************************************
* Copyright (c) 2014 Red Hat, Inc.
* Distributed under license by Red Hat, Inc. All rights reserved.
* This program is made available under the terms of the
* Eclipse Public License v1.0 which accompanies this distribution,
* and is available at http://www.eclipse.org/legal/epl-v10.html
*
* Contributors:
* Sean Kavanagh - initial API and implementation
******************************************************************************/
package com.openshift.client;

/**
* Operations to manage and view authorization resources
*
* @link http://openshift.github.io/documentation/rest_api/rest-api-1-6.html#authorization
*/
public interface IAuthorization extends IOpenShiftResource {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a comment identifying purpose. Consider adding an '@link' with ref to openshift.io documentation http://openshift.github.io/documentation/rest_api/rest-api-1-6.html#authorization

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed skavanagh@7c57ba0



/**
* authorization id
*
* @return
*/
public String getId();

/**
* authorization note
*
* @return
*/
public String getNote();


/**
* authorization scopes
*
* @return
*/
public String getScopes();

/**
* authorization token
*
* @return
*/
public String getToken();


/**
* Destroys this authorization
*
* @throws OpenShiftException
*/
public void destroy() throws OpenShiftException;

/**
* Refresh the authorization but reloading its content from OpenShift.
*
* @throws OpenShiftException
*/
public void refresh() throws OpenShiftException;
}
1 change: 1 addition & 0 deletions src/main/java/com/openshift/client/IHttpClient.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ public interface IHttpClient {
public static final String MEDIATYPE_APPLICATION_FORMURLENCODED = "application/x-www-form-urlencoded";

public static final String AUTHORIZATION_BASIC = "Basic";
public static final String AUTHORIZATION_BEARER = "Bearer";

public static final int STATUS_OK = 200;
public static final int STATUS_INTERNAL_SERVER_ERROR = 500;
Expand Down
34 changes: 34 additions & 0 deletions src/main/java/com/openshift/client/IUser.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,40 @@ public interface IUser extends IOpenShiftResource {

public List<IOpenShiftSSHKey> getSSHKeys() throws OpenShiftException;

/**
* Returns current authorization. Creates new authorization for user if none exists.
* Authorization is set by default when token is used to create API connection.
*
* @return authorization
* @throws OpenShiftException
*/
public IAuthorization getAuthorization() throws OpenShiftException;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's another point imho: we should not rely on a single token, we should lookup the backend to see if we have pre-existing authorizations. Currently we only lookup by token but there might be other ones. Agree?
Furthermore I'm wondering what's happening with expired authorizations. We currently rely on the token to know if the re's an authorization. What about the case where the authorization expired?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree. Ok, I can make LIST_AUTHORIZATIONS apart of this PR then!

public Collection getAuthorizations();
public IAuthorization getAuthorization(String id);

Expired authorizations shouldn't be returned from the LIST_AUTHORIZATIONS operation.
Also, "expires_in_seconds" looks beneficial to make apart of the authorization object too!!

http://openshift.github.io/documentation/rest_api/rest-api-1-6.html#authorization

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cool :)

wait a sec, I already added expires_in in IAuthorization and added integration tests. The merge build is currently running at: #151

I suggest that you can added the above on top in a new PR once you got the new HEAD?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So in my mind an authorization is more to give a particular application permission to use the APIs.

This is how I'm currently using it...

LoginController.java >> 

IOpenShiftConnection connection = new OpenShiftConnectionFactory().getConnection(OpenShiftUtils.CLIENT_NAME, username, password);

IUser user=connection.getUser()

//this could be session cookie, save the token to the DB or whatever
request.getSession().setAttribute("token",  user.createAuthorization("Application XYZ's Authorization", "session", 60*60*2).getToken());
.....


GetSomeOpenShiftInfoController.java >>

IOpenShiftConnection connection = new OpenShiftConnectionFactory().getConnecton(OpenShiftUtils.CLIENT_NAME, request.getSession().getAttribute("token"));

//do some stuff
IDomain domain=connection.getUser().getDomain();
.....


LogoutController.java >>

IOpenShiftConnection connection = new OpenShiftConnectionFactory().getConnecton(OpenShiftUtils.CLIENT_NAME, request.getSession().getAttribute("token"));

//destroy authorization
IDomain domain=connection.getUser().getAuthorization().destroy();
.....

so I'm saving the authorization token to the session in order to obtain a connection later in the application without having to login.

I guess I could write the above to get a list of existing authorization that is associated with the account, pick one, and persist it to the session. .. but then I would feel like my application is piggybacking off of some other application's authorization.

I think a desktop application that integrates with OpenShift could work the same way. Think if you had an eclipse plugin that uses the APIs and didn't want the user to login every time eclipse launches. You would login once, save the token to a configuration file, so the next time eclipse launches you can get the connection without a username and password. I think it would be a little devious for the plugin to use an authorization token that is set for some other application.

.. but on the other hand, I could see someone who has written an app that just manages authorizations (just like ssh keys) so I think there is a need for having the LIST_AUTHORIZATIONS operations.

Thanks for your patience with this stuff!! You guys have been great!!

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you're more than welcome! thanks for all the work :)

Your code excerpt is enlightening, helps understanding.
I think that we should not restrict functionality offered be the REST service. If it's offered we should have it too. In other words if it made sense to the developers of the REST interface to allow one to list and use any auth we should do that too.
My current most concern is the piece of code where we currently either create a new authorization or show an existing one:

APIResource:

public IAuthorization getAuthorization() throws OpenShiftException {
    if (authorization == null) {
        // TODO: if the given token is expired we get an exception here
        this.authorization = getOrCreateAuthorization(token);
    }
    return this.authorization;
}

protected AuthorizationResource getOrCreateAuthorization(String token) {
if (token == null) {
return createAuthorization(null, IOpenShiftJsonConstants.PROPERTY_SESSION, IAuthorization.NO_EXPIRES_IN);
} else {
return new AuthorizationResource(
this, new ShowAuthorizationRequest().execute(token));
}
}

My concern here is what happens if the token is given but it's outdated? I did not test it but I think that we run into an exception (404?). I'm not convinced, it could very much be that the initial connection would fail anyhow. Maybe it shows that we really should do an integration test covering this scenario.
I thought that we should get your great contribution in very quickly and mostly untouched API-wise so that you can switch your application back to the "official" build. Then we can go on and improve where required.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree, I'll work on the get and list this weekend!

My concern here is what happens if the token is given but it's outdated? I did not test it but I think that we run into an exception (404?).

That token should always be the one used to create the connection.
The getAuthorization() either creates a new authorization, returns an authorization that has already been created, or defaults it to the one used when creating the connection (we actually don't have a get with a token or id yet).

It is so if I have

IOpenShiftConnection connection = new OpenShiftConnectionFactory().getConnecton(OpenShiftUtils.CLIENT_NAME, myToken);

then

connection.getUser().getAuthorization()

is the authorization that corresponds to myToken.

And when you authenticate via a token you will only have access to that token's authorization anyways.

so you wouldn't be able to list or get any other authorization.

curl -k https://openshift.redhat.com/broker/rest/user/authorizations -H "Authorization: Bearer 9e01b053026036a40f14b22f53a2e86447703533cd1b86db9d2e8546b519e7da"

messages":[{"exit_code":1,"field":null,"index":null,"severity":"error","text":"This action is not allowed with your current authorization."}],"status":"forbidden"

and that is b/c you wouldn't want an authorization with read access to use the api's to obtain an authorization with write access.

so the new methods for getting and listing authorizations

public Collection getAuthorizations();
public IAuthorization getAuthorization(String id);

should only return something when you call them with a connection that is created with a username and password

I wouldn't be opposed to dropping the creation behind the scenes though and if it returns null, you can do a createAuthorization.

so change it to something like this

public IAuthorization getAuthorization() throws OpenShiftException {
    if (token != null) {
        this.authorization = new AuthorizationResource(this, new ShowAuthorizationRequest().execute(token));
    }
    return this.authorization;
}

It would probability be more straight forward that way anyway.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My concern here is what happens if the token is given but it's outdated? I did not test it but I think that we run into an exception (404?). I'm not convinced, it could very much be that the initial connection would fail anyhow. Maybe it shows that we really should do an integration test covering this scenario.

Ok I got it.. Sorry!! Your saying what if in the time between making the initial connection with the token and doing some other operation the token expires.

I'll write a unit test for that. And we probably need to unit test the "forbidden" stuff too when we add the list and get operations. :)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No problem at all :)
I already added an integration test, fully sufficient to add the discussed tests to that class: AuthorizationIntegrationTest

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok got it, that was my 2nd thought as outlined above, yeah I thought most likely you couldnt get into the situation of a 404 when we do a show_auth request.
Just thinking loud: Looks like separating the 3 available authorization schemes into separate strategies (behind the scenes) would help to get the logic(s) more straight (we'd of course happily accept any furhter patches ;) )

  • username/pw
  • key (authIV, authKey)
  • token


/**
* Creates and returns new authorization set for user
*
* @param note
* A reminder description of what the authorization is for.
* @param scopes
* Scope of the authorization token to determine type of access.
* @return authorization
* @throws OpenShiftException
*/
public IAuthorization createAuthorization(String note, String scopes) throws OpenShiftException;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a useful comment

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed skavanagh@7c57ba0


/**
* Creates and returns new authorization set for user
* @param note
* A reminder description of what the authorization is for.
* @param scopes
* Scope of the authorization token to determine type of access.
* @param expiresIn
* The number of seconds before this authorization expires.
* @return authorization
* @throws OpenShiftException
*/
public IAuthorization createAuthorization(String note, String scopes, int expiresIn) throws OpenShiftException;

/**
* Deprecated, use {@link #addSSHKey(String, ISSHPublicKey)}
*
Expand Down
70 changes: 61 additions & 9 deletions src/main/java/com/openshift/client/OpenShiftConnectionFactory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,12 +107,16 @@ public IOpenShiftConnection getConnection(final String clientId, final String us

public IOpenShiftConnection getConnection(final String clientId, final String username, final String password,
final String serverUrl, ISSLCertificateCallback sslCallback) throws OpenShiftException {
return getConnection(clientId, username, password, null, null, serverUrl, sslCallback);
return getConnection(clientId, username, password, null, null, null, serverUrl, sslCallback);
}
public IOpenShiftConnection getConnection(final String clientId, final String token,
final String serverUrl, ISSLCertificateCallback sslCallback) throws OpenShiftException {
return getConnection(clientId, null, null, null, null, token, serverUrl, sslCallback);
}

public IOpenShiftConnection getConnection(final String clientId, final String username, final String password,
final String authKey, final String authIV, final String serverUrl) throws OpenShiftException {
return getConnection(clientId, username, password, null, null, serverUrl, null);
return getConnection(clientId, username, password, null, null, null, serverUrl, null);
}

/**
Expand All @@ -125,6 +129,8 @@ public IOpenShiftConnection getConnection(final String clientId, final String us
* user's login.
* @param password
* user's password.
* @param token
* authorization token.
* @param serverUrl
* the server url.
* @return a valid connection
Expand All @@ -133,7 +139,7 @@ public IOpenShiftConnection getConnection(final String clientId, final String us
* @throws OpenShiftException
*/
public IOpenShiftConnection getConnection(final String clientId, final String username, final String password,
final String authKey, final String authIV, final String serverUrl,
final String authKey, final String authIV, final String token, final String serverUrl,
final ISSLCertificateCallback sslCertificateCallback) throws OpenShiftException {
if (configuration == null) {
try {
Expand All @@ -144,31 +150,77 @@ public IOpenShiftConnection getConnection(final String clientId, final String us
}

Assert.notNull(clientId);
Assert.notNull(username);
Assert.notNull(password);
if (token == null || token.trim().length() == 0) {
Assert.notNull(username);
Assert.notNull(password);
}
Assert.notNull(serverUrl);

try {
IHttpClient httpClient =
new UrlConnectionHttpClientBuilder()
.setCredentials(username, password, authKey, authIV)
.setCredentials(username, password, authKey, authIV, token)
.setSSLCertificateCallback(sslCertificateCallback)
.setConfigTimeout(configuration.getTimeout())
.client();
return getConnection(clientId, username, password, serverUrl, httpClient);
return getConnection(clientId, username, password, token, serverUrl, httpClient);
} catch (IOException e) {
throw new OpenShiftException(e, "Failed to establish connection for user ''{0}}''", username);
}
}

protected IOpenShiftConnection getConnection(final String clientId, final String username, final String password,
protected IOpenShiftConnection getConnection(final String clientId, final String username, final String password, final String token,
final String serverUrl, IHttpClient httpClient) throws OpenShiftException, IOException {
Assert.notNull(clientId);
Assert.notNull(serverUrl);
Assert.notNull(httpClient);

IRestService service = new RestService(serverUrl, clientId, new JsonMediaType(),
IHttpClient.MEDIATYPE_APPLICATION_JSON, new OpenShiftJsonDTOFactory(), httpClient);
return getConnection(service, username, password);
return getConnection(service, username, password, token);
}

/**
* Establish a connection with the clientId along with a user's authorization token
*
* @param clientId
* http client id
* @param token
* authorization token.
* @param serverUrl
* the server url.
* @return a valid connection
* @throws FileNotFoundException
* @throws IOException
* @throws OpenShiftException
*/
public IOpenShiftConnection getAuthTokenConnection(final String clientId,final String token, final String serverUrl) throws OpenShiftException {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can this be overloaded by renaming to getConnection with the necessary arguments

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was hoping to be able to overload, but there is already a method there.

https://github.com/skavanagh/openshift-java-client/blob/e1b75bf5be54c7f71c2ba289483bf587b538d3f2/src/main/java/com/openshift/client/OpenShiftConnectionFactory.java#L76

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@skavanagh @adietish Not really your issue, but this might be an excellent place to introduce a strategy of some kind to allow the use of a singular name

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if you made serverUrl an actual java.net.URL??

and got rid of
https://github.com/skavanagh/openshift-java-client/blob/e1b75bf5be54c7f71c2ba289483bf587b538d3f2/src/main/java/com/openshift/client/OpenShiftConnectionFactory.java#L51

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that is reasonable, but I'm certain that would break backwards compatibility. @adietish would have more in site as to what our restrictions are.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you go the serverUrl java.net.URL route, could we do something like this...

  • Have the new token method use java.net.URL for serverUrl and rename it getConnection
  • Deprecate everything that has serverURL parameter as a String
  • Add new methods with serverUrl as a java.net.URL
  • Then deprecate this one

https://github.com/skavanagh/openshift-java-client/blob/e1b75bf5be54c7f71c2ba289483bf587b538d3f2/src/main/java/com/openshift/client/OpenShiftConnectionFactory.java#L51

and say that the future release will only support token. ..but for now change it so that if the connection is null with a token, try it as a username and password.

It's a lot of changes, but I think that could be doable.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wasnt very picky about compatibility so far to be honest, maybe I should have been ;)
On the other hand I'm usually very relucant of using URL since the current impl of URL does very nasty unexpected things (ex. internet calls in #equals and #hashCode: http://michaelscharf.blogspot.fr/2006/11/javaneturlequals-and-hashcode-make.html etc.). Usually using URI is the more safe approach. What about URI?

I dont think that turning the default to token authentication is a good thing. The new user (which maybe does a simple cmd-line?) would imho choose the simplest possible way which is via username/password and would not know how to get the token at first sight. If I understand it right you need a first connection which will deliver you (the User will actually) the token that you can then user in another connection:
https://github.com/skavanagh/openshift-java-client/blob/e1b75bf5be54c7f71c2ba289483bf587b538d3f2/src/test/java/com/openshift/internal/client/AuthorizationTest.java#L45

Why not do the overload using the Authorization which would help the user that would discover by using/inspecting API?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The current impl of OpenShiftConnectionFactory has far too many overloads anyhow. I think we should turn to a builder pattern on the medium/longer run.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Having it as a String is nice b/c after the token is created you can persist it easily in a user session, session cookie, datastore or whatever. What if we did something like this for now until you can refactor it?
skavanagh@c6065cb

I got rid of the getAuthTokenConnection methods and added..

public IOpenShiftConnection getConnection(final String clientId)
public void setToken(String token)

return getConnection(clientId, null, null, null, null, token, serverUrl, null);
}
/**
* Establish a connection with the clientId along with a user's authorization
* token. Server URL is retrieved from the local configuration file (in
* see $USER_HOME/.openshift/express.conf)
*
* @param clientId
* http client id
* @param token
* authorization token.
* @return a valid connection
* @throws FileNotFoundException
* @throws IOException
* @throws OpenShiftException
*/
public IOpenShiftConnection getAuthTokenConnection(final String clientId, final String token)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here regarding overloading

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Already a method that beat me to it with this one as well

https://github.com/skavanagh/openshift-java-client/blob/e1b75bf5be54c7f71c2ba289483bf587b538d3f2/src/main/java/com/openshift/client/OpenShiftConnectionFactory.java#L51

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As suggested above: what about using URI to overload?

throws OpenShiftException {
try {
configuration = new OpenShiftConfiguration();
} catch (IOException e) {
throw new OpenShiftException(e, "Failed to load OpenShift configuration file.");
}
return getConnection(clientId, null, null, null, null, token, configuration.getLibraServer(), null);
}



}
72 changes: 70 additions & 2 deletions src/main/java/com/openshift/internal/client/APIResource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
import com.openshift.client.IOpenShiftConnection;
import com.openshift.client.IQuickstart;
import com.openshift.client.IUser;
import com.openshift.client.IAuthorization;
import com.openshift.client.OpenShiftException;
import com.openshift.client.cartridge.EmbeddableCartridge;
import com.openshift.client.cartridge.ICartridge;
Expand All @@ -37,6 +38,7 @@
import com.openshift.internal.client.response.QuickstartDTO;
import com.openshift.internal.client.response.QuickstartJsonDTOFactory;
import com.openshift.internal.client.response.UserResourceDTO;
import com.openshift.internal.client.response.AuthorizationResourceDTO;
import com.openshift.internal.client.utils.Assert;
import com.openshift.internal.client.utils.CollectionUtils;
import com.openshift.internal.client.utils.IOpenShiftJsonConstants;
Expand All @@ -53,20 +55,32 @@ public class APIResource extends AbstractOpenShiftResource implements IOpenShift

private final String login;
private final String password;
private final String token;
private UserResource user;
private AuthorizationResource authorization;
//TODO: implement switch that allows to turn ssl checks on/off
private boolean doSSLChecks = false;
private List<IDomain> domains;
private List<IStandaloneCartridge> standaloneCartridges;
private List<IEmbeddableCartridge> embeddableCartridges;
private Map<String, IQuickstart> quickstartsByName;
private final ExecutorService executorService;

protected APIResource(final String login, final String password, final IRestService service,

protected APIResource(final String token, final IRestService service,
final Map<String, Link> links) {
super(service, links, null);
this.login = null;
this.password = null;
this.token = token;
this.executorService = Executors.newFixedThreadPool(10);
}

protected APIResource(final String login, final String password, final String token, final IRestService service,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overload the constructor such that it only takes a token but no username/password

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed skavanagh@d50233c

final Map<String, Link> links) {
super(service, links, null);
this.login = login;
this.password = password;
this.token = token;
this.executorService = Executors.newFixedThreadPool(10);
}

Expand Down Expand Up @@ -115,6 +129,38 @@ public IUser getUser() throws OpenShiftException {
}
return this.user;
}

public IAuthorization createAuthorization(String note, String scopes) throws OpenShiftException {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not familiar with the authorizations yet. Can you please enlight me (or point me to some doc): what are scopes for?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's permissions for API calls. Under "Add new authorization" it has the scope description

http://openshift.github.io/documentation/rest_api/rest-api-1-6.html#authorization

and it can be any combination of those definitions. Also, "Valid options may be different on your actual implementation of OpenShift."

if (authorization != null) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it looks like we can only have 1 authorization at the time. Is this required or simply to make things simpler?
Shouldn't we have a collection of authorizations instead of a single item (see comments below)?

authorization.destroy();
}
this.authorization = new AuthorizationResource(this, new AddAuthorizationRequest().execute(
new StringParameter(IOpenShiftJsonConstants.PROPERTY_NOTE, note),
new StringParameter(IOpenShiftJsonConstants.PROPERTY_SCOPES, scopes)));
return this.authorization;
}

public IAuthorization createAuthorization(String note, String scopes, int expiresIn) throws OpenShiftException {
if (authorization != null) {
authorization.destroy();
}
this.authorization = new AuthorizationResource(this, new AddAuthorizationRequest().execute(
new StringParameter(IOpenShiftJsonConstants.PROPERTY_NOTE, note),
new StringParameter(IOpenShiftJsonConstants.PROPERTY_SCOPES, scopes),
new StringParameter(IOpenShiftJsonConstants.PROPERTY_EXPIRES_IN, Integer.toString(expiresIn))));
return this.authorization;
}

public IAuthorization getAuthorization() throws OpenShiftException {
if (authorization == null) {
if(token == null) {
this.authorization = new AuthorizationResource(this, new AddAuthorizationRequest().execute(new StringParameter(IOpenShiftJsonConstants.PROPERTY_SCOPES, IOpenShiftJsonConstants.PROPERTY_SESSION)));
} else {
this.authorization = new AuthorizationResource(this, new ShowAuthorizationRequest().execute(token));
}
}
return this.authorization;
}

@Override
public List<IDomain> getDomains() throws OpenShiftException {
Expand Down Expand Up @@ -346,4 +392,26 @@ protected List<QuickstartDTO> execute() throws OpenShiftException {
}
}

private class AddAuthorizationRequest extends ServiceRequest {

private AddAuthorizationRequest() throws OpenShiftException {
super("ADD_AUTHORIZATION");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

guessing by the link in the API resource one can have several authorizations at a time. Shouldnt we support/follow this pattern?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Authorizations are handled individually as far as CRUD goes. I think the only operation that returns multiple is LIST_AUTHORIZATIONS, which I didn't implement. Should we??

we could add something like this..

public Collection getAuthorizations();
public IAuthorization getAuthorization(String id);

then you could use getAuthorization to set the user authorization based one that is found in the collection

}

protected AuthorizationResourceDTO execute(Parameter... parameters) throws OpenShiftException {
return super.execute(parameters);
}
}
private class ShowAuthorizationRequest extends ServiceRequest {

private ShowAuthorizationRequest() throws OpenShiftException {
super("SHOW_AUTHORIZATION");
}

protected AuthorizationResourceDTO execute(String id) throws OpenShiftException {
List<Parameter> urlPathParameter = new Parameters().add("id", id).toList();
return (AuthorizationResourceDTO) super.execute(IHttpClient.NO_TIMEOUT, urlPathParameter, Collections.<Parameter>emptyList());
}
}

}
4 changes: 2 additions & 2 deletions src/main/java/com/openshift/internal/client/AbstractOpenShiftConnectionFactory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,14 +32,14 @@
public abstract class AbstractOpenShiftConnectionFactory {

@SuppressWarnings("unchecked")
protected IOpenShiftConnection getConnection(IRestService service, final String login, final String password) throws IOException, OpenShiftException {
protected IOpenShiftConnection getConnection(IRestService service, final String login, final String password, final String token) throws IOException, OpenShiftException {
RestResponse response =
(RestResponse) service.request(
new Link("Get API", "/api", HttpMethod.GET),
IHttpClient.NO_TIMEOUT,
Collections.<Parameter> emptyList(),
Collections.<Parameter> emptyList());
return new APIResource(login, password, service, (Map<String, Link>) response.getData());
return new APIResource(login, password, token, service, (Map<String, Link>) response.getData());
}

}
Loading