eclipse-che · ibuziuk · Mar 3, 2025 · Feb 27, 2025 · Feb 27, 2025 · Mar 3, 2025
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2024 Red Hat, Inc.
+ * Copyright (c) 2012-2025 Red Hat, Inc.
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
  * which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -150,19 +150,14 @@ public PersonalAccessToken fetchAndSave(Subject cheUser, String scmServerUrl)
     return personalAccessToken;
   }
 
-  @Override
-  public Optional<PersonalAccessToken> get(Subject cheUser, String scmServerUrl)
-      throws ScmConfigurationPersistenceException, ScmCommunicationException {
-    return doGetPersonalAccessTokens(cheUser, null, scmServerUrl).stream().findFirst();
-  }
-
   @Override
   public PersonalAccessToken get(String scmServerUrl)
       throws ScmConfigurationPersistenceException, ScmUnauthorizedException,
           ScmCommunicationException, UnknownScmProviderException,
           UnsatisfiedScmPreconditionException {
     Subject subject = EnvironmentContext.getCurrent().getSubject();
-    Optional<PersonalAccessToken> tokenOptional = get(subject, scmServerUrl);
+    Optional<PersonalAccessToken> tokenOptional =
+        doGetPersonalAccessTokens(subject, null, scmServerUrl, null).stream().findFirst();
     if (tokenOptional.isPresent()) {
       return tokenOptional.get();
     } else {
@@ -173,21 +168,30 @@ public PersonalAccessToken get(String scmServerUrl)
 
   @Override
   public Optional<PersonalAccessToken> get(
-      Subject cheUser, String oAuthProviderName, @Nullable String scmServerUrl)
+      Subject cheUser,
+      String oAuthProviderName,
+      @Nullable String scmServerUrl,
+      @Nullable String namespaceName)
       throws ScmConfigurationPersistenceException, ScmCommunicationException {
-    return doGetPersonalAccessTokens(cheUser, oAuthProviderName, scmServerUrl).stream().findFirst();
+    return doGetPersonalAccessTokens(cheUser, oAuthProviderName, scmServerUrl, namespaceName)
+        .stream()
+        .findFirst();
   }
 
   private List<PersonalAccessToken> doGetPersonalAccessTokens(
-      Subject cheUser, @Nullable String oAuthProviderName, @Nullable String scmServerUrl)
+      Subject cheUser,
+      @Nullable String oAuthProviderName,
+      @Nullable String scmServerUrl,
+      @Nullable String namespaceName)
       throws ScmConfigurationPersistenceException, ScmCommunicationException {
     List<PersonalAccessToken> result = new ArrayList<>();
     try {
       LOG.debug(
           "Fetching personal access token for user {} and OAuth provider {}",
           cheUser.getUserId(),
           oAuthProviderName);
-      for (KubernetesNamespaceMeta namespaceMeta : namespaceFactory.list()) {
+
+      for (KubernetesNamespaceMeta namespaceMeta : getKubernetesNamespaceMetas(namespaceName)) {
         List<Secret> secrets = doGetPersonalAccessTokenSecrets(namespaceMeta);
 
         for (Secret secret : secrets) {
@@ -245,6 +249,23 @@ private List<PersonalAccessToken> doGetPersonalAccessTokens(
     return result;
   }
 
+  /**
+   * Returns the list of namespaces to search for the personal access token secrets.
+   *
+   * @param namespaceName the user's namespace name
+   */
+  private List<KubernetesNamespaceMeta> getKubernetesNamespaceMetas(@Nullable String namespaceName)
+      throws InfrastructureException {
+    if (namespaceName != null) {
+      return namespaceFactory
+          .fetchNamespace(namespaceName)
+          .map(List::of)
+          .orElseGet(Collections::emptyList);
+    } else {
+      return namespaceFactory.list();
+    }
+  }
+
   private List<Secret> doGetPersonalAccessTokenSecrets(KubernetesNamespaceMeta namespaceMeta)
       throws ScmConfigurationPersistenceException {
     try {
@@ -394,7 +415,8 @@ public void storeGitCredentials(String scmServerUrl)
       throws UnsatisfiedScmPreconditionException, ScmConfigurationPersistenceException,
           ScmCommunicationException, ScmUnauthorizedException {
     Subject subject = EnvironmentContext.getCurrent().getSubject();
-    Optional<PersonalAccessToken> tokenOptional = get(subject, scmServerUrl);
+    Optional<PersonalAccessToken> tokenOptional =
+        doGetPersonalAccessTokens(subject, null, scmServerUrl, null).stream().findFirst();
     if (tokenOptional.isPresent()) {
       PersonalAccessToken personalAccessToken = tokenOptional.get();
       gitCredentialManager.createOrReplace(personalAccessToken);

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2024 Red Hat, Inc.
+ * Copyright (c) 2012-2025 Red Hat, Inc.
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
  * which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -120,7 +120,7 @@ public void shouldTrimBlankCharsInToken() throws Exception {
     // when
     PersonalAccessToken token =
         personalAccessTokenManager
-            .get(new SubjectImpl("user", "user", "t1", false), "http://host1")
+            .get(new SubjectImpl("user", "user", "t1", false), null, "http://host1", null)
             .get();
 
     // then
@@ -231,7 +231,7 @@ public void testGetTokenFromNamespace() throws Exception {
     // when
     PersonalAccessToken token =
         personalAccessTokenManager
-            .get(new SubjectImpl("user", "user1", "t1", false), "http://host1")
+            .get(new SubjectImpl("user", "user1", "t1", false), null, "http://host1", null)
             .get();
 
     // then
@@ -276,8 +276,7 @@ public void shouldGetTokenFromASecretWithSCMUsername() throws Exception {
     // when
     Optional<PersonalAccessToken> tokenOptional =
         personalAccessTokenManager.get(
-            new SubjectImpl("user", "user1", "t1", false), "http://host1");
-
+            new SubjectImpl("user", "user1", "t1", false), null, "http://host1", null);
     // then
     assertTrue(tokenOptional.isPresent());
     assertEquals(tokenOptional.get().getCheUserId(), "user1");
@@ -319,7 +318,7 @@ public void shouldGetTokenFromASecretWithoutSCMUsername() throws Exception {
     // when
     Optional<PersonalAccessToken> tokenOptional =
         personalAccessTokenManager.get(
-            new SubjectImpl("user", "user1", "t1", false), "http://host1");
+            new SubjectImpl("user", "user1", "t1", false), null, "http://host1", null);
 
     // then
     assertTrue(tokenOptional.isPresent());
@@ -378,11 +377,11 @@ public void testGetTokenFromNamespaceWithTrailingSlashMismatch() throws Exceptio
     // when
     PersonalAccessToken token1 =
         personalAccessTokenManager
-            .get(new SubjectImpl("user", "user1", "t1", false), "http://host1.com")
+            .get(new SubjectImpl("user", "user1", "t1", false), null, "http://host1.com", null)
             .get();
     PersonalAccessToken token2 =
         personalAccessTokenManager
-            .get(new SubjectImpl("user", "user1", "t1", false), "http://host2.com/")
+            .get(new SubjectImpl("user", "user1", "t1", false), null, "http://host2.com/", null)
             .get();
 
     // then
@@ -419,7 +418,7 @@ public void shouldDeleteMisconfiguredTokensOnGet() throws Exception {
     // when
     Optional<PersonalAccessToken> token =
         personalAccessTokenManager.get(
-            new SubjectImpl("user", "user1", "t1", false), "http://host1");
+            new SubjectImpl("user", "user1", "t1", false), null, "http://host1", null);
     // then
     assertFalse(token.isPresent());
     verify(nonNamespaceOperation, times(1)).delete(eq(secret1));
@@ -457,7 +456,7 @@ public void shouldDeleteInvalidTokensOnGet() throws Exception {
     // when
     Optional<PersonalAccessToken> token =
         personalAccessTokenManager.get(
-            new SubjectImpl("user", "user1", "t1", false), "http://host1");
+            new SubjectImpl("user", "user1", "t1", false), null, "http://host1", null);
     // then
     assertFalse(token.isPresent());
     verify(nonNamespaceOperation, times(1)).delete(eq(secret1));
@@ -523,7 +522,7 @@ public void shouldReturnFirstValidTokenAndDeleteTheInvalidOne() throws Exception
     // when
     Optional<PersonalAccessToken> token =
         personalAccessTokenManager.get(
-            new SubjectImpl("user", "user1", "t1", false), "http://host1");
+            new SubjectImpl("user", "user1", "t1", false), null, "http://host1", null);
     // then
     assertTrue(token.isPresent());
     assertEquals(token.get().getScmTokenId(), "id2");

@@ -77,7 +77,7 @@ public void configure(NamespaceResolutionContext namespaceResolutionContext, Str
     Optional<String> gitconfigOptional = getGitconfig(client, namespaceName);
     Optional<Pair<String, String>> usernameAndEmailFromGitconfigOptional = Optional.empty();
     Optional<Pair<String, String>> usernameAndEmailFromFetcherOptional =
-        getUsernameAndEmailFromFetcher();
+        getUsernameAndEmailFromFetcher(namespaceName);
     if (gitconfigOptional.isPresent()) {
       String gitconfig = gitconfigOptional.get();
       usernameAndEmailFromGitconfigOptional = getUsernameAndEmailFromGitconfig(gitconfig);
@@ -152,11 +152,11 @@ private Optional<Pair<String, String>> getUsernameAndEmailFromGitconfig(String g
     return Optional.empty();
   }
 
-  private Optional<Pair<String, String>> getUsernameAndEmailFromFetcher() {
+  private Optional<Pair<String, String>> getUsernameAndEmailFromFetcher(String namespaceName) {
     GitUserData gitUserData;
     for (GitUserDataFetcher fetcher : gitUserDataFetchers) {
       try {
-        gitUserData = fetcher.fetchGitUserData();
+        gitUserData = fetcher.fetchGitUserData(namespaceName);
         if (!isNullOrEmpty(gitUserData.getScmUsername())
             && !isNullOrEmpty(gitUserData.getScmUserEmail())) {
           return Optional.of(

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2024 Red Hat, Inc.
+ * Copyright (c) 2012-2025 Red Hat, Inc.
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
  * which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -78,7 +78,10 @@ public void configure(NamespaceResolutionContext namespaceResolutionContext, Str
               try {
                 Subject cheSubject = EnvironmentContext.getCurrent().getSubject();
                 personalAccessTokenManager.get(
-                    cheSubject, s.getMetadata().getAnnotations().get(ANNOTATION_SCM_URL));
+                    cheSubject,
+                    null,
+                    s.getMetadata().getAnnotations().get(ANNOTATION_SCM_URL),
+                    namespaceName);
               } catch (ScmConfigurationPersistenceException | ScmCommunicationException e) {
                 LOG.error(e.getMessage(), e);
               }

@@ -11,6 +11,7 @@
  */
 package org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator;
 
+import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.when;
 
@@ -79,7 +80,7 @@ public void setUp()
   @Test
   public void shouldCreateGitconfigConfigmapWithUserSection() throws Exception {
     // given
-    when(gitUserDataFetcher.fetchGitUserData())
+    when(gitUserDataFetcher.fetchGitUserData(anyString()))
         .thenReturn(new GitUserData("username", "userEmail"));
     configurator =
         new GitconfigConfigurator(cheServerKubernetesClientFactory, Set.of(gitUserDataFetcher));
@@ -124,7 +125,7 @@ public void shouldUpdateGitconfigConfigmapWithUserSection()
     serverMock.getClient().configMaps().inNamespace(TEST_NAMESPACE_NAME).create(gitconfigConfigmap);
     configurator =
         new GitconfigConfigurator(cheServerKubernetesClientFactory, Set.of(gitUserDataFetcher));
-    when(gitUserDataFetcher.fetchGitUserData())
+    when(gitUserDataFetcher.fetchGitUserData(anyString()))
         .thenReturn(new GitUserData("username", "userEmail"));
     // when
     configurator.configure(namespaceResolutionContext, TEST_NAMESPACE_NAME);
@@ -158,7 +159,7 @@ public void shouldUpdateGitconfigConfigmapWithStoredSectionsWithUserSection()
     serverMock.getClient().configMaps().inNamespace(TEST_NAMESPACE_NAME).create(gitconfigConfigmap);
     configurator =
         new GitconfigConfigurator(cheServerKubernetesClientFactory, Set.of(gitUserDataFetcher));
-    when(gitUserDataFetcher.fetchGitUserData())
+    when(gitUserDataFetcher.fetchGitUserData(anyString()))
         .thenReturn(new GitUserData("username", "userEmail"));
     // when
     configurator.configure(namespaceResolutionContext, TEST_NAMESPACE_NAME);
@@ -192,7 +193,7 @@ public void shouldNotUpdateGitconfigConfigmapWithUserSection()
     serverMock.getClient().configMaps().inNamespace(TEST_NAMESPACE_NAME).create(gitconfigConfigmap);
     configurator =
         new GitconfigConfigurator(cheServerKubernetesClientFactory, Set.of(gitUserDataFetcher));
-    when(gitUserDataFetcher.fetchGitUserData())
+    when(gitUserDataFetcher.fetchGitUserData(anyString()))
         .thenReturn(new GitUserData("fetcher-username", "fetcher-userEmail"));
     // when
     configurator.configure(namespaceResolutionContext, TEST_NAMESPACE_NAME);

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2024 Red Hat, Inc.
+ * Copyright (c) 2012-2025 Red Hat, Inc.
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
  * which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -245,9 +245,10 @@ public OAuthToken getOrRefreshToken(String oauthProvider)
       } else {
         Optional<PersonalAccessToken> tokenOptional;
         try {
-          tokenOptional = personalAccessTokenManager.get(subject, oauthProvider, null);
+          tokenOptional = personalAccessTokenManager.get(subject, oauthProvider, null, null);
           if (tokenOptional.isEmpty()) {
-            tokenOptional = personalAccessTokenManager.get(subject, provider.getEndpointUrl());
+            tokenOptional =
+                personalAccessTokenManager.get(subject, null, provider.getEndpointUrl(), null);
           }
           if (tokenOptional.isPresent()) {
             return newDto(OAuthToken.class).withToken(tokenOptional.get().getToken());

@@ -88,7 +88,8 @@ private boolean isUserTokenPresent(String repositoryUrl) {
         .anyMatch(t -> Pattern.compile(format(t, schema, host)).matcher(repositoryUrl).matches())) {
       try {
         Optional<PersonalAccessToken> token =
-            personalAccessTokenManager.get(EnvironmentContext.getCurrent().getSubject(), serverUrl);
+            personalAccessTokenManager.get(
+                EnvironmentContext.getCurrent().getSubject(), null, serverUrl, null);
         return token.isPresent() && token.get().getScmTokenName().equals(OAUTH_PROVIDER_NAME);
       } catch (ScmConfigurationPersistenceException | ScmCommunicationException exception) {
         return false;

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2023 Red Hat, Inc.
+ * Copyright (c) 2012-2025 Red Hat, Inc.
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
  * which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -73,7 +73,7 @@ public BitbucketServerUserDataFetcher(
   }
 
   @Override
-  public GitUserData fetchGitUserData()
+  public GitUserData fetchGitUserData(String namespaceName)
       throws ScmUnauthorizedException, ScmCommunicationException,
           ScmConfigurationPersistenceException, ScmItemNotFoundException {
     Subject cheSubject = EnvironmentContext.getCurrent().getSubject();
@@ -90,7 +90,7 @@ public GitUserData fetchGitUserData()
 
     // Try go get user data using personal access token
     Optional<PersonalAccessToken> personalAccessToken =
-        this.personalAccessTokenManager.get(cheSubject, OAUTH_PROVIDER_NAME, null);
+        this.personalAccessTokenManager.get(cheSubject, OAUTH_PROVIDER_NAME, null, namespaceName);
     if (personalAccessToken.isPresent()) {
       PersonalAccessToken token = personalAccessToken.get();
       HttpBitbucketServerApiClient httpBitbucketServerApiClient =

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2023 Red Hat, Inc.
+ * Copyright (c) 2012-2025 Red Hat, Inc.
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
  * which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -66,7 +66,7 @@ public void shouldBeAbleToFetchPersonalAccessToken()
     when(bitbucketServerApiClient.isConnected(eq(someBitbucketURL))).thenReturn(true);
     when(bitbucketServerApiClient.getUser()).thenReturn(bitbucketUser);
     // when
-    GitUserData gitUserData = fetcher.fetchGitUserData();
+    GitUserData gitUserData = fetcher.fetchGitUserData(null);
     // then
     assertEquals(gitUserData.getScmUsername(), "User");
     assertEquals(gitUserData.getScmUserEmail(), "user@users.com");

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2024 Red Hat, Inc.
+ * Copyright (c) 2012-2025 Red Hat, Inc.
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
  * which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -64,7 +64,8 @@ public BitbucketUserDataFetcher(
   }
 
   @Override
-  public GitUserData fetchGitUserData() throws ScmUnauthorizedException, ScmCommunicationException {
+  public GitUserData fetchGitUserData(String namespaceName)
+      throws ScmUnauthorizedException, ScmCommunicationException {
     OAuthToken oAuthToken;
     try {
       oAuthToken = oAuthAPI.getOrRefreshToken(OAUTH_PROVIDER_NAME);

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2024 Red Hat, Inc.
+ * Copyright (c) 2012-2025 Red Hat, Inc.
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
  * which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -85,7 +85,7 @@ public void shouldFetchGitUserData() throws Exception {
         newDto(OAuthToken.class).withToken(bitbucketOauthToken).withScope("repo");
     when(oAuthAPI.getOrRefreshToken(anyString())).thenReturn(oAuthToken);
 
-    GitUserData gitUserData = bitbucketUserDataFetcher.fetchGitUserData();
+    GitUserData gitUserData = bitbucketUserDataFetcher.fetchGitUserData(null);
 
     assertEquals(gitUserData.getScmUsername(), "Bitbucket User");
     assertEquals(gitUserData.getScmUserEmail(), "bitbucketuser@email.com");