Merge pull request #295 from keboola/odin-SOX-193

odinuv · web-flow · commit 8717d26af422 · 2023-07-11T09:12:46.000+02:00
Fix execution token permissisons
diff --git a/src/JobFactory/Job.php b/src/JobFactory/Job.php
@@ -378,6 +378,9 @@ private function createPrivilegedToken(string $applicationToken): string
     {
         $tokens = new Tokens($this->getStorageClientWrapper()->getBasicClient());
         $options = new TokenCreateOptions();
+        $options->setDescription(sprintf('Execution Token for job %s', $this->getId()));
+        $options->setCanManageBuckets(true);
+        $options->setCanReadAllFileUploads(true);
         $options->setExpiresIn(self::EXECUTION_TOKEN_TIMEOUT_SECONDS);
         $token = $tokens->createTokenPrivilegedInProtectedDefaultBranch($options, $applicationToken);
 
diff --git a/tests/JobFactory/JobTest.php b/tests/JobFactory/JobTest.php
@@ -829,6 +829,9 @@ public function testGetExecutionTokenDecryptedWithFeatureBranchDefault(): void
                 [
                     'canManageProtectedDefaultBranch' => true,
                     'expiresIn' => 604800,
+                    'description' => 'Execution Token for job 123456456',
+                    'canReadAllFileUploads' => true,
+                    'canManageBuckets' => true,
                 ],
                 $applicationToken
             )

Original file line number	Diff line number	Diff line change
`@@ -378,6 +378,9 @@ private function createPrivilegedToken(string $applicationToken): string`
`378`	`378`	`{`
`379`	`379`	`$tokens = new Tokens($this->getStorageClientWrapper()->getBasicClient());`
`380`	`380`	`$options = new TokenCreateOptions();`
	`381`	`+ $options->setDescription(sprintf('Execution Token for job %s', $this->getId()));`
	`382`	`+ $options->setCanManageBuckets(true);`
	`383`	`+ $options->setCanReadAllFileUploads(true);`
`381`	`384`	`$options->setExpiresIn(self::EXECUTION_TOKEN_TIMEOUT_SECONDS);`
`382`	`385`	`$token = $tokens->createTokenPrivilegedInProtectedDefaultBranch($options, $applicationToken);`
`383`	`386`
Original file line number	Diff line number	Diff line change
`@@ -829,6 +829,9 @@ public function testGetExecutionTokenDecryptedWithFeatureBranchDefault(): void`
`829`	`829`	`[`
`830`	`830`	`'canManageProtectedDefaultBranch' => true,`
`831`	`831`	`'expiresIn' => 604800,`
	`832`	`+ 'description' => 'Execution Token for job 123456456',`
	`833`	`+ 'canReadAllFileUploads' => true,`
	`834`	`+ 'canManageBuckets' => true,`
`832`	`835`	`],`
`833`	`836`	`$applicationToken`
`834`	`837`	`)`