Merge main into feature/dev-execution

aws-toolkit-automation · web-flow · commit cf6f8af51623 · 2024-11-12T01:29:40.000+01:00
diff --git a/plugins/core/jetbrains-community/src/software/aws/toolkits/jetbrains/core/credentials/sso/DiskCache.kt b/plugins/core/jetbrains-community/src/software/aws/toolkits/jetbrains/core/credentials/sso/DiskCache.kt
@@ -101,15 +101,15 @@ class DiskCache(
         clientRegistrationCache(ssoRegion).tryDeleteIfExists()
     }
 
-    override fun loadClientRegistration(cacheKey: ClientRegistrationCacheKey): ClientRegistration? {
-        LOG.info { "loadClientRegistration for $cacheKey" }
+    override fun loadClientRegistration(cacheKey: ClientRegistrationCacheKey, source: String): ClientRegistration? {
+        LOG.info { "loadClientRegistration:$source for $cacheKey" }
         val inputStream = clientRegistrationCache(cacheKey).tryInputStreamIfExists()
         if (inputStream == null) {
             val stage = LoadCredentialStage.ACCESS_FILE
             LOG.info { "Failed to load Client Registration: cache file does not exist" }
             AuthTelemetry.modifyConnection(
                 action = "Load cache file",
-                source = "loadClientRegistration",
+                source = "loadClientRegistration:$source",
                 result = Result.Failed,
                 reason = "Failed to load Client Registration",
                 reasonDesc = "Load Step:$stage failed. Cache file does not exist"
diff --git a/plugins/core/jetbrains-community/src/software/aws/toolkits/jetbrains/core/credentials/sso/SsoAccessTokenProvider.kt b/plugins/core/jetbrains-community/src/software/aws/toolkits/jetbrains/core/credentials/sso/SsoAccessTokenProvider.kt
@@ -194,7 +194,7 @@ class SsoAccessTokenProvider(
 
     @Deprecated("Device authorization grant flow is deprecated")
     private fun registerDAGClient(): ClientRegistration {
-        loadDagClientRegistration()?.let {
+        loadDagClientRegistration(SourceOfLoadRegistration.REGISTER_CLIENT.toString())?.let {
             return it
         }
 
@@ -235,7 +235,7 @@ class SsoAccessTokenProvider(
     }
 
     private fun registerPkceClient(): PKCEClientRegistration {
-        loadPkceClientRegistration()?.let {
+        loadPkceClientRegistration(SourceOfLoadRegistration.REGISTER_CLIENT.toString())?.let {
             return it
         }
 
@@ -431,8 +431,8 @@ class SsoAccessTokenProvider(
         stageName = RefreshCredentialStage.LOAD_REGISTRATION
         val registration = try {
             when (currentToken) {
-                is DeviceAuthorizationGrantToken -> loadDagClientRegistration()
-                is PKCEAuthorizationGrantToken -> loadPkceClientRegistration()
+                is DeviceAuthorizationGrantToken -> loadDagClientRegistration(SourceOfLoadRegistration.REFRESH_TOKEN.toString())
+                is PKCEAuthorizationGrantToken -> loadPkceClientRegistration(SourceOfLoadRegistration.REFRESH_TOKEN.toString())
             }
         } catch (e: Exception) {
             val message = e.message ?: "$stageName: ${e::class.java.name}"
@@ -505,6 +505,11 @@ class SsoAccessTokenProvider(
         }
     }
 
+    enum class SourceOfLoadRegistration {
+        REGISTER_CLIENT,
+        REFRESH_TOKEN,
+    }
+
     private enum class RefreshCredentialStage {
         VALIDATE_REFRESH_TOKEN,
         LOAD_REGISTRATION,
@@ -514,13 +519,13 @@ class SsoAccessTokenProvider(
         SAVE_TOKEN,
     }
 
-    private fun loadDagClientRegistration(): ClientRegistration? =
-        cache.loadClientRegistration(dagClientRegistrationCacheKey)?.let {
+    private fun loadDagClientRegistration(source: String): ClientRegistration? =
+        cache.loadClientRegistration(dagClientRegistrationCacheKey, source)?.let {
             return it
         }
 
-    private fun loadPkceClientRegistration(): PKCEClientRegistration? =
-        cache.loadClientRegistration(pkceClientRegistrationCacheKey)?.let {
+    private fun loadPkceClientRegistration(source: String): PKCEClientRegistration? =
+        cache.loadClientRegistration(pkceClientRegistrationCacheKey, source)?.let {
             return it as PKCEClientRegistration
         }
 
diff --git a/plugins/core/jetbrains-community/src/software/aws/toolkits/jetbrains/core/credentials/sso/SsoCache.kt b/plugins/core/jetbrains-community/src/software/aws/toolkits/jetbrains/core/credentials/sso/SsoCache.kt
@@ -7,7 +7,7 @@ interface SsoCache {
     fun invalidateClientRegistration(ssoRegion: String)
     fun invalidateAccessToken(ssoUrl: String)
 
-    fun loadClientRegistration(cacheKey: ClientRegistrationCacheKey): ClientRegistration?
+    fun loadClientRegistration(cacheKey: ClientRegistrationCacheKey, source: String): ClientRegistration?
     fun saveClientRegistration(cacheKey: ClientRegistrationCacheKey, registration: ClientRegistration)
     fun invalidateClientRegistration(cacheKey: ClientRegistrationCacheKey)
 
diff --git a/plugins/core/jetbrains-community/tst/software/aws/toolkits/jetbrains/core/credentials/sso/DiskCacheTest.kt b/plugins/core/jetbrains-community/tst/software/aws/toolkits/jetbrains/core/credentials/sso/DiskCacheTest.kt
@@ -57,7 +57,8 @@ class DiskCacheTest {
                     startUrl = ssoUrl,
                     scopes = scopes,
                     region = ssoRegion
-                )
+                ),
+                "testSource"
             )
         ).isNull()
     }
@@ -71,7 +72,7 @@ class DiskCacheTest {
         )
         cacheLocation.resolve("223224b6f0b4702c1a984be8284fe2c9d9718759.json").writeText("badData")
 
-        assertThat(sut.loadClientRegistration(key)).isNull()
+        assertThat(sut.loadClientRegistration(key, "testSource")).isNull()
     }
 
     @Test
@@ -91,7 +92,7 @@ class DiskCacheTest {
             """.trimIndent()
         )
 
-        assertThat(sut.loadClientRegistration(key)).isNull()
+        assertThat(sut.loadClientRegistration(key, "testSource")).isNull()
     }
 
     @Test
@@ -112,7 +113,7 @@ class DiskCacheTest {
             """.trimIndent()
         )
 
-        assertThat(sut.loadClientRegistration(key)).isNull()
+        assertThat(sut.loadClientRegistration(key, "testSource")).isNull()
     }
 
     @Test
@@ -134,7 +135,7 @@ class DiskCacheTest {
             """.trimIndent()
         )
 
-        assertThat(sut.loadClientRegistration(key))
+        assertThat(sut.loadClientRegistration(key, "testSource"))
             .usingRecursiveComparison()
             .isEqualTo(
                 DeviceAuthorizationClientRegistration(
@@ -217,7 +218,7 @@ class DiskCacheTest {
                 """.trimIndent()
             )
 
-        assertThat(sut.loadClientRegistration(key))
+        assertThat(sut.loadClientRegistration(key, "testSource"))
             .usingRecursiveComparison()
             .isEqualTo(
                 PKCEClientRegistration(
@@ -323,10 +324,10 @@ class DiskCacheTest {
             )
         )
 
-        assertThat(sut.loadClientRegistration(key1))
+        assertThat(sut.loadClientRegistration(key1, "testSource"))
             .usingRecursiveComparison()
             .isEqualTo(
-                sut.loadClientRegistration(key2)
+                sut.loadClientRegistration(key2, "testSource")
             )
     }
 
@@ -350,11 +351,11 @@ class DiskCacheTest {
             region = ssoRegion
         )
 
-        assertThat(sut.loadClientRegistration(key)).isNotNull()
+        assertThat(sut.loadClientRegistration(key, "testSource")).isNotNull()
 
         sut.invalidateClientRegistration(key)
 
-        assertThat(sut.loadClientRegistration(key)).isNull()
+        assertThat(sut.loadClientRegistration(key, "testSource")).isNull()
         assertThat(cacheFile).doesNotExist()
     }
 
@@ -619,7 +620,7 @@ class DiskCacheTest {
         registration.setPosixFilePermissions(emptySet())
         assertPosixPermissions(registration, "---------")
 
-        assertThat(sut.loadClientRegistration(key)).isNotNull()
+        assertThat(sut.loadClientRegistration(key, "testSource")).isNotNull()
 
         assertPosixPermissions(registration, "rw-------")
     }
diff --git a/plugins/core/jetbrains-community/tst/software/aws/toolkits/jetbrains/core/credentials/sso/SsoAccessTokenProviderTest.kt b/plugins/core/jetbrains-community/tst/software/aws/toolkits/jetbrains/core/credentials/sso/SsoAccessTokenProviderTest.kt
@@ -124,7 +124,7 @@ class SsoAccessTokenProviderTest {
         verify(ssoOidcClient).startDeviceAuthorization(any<StartDeviceAuthorizationRequest>())
         verify(ssoOidcClient).createToken(any<CreateTokenRequest>())
         verify(ssoCache).loadAccessToken(argThat<DeviceGrantAccessTokenCacheKey> { startUrl == ssoUrl })
-        verify(ssoCache).loadClientRegistration(argThat { region == ssoRegion })
+        verify(ssoCache).loadClientRegistration(argThat { region == ssoRegion }, any<String>())
         verify(ssoCache).saveAccessToken(argThat<DeviceGrantAccessTokenCacheKey> { startUrl == ssoUrl }, eq(accessToken))
     }
 
@@ -170,7 +170,7 @@ class SsoAccessTokenProviderTest {
         verify(ssoOidcClient).startDeviceAuthorization(any<StartDeviceAuthorizationRequest>())
         verify(ssoOidcClient).createToken(any<CreateTokenRequest>())
         verify(ssoCache).loadAccessToken(argThat<DeviceGrantAccessTokenCacheKey> { startUrl == ssoUrl })
-        verify(ssoCache).loadClientRegistration(argThat<DeviceAuthorizationClientRegistrationCacheKey> { region == ssoRegion })
+        verify(ssoCache).loadClientRegistration(argThat<DeviceAuthorizationClientRegistrationCacheKey> { region == ssoRegion }, any<String>())
         verify(ssoCache).saveClientRegistration(argThat<DeviceAuthorizationClientRegistrationCacheKey> { region == ssoRegion }, any())
         verify(ssoCache).saveAccessToken(argThat<DeviceGrantAccessTokenCacheKey> { startUrl == ssoUrl }, eq(accessToken))
     }
@@ -267,7 +267,7 @@ class SsoAccessTokenProviderTest {
         verify(ssoOidcClient).startDeviceAuthorization(any<StartDeviceAuthorizationRequest>())
         verify(ssoOidcClient, times(2)).createToken(any<CreateTokenRequest>())
         verify(ssoCache).loadAccessToken(argThat<DeviceGrantAccessTokenCacheKey> { startUrl == ssoUrl })
-        verify(ssoCache).loadClientRegistration(argThat<DeviceAuthorizationClientRegistrationCacheKey> { region == ssoRegion })
+        verify(ssoCache).loadClientRegistration(argThat<DeviceAuthorizationClientRegistrationCacheKey> { region == ssoRegion }, any<String>())
         verify(ssoCache).saveAccessToken(argThat<DeviceGrantAccessTokenCacheKey> { startUrl == ssoUrl }, eq(accessToken))
     }
 
@@ -296,7 +296,7 @@ class SsoAccessTokenProviderTest {
         val refreshedToken = runBlocking { sut.refreshToken(sut.accessToken()) }
 
         verify(ssoCache).loadAccessToken(argThat<DeviceGrantAccessTokenCacheKey> { startUrl == ssoUrl })
-        verify(ssoCache).loadClientRegistration(argThat { region == ssoRegion })
+        verify(ssoCache).loadClientRegistration(argThat { region == ssoRegion }, any<String>())
         verify(ssoOidcClient).createToken(any<CreateTokenRequest>())
         verify(ssoCache).saveAccessToken(argThat<DeviceGrantAccessTokenCacheKey> { startUrl == ssoUrl }, eq(refreshedToken))
     }
@@ -342,7 +342,7 @@ class SsoAccessTokenProviderTest {
             )
 
             on(
-                ssoCache.loadClientRegistration(any<PKCEClientRegistrationCacheKey>())
+                ssoCache.loadClientRegistration(any<PKCEClientRegistrationCacheKey>(), any<String>())
             ).thenReturn(
                 PKCEClientRegistration(
                     clientType = "public",
@@ -369,7 +369,7 @@ class SsoAccessTokenProviderTest {
         val refreshedToken = runBlocking { sut.refreshToken(sut.accessToken()) }
 
         verify(ssoCache).loadAccessToken(any<PKCEAccessTokenCacheKey>())
-        verify(ssoCache).loadClientRegistration(any<PKCEClientRegistrationCacheKey>())
+        verify(ssoCache).loadClientRegistration(any<PKCEClientRegistrationCacheKey>(), any<String>())
         verify(ssoOidcClient).createToken(any<CreateTokenRequest>())
         verify(ssoCache).saveAccessToken(any<PKCEAccessTokenCacheKey>(), eq(refreshedToken))
     }
@@ -390,7 +390,7 @@ class SsoAccessTokenProviderTest {
         verify(ssoOidcClient).startDeviceAuthorization(any<StartDeviceAuthorizationRequest>())
         verify(ssoOidcClient).createToken(any<CreateTokenRequest>())
         verify(ssoCache).loadAccessToken(argThat<DeviceGrantAccessTokenCacheKey> { startUrl == ssoUrl })
-        verify(ssoCache).loadClientRegistration(argThat<DeviceAuthorizationClientRegistrationCacheKey> { region == ssoRegion })
+        verify(ssoCache).loadClientRegistration(argThat<DeviceAuthorizationClientRegistrationCacheKey> { region == ssoRegion }, any<String>())
     }
 
     @Test
@@ -432,7 +432,7 @@ class SsoAccessTokenProviderTest {
         verify(ssoOidcClient).startDeviceAuthorization(any<StartDeviceAuthorizationRequest>())
         verify(ssoOidcClient, times(2)).createToken(any<CreateTokenRequest>())
         verify(ssoCache).loadAccessToken(argThat<DeviceGrantAccessTokenCacheKey> { startUrl == ssoUrl })
-        verify(ssoCache).loadClientRegistration(argThat<DeviceAuthorizationClientRegistrationCacheKey> { region == ssoRegion })
+        verify(ssoCache).loadClientRegistration(argThat<DeviceAuthorizationClientRegistrationCacheKey> { region == ssoRegion }, any<String>())
         verify(ssoCache).saveAccessToken(argThat<DeviceGrantAccessTokenCacheKey> { startUrl == ssoUrl }, eq(accessToken))
     }
 
@@ -452,7 +452,7 @@ class SsoAccessTokenProviderTest {
 
         verify(ssoOidcClient).registerClient(any<RegisterClientRequest>())
         verify(ssoCache).loadAccessToken(any())
-        verify(ssoCache).loadClientRegistration(argThat { region == ssoRegion })
+        verify(ssoCache).loadClientRegistration(argThat { region == ssoRegion }, any<String>())
     }
 
     @Test
@@ -492,7 +492,7 @@ class SsoAccessTokenProviderTest {
             )
 
             on(
-                ssoCache.loadClientRegistration(argThat { region == ssoRegion })
+                ssoCache.loadClientRegistration(argThat { region == ssoRegion }, any<String>())
             ).thenReturn(
                 returnValue
             )
diff --git a/plugins/core/jetbrains-community/tst/software/aws/toolkits/jetbrains/core/credentials/sso/bearer/InteractiveBearerTokenProviderTest.kt b/plugins/core/jetbrains-community/tst/software/aws/toolkits/jetbrains/core/credentials/sso/bearer/InteractiveBearerTokenProviderTest.kt
@@ -16,6 +16,7 @@ import org.junit.jupiter.api.assertThrows
 import org.mockito.Mockito
 import org.mockito.kotlin.any
 import org.mockito.kotlin.argThat
+import org.mockito.kotlin.eq
 import org.mockito.kotlin.mock
 import org.mockito.kotlin.spy
 import org.mockito.kotlin.times
@@ -273,7 +274,7 @@ class InteractiveBearerTokenProviderTest {
     )
 
     private fun stubClientRegistration() {
-        whenever(diskCache.loadClientRegistration(any<DeviceAuthorizationClientRegistrationCacheKey>())).thenReturn(
+        whenever(diskCache.loadClientRegistration(any<DeviceAuthorizationClientRegistrationCacheKey>(), eq("testSource"))).thenReturn(
             DeviceAuthorizationClientRegistration(
                 "",
                 "",

Original file line number	Diff line number	Diff line change
`@@ -194,7 +194,7 @@ class SsoAccessTokenProvider(`
`194`	`194`
`195`	`195`	`@Deprecated("Device authorization grant flow is deprecated")`
`196`	`196`	`private fun registerDAGClient(): ClientRegistration {`
`197`		`- loadDagClientRegistration()?.let {`
	`197`	`+ loadDagClientRegistration(SourceOfLoadRegistration.REGISTER_CLIENT.toString())?.let {`
`198`	`198`	`return it`
`199`	`199`	`}`
`200`	`200`
`@@ -235,7 +235,7 @@ class SsoAccessTokenProvider(`
`235`	`235`	`}`
`236`	`236`
`237`	`237`	`private fun registerPkceClient(): PKCEClientRegistration {`
`238`		`- loadPkceClientRegistration()?.let {`
	`238`	`+ loadPkceClientRegistration(SourceOfLoadRegistration.REGISTER_CLIENT.toString())?.let {`
`239`	`239`	`return it`
`240`	`240`	`}`
`241`	`241`
`@@ -431,8 +431,8 @@ class SsoAccessTokenProvider(`
`431`	`431`	`stageName = RefreshCredentialStage.LOAD_REGISTRATION`
`432`	`432`	`val registration = try {`
`433`	`433`	`when (currentToken) {`
`434`		`- is DeviceAuthorizationGrantToken -> loadDagClientRegistration()`
`435`		`- is PKCEAuthorizationGrantToken -> loadPkceClientRegistration()`
	`434`	`+ is DeviceAuthorizationGrantToken -> loadDagClientRegistration(SourceOfLoadRegistration.REFRESH_TOKEN.toString())`
	`435`	`+ is PKCEAuthorizationGrantToken -> loadPkceClientRegistration(SourceOfLoadRegistration.REFRESH_TOKEN.toString())`
`436`	`436`	`}`
`437`	`437`	`} catch (e: Exception) {`
`438`	`438`	`val message = e.message ?: "$stageName: ${e::class.java.name}"`
`@@ -505,6 +505,11 @@ class SsoAccessTokenProvider(`
`505`	`505`	`}`
`506`	`506`	`}`
`507`	`507`
	`508`	`+ enum class SourceOfLoadRegistration {`
	`509`	`+ REGISTER_CLIENT,`
	`510`	`+ REFRESH_TOKEN,`
	`511`	`+ }`
	`512`	`+`
`508`	`513`	`private enum class RefreshCredentialStage {`
`509`	`514`	`VALIDATE_REFRESH_TOKEN,`
`510`	`515`	`LOAD_REGISTRATION,`
`@@ -514,13 +519,13 @@ class SsoAccessTokenProvider(`
`514`	`519`	`SAVE_TOKEN,`
`515`	`520`	`}`
`516`	`521`
`517`		`- private fun loadDagClientRegistration(): ClientRegistration? =`
`518`		`- cache.loadClientRegistration(dagClientRegistrationCacheKey)?.let {`
	`522`	`+ private fun loadDagClientRegistration(source: String): ClientRegistration? =`
	`523`	`+ cache.loadClientRegistration(dagClientRegistrationCacheKey, source)?.let {`
`519`	`524`	`return it`
`520`	`525`	`}`
`521`	`526`
`522`		`- private fun loadPkceClientRegistration(): PKCEClientRegistration? =`
`523`		`- cache.loadClientRegistration(pkceClientRegistrationCacheKey)?.let {`
	`527`	`+ private fun loadPkceClientRegistration(source: String): PKCEClientRegistration? =`
	`528`	`+ cache.loadClientRegistration(pkceClientRegistrationCacheKey, source)?.let {`
`524`	`529`	`return it as PKCEClientRegistration`
`525`	`530`	`}`
`526`	`531`
Original file line number	Diff line number	Diff line change
`@@ -57,7 +57,8 @@ class DiskCacheTest {`
`57`	`57`	`startUrl = ssoUrl,`
`58`	`58`	`scopes = scopes,`
`59`	`59`	`region = ssoRegion`
`60`		`- )`
	`60`	`+ ),`
	`61`	`+ "testSource"`
`61`	`62`	`)`
`62`	`63`	`).isNull()`
`63`	`64`	`}`
`@@ -71,7 +72,7 @@ class DiskCacheTest {`
`71`	`72`	`)`
`72`	`73`	`cacheLocation.resolve("223224b6f0b4702c1a984be8284fe2c9d9718759.json").writeText("badData")`
`73`	`74`
`74`		`- assertThat(sut.loadClientRegistration(key)).isNull()`
	`75`	`+ assertThat(sut.loadClientRegistration(key, "testSource")).isNull()`
`75`	`76`	`}`
`76`	`77`
`77`	`78`	`@Test`
`@@ -91,7 +92,7 @@ class DiskCacheTest {`
`91`	`92`	`""".trimIndent()`
`92`	`93`	`)`
`93`	`94`
`94`		`- assertThat(sut.loadClientRegistration(key)).isNull()`
	`95`	`+ assertThat(sut.loadClientRegistration(key, "testSource")).isNull()`
`95`	`96`	`}`
`96`	`97`
`97`	`98`	`@Test`
`@@ -112,7 +113,7 @@ class DiskCacheTest {`
`112`	`113`	`""".trimIndent()`
`113`	`114`	`)`
`114`	`115`
`115`		`- assertThat(sut.loadClientRegistration(key)).isNull()`
	`116`	`+ assertThat(sut.loadClientRegistration(key, "testSource")).isNull()`
`116`	`117`	`}`
`117`	`118`
`118`	`119`	`@Test`
`@@ -134,7 +135,7 @@ class DiskCacheTest {`
`134`	`135`	`""".trimIndent()`
`135`	`136`	`)`
`136`	`137`
`137`		`- assertThat(sut.loadClientRegistration(key))`
	`138`	`+ assertThat(sut.loadClientRegistration(key, "testSource"))`
`138`	`139`	`.usingRecursiveComparison()`
`139`	`140`	`.isEqualTo(`
`140`	`141`	`DeviceAuthorizationClientRegistration(`
`@@ -217,7 +218,7 @@ class DiskCacheTest {`
`217`	`218`	`""".trimIndent()`
`218`	`219`	`)`
`219`	`220`
`220`		`- assertThat(sut.loadClientRegistration(key))`
	`221`	`+ assertThat(sut.loadClientRegistration(key, "testSource"))`
`221`	`222`	`.usingRecursiveComparison()`
`222`	`223`	`.isEqualTo(`
`223`	`224`	`PKCEClientRegistration(`
`@@ -323,10 +324,10 @@ class DiskCacheTest {`
`323`	`324`	`)`
`324`	`325`	`)`
`325`	`326`
`326`		`- assertThat(sut.loadClientRegistration(key1))`
	`327`	`+ assertThat(sut.loadClientRegistration(key1, "testSource"))`
`327`	`328`	`.usingRecursiveComparison()`
`328`	`329`	`.isEqualTo(`
`329`		`- sut.loadClientRegistration(key2)`
	`330`	`+ sut.loadClientRegistration(key2, "testSource")`
`330`	`331`	`)`
`331`	`332`	`}`
`332`	`333`
`@@ -350,11 +351,11 @@ class DiskCacheTest {`
`350`	`351`	`region = ssoRegion`
`351`	`352`	`)`
`352`	`353`
`353`		`- assertThat(sut.loadClientRegistration(key)).isNotNull()`
	`354`	`+ assertThat(sut.loadClientRegistration(key, "testSource")).isNotNull()`
`354`	`355`
`355`	`356`	`sut.invalidateClientRegistration(key)`
`356`	`357`
`357`		`- assertThat(sut.loadClientRegistration(key)).isNull()`
	`358`	`+ assertThat(sut.loadClientRegistration(key, "testSource")).isNull()`
`358`	`359`	`assertThat(cacheFile).doesNotExist()`
`359`	`360`	`}`
`360`	`361`
`@@ -619,7 +620,7 @@ class DiskCacheTest {`
`619`	`620`	`registration.setPosixFilePermissions(emptySet())`
`620`	`621`	`assertPosixPermissions(registration, "---------")`
`621`	`622`
`622`		`- assertThat(sut.loadClientRegistration(key)).isNotNull()`
	`623`	`+ assertThat(sut.loadClientRegistration(key, "testSource")).isNotNull()`
`623`	`624`
`624`	`625`	`assertPosixPermissions(registration, "rw-------")`
`625`	`626`	`}`