Example 1 with IdBroker
use of com.sequenceiq.cloudbreak.domain.stack.cluster.IdBroker in project cloudbreak by hortonworks.
the class ClusterHostServiceRunner method saveIdBrokerPillar.
private void saveIdBrokerPillar(Cluster cluster, Map<String, SaltPillarProperties> servicePillar) {
IdBroker clusterIdBroker = idBrokerService.getByCluster(cluster);
Map<String, Object> idbroker = new HashMap<>();
if (clusterIdBroker != null) {
LOGGER.info("Put idbroker keys/secrets to salt pillar for cluster: " + cluster.getName());
idbroker.put("signpub", clusterIdBroker.getSignPub());
idbroker.put("signcert", clusterIdBroker.getSignCert());
idbroker.put("signkey", clusterIdBroker.getSignKey());
idbroker.put("mastersecret", clusterIdBroker.getMasterSecret());
}
servicePillar.put("idbroker", new SaltPillarProperties("/idbroker/init.sls", singletonMap("idbroker", idbroker)));
}
Also used :
HashMap(java.util.HashMap)
IdBroker(com.sequenceiq.cloudbreak.domain.stack.cluster.IdBroker)
SaltPillarProperties(com.sequenceiq.cloudbreak.orchestrator.model.SaltPillarProperties)
Example 2 with IdBroker
use of com.sequenceiq.cloudbreak.domain.stack.cluster.IdBroker in project cloudbreak by hortonworks.
the class IdBrokerService method generateIdBrokerSignKey.
public void generateIdBrokerSignKey(Long stackId) {
Cluster cluster = clusterService.findOneByStackIdOrNotFoundError(stackId);
IdBroker idBroker = repository.findByClusterId(cluster.getId());
if (idBroker == null) {
LOGGER.debug("Generate IdBroker sign keys for the cluster");
idBroker = idBrokerConverterUtil.generateIdBrokerSignKeys(cluster);
repository.save(idBroker);
} else {
LOGGER.debug("IdBroker sign keysh have already been created");
}
}Example 3 with IdBroker
use of com.sequenceiq.cloudbreak.domain.stack.cluster.IdBroker in project cloudbreak by hortonworks.
the class KnoxGatewayConfigProviderTest method roleConfigsWithGatewayWithLdapConfig.
@Test
public void roleConfigsWithGatewayWithLdapConfig() {
Gateway gateway = new Gateway();
gateway.setKnoxMasterSecret("admin");
gateway.setPath("/a/b/c");
IdBroker idBroker = new IdBroker();
idBroker.setMasterSecret("supersecret");
BlueprintTextProcessor blueprintTextProcessor = mock(BlueprintTextProcessor.class);
LdapView ldapConfig = LdapViewBuilder.aLdapView().build();
BlueprintView blueprintView = new BlueprintView("text", "7.2.11", "CDH", blueprintTextProcessor);
GeneralClusterConfigs generalClusterConfigs = new GeneralClusterConfigs();
generalClusterConfigs.setAccountId(Optional.of("1234"));
TemplatePreparationObject source = Builder.builder().withGateway(gateway, "key", new HashSet<>()).withLdapConfig(ldapConfig).withGeneralClusterConfigs(generalClusterConfigs).withBlueprintView(blueprintView).withVirtualGroupView(new VirtualGroupRequest(TestConstants.CRN, "")).withProductDetails(new ClouderaManagerRepo().withVersion("7.4.2"), List.of(new ClouderaManagerProduct().withVersion("7.2.10").withName("CDH"))).withIdBroker(idBroker).build();
when(virtualGroupService.createOrGetVirtualGroup(source.getVirtualGroupRequest(), UmsVirtualGroupRight.KNOX_ADMIN)).thenReturn("knox_admins");
when(entitlementService.isOjdbcTokenDhOneHour(anyString())).thenReturn(true);
assertEquals(List.of(config("idbroker_master_secret", "supersecret"), config("idbroker_gateway_knox_admin_groups", "knox_admins"), config("idbroker_gateway_signing_keystore_name", "signing.jks"), config("idbroker_gateway_signing_keystore_type", "JKS"), config("idbroker_gateway_signing_key_alias", "signing-identity")), underTest.getRoleConfigs(KnoxRoles.IDBROKER, source));
assertEquals(List.of(config("gateway_master_secret", gateway.getKnoxMasterSecret()), config("gateway_default_topology_name", "cdp-proxy"), config("gateway_knox_admin_groups", "knox_admins"), config("gateway_auto_discovery_enabled", "false"), config("gateway_path", gateway.getPath()), config("gateway_signing_keystore_name", "signing.jks"), config("gateway_signing_keystore_type", "JKS"), config("gateway_signing_key_alias", "signing-identity"), config("gateway_dispatch_whitelist", "^*.*$"), config("gateway_service_tokenstate_impl", "org.apache.knox.gateway.services.token.impl.JDBCTokenStateService")), ThreadBasedUserCrnProvider.doAs(TEST_USER_CRN, () -> underTest.getRoleConfigs(KnoxRoles.KNOX_GATEWAY, source)));
assertEquals(List.of(), underTest.getRoleConfigs("NAMENODE", source));
}
Also used :
TemplatePreparationObject(com.sequenceiq.cloudbreak.template.TemplatePreparationObject)
ClouderaManagerRepo(com.sequenceiq.cloudbreak.cloud.model.ClouderaManagerRepo)
GeneralClusterConfigs(com.sequenceiq.cloudbreak.template.model.GeneralClusterConfigs)
VirtualGroupRequest(com.sequenceiq.cloudbreak.auth.altus.VirtualGroupRequest)
Gateway(com.sequenceiq.cloudbreak.domain.stack.cluster.gateway.Gateway)
BlueprintTextProcessor(com.sequenceiq.cloudbreak.template.processor.BlueprintTextProcessor)
BlueprintView(com.sequenceiq.cloudbreak.template.views.BlueprintView)
ClouderaManagerProduct(com.sequenceiq.cloudbreak.cloud.model.ClouderaManagerProduct)
IdBroker(com.sequenceiq.cloudbreak.domain.stack.cluster.IdBroker)
LdapView(com.sequenceiq.cloudbreak.dto.LdapView)
HashSet(java.util.HashSet)
Test(org.junit.Test)
Example 4 with IdBroker
use of com.sequenceiq.cloudbreak.domain.stack.cluster.IdBroker in project cloudbreak by hortonworks.
the class KnoxGatewayConfigProviderTest method roleConfigsWithGateway.
@Test
public void roleConfigsWithGateway() {
GatewayTopology topology = new GatewayTopology();
topology.setTopologyName("my-topology");
topology.setExposedServices(Json.silent(new ExposedServices()));
Gateway gateway = new Gateway();
gateway.setKnoxMasterSecret("admin");
gateway.setPath("/a/b/c");
gateway.setTopologies(Set.of(topology));
GeneralClusterConfigs generalClusterConfigs = new GeneralClusterConfigs();
generalClusterConfigs.setAccountId(Optional.of("1234"));
IdBroker idBroker = new IdBroker();
idBroker.setMasterSecret("supersecret");
BlueprintTextProcessor blueprintTextProcessor = mock(BlueprintTextProcessor.class);
BlueprintView blueprintView = new BlueprintView("text", "7.2.11", "CDH", blueprintTextProcessor);
TemplatePreparationObject source = Builder.builder().withGateway(gateway, "key", new HashSet<>()).withGeneralClusterConfigs(generalClusterConfigs).withBlueprintView(blueprintView).withVirtualGroupView(new VirtualGroupRequest(TestConstants.CRN, "")).withProductDetails(new ClouderaManagerRepo().withVersion("7.4.2"), List.of(new ClouderaManagerProduct().withVersion("7.2.10").withName("CDH"))).withIdBroker(idBroker).build();
when(virtualGroupService.createOrGetVirtualGroup(source.getVirtualGroupRequest(), UmsVirtualGroupRight.KNOX_ADMIN)).thenReturn("");
when(entitlementService.isOjdbcTokenDhOneHour(anyString())).thenReturn(true);
assertEquals(List.of(config("idbroker_master_secret", "supersecret"), config("idbroker_gateway_knox_admin_groups", ""), config("idbroker_gateway_signing_keystore_name", "signing.jks"), config("idbroker_gateway_signing_keystore_type", "JKS"), config("idbroker_gateway_signing_key_alias", "signing-identity")), underTest.getRoleConfigs(KnoxRoles.IDBROKER, source));
assertEquals(List.of(config("gateway_master_secret", gateway.getKnoxMasterSecret()), config("gateway_default_topology_name", gateway.getTopologies().iterator().next().getTopologyName()), config("gateway_knox_admin_groups", ""), config("gateway_auto_discovery_enabled", "false"), config("gateway_path", gateway.getPath()), config("gateway_signing_keystore_name", "signing.jks"), config("gateway_signing_keystore_type", "JKS"), config("gateway_signing_key_alias", "signing-identity"), config("gateway_dispatch_whitelist", "^*.*$"), config("gateway_service_tokenstate_impl", "org.apache.knox.gateway.services.token.impl.JDBCTokenStateService")), ThreadBasedUserCrnProvider.doAs(TEST_USER_CRN, () -> underTest.getRoleConfigs(KnoxRoles.KNOX_GATEWAY, source)));
assertEquals(List.of(), underTest.getRoleConfigs("NAMENODE", source));
}
Also used :
TemplatePreparationObject(com.sequenceiq.cloudbreak.template.TemplatePreparationObject)
ClouderaManagerRepo(com.sequenceiq.cloudbreak.cloud.model.ClouderaManagerRepo)
GeneralClusterConfigs(com.sequenceiq.cloudbreak.template.model.GeneralClusterConfigs)
VirtualGroupRequest(com.sequenceiq.cloudbreak.auth.altus.VirtualGroupRequest)
Gateway(com.sequenceiq.cloudbreak.domain.stack.cluster.gateway.Gateway)
BlueprintTextProcessor(com.sequenceiq.cloudbreak.template.processor.BlueprintTextProcessor)
BlueprintView(com.sequenceiq.cloudbreak.template.views.BlueprintView)
ExposedServices(com.sequenceiq.cloudbreak.domain.stack.cluster.gateway.ExposedServices)
ClouderaManagerProduct(com.sequenceiq.cloudbreak.cloud.model.ClouderaManagerProduct)
GatewayTopology(com.sequenceiq.cloudbreak.domain.stack.cluster.gateway.GatewayTopology)
IdBroker(com.sequenceiq.cloudbreak.domain.stack.cluster.IdBroker)
Test(org.junit.Test)
Example 5 with IdBroker
use of com.sequenceiq.cloudbreak.domain.stack.cluster.IdBroker in project cloudbreak by hortonworks.
the class IdBrokerServiceTest method testGenerateIdBrokerSignKeyWhenKeysExist.
@Test
public void testGenerateIdBrokerSignKeyWhenKeysExist() {
Cluster cluster = new Cluster();
IdBroker idBroker = new IdBroker();
when(clusterService.findOneByStackIdOrNotFoundError(STACK_ID)).thenReturn(cluster);
when(repository.findByClusterId(cluster.getId())).thenReturn(idBroker);
underTest.generateIdBrokerSignKey(STACK_ID);
verify(repository, never()).save(any());
verify(idBrokerConverterUtil, never()).generateIdBrokerSignKeys(cluster);
}Aggregations
IdBroker (com.sequenceiq.cloudbreak.domain.stack.cluster.IdBroker)12
VirtualGroupRequest (com.sequenceiq.cloudbreak.auth.altus.VirtualGroupRequest)6
ClouderaManagerProduct (com.sequenceiq.cloudbreak.cloud.model.ClouderaManagerProduct)6
ClouderaManagerRepo (com.sequenceiq.cloudbreak.cloud.model.ClouderaManagerRepo)6
TemplatePreparationObject (com.sequenceiq.cloudbreak.template.TemplatePreparationObject)6
GeneralClusterConfigs (com.sequenceiq.cloudbreak.template.model.GeneralClusterConfigs)6
BlueprintView (com.sequenceiq.cloudbreak.template.views.BlueprintView)6
Cluster (com.sequenceiq.cloudbreak.domain.stack.cluster.Cluster)5
Gateway (com.sequenceiq.cloudbreak.domain.stack.cluster.gateway.Gateway)5
BlueprintTextProcessor (com.sequenceiq.cloudbreak.template.processor.BlueprintTextProcessor)5
Test (org.junit.Test)5
LdapView (com.sequenceiq.cloudbreak.dto.LdapView)3
CloudCredential (com.sequenceiq.cloudbreak.cloud.model.CloudCredential)2
ExposedServices (com.sequenceiq.cloudbreak.domain.stack.cluster.gateway.ExposedServices)2
GatewayTopology (com.sequenceiq.cloudbreak.domain.stack.cluster.gateway.GatewayTopology)2
Credential (com.sequenceiq.cloudbreak.dto.credential.Credential)2
DetailedEnvironmentResponse (com.sequenceiq.environment.api.v1.environment.model.response.DetailedEnvironmentResponse)2
HashMap (java.util.HashMap)2
HashSet (java.util.HashSet)2
Test (org.junit.jupiter.api.Test)2
