Examples with IdBroker com.sequenceiq.cloudbreak.domain.stack.cluster.IdBroker used on opensource projects

Example 6 with IdBroker

use of com.sequenceiq.cloudbreak.domain.stack.cluster.IdBroker in project cloudbreak by hortonworks.

the class StackToTemplatePreparationObjectConverter method convert.

public TemplatePreparationObject convert(Stack source) {
    try {
        Map<String, Collection<ClusterExposedServiceView>> views = serviceEndpointCollector.prepareClusterExposedServicesViews(source.getCluster(), stackUtil.extractClusterManagerAddress(source));
        DetailedEnvironmentResponse environment = environmentClientService.getByCrn(source.getEnvironmentCrn());
        Credential credential = credentialConverter.convert(environment.getCredential());
        Cluster cluster = clusterService.getById(source.getCluster().getId());
        FileSystem fileSystem = cluster.getFileSystem();
        Optional<LdapView> ldapView = ldapConfigService.get(source.getEnvironmentCrn(), source.getName());
        ClouderaManagerRepo cm = clusterComponentConfigProvider.getClouderaManagerRepoDetails(cluster.getId());
        List<ClouderaManagerProduct> products = clusterComponentConfigProvider.getClouderaManagerProductDetails(cluster.getId());
        BaseFileSystemConfigurationsView fileSystemConfigurationView = getFileSystemConfigurationView(credential, source, fileSystem);
        updateFileSystemViewWithBackupLocation(environment, fileSystemConfigurationView);
        StackInputs stackInputs = getStackInputs(source);
        Map<String, Object> fixInputs = stackInputs.getFixInputs() == null ? new HashMap<>() : stackInputs.getFixInputs();
        fixInputs.putAll(stackInputs.getDatalakeInputs() == null ? new HashMap<>() : stackInputs.getDatalakeInputs());
        Gateway gateway = cluster.getGateway();
        String gatewaySignKey = null;
        if (gateway != null) {
            gatewaySignKey = gateway.getSignKey();
        }
        IdBroker idbroker = idBrokerService.getByCluster(cluster);
        if (idbroker == null) {
            idbroker = idBrokerConverterUtil.generateIdBrokerSignKeys(cluster);
            idBrokerService.save(idbroker);
        }
        String envCrnForVirtualGroups = getEnvironmentCrnForVirtualGroups(environment);
        VirtualGroupRequest virtualGroupRequest = new VirtualGroupRequest(envCrnForVirtualGroups, ldapView.map(LdapView::getAdminGroup).orElse(""));
        String accountId = Crn.safeFromString(source.getResourceCrn()).getAccountId();
        List<UserManagementProto.ServicePrincipalCloudIdentities> servicePrincipalCloudIdentities = grpcUmsClient.listServicePrincipalCloudIdentities(accountId, source.getEnvironmentCrn(), MDCUtils.getRequestId());
        BlueprintView blueprintView = blueprintViewProvider.getBlueprintView(cluster.getBlueprint());
        Optional<String> version = Optional.ofNullable(blueprintView.getVersion());
        Builder builder = Builder.builder().withCloudPlatform(CloudPlatform.valueOf(source.getCloudPlatform())).withRdsConfigs(postgresConfigService.createRdsConfigIfNeeded(source, cluster)).withRdsSslCertificateFilePath(dbCertificateProvider.getSslCertsFilePath()).withGateway(gateway, gatewaySignKey, exposedServiceCollector.getAllKnoxExposed(version)).withIdBroker(idbroker).withCustomConfigurationsView(getCustomConfigurationsView(source, cluster)).withCustomInputs(stackInputs.getCustomInputs() == null ? new HashMap<>() : stackInputs.getCustomInputs()).withFixInputs(fixInputs).withBlueprintView(blueprintView).withFileSystemConfigurationView(fileSystemConfigurationView).withGeneralClusterConfigs(calculateGeneralClusterConfigs(source, cluster)).withLdapConfig(ldapView.orElse(null)).withKerberosConfig(kerberosConfigService.get(source.getEnvironmentCrn(), source.getName()).orElse(null)).withProductDetails(cm, products).withExposedServices(views).withDefaultTags(getStackTags(source)).withSharedServiceConfigs(datalakeService.createSharedServiceConfigsView(source)).withStackType(source.getType()).withVirtualGroupView(virtualGroupRequest);
        transactionService.required(() -> {
            builder.withHostgroups(hostGroupService.getByCluster(cluster.getId()));
        });
        decorateBuilderWithPlacement(source, builder);
        decorateBuilderWithAccountMapping(source, environment, credential, builder, virtualGroupRequest);
        decorateBuilderWithServicePrincipals(source, builder, servicePrincipalCloudIdentities);
        decorateDatalakeView(source, builder);
        return builder.build();
    } catch (AccountTagValidationFailed aTVF) {
        throw new CloudbreakServiceException(aTVF);
    } catch (BlueprintProcessingException | IOException | TransactionService.TransactionExecutionException e) {
        throw new CloudbreakServiceException(e.getMessage(), e);
    }
}

Example 7 with IdBroker

use of com.sequenceiq.cloudbreak.domain.stack.cluster.IdBroker in project cloudbreak by hortonworks.

the class IdBrokerConverterUtil method generateIdBrokerSignKeys.

public IdBroker generateIdBrokerSignKeys(Cluster cluster) {
    IdBroker idBroker = new IdBroker();
    KeyPair identityKey = PkiUtil.generateKeypair();
    KeyPair signKey = PkiUtil.generateKeypair();
    X509Certificate cert = PkiUtil.cert(identityKey, "signing", signKey);
    idBroker.setSignKey(PkiUtil.convert(identityKey.getPrivate()));
    idBroker.setSignPub(PkiUtil.convert(identityKey.getPublic()));
    idBroker.setSignCert(PkiUtil.convert(cert));
    idBroker.setMasterSecret(PasswordUtil.generatePassword());
    idBroker.setCluster(cluster);
    idBroker.setWorkspace(cluster.getWorkspace());
    return idBroker;
}

Example 8 with IdBroker

use of com.sequenceiq.cloudbreak.domain.stack.cluster.IdBroker in project cloudbreak by hortonworks.

the class StackToTemplatePreparationObjectConverterTest method setUp.

@BeforeEach
public void setUp() throws IOException, TransactionService.TransactionExecutionException {
    MockitoAnnotations.initMocks(this);
    doAnswer(invocation -> {
        invocation.getArgument(0, Runnable.class).run();
        return null;
    }).when(transactionService).required(any(Runnable.class));
    User user = new User();
    user.setUserName("applebob@apple.com");
    user.setUserCrn("user-crn");
    Tenant tenant = new Tenant();
    tenant.setId(1L);
    tenant.setName("account");
    user.setTenant(tenant);
    when(stackMock.getCreator()).thenReturn(user);
    when(stackMock.getEnvironmentCrn()).thenReturn("env");
    when(stackMock.getCloudPlatform()).thenReturn(TEST_CLOUD_PLATFORM);
    when(stackMock.cloudPlatform()).thenReturn(TEST_CLOUD_PLATFORM);
    when(stackMock.getType()).thenReturn(StackType.DATALAKE);
    when(stackMock.getRegion()).thenReturn(REGION);
    when(stackMock.getAvailabilityZone()).thenReturn(AVAILABILITY_ZONE);
    when(stackMock.getName()).thenReturn("stackname");
    when(sourceCluster.getId()).thenReturn(TEST_CLUSTER_ID);
    when(cluster.getId()).thenReturn(TEST_CLUSTER_ID);
    when(instanceGroupMetadataCollector.collectMetadata(stackMock)).thenReturn(groupInstances);
    when(cluster.getBlueprint()).thenReturn(blueprint);
    when(blueprint.getBlueprintText()).thenReturn(TEST_BLUEPRINT_TEXT);
    when(blueprint.getStackVersion()).thenReturn("7.2.11");
    when(stackMock.getInputs()).thenReturn(stackInputs);
    when(stackInputs.get(StackInputs.class)).thenReturn(null);
    when(stackMock.getEnvironmentCrn()).thenReturn(TestConstants.CRN);
    when(stackMock.getCluster()).thenReturn(sourceCluster);
    when(sourceCluster.getCustomConfigurations()).thenReturn(customConfigurations);
    when(customConfigurations.getCrn()).thenReturn("test-custom-configs-crn");
    when(stackMock.getResourceCrn()).thenReturn("crn:cdp:datahub:us-west-1:account:cluster:cluster");
    when(clusterService.findOneWithCustomConfigurations(anyLong())).thenReturn(sourceCluster);
    when(accountTagClientService.list()).thenReturn(new HashMap<>());
    when(entitlementService.internalTenant(anyString())).thenReturn(true);
    when(loadBalancerConfigService.getLoadBalancerUserFacingFQDN(anyLong())).thenReturn(null);
    Credential credential = Credential.builder().crn("aCredentialCRN").attributes(new Json("")).build();
    DetailedEnvironmentResponse environmentResponse = DetailedEnvironmentResponse.builder().withIdBrokerMappingSource(IdBrokerMappingSource.MOCK).withCredential(new CredentialResponse()).withAdminGroupName(ADMIN_GROUP_NAME).withCrn(TestConstants.CRN).build();
    when(credentialToCloudCredentialConverter.convert(credential)).thenReturn(cloudCredential);
    when(environmentClientService.getByCrn(anyString())).thenReturn(environmentResponse);
    when(credentialConverter.convert(any(CredentialResponse.class))).thenReturn(credential);
    when(awsMockAccountMappingService.getGroupMappings(REGION, cloudCredential, ADMIN_GROUP_NAME)).thenReturn(MOCK_GROUP_MAPPINGS);
    when(awsMockAccountMappingService.getUserMappings(REGION, cloudCredential)).thenReturn(MOCK_USER_MAPPINGS);
    when(ldapConfigService.get(anyString(), anyString())).thenReturn(Optional.empty());
    when(clusterService.getById(anyLong())).thenReturn(cluster);
    when(customConfigurationsService.getByNameOrCrn(any(NameOrCrn.class))).thenReturn(customConfigurations);
    when(exposedServiceCollector.getAllKnoxExposed(any())).thenReturn(Set.of());
    when(resourceService.getAllByStackId(anyLong())).thenReturn(Collections.EMPTY_LIST);
    IdBroker idbroker = idBrokerConverterUtil.generateIdBrokerSignKeys(cluster);
    when(idBrokerService.getByCluster(any(Cluster.class))).thenReturn(idbroker);
    when(idBrokerService.save(any(IdBroker.class))).thenReturn(idbroker);
    when(grpcUmsClient.listServicePrincipalCloudIdentities(anyString(), anyString(), any(Optional.class))).thenReturn(Collections.EMPTY_LIST);
    when(dbCertificateProvider.getSslCertsFilePath()).thenReturn(SSL_CERTS_FILE_PATH);
    when(stackMock.getId()).thenReturn(1L);
    when(generalClusterConfigsProvider.generalClusterConfigs(any(Stack.class), any(Cluster.class))).thenReturn(new GeneralClusterConfigs());
}

Example 9 with IdBroker

use of com.sequenceiq.cloudbreak.domain.stack.cluster.IdBroker in project cloudbreak by hortonworks.

the class IdBrokerServiceTest method testGenerateIdBrokerSignKeyWhenKeysNotExist.

@Test
public void testGenerateIdBrokerSignKeyWhenKeysNotExist() {
    Cluster cluster = new Cluster();
    cluster.setId(CLUSTER_ID);
    IdBroker idBroker = new IdBroker();
    when(clusterService.findOneByStackIdOrNotFoundError(STACK_ID)).thenReturn(cluster);
    when(repository.findByClusterId(cluster.getId())).thenReturn(null);
    when(idBrokerConverterUtil.generateIdBrokerSignKeys(cluster)).thenReturn(idBroker);
    ArgumentCaptor<IdBroker> argumentCaptor = ArgumentCaptor.forClass(IdBroker.class);
    underTest.generateIdBrokerSignKey(STACK_ID);
    verify(repository).save(argumentCaptor.capture());
    Assertions.assertEquals(idBroker, argumentCaptor.getValue());
}

Example 10 with IdBroker

use of com.sequenceiq.cloudbreak.domain.stack.cluster.IdBroker in project cloudbreak by hortonworks.

the class KnoxGatewayConfigProviderTest method roleConfigsWithoutGateway.

@Test
public void roleConfigsWithoutGateway() {
    GeneralClusterConfigs gcc = new GeneralClusterConfigs();
    gcc.setPassword("secret");
    gcc.setAccountId(Optional.of("1234"));
    IdBroker idBroker = new IdBroker();
    idBroker.setMasterSecret("supersecret");
    BlueprintTextProcessor blueprintTextProcessor = mock(BlueprintTextProcessor.class);
    BlueprintView blueprintView = new BlueprintView("text", "7.2.11", "CDH", blueprintTextProcessor);
    TemplatePreparationObject source = Builder.builder().withGeneralClusterConfigs(gcc).withVirtualGroupView(new VirtualGroupRequest(TestConstants.CRN, "")).withIdBroker(idBroker).withBlueprintView(blueprintView).withProductDetails(new ClouderaManagerRepo().withVersion("7.4.2"), List.of(new ClouderaManagerProduct().withVersion("7.2.10").withName("CDH"))).build();
    when(virtualGroupService.createOrGetVirtualGroup(source.getVirtualGroupRequest(), UmsVirtualGroupRight.KNOX_ADMIN)).thenReturn("");
    assertEquals(List.of(config("idbroker_master_secret", "supersecret"), config("idbroker_gateway_knox_admin_groups", ""), config("idbroker_gateway_signing_keystore_name", "signing.jks"), config("idbroker_gateway_signing_keystore_type", "JKS"), config("idbroker_gateway_signing_key_alias", "signing-identity")), underTest.getRoleConfigs(KnoxRoles.IDBROKER, source));
    assertEquals(List.of(config("gateway_master_secret", gcc.getPassword()), config("gateway_default_topology_name", "cdp-proxy"), config("gateway_knox_admin_groups", ""), config("gateway_auto_discovery_enabled", "false"), config("gateway_service_tokenstate_impl", "org.apache.knox.gateway.services.token.impl.JDBCTokenStateService")), underTest.getRoleConfigs(KnoxRoles.KNOX_GATEWAY, source));
    assertEquals(List.of(), underTest.getRoleConfigs("NAMENODE", source));
}