Examples with Secret com.sequenceiq.cloudbreak.service.secret.domain.Secret used on opensource projects

Search in sources :

Example 31 with Secret

use of com.sequenceiq.cloudbreak.service.secret.domain.Secret in project cloudbreak by hortonworks.

the class FreeIpaClientFactoryTest method getFreeIpaClientForStackForLegacyHealthCheckShouldReturnClientWhenStackStatusIsValid.

@Test
void getFreeIpaClientForStackForLegacyHealthCheckShouldReturnClientWhenStackStatusIsValid() {
    Stack stack = createStack();
    stack.setGatewayport(80);
    FreeIpa freeIpa = new FreeIpa();
    freeIpa.setAdminPassword(new Secret("", ""));
    when(freeIpaService.findByStack(stack)).thenReturn(freeIpa);
    when(stackService.getByIdWithListsInTransaction(stack.getId())).thenReturn(stack);
    when(tlsSecurityService.buildTLSClientConfig(any(), any(), any())).thenReturn(new HttpClientConfig(FREEIPP_FQDN));
    Status unreachableState = Status.AVAILABLE;
    StackStatus stackStatus = new StackStatus(stack, unreachableState, "The FreeIPA instance is reachable.", DetailedStackStatus.AVAILABLE);
    stack.setStackStatus(stackStatus);
    FreeIpaClientException exception = Assertions.assertThrows(FreeIpaClientException.class, () -> underTest.getFreeIpaClientForStackForLegacyHealthCheck(stack, FREEIPP_FQDN));
    verify(clusterProxyService, times(1)).isCreateConfigForClusterProxy(stack);
    verify(tlsSecurityService, times(1)).buildTLSClientConfig(any(), any(), any());
    Assertions.assertEquals(FreeIpaClientException.class, exception.getCause().getClass());
}
Also used : Secret(com.sequenceiq.cloudbreak.service.secret.domain.Secret) StackStatus(com.sequenceiq.freeipa.entity.StackStatus) InstanceStatus(com.sequenceiq.freeipa.api.v1.freeipa.stack.model.common.instance.InstanceStatus) Status(com.sequenceiq.freeipa.api.v1.freeipa.stack.model.common.Status) DetailedStackStatus(com.sequenceiq.freeipa.api.v1.freeipa.stack.model.common.DetailedStackStatus) HttpClientConfig(com.sequenceiq.cloudbreak.client.HttpClientConfig) FreeIpa(com.sequenceiq.freeipa.entity.FreeIpa) StackStatus(com.sequenceiq.freeipa.entity.StackStatus) DetailedStackStatus(com.sequenceiq.freeipa.api.v1.freeipa.stack.model.common.DetailedStackStatus) FreeIpaClientException(com.sequenceiq.freeipa.client.FreeIpaClientException) Stack(com.sequenceiq.freeipa.entity.Stack) Test(org.junit.jupiter.api.Test)

Example 32 with Secret

use of com.sequenceiq.cloudbreak.service.secret.domain.Secret in project cloudbreak by hortonworks.

the class RecursiveSecretAspectService method proceedDelete.

public Object proceedDelete(ProceedingJoinPoint proceedingJoinPoint) {
    Queue<Object> entities = convertFirstArgToQueue(proceedingJoinPoint);
    Object entity;
    while ((entity = entities.poll()) != null) {
        try {
            for (Field field : entity.getClass().getDeclaredFields()) {
                if (field.isAnnotationPresent(SecretValue.class)) {
                    LOGGER.info("Found SecretValue annotation on {} in entity of type {}", field, entity.getClass());
                    field.setAccessible(true);
                    Object fieldValue = field.get(entity);
                    if (fieldValue instanceof Secret) {
                        Secret path = (Secret) field.get(entity);
                        if (path != null && path.getSecret() != null) {
                            secretService.delete(path.getSecret());
                            LOGGER.info("Secret deleted at path: {}", path);
                        } else {
                            LOGGER.info("Secret is null for field: {}.{}", field.getDeclaringClass(), field.getName());
                        }
                    } else {
                        entities.add(fieldValue);
                    }
                }
            }
        } catch (IllegalArgumentException e) {
            LOGGER.error("Given entity isn't instance of TenantAwareResource. Secret is not deleted!", e);
            throw new SecretOperationException(e);
        } catch (Exception e) {
            LOGGER.warn("Looks like something went wrong with Secret store. Secret is not deleted!", e);
            throw new SecretOperationException(e);
        }
    }
    Object proceed;
    try {
        proceed = proceedingJoinPoint.proceed();
    } catch (RuntimeException re) {
        LOGGER.warn("Failed to invoke repository delete", re);
        throw re;
    } catch (Throwable throwable) {
        LOGGER.error("Failed to invoke repository delete", throwable);
        throw new SecretOperationException(throwable);
    }
    return proceed;
}
Also used : Secret(com.sequenceiq.cloudbreak.service.secret.domain.Secret) Field(java.lang.reflect.Field) SecretOperationException(com.sequenceiq.cloudbreak.service.secret.SecretOperationException) SecretOperationException(com.sequenceiq.cloudbreak.service.secret.SecretOperationException)

Example 33 with Secret

use of com.sequenceiq.cloudbreak.service.secret.domain.Secret in project cloudbreak by hortonworks.

the class HostKeytabServiceTest method testGetExistingKeytab.

@Test
public void testGetExistingKeytab() throws FreeIpaClientException {
    HostKeytabRequest request = new HostKeytabRequest();
    request.setEnvironmentCrn(ENVIRONMENT_CRN);
    request.setServerHostName("asdf");
    Stack stack = new Stack();
    when(keytabCommonService.getFreeIpaStackWithMdcContext(request.getEnvironmentCrn(), ACCOUNT_ID)).thenReturn(stack);
    FreeIpaClient freeIpaClient = mock(FreeIpaClient.class);
    when(freeIpaClientFactory.getFreeIpaClientForStack(stack)).thenReturn(freeIpaClient);
    Host host = new Host();
    host.setKrbprincipalname("dfdf");
    when(freeIpaClient.showHost(request.getServerHostName())).thenReturn(host);
    KeytabCache keytabCache = mock(KeytabCache.class);
    Secret keytabSecret = new Secret("keytab", "keytabSecret");
    Secret principalSecret = new Secret("principal", "principalSecret");
    when(keytabCache.getKeytab()).thenReturn(keytabSecret);
    when(keytabCache.getPrincipal()).thenReturn(principalSecret);
    when(keytabCommonService.getExistingKeytab(request.getEnvironmentCrn(), host.getKrbprincipalname(), request.getServerHostName(), freeIpaClient)).thenReturn(keytabCache);
    SecretResponse keytabResponse = new SecretResponse();
    keytabResponse.setSecretPath("keytabPath");
    when(secretResponseConverter.convert(keytabCache.getKeytab().getSecret())).thenReturn(keytabResponse);
    SecretResponse principalResponse = new SecretResponse();
    principalResponse.setSecretPath("principalPath");
    when(secretResponseConverter.convert(keytabCache.getPrincipal().getSecret())).thenReturn(principalResponse);
    HostKeytabResponse response = underTest.getExistingHostKeytab(request, ACCOUNT_ID);
    assertEquals(keytabResponse, response.getKeytab());
    assertEquals(principalResponse, response.getHostPrincipal());
}
Also used : Secret(com.sequenceiq.cloudbreak.service.secret.domain.Secret) SecretResponse(com.sequenceiq.cloudbreak.service.secret.model.SecretResponse) HostKeytabResponse(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.HostKeytabResponse) KeytabCache(com.sequenceiq.freeipa.entity.KeytabCache) HostKeytabRequest(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.HostKeytabRequest) FreeIpaClient(com.sequenceiq.freeipa.client.FreeIpaClient) Host(com.sequenceiq.freeipa.client.model.Host) Stack(com.sequenceiq.freeipa.entity.Stack) Test(org.junit.jupiter.api.Test)

Example 34 with Secret

use of com.sequenceiq.cloudbreak.service.secret.domain.Secret in project cloudbreak by hortonworks.

the class HostKeytabServiceTest method testGenerateHostKeytabDoNotRecreateFalse.

@Test
public void testGenerateHostKeytabDoNotRecreateFalse() throws FreeIpaClientException {
    HostKeytabRequest request = new HostKeytabRequest();
    request.setEnvironmentCrn(ENVIRONMENT_CRN);
    request.setRoleRequest(new RoleRequest());
    request.setDoNotRecreateKeytab(Boolean.FALSE);
    request.setServerHostName("asdf");
    Stack stack = new Stack();
    when(keytabCommonService.getFreeIpaStackWithMdcContext(request.getEnvironmentCrn(), ACCOUNT_ID)).thenReturn(stack);
    FreeIpaClient freeIpaClient = mock(FreeIpaClient.class);
    when(freeIpaClientFactory.getFreeIpaClientForStack(stack)).thenReturn(freeIpaClient);
    when(roleComponent.privilegesExist(request.getRoleRequest(), freeIpaClient)).thenReturn(Boolean.TRUE);
    Host host = new Host();
    host.setHasKeytab(Boolean.TRUE);
    host.setKrbprincipalname("dfdf");
    when(keytabCommonService.addHost(request.getServerHostName(), request.getRoleRequest(), freeIpaClient)).thenReturn(host);
    KeytabCache keytabCache = mock(KeytabCache.class);
    Secret keytabSecret = new Secret("keytab", "keytabSecret");
    Secret principalSecret = new Secret("principal", "principalSecret");
    when(keytabCache.getKeytab()).thenReturn(keytabSecret);
    when(keytabCache.getPrincipal()).thenReturn(principalSecret);
    when(keytabCommonService.getKeytab(request.getEnvironmentCrn(), host.getKrbprincipalname(), request.getServerHostName(), freeIpaClient)).thenReturn(keytabCache);
    SecretResponse keytabResponse = new SecretResponse();
    keytabResponse.setSecretPath("keytabPath");
    when(secretResponseConverter.convert(keytabCache.getKeytab().getSecret())).thenReturn(keytabResponse);
    SecretResponse principalResponse = new SecretResponse();
    principalResponse.setSecretPath("principalPath");
    when(secretResponseConverter.convert(keytabCache.getPrincipal().getSecret())).thenReturn(principalResponse);
    HostKeytabResponse response = underTest.generateHostKeytab(request, ACCOUNT_ID);
    assertEquals(keytabResponse, response.getKeytab());
    assertEquals(principalResponse, response.getHostPrincipal());
}
Also used : Secret(com.sequenceiq.cloudbreak.service.secret.domain.Secret) SecretResponse(com.sequenceiq.cloudbreak.service.secret.model.SecretResponse) HostKeytabResponse(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.HostKeytabResponse) KeytabCache(com.sequenceiq.freeipa.entity.KeytabCache) HostKeytabRequest(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.HostKeytabRequest) FreeIpaClient(com.sequenceiq.freeipa.client.FreeIpaClient) Host(com.sequenceiq.freeipa.client.model.Host) RoleRequest(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest) Stack(com.sequenceiq.freeipa.entity.Stack) Test(org.junit.jupiter.api.Test)

Example 35 with Secret

use of com.sequenceiq.cloudbreak.service.secret.domain.Secret in project cloudbreak by hortonworks.

the class SecretAspectService method proceedSave.

public Object proceedSave(ProceedingJoinPoint proceedingJoinPoint) {
    Collection<Object> entities = convertFirstArgToCollection(proceedingJoinPoint);
    for (Object entity : entities) {
        try {
            for (Field field : entity.getClass().getDeclaredFields()) {
                if (field.isAnnotationPresent(SecretValue.class)) {
                    LOGGER.debug("Found SecretValue annotation on {}", field);
                    field.setAccessible(true);
                    Secret value = (Secret) field.get(entity);
                    if (value != null && value.getRaw() != null && value.getSecret() == null) {
                        String accountId = findAccountId(entity);
                        String path = String.format("%s/%s/%s/%s-%s", accountId, entity.getClass().getSimpleName().toLowerCase(), field.getName().toLowerCase(), UUID.randomUUID(), Long.toHexString(System.currentTimeMillis()));
                        String secret = secretService.put(path, value.getRaw());
                        LOGGER.debug("Field: '{}' is saved at path: {}", field.getName(), path);
                        field.set(entity, new SecretProxy(secretService, secret));
                    }
                }
            }
        } catch (IllegalArgumentException e) {
            LOGGER.error("Given entity isn't instance of {}. Secret is not updated!", AccountIdAwareResource.class.getSimpleName(), e);
            throw new SecretOperationException(e.getMessage());
        } catch (Exception e) {
            LOGGER.warn("Looks like something went wrong with Secret store. Secret is not updated!", e);
            throw new SecretOperationException(e.getMessage());
        }
    }
    Object proceed;
    try {
        proceed = proceedingJoinPoint.proceed();
    } catch (RuntimeException re) {
        LOGGER.warn("Failed to invoke repository save", re);
        throw re;
    } catch (Throwable throwable) {
        LOGGER.error("Failed to invoke repository save", throwable);
        throw new SecretOperationException(throwable);
    }
    return proceed;
}
Also used : Secret(com.sequenceiq.cloudbreak.service.secret.domain.Secret) Field(java.lang.reflect.Field) SecretOperationException(com.sequenceiq.cloudbreak.service.secret.SecretOperationException) SecretProxy(com.sequenceiq.cloudbreak.service.secret.domain.SecretProxy) SecretOperationException(com.sequenceiq.cloudbreak.service.secret.SecretOperationException)

Aggregations

Secret (com.sequenceiq.cloudbreak.service.secret.domain.Secret)37 Test (org.junit.Test)11 Field (java.lang.reflect.Field)8 Test (org.junit.jupiter.api.Test)8 Stack (com.sequenceiq.freeipa.entity.Stack)7 SecretProxy (com.sequenceiq.cloudbreak.service.secret.domain.SecretProxy)5 SecretOperationException (com.sequenceiq.cloudbreak.service.secret.SecretOperationException)4 SecretResponse (com.sequenceiq.cloudbreak.service.secret.model.SecretResponse)4 VaultSecret (com.sequenceiq.cloudbreak.service.secret.vault.VaultSecret)4 HostKeytabRequest (com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.HostKeytabRequest)4 HostKeytabResponse (com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.HostKeytabResponse)4 FreeIpaClient (com.sequenceiq.freeipa.client.FreeIpaClient)4 Host (com.sequenceiq.freeipa.client.model.Host)4 KeytabCache (com.sequenceiq.freeipa.entity.KeytabCache)4 HttpClientConfig (com.sequenceiq.cloudbreak.client.HttpClientConfig)3 DetailedStackStatus (com.sequenceiq.freeipa.api.v1.freeipa.stack.model.common.DetailedStackStatus)3 Status (com.sequenceiq.freeipa.api.v1.freeipa.stack.model.common.Status)3 InstanceStatus (com.sequenceiq.freeipa.api.v1.freeipa.stack.model.common.instance.InstanceStatus)3 RoleRequest (com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest)3 FreeIpaClientException (com.sequenceiq.freeipa.client.FreeIpaClientException)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial