Example 1 with Cert
use of com.sequenceiq.freeipa.client.model.Cert in project cloudbreak by hortonworks.
the class CertFindResponse method handleInternal.
@Override
protected Set<Cert> handleInternal(List<CloudVmMetaDataStatus> metadatas, String body) {
Cert cert = new Cert();
cert.setCacn("dummy");
cert.setIssuer("dummy");
return Set.of(cert);
}
Also used :
Cert(com.sequenceiq.freeipa.client.model.Cert)
Example 2 with Cert
use of com.sequenceiq.freeipa.client.model.Cert in project cloudbreak by hortonworks.
the class CleanupService method revokeCerts.
@Retryable(value = RetryableFreeIpaClientException.class, maxAttemptsExpression = RetryableFreeIpaClientException.MAX_RETRIES_EXPRESSION, backoff = @Backoff(delayExpression = RetryableFreeIpaClientException.DELAY_EXPRESSION, multiplierExpression = RetryableFreeIpaClientException.MULTIPLIER_EXPRESSION))
public Pair<Set<String>, Map<String, String>> revokeCerts(Long stackId, Set<String> hosts) throws FreeIpaClientException {
FreeIpaClient client = getFreeIpaClient(stackId);
Set<String> certCleanupSuccess = new HashSet<>();
Map<String, String> certCleanupFailed = new HashMap<>();
Set<Cert> certs = client.findAllCert();
certs.stream().filter(cert -> hosts.stream().anyMatch(host -> substringBefore(host, ".").equals(substringBefore(removeStart(cert.getSubject(), "CN="), ".")))).filter(cert -> !cert.isRevoked()).forEach(cert -> {
try {
client.revokeCert(cert.getSerialNumber());
certCleanupSuccess.add(cert.getSubject());
} catch (FreeIpaClientException e) {
LOGGER.error("Couldn't revoke certificate: {}", cert, e);
certCleanupFailed.put(cert.getSubject(), e.getMessage());
}
});
return Pair.of(certCleanupSuccess, certCleanupFailed);
}
Also used :
FreeIpaCleanupEvent(com.sequenceiq.freeipa.flow.freeipa.cleanup.FreeIpaCleanupEvent)
DeleteException(com.sequenceiq.freeipa.kerberosmgmt.exception.DeleteException)
LoggerFactory(org.slf4j.LoggerFactory)
StringUtils(org.apache.commons.lang3.StringUtils)
OperationStatus(com.sequenceiq.freeipa.api.v1.operation.model.OperationStatus)
LdapConfigService(com.sequenceiq.freeipa.ldap.LdapConfigService)
DnsZone(com.sequenceiq.freeipa.client.model.DnsZone)
RetryableFreeIpaClientException(com.sequenceiq.freeipa.client.RetryableFreeIpaClientException)
Operation(com.sequenceiq.freeipa.entity.Operation)
Map(java.util.Map)
Pair(org.springframework.data.util.Pair)
StackService(com.sequenceiq.freeipa.service.stack.StackService)
NotFoundException(com.sequenceiq.cloudbreak.common.exception.NotFoundException)
FreeIpaClientExceptionUtil(com.sequenceiq.freeipa.client.FreeIpaClientExceptionUtil)
Set(java.util.Set)
ExtendedPollingResult(com.sequenceiq.cloudbreak.polling.ExtendedPollingResult)
User(com.sequenceiq.freeipa.client.model.User)
FreeIpaClientException(com.sequenceiq.freeipa.client.FreeIpaClientException)
FreeIpaClient(com.sequenceiq.freeipa.client.FreeIpaClient)
Collectors(java.util.stream.Collectors)
Backoff(org.springframework.retry.annotation.Backoff)
List(java.util.List)
PollingService(com.sequenceiq.cloudbreak.polling.PollingService)
KeytabCleanupService(com.sequenceiq.freeipa.kerberosmgmt.v1.KeytabCleanupService)
Entry(java.util.Map.Entry)
KerberosConfigService(com.sequenceiq.freeipa.kerberos.KerberosConfigService)
Optional(java.util.Optional)
HostRequest(com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.HostRequest)
HashMap(java.util.HashMap)
HashSet(java.util.HashSet)
Inject(javax.inject.Inject)
Value(org.springframework.beans.factory.annotation.Value)
Service(org.springframework.stereotype.Service)
OperationType(com.sequenceiq.freeipa.api.v1.operation.model.OperationType)
CleanupEvent(com.sequenceiq.freeipa.flow.freeipa.cleanup.CleanupEvent)
Retryable(org.springframework.retry.annotation.Retryable)
Cert(com.sequenceiq.freeipa.client.model.Cert)
Stack(com.sequenceiq.freeipa.entity.Stack)
KeytabCacheService(com.sequenceiq.freeipa.kerberosmgmt.v1.KeytabCacheService)
FreeIpaFlowManager(com.sequenceiq.freeipa.service.freeipa.flow.FreeIpaFlowManager)
Logger(org.slf4j.Logger)
DnsRecord(com.sequenceiq.freeipa.client.model.DnsRecord)
OperationService(com.sequenceiq.freeipa.service.operation.OperationService)
CleanupRequest(com.sequenceiq.freeipa.api.v1.freeipa.cleanup.CleanupRequest)
Role(com.sequenceiq.freeipa.client.model.Role)
FreeIpaClientFactory(com.sequenceiq.freeipa.service.freeipa.FreeIpaClientFactory)
StringUtils.substringBefore(org.apache.commons.lang3.StringUtils.substringBefore)
Collections(java.util.Collections)
HostDeletionService(com.sequenceiq.freeipa.service.freeipa.host.HostDeletionService)
StringUtils.removeStart(org.apache.commons.lang3.StringUtils.removeStart)
OperationToOperationStatusConverter(com.sequenceiq.freeipa.converter.operation.OperationToOperationStatusConverter)
HashMap(java.util.HashMap)
FreeIpaClient(com.sequenceiq.freeipa.client.FreeIpaClient)
RetryableFreeIpaClientException(com.sequenceiq.freeipa.client.RetryableFreeIpaClientException)
FreeIpaClientException(com.sequenceiq.freeipa.client.FreeIpaClientException)
Cert(com.sequenceiq.freeipa.client.model.Cert)
HashSet(java.util.HashSet)
Retryable(org.springframework.retry.annotation.Retryable)
Example 3 with Cert
use of com.sequenceiq.freeipa.client.model.Cert in project cloudbreak by hortonworks.
the class CleanupServiceTest method testRevokeCertsWithAlreadyRevokedCert.
@Test
public void testRevokeCertsWithAlreadyRevokedCert() throws FreeIpaClientException {
Set<String> hosts = Set.of("test-wl-1-worker0.env.xyz.wl.cloudera.site", "test-wl-1-worker1.env.xyz.wl.cloudera.site", "test-wl-1-master2.env.xyz.wl.cloudera.site", "test-wl-1-compute3.env.xyz.wl.cloudera.site");
Set<Cert> certs = Set.of(createCert("CN=test-wl-2-master2", 1, false), createCert("CN=test-wl-1-master2", 2, true), createCert("CN=test-wl-3-master1", 3, true), createCert("CN=test-datalake-1-master1", 4, false), createCert("CN=ipaserver0.env.xyz.wl.cloudera.site,O=ENV.XYZ.WL.CLOUDERA.SITE", 50, false));
FreeIpaClient freeIpaClient = mock(FreeIpaClient.class);
when(freeIpaClient.findAllCert()).thenReturn(certs);
when(freeIpaClientFactory.getFreeIpaClientForStackId(STACK_ID)).thenReturn(freeIpaClient);
Pair<Set<String>, Map<String, String>> result = cleanupService.revokeCerts(STACK_ID, hosts);
verifyRevokeNotInvoked(freeIpaClient, 1, 2, 3, 4, 50);
assertEquals(0, result.getFirst().size());
assertEquals(0, result.getSecond().size());
}
Also used :
Set(java.util.Set)
FreeIpaClient(com.sequenceiq.freeipa.client.FreeIpaClient)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
Cert(com.sequenceiq.freeipa.client.model.Cert)
Map(java.util.Map)
Test(org.junit.Test)
Example 4 with Cert
use of com.sequenceiq.freeipa.client.model.Cert in project cloudbreak by hortonworks.
the class CleanupServiceTest method testRevokeCertsWithShortHostnames.
@Test
public void testRevokeCertsWithShortHostnames() throws FreeIpaClientException {
Set<String> hosts = Set.of("test-wl-1-worker0", "test-wl-1-worker1", "test-wl-1-master2", "test-wl-1-compute3");
Set<Cert> certs = Set.of(createCert("CN=test-wl-2-master2", 1, false), createCert("CN=test-wl-1-master2", 2, false), createCert("CN=test-wl-3-master1", 3, false), createCert("CN=test-datalake-1-master1", 4, false), createCert("CN=ipaserver0.env.xyz.wl.cloudera.site,O=ENV.XYZ.WL.CLOUDERA.SITE", 50, false));
FreeIpaClient freeIpaClient = mock(FreeIpaClient.class);
when(freeIpaClient.findAllCert()).thenReturn(certs);
when(freeIpaClientFactory.getFreeIpaClientForStackId(STACK_ID)).thenReturn(freeIpaClient);
Pair<Set<String>, Map<String, String>> result = cleanupService.revokeCerts(STACK_ID, hosts);
verify(freeIpaClient, times(1)).revokeCert(2);
verifyRevokeNotInvoked(freeIpaClient, 1, 3, 4, 50);
assertEquals(1, result.getFirst().size());
assertEquals(0, result.getSecond().size());
assertTrue(result.getFirst().stream().allMatch("CN=test-wl-1-master2"::equals));
}
Also used :
Set(java.util.Set)
FreeIpaClient(com.sequenceiq.freeipa.client.FreeIpaClient)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
Cert(com.sequenceiq.freeipa.client.model.Cert)
Map(java.util.Map)
Test(org.junit.Test)
Example 5 with Cert
use of com.sequenceiq.freeipa.client.model.Cert in project cloudbreak by hortonworks.
the class CleanupServiceTest method createCert.
private Cert createCert(String subject, long serialNumber, boolean revoked) {
Cert cert = new Cert();
cert.setSubject(subject);
cert.setRevoked(revoked);
cert.setSerialNumber(serialNumber);
return cert;
}
Also used :
Cert(com.sequenceiq.freeipa.client.model.Cert)
Aggregations
Cert (com.sequenceiq.freeipa.client.model.Cert)12
FreeIpaClient (com.sequenceiq.freeipa.client.FreeIpaClient)10
Map (java.util.Map)10
Set (java.util.Set)10
Test (org.junit.Test)9
ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)9
FreeIpaClientException (com.sequenceiq.freeipa.client.FreeIpaClientException)2
NotFoundException (com.sequenceiq.cloudbreak.common.exception.NotFoundException)1
ExtendedPollingResult (com.sequenceiq.cloudbreak.polling.ExtendedPollingResult)1
PollingService (com.sequenceiq.cloudbreak.polling.PollingService)1
CleanupRequest (com.sequenceiq.freeipa.api.v1.freeipa.cleanup.CleanupRequest)1
HostRequest (com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.HostRequest)1
OperationStatus (com.sequenceiq.freeipa.api.v1.operation.model.OperationStatus)1
OperationType (com.sequenceiq.freeipa.api.v1.operation.model.OperationType)1
FreeIpaClientExceptionUtil (com.sequenceiq.freeipa.client.FreeIpaClientExceptionUtil)1
RetryableFreeIpaClientException (com.sequenceiq.freeipa.client.RetryableFreeIpaClientException)1
DnsRecord (com.sequenceiq.freeipa.client.model.DnsRecord)1
DnsZone (com.sequenceiq.freeipa.client.model.DnsZone)1
Role (com.sequenceiq.freeipa.client.model.Role)1
User (com.sequenceiq.freeipa.client.model.User)1
