Examples with Host com.sequenceiq.freeipa.client.model.Host used on opensource projects

Example 21 with Host

use of com.sequenceiq.freeipa.client.model.Host in project cloudbreak by hortonworks.

the class KeytabCleanupServiceTest method init.

@BeforeAll
public static void init() {
    freeIpa = new FreeIpa();
    freeIpa.setDomain(DOMAIN);
    stack = new Stack();
    host = new Host();
    host.setFqdn(HOST);
    host.setKrbprincipalname(HOST_PRINCIPAL);
    service = new Service();
    service.setKrbprincipalname(List.of(SERVICE_PRINCIPAL));
    service.setKrbcanonicalname(SERVICE_PRINCIPAL);
    keytab = new Keytab();
    keytab.setKeytab(KEYTAB);
}

Example 22 with Host

use of com.sequenceiq.freeipa.client.model.Host in project cloudbreak by hortonworks.

the class HostKeytabServiceTest method testGetExistingKeytab.

@Test
public void testGetExistingKeytab() throws FreeIpaClientException {
    HostKeytabRequest request = new HostKeytabRequest();
    request.setEnvironmentCrn(ENVIRONMENT_CRN);
    request.setServerHostName("asdf");
    Stack stack = new Stack();
    when(keytabCommonService.getFreeIpaStackWithMdcContext(request.getEnvironmentCrn(), ACCOUNT_ID)).thenReturn(stack);
    FreeIpaClient freeIpaClient = mock(FreeIpaClient.class);
    when(freeIpaClientFactory.getFreeIpaClientForStack(stack)).thenReturn(freeIpaClient);
    Host host = new Host();
    host.setKrbprincipalname("dfdf");
    when(freeIpaClient.showHost(request.getServerHostName())).thenReturn(host);
    KeytabCache keytabCache = mock(KeytabCache.class);
    Secret keytabSecret = new Secret("keytab", "keytabSecret");
    Secret principalSecret = new Secret("principal", "principalSecret");
    when(keytabCache.getKeytab()).thenReturn(keytabSecret);
    when(keytabCache.getPrincipal()).thenReturn(principalSecret);
    when(keytabCommonService.getExistingKeytab(request.getEnvironmentCrn(), host.getKrbprincipalname(), request.getServerHostName(), freeIpaClient)).thenReturn(keytabCache);
    SecretResponse keytabResponse = new SecretResponse();
    keytabResponse.setSecretPath("keytabPath");
    when(secretResponseConverter.convert(keytabCache.getKeytab().getSecret())).thenReturn(keytabResponse);
    SecretResponse principalResponse = new SecretResponse();
    principalResponse.setSecretPath("principalPath");
    when(secretResponseConverter.convert(keytabCache.getPrincipal().getSecret())).thenReturn(principalResponse);
    HostKeytabResponse response = underTest.getExistingHostKeytab(request, ACCOUNT_ID);
    assertEquals(keytabResponse, response.getKeytab());
    assertEquals(principalResponse, response.getHostPrincipal());
}

Example 23 with Host

use of com.sequenceiq.freeipa.client.model.Host in project cloudbreak by hortonworks.

the class HostKeytabServiceTest method testGenerateHostKeytabDoNotRecreateFalse.

@Test
public void testGenerateHostKeytabDoNotRecreateFalse() throws FreeIpaClientException {
    HostKeytabRequest request = new HostKeytabRequest();
    request.setEnvironmentCrn(ENVIRONMENT_CRN);
    request.setRoleRequest(new RoleRequest());
    request.setDoNotRecreateKeytab(Boolean.FALSE);
    request.setServerHostName("asdf");
    Stack stack = new Stack();
    when(keytabCommonService.getFreeIpaStackWithMdcContext(request.getEnvironmentCrn(), ACCOUNT_ID)).thenReturn(stack);
    FreeIpaClient freeIpaClient = mock(FreeIpaClient.class);
    when(freeIpaClientFactory.getFreeIpaClientForStack(stack)).thenReturn(freeIpaClient);
    when(roleComponent.privilegesExist(request.getRoleRequest(), freeIpaClient)).thenReturn(Boolean.TRUE);
    Host host = new Host();
    host.setHasKeytab(Boolean.TRUE);
    host.setKrbprincipalname("dfdf");
    when(keytabCommonService.addHost(request.getServerHostName(), request.getRoleRequest(), freeIpaClient)).thenReturn(host);
    KeytabCache keytabCache = mock(KeytabCache.class);
    Secret keytabSecret = new Secret("keytab", "keytabSecret");
    Secret principalSecret = new Secret("principal", "principalSecret");
    when(keytabCache.getKeytab()).thenReturn(keytabSecret);
    when(keytabCache.getPrincipal()).thenReturn(principalSecret);
    when(keytabCommonService.getKeytab(request.getEnvironmentCrn(), host.getKrbprincipalname(), request.getServerHostName(), freeIpaClient)).thenReturn(keytabCache);
    SecretResponse keytabResponse = new SecretResponse();
    keytabResponse.setSecretPath("keytabPath");
    when(secretResponseConverter.convert(keytabCache.getKeytab().getSecret())).thenReturn(keytabResponse);
    SecretResponse principalResponse = new SecretResponse();
    principalResponse.setSecretPath("principalPath");
    when(secretResponseConverter.convert(keytabCache.getPrincipal().getSecret())).thenReturn(principalResponse);
    HostKeytabResponse response = underTest.generateHostKeytab(request, ACCOUNT_ID);
    assertEquals(keytabResponse, response.getKeytab());
    assertEquals(principalResponse, response.getHostPrincipal());
}

Example 24 with Host

use of com.sequenceiq.freeipa.client.model.Host in project cloudbreak by hortonworks.

the class KerberosMgmtRoleComponent method addRoleAndPrivileges.

public void addRoleAndPrivileges(Optional<Service> service, Optional<Host> host, RoleRequest roleRequest, FreeIpaClient ipaClient) throws FreeIpaClientException {
    if (roleRequest != null && StringUtils.isNotBlank(roleRequest.getRoleName())) {
        Role role = fetchOrCreateRole(roleRequest, ipaClient);
        addPrivilegesToRole(roleRequest.getPrivileges(), ipaClient, role);
        Set<String> servicesToAssignRole = service.stream().filter(s -> s.getMemberOfRole().stream().noneMatch(member -> member.contains(roleRequest.getRoleName()))).map(Service::getKrbcanonicalname).collect(Collectors.toSet());
        Set<String> hostsToAssignRole = host.stream().filter(h -> h.getMemberOfRole().stream().noneMatch(member -> member.contains(roleRequest.getRoleName()))).map(Host::getFqdn).collect(Collectors.toSet());
        LOGGER.debug("Adding role [{}] to host {} and service {}", role.getCn(), hostsToAssignRole, servicesToAssignRole);
        ipaClient.addRoleMember(role.getCn(), null, null, hostsToAssignRole, null, servicesToAssignRole);
    } else {
        LOGGER.debug("RoleRequest or role name is empty, skipping adding privileges. {}", roleRequest);
    }
}

Example 25 with Host

use of com.sequenceiq.freeipa.client.model.Host in project cloudbreak by hortonworks.

the class KeytabCommonService method fetchOrCreateHost.

private Host fetchOrCreateHost(String hostname, FreeIpaClient ipaClient) throws FreeIpaClientException {
    try {
        Optional<Host> optionalHost = fetchHostIfExists(hostname, ipaClient);
        LOGGER.debug("Fetch host: {}", optionalHost);
        return optionalHost.isEmpty() ? ipaClient.addHost(hostname) : optionalHost.get();
    } catch (RetryableFreeIpaClientException e) {
        throw e;
    } catch (FreeIpaClientException e) {
        if (FreeIpaClientExceptionUtil.isDuplicateEntryException(e)) {
            LOGGER.debug("Host [{}] was already created while trying to create it", hostname);
            return ipaClient.showHost(hostname);
        } else {
            LOGGER.error(HOST_CREATION_FAILED + " " + e.getLocalizedMessage(), e);
            throw new KeytabCreationException(HOST_CREATION_FAILED);
        }
    }
}