Search in sources :

Example 1 with SecurityConfig

use of com.sequenceiq.freeipa.entity.SecurityConfig in project cloudbreak by hortonworks.

the class ClusterProxyServiceTest method getAStack.

private Stack getAStack() {
    Stack stack = new Stack();
    stack.setAccountId(TEST_ACCOUNT_ID);
    stack.setResourceCrn(STACK_RESOURCE_CRN);
    SecurityConfig securityConfig = new SecurityConfig();
    stack.setSecurityConfig(securityConfig);
    return stack;
}
Also used : SecurityConfig(com.sequenceiq.freeipa.entity.SecurityConfig) Stack(com.sequenceiq.freeipa.entity.Stack)

Example 2 with SecurityConfig

use of com.sequenceiq.freeipa.entity.SecurityConfig in project cloudbreak by hortonworks.

the class ClusterProxyServiceTest method testUpdateClusterProxyRegistrationWhenCCMV2OrJumpgate.

@ParameterizedTest
@EnumSource(value = Tunnel.class, names = { "CCMV2", "CCMV2_JUMPGATE" }, mode = EnumSource.Mode.INCLUDE)
public void testUpdateClusterProxyRegistrationWhenCCMV2OrJumpgate(Tunnel ccmv2Mode) {
    Stack aStack = getAStack();
    aStack.setTunnel(ccmv2Mode);
    aStack.setCcmV2AgentCrn("testAgentCrn");
    SecurityConfig securityConfig = new SecurityConfig();
    securityConfig.setUsePrivateIpToTls(true);
    aStack.setSecurityConfig(securityConfig);
    FreeIpa freeIpa = new FreeIpa();
    freeIpa.setDomain("test.freeipa.domain");
    GatewayConfig primaryGateway = new GatewayConfig("primaryAddress", "primaryPublicAddress", "primaryPrivateAddress", ServiceFamilies.GATEWAY.getDefaultPort(), "privateInstanceId", true);
    GatewayConfig gatewayConfig1 = new GatewayConfig("connectionAddress1", "publicIpAddress1", PRIVATE_IP_ADDRESS_1, ServiceFamilies.GATEWAY.getDefaultPort(), "testInstanceId1", true);
    ReflectionTestUtils.setField(gatewayConfig1, "hostname", "hostname1");
    GatewayConfig gatewayConfig2 = new GatewayConfig("connectionAddress2", "publicIpAddress2", PRIVATE_IP_ADDRESS_2, ServiceFamilies.GATEWAY.getDefaultPort(), "testInstanceId2", true);
    ReflectionTestUtils.setField(gatewayConfig2, "hostname", "hostname2");
    ConfigRegistrationResponse configRegResponse = mock(ConfigRegistrationResponse.class);
    when(stackService.getStackById(STACK_ID)).thenReturn(aStack);
    when(clusterProxyEnablementService.isClusterProxyApplicable(any())).thenReturn(true);
    when(gatewayConfigService.getPrimaryGatewayConfig(aStack)).thenReturn(primaryGateway);
    when(gatewayConfigService.getNotDeletedGatewayConfigs(aStack)).thenReturn(List.of(gatewayConfig1, gatewayConfig2));
    when(clusterProxyRegistrationClient.registerConfig(any())).thenReturn(configRegResponse);
    when(freeIpaService.findByStack(aStack)).thenReturn(freeIpa);
    when(clusterProxyServiceAvailabilityChecker.isDnsBasedServiceNameAvailable(aStack)).thenReturn(true);
    when(serviceEndpointHealthPollingService.pollWithTimeout(any(), any(), anyLong(), anyInt(), anyInt())).thenReturn(null);
    when(stackUpdater.updateClusterProxyRegisteredFlag(aStack, true)).thenReturn(aStack);
    when(healthCheckAvailabilityChecker.isCdpFreeIpaHeathAgentAvailable(aStack)).thenReturn(true);
    ReflectionTestUtils.setField(underTest, "intervalInSecV2", INTERVAL_IN_SEC_V_2);
    ReflectionTestUtils.setField(underTest, "healthStatusEndpointV2", HEALTH_STATUS_ENDPOINT_V_2);
    ReflectionTestUtils.setField(underTest, "timeoutInSecV2", TIMEOUT_IN_SEC_V_2);
    ReflectionTestUtils.setField(underTest, "healthyStatusCodeV2", HEALTHY_STATUS_CODE_V_2);
    underTest.updateFreeIpaRegistrationAndWait(STACK_ID, List.of("testInstanceId1", "testInstanceId2"));
    ArgumentCaptor<ConfigRegistrationRequest> captor = ArgumentCaptor.forClass(ConfigRegistrationRequest.class);
    verify(clusterProxyRegistrationClient).registerConfig(captor.capture());
    ConfigRegistrationRequest proxyRegistrationReq = captor.getValue();
    assertThat(proxyRegistrationReq.getClusterCrn()).isEqualTo(STACK_RESOURCE_CRN);
    assertThat(proxyRegistrationReq.getAccountId()).isEqualTo(TEST_ACCOUNT_ID);
    assertFalse(proxyRegistrationReq.isUseTunnel(), "CCMV1 tunnel should not be enabled");
    assertTrue(proxyRegistrationReq.isUseCcmV2(), ccmv2Mode + " should be enabled.");
    assertEquals(List.of(new CcmV2Config("testAgentCrn", PRIVATE_IP_ADDRESS_1, ServiceFamilies.GATEWAY.getDefaultPort(), "testAgentCrn-testInstanceId1", FREEIPA_SERVICE), new CcmV2Config("testAgentCrn", PRIVATE_IP_ADDRESS_2, ServiceFamilies.GATEWAY.getDefaultPort(), "testAgentCrn-testInstanceId2", FREEIPA_SERVICE)), proxyRegistrationReq.getCcmV2Configs(), ccmv2Mode + " config should match");
    assertThat(proxyRegistrationReq.getServices()).contains(new ClusterServiceConfig("freeipa", List.of("https://primaryPrivateAddress:9443"), List.of(), null));
    assertThat(proxyRegistrationReq.getServices()).doesNotContain(new ClusterServiceConfig("freeipa.test.freeipa.domain", List.of("https://primaryPrivateAddress:9443"), List.of(), null));
    assertThat(proxyRegistrationReq.getServices()).contains(new ClusterServiceConfig("hostname1", List.of("https://privateIpAddress1:9443"), List.of(), null));
    assertThat(proxyRegistrationReq.getServices()).contains(new ClusterServiceConfig("hostname2", List.of("https://privateIpAddress2:9443"), List.of(), null));
    assertThat(proxyRegistrationReq.getServices()).contains(new ClusterServiceConfig("freeipa.test.freeipa.domain", List.of("https://privateIpAddress1:9443", "https://privateIpAddress2:9443"), null, false, List.of(), null, new ClusterServiceHealthCheck(INTERVAL_IN_SEC_V_2, HEALTH_STATUS_ENDPOINT_V_2, TIMEOUT_IN_SEC_V_2, HEALTHY_STATUS_CODE_V_2)));
}
Also used : FreeIpa(com.sequenceiq.freeipa.entity.FreeIpa) SecurityConfig(com.sequenceiq.freeipa.entity.SecurityConfig) ConfigRegistrationResponse(com.sequenceiq.cloudbreak.clusterproxy.ConfigRegistrationResponse) ClusterServiceHealthCheck(com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceHealthCheck) ClusterServiceConfig(com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceConfig) ConfigRegistrationRequest(com.sequenceiq.cloudbreak.clusterproxy.ConfigRegistrationRequest) CcmV2Config(com.sequenceiq.cloudbreak.clusterproxy.CcmV2Config) Stack(com.sequenceiq.freeipa.entity.Stack) GatewayConfig(com.sequenceiq.cloudbreak.orchestrator.model.GatewayConfig) EnumSource(org.junit.jupiter.params.provider.EnumSource) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 3 with SecurityConfig

use of com.sequenceiq.freeipa.entity.SecurityConfig in project cloudbreak by hortonworks.

the class UserDataService method createUserData.

private void createUserData(Stack stack, Supplier<CcmConnectivityParameters> ccmParametersSupplier) {
    DetailedEnvironmentResponse environment = environmentClientService.getByCrn(stack.getEnvironmentCrn());
    Credential credential = credentialService.getCredentialByEnvCrn(stack.getEnvironmentCrn());
    Future<PlatformParameters> platformParametersFuture = intermediateBuilderExecutor.submit(() -> platformParameterService.getPlatformParameters(stack, credential));
    SecurityConfig securityConfig = stack.getSecurityConfig();
    SaltSecurityConfig saltSecurityConfig = securityConfig.getSaltSecurityConfig();
    String cbPrivKey = saltSecurityConfig.getSaltBootSignPrivateKey();
    byte[] cbSshKeyDer = PkiUtil.getPublicKeyDer(new String(Base64.decodeBase64(cbPrivKey)));
    String sshUser = stack.getStackAuthentication().getLoginUserName();
    String cbCert = securityConfig.getClientCert();
    String saltBootPassword = saltSecurityConfig.getSaltBootPassword();
    try {
        PlatformParameters platformParameters = platformParametersFuture.get();
        CcmConnectivityParameters ccmParameters = ccmParametersSupplier.get();
        Optional<ProxyConfig> proxyConfig = proxyConfigDtoService.getByEnvironmentCrn(stack.getEnvironmentCrn());
        String userData = userDataBuilder.buildUserData(stack.getAccountId(), environment, Platform.platform(stack.getCloudPlatform()), cbSshKeyDer, sshUser, platformParameters, saltBootPassword, cbCert, ccmParameters, proxyConfig.orElse(null));
        imageService.decorateImageWithUserDataForStack(stack, userData);
    } catch (InterruptedException | ExecutionException e) {
        LOGGER.error("Failed to get Platform parameters", e);
        throw new GetCloudParameterException("Failed to get Platform parameters", e);
    }
}
Also used : Credential(com.sequenceiq.freeipa.dto.Credential) GetCloudParameterException(com.sequenceiq.cloudbreak.cloud.service.GetCloudParameterException) ProxyConfig(com.sequenceiq.cloudbreak.dto.ProxyConfig) SaltSecurityConfig(com.sequenceiq.freeipa.entity.SaltSecurityConfig) CcmConnectivityParameters(com.sequenceiq.cloudbreak.ccm.cloudinit.CcmConnectivityParameters) SaltSecurityConfig(com.sequenceiq.freeipa.entity.SaltSecurityConfig) SecurityConfig(com.sequenceiq.freeipa.entity.SecurityConfig) DetailedEnvironmentResponse(com.sequenceiq.environment.api.v1.environment.model.response.DetailedEnvironmentResponse) PlatformParameters(com.sequenceiq.cloudbreak.cloud.PlatformParameters) ExecutionException(java.util.concurrent.ExecutionException)

Example 4 with SecurityConfig

use of com.sequenceiq.freeipa.entity.SecurityConfig in project cloudbreak by hortonworks.

the class TlsSecurityService method buildTLSClientConfig.

public HttpClientConfig buildTLSClientConfig(Stack stack, String apiAddress, InstanceMetaData gateway) {
    SecurityConfig securityConfig = securityConfigService.findOneByStack(stack);
    if (securityConfig == null) {
        return new HttpClientConfig(apiAddress);
    } else {
        String serverCert = gateway == null ? null : gateway.getServerCert() == null ? null : new String(decodeBase64(gateway.getServerCert()));
        String clientCertB64 = securityConfig.getClientCert();
        String clientKeyB64 = securityConfig.getClientKey();
        return new HttpClientConfig(apiAddress, serverCert, new String(decodeBase64(clientCertB64)), new String(decodeBase64(clientKeyB64)));
    }
}
Also used : HttpClientConfig(com.sequenceiq.cloudbreak.client.HttpClientConfig) SaltSecurityConfig(com.sequenceiq.freeipa.entity.SaltSecurityConfig) SecurityConfig(com.sequenceiq.freeipa.entity.SecurityConfig)

Example 5 with SecurityConfig

use of com.sequenceiq.freeipa.entity.SecurityConfig in project cloudbreak by hortonworks.

the class StackProvisionService method saveTlsInfo.

public Stack saveTlsInfo(StackContext context, TlsInfo tlsInfo) {
    boolean usePrivateIpToTls = tlsInfo.usePrivateIpToTls();
    Stack stack = context.getStack();
    if (usePrivateIpToTls) {
        SecurityConfig securityConfig = stack.getSecurityConfig();
        securityConfig.setUsePrivateIpToTls(true);
        stackUpdater.updateStackSecurityConfig(stack, securityConfig);
        stack = stackService.getByIdWithListsInTransaction(stack.getId());
        LOGGER.debug("Update Stack and it's SecurityConfig to use private ip when TLS is built.");
    }
    return stack;
}
Also used : SecurityConfig(com.sequenceiq.freeipa.entity.SecurityConfig) Stack(com.sequenceiq.freeipa.entity.Stack)

Aggregations

SecurityConfig (com.sequenceiq.freeipa.entity.SecurityConfig)11 SaltSecurityConfig (com.sequenceiq.freeipa.entity.SaltSecurityConfig)6 Stack (com.sequenceiq.freeipa.entity.Stack)4 HttpClientConfig (com.sequenceiq.cloudbreak.client.HttpClientConfig)2 GatewayConfig (com.sequenceiq.cloudbreak.orchestrator.model.GatewayConfig)2 DetailedEnvironmentResponse (com.sequenceiq.environment.api.v1.environment.model.response.DetailedEnvironmentResponse)2 Credential (com.sequenceiq.freeipa.dto.Credential)2 FreeIpa (com.sequenceiq.freeipa.entity.FreeIpa)2 CcmConnectivityParameters (com.sequenceiq.cloudbreak.ccm.cloudinit.CcmConnectivityParameters)1 SaltClientConfig (com.sequenceiq.cloudbreak.client.SaltClientConfig)1 PlatformParameters (com.sequenceiq.cloudbreak.cloud.PlatformParameters)1 GetPlatformTemplateRequest (com.sequenceiq.cloudbreak.cloud.event.platform.GetPlatformTemplateRequest)1 GetCloudParameterException (com.sequenceiq.cloudbreak.cloud.service.GetCloudParameterException)1 CcmV2Config (com.sequenceiq.cloudbreak.clusterproxy.CcmV2Config)1 ClientCertificate (com.sequenceiq.cloudbreak.clusterproxy.ClientCertificate)1 ClusterServiceConfig (com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceConfig)1 ClusterServiceHealthCheck (com.sequenceiq.cloudbreak.clusterproxy.ClusterServiceHealthCheck)1 ConfigRegistrationRequest (com.sequenceiq.cloudbreak.clusterproxy.ConfigRegistrationRequest)1 ConfigRegistrationResponse (com.sequenceiq.cloudbreak.clusterproxy.ConfigRegistrationResponse)1 BadRequestException (com.sequenceiq.cloudbreak.common.exception.BadRequestException)1