use of com.sequenceiq.freeipa.entity.SecurityConfig in project cloudbreak by hortonworks.
the class ClusterProxyServiceTest method getAStack.
private Stack getAStack() {
Stack stack = new Stack();
stack.setAccountId(TEST_ACCOUNT_ID);
stack.setResourceCrn(STACK_RESOURCE_CRN);
SecurityConfig securityConfig = new SecurityConfig();
stack.setSecurityConfig(securityConfig);
return stack;
}
use of com.sequenceiq.freeipa.entity.SecurityConfig in project cloudbreak by hortonworks.
the class ClusterProxyServiceTest method testUpdateClusterProxyRegistrationWhenCCMV2OrJumpgate.
@ParameterizedTest
@EnumSource(value = Tunnel.class, names = { "CCMV2", "CCMV2_JUMPGATE" }, mode = EnumSource.Mode.INCLUDE)
public void testUpdateClusterProxyRegistrationWhenCCMV2OrJumpgate(Tunnel ccmv2Mode) {
Stack aStack = getAStack();
aStack.setTunnel(ccmv2Mode);
aStack.setCcmV2AgentCrn("testAgentCrn");
SecurityConfig securityConfig = new SecurityConfig();
securityConfig.setUsePrivateIpToTls(true);
aStack.setSecurityConfig(securityConfig);
FreeIpa freeIpa = new FreeIpa();
freeIpa.setDomain("test.freeipa.domain");
GatewayConfig primaryGateway = new GatewayConfig("primaryAddress", "primaryPublicAddress", "primaryPrivateAddress", ServiceFamilies.GATEWAY.getDefaultPort(), "privateInstanceId", true);
GatewayConfig gatewayConfig1 = new GatewayConfig("connectionAddress1", "publicIpAddress1", PRIVATE_IP_ADDRESS_1, ServiceFamilies.GATEWAY.getDefaultPort(), "testInstanceId1", true);
ReflectionTestUtils.setField(gatewayConfig1, "hostname", "hostname1");
GatewayConfig gatewayConfig2 = new GatewayConfig("connectionAddress2", "publicIpAddress2", PRIVATE_IP_ADDRESS_2, ServiceFamilies.GATEWAY.getDefaultPort(), "testInstanceId2", true);
ReflectionTestUtils.setField(gatewayConfig2, "hostname", "hostname2");
ConfigRegistrationResponse configRegResponse = mock(ConfigRegistrationResponse.class);
when(stackService.getStackById(STACK_ID)).thenReturn(aStack);
when(clusterProxyEnablementService.isClusterProxyApplicable(any())).thenReturn(true);
when(gatewayConfigService.getPrimaryGatewayConfig(aStack)).thenReturn(primaryGateway);
when(gatewayConfigService.getNotDeletedGatewayConfigs(aStack)).thenReturn(List.of(gatewayConfig1, gatewayConfig2));
when(clusterProxyRegistrationClient.registerConfig(any())).thenReturn(configRegResponse);
when(freeIpaService.findByStack(aStack)).thenReturn(freeIpa);
when(clusterProxyServiceAvailabilityChecker.isDnsBasedServiceNameAvailable(aStack)).thenReturn(true);
when(serviceEndpointHealthPollingService.pollWithTimeout(any(), any(), anyLong(), anyInt(), anyInt())).thenReturn(null);
when(stackUpdater.updateClusterProxyRegisteredFlag(aStack, true)).thenReturn(aStack);
when(healthCheckAvailabilityChecker.isCdpFreeIpaHeathAgentAvailable(aStack)).thenReturn(true);
ReflectionTestUtils.setField(underTest, "intervalInSecV2", INTERVAL_IN_SEC_V_2);
ReflectionTestUtils.setField(underTest, "healthStatusEndpointV2", HEALTH_STATUS_ENDPOINT_V_2);
ReflectionTestUtils.setField(underTest, "timeoutInSecV2", TIMEOUT_IN_SEC_V_2);
ReflectionTestUtils.setField(underTest, "healthyStatusCodeV2", HEALTHY_STATUS_CODE_V_2);
underTest.updateFreeIpaRegistrationAndWait(STACK_ID, List.of("testInstanceId1", "testInstanceId2"));
ArgumentCaptor<ConfigRegistrationRequest> captor = ArgumentCaptor.forClass(ConfigRegistrationRequest.class);
verify(clusterProxyRegistrationClient).registerConfig(captor.capture());
ConfigRegistrationRequest proxyRegistrationReq = captor.getValue();
assertThat(proxyRegistrationReq.getClusterCrn()).isEqualTo(STACK_RESOURCE_CRN);
assertThat(proxyRegistrationReq.getAccountId()).isEqualTo(TEST_ACCOUNT_ID);
assertFalse(proxyRegistrationReq.isUseTunnel(), "CCMV1 tunnel should not be enabled");
assertTrue(proxyRegistrationReq.isUseCcmV2(), ccmv2Mode + " should be enabled.");
assertEquals(List.of(new CcmV2Config("testAgentCrn", PRIVATE_IP_ADDRESS_1, ServiceFamilies.GATEWAY.getDefaultPort(), "testAgentCrn-testInstanceId1", FREEIPA_SERVICE), new CcmV2Config("testAgentCrn", PRIVATE_IP_ADDRESS_2, ServiceFamilies.GATEWAY.getDefaultPort(), "testAgentCrn-testInstanceId2", FREEIPA_SERVICE)), proxyRegistrationReq.getCcmV2Configs(), ccmv2Mode + " config should match");
assertThat(proxyRegistrationReq.getServices()).contains(new ClusterServiceConfig("freeipa", List.of("https://primaryPrivateAddress:9443"), List.of(), null));
assertThat(proxyRegistrationReq.getServices()).doesNotContain(new ClusterServiceConfig("freeipa.test.freeipa.domain", List.of("https://primaryPrivateAddress:9443"), List.of(), null));
assertThat(proxyRegistrationReq.getServices()).contains(new ClusterServiceConfig("hostname1", List.of("https://privateIpAddress1:9443"), List.of(), null));
assertThat(proxyRegistrationReq.getServices()).contains(new ClusterServiceConfig("hostname2", List.of("https://privateIpAddress2:9443"), List.of(), null));
assertThat(proxyRegistrationReq.getServices()).contains(new ClusterServiceConfig("freeipa.test.freeipa.domain", List.of("https://privateIpAddress1:9443", "https://privateIpAddress2:9443"), null, false, List.of(), null, new ClusterServiceHealthCheck(INTERVAL_IN_SEC_V_2, HEALTH_STATUS_ENDPOINT_V_2, TIMEOUT_IN_SEC_V_2, HEALTHY_STATUS_CODE_V_2)));
}
use of com.sequenceiq.freeipa.entity.SecurityConfig in project cloudbreak by hortonworks.
the class UserDataService method createUserData.
private void createUserData(Stack stack, Supplier<CcmConnectivityParameters> ccmParametersSupplier) {
DetailedEnvironmentResponse environment = environmentClientService.getByCrn(stack.getEnvironmentCrn());
Credential credential = credentialService.getCredentialByEnvCrn(stack.getEnvironmentCrn());
Future<PlatformParameters> platformParametersFuture = intermediateBuilderExecutor.submit(() -> platformParameterService.getPlatformParameters(stack, credential));
SecurityConfig securityConfig = stack.getSecurityConfig();
SaltSecurityConfig saltSecurityConfig = securityConfig.getSaltSecurityConfig();
String cbPrivKey = saltSecurityConfig.getSaltBootSignPrivateKey();
byte[] cbSshKeyDer = PkiUtil.getPublicKeyDer(new String(Base64.decodeBase64(cbPrivKey)));
String sshUser = stack.getStackAuthentication().getLoginUserName();
String cbCert = securityConfig.getClientCert();
String saltBootPassword = saltSecurityConfig.getSaltBootPassword();
try {
PlatformParameters platformParameters = platformParametersFuture.get();
CcmConnectivityParameters ccmParameters = ccmParametersSupplier.get();
Optional<ProxyConfig> proxyConfig = proxyConfigDtoService.getByEnvironmentCrn(stack.getEnvironmentCrn());
String userData = userDataBuilder.buildUserData(stack.getAccountId(), environment, Platform.platform(stack.getCloudPlatform()), cbSshKeyDer, sshUser, platformParameters, saltBootPassword, cbCert, ccmParameters, proxyConfig.orElse(null));
imageService.decorateImageWithUserDataForStack(stack, userData);
} catch (InterruptedException | ExecutionException e) {
LOGGER.error("Failed to get Platform parameters", e);
throw new GetCloudParameterException("Failed to get Platform parameters", e);
}
}
use of com.sequenceiq.freeipa.entity.SecurityConfig in project cloudbreak by hortonworks.
the class TlsSecurityService method buildTLSClientConfig.
public HttpClientConfig buildTLSClientConfig(Stack stack, String apiAddress, InstanceMetaData gateway) {
SecurityConfig securityConfig = securityConfigService.findOneByStack(stack);
if (securityConfig == null) {
return new HttpClientConfig(apiAddress);
} else {
String serverCert = gateway == null ? null : gateway.getServerCert() == null ? null : new String(decodeBase64(gateway.getServerCert()));
String clientCertB64 = securityConfig.getClientCert();
String clientKeyB64 = securityConfig.getClientKey();
return new HttpClientConfig(apiAddress, serverCert, new String(decodeBase64(clientCertB64)), new String(decodeBase64(clientKeyB64)));
}
}
use of com.sequenceiq.freeipa.entity.SecurityConfig in project cloudbreak by hortonworks.
the class StackProvisionService method saveTlsInfo.
public Stack saveTlsInfo(StackContext context, TlsInfo tlsInfo) {
boolean usePrivateIpToTls = tlsInfo.usePrivateIpToTls();
Stack stack = context.getStack();
if (usePrivateIpToTls) {
SecurityConfig securityConfig = stack.getSecurityConfig();
securityConfig.setUsePrivateIpToTls(true);
stackUpdater.updateStackSecurityConfig(stack, securityConfig);
stack = stackService.getByIdWithListsInTransaction(stack.getId());
LOGGER.debug("Update Stack and it's SecurityConfig to use private ip when TLS is built.");
}
return stack;
}
Aggregations