Examples with AliasService org.apache.knox.gateway.services.security.AliasService used on opensource projects

Example 11 with AliasService

use of org.apache.knox.gateway.services.security.AliasService in project knox by apache.

the class DefaultTopologyServiceTest method testSimpleDescriptorsTopologyGeneration.

/**
 * KNOX-1014
 *
 * Test the lifecycle relationship between simple descriptors and topology files.
 *
 * N.B. This test depends on the DummyServiceDiscovery extension being configured:
 *        org.apache.knox.gateway.topology.discovery.test.extension.DummyServiceDiscovery
 */
@Test
public void testSimpleDescriptorsTopologyGeneration() throws Exception {
    File dir = createDir();
    File topologyDir = new File(dir, "topologies");
    topologyDir.mkdirs();
    File descriptorsDir = new File(dir, "descriptors");
    descriptorsDir.mkdirs();
    File sharedProvidersDir = new File(dir, "shared-providers");
    sharedProvidersDir.mkdirs();
    try {
        TestTopologyListener topoListener = new TestTopologyListener();
        FileAlterationMonitor monitor = new FileAlterationMonitor(Long.MAX_VALUE);
        TopologyService provider = new DefaultTopologyService();
        Map<String, String> c = new HashMap<>();
        GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class);
        EasyMock.expect(config.getGatewayTopologyDir()).andReturn(topologyDir.getAbsolutePath()).anyTimes();
        EasyMock.expect(config.getGatewayConfDir()).andReturn(descriptorsDir.getParentFile().getAbsolutePath()).anyTimes();
        EasyMock.replay(config);
        provider.init(config, c);
        provider.addTopologyChangeListener(topoListener);
        provider.reloadTopologies();
        // Add a simple descriptor to the descriptors dir to verify topology generation and loading (KNOX-1006)
        AliasService aliasService = EasyMock.createNiceMock(AliasService.class);
        EasyMock.expect(aliasService.getPasswordFromAliasForGateway(anyObject(String.class))).andReturn(null).anyTimes();
        EasyMock.replay(aliasService);
        DefaultTopologyService.DescriptorsMonitor dm = new DefaultTopologyService.DescriptorsMonitor(config, topologyDir, aliasService);
        // Listener to simulate the topologies directory monitor, to notice when a topology has been deleted
        provider.addTopologyChangeListener(new TestTopologyDeleteListener((DefaultTopologyService) provider));
        // Write out the referenced provider config first
        File provCfgFile = createFile(sharedProvidersDir, "ambari-cluster-policy.xml", "org/apache/knox/gateway/topology/file/ambari-cluster-policy.xml", System.currentTimeMillis());
        try {
            // Create the simple descriptor in the descriptors dir
            File simpleDesc = createFile(descriptorsDir, "four.json", "org/apache/knox/gateway/topology/file/simple-topology-four.json", System.currentTimeMillis());
            // Trigger the topology generation by noticing the simple descriptor
            dm.onFileChange(simpleDesc);
            // Load the generated topology
            provider.reloadTopologies();
            Collection<Topology> topologies = provider.getTopologies();
            assertThat(topologies.size(), is(1));
            Iterator<Topology> iterator = topologies.iterator();
            Topology topology = iterator.next();
            assertThat("four", is(topology.getName()));
            int serviceCount = topology.getServices().size();
            assertEquals("Expected the same number of services as are declared in the simple dscriptor.", 10, serviceCount);
            // Overwrite the simple descriptor with a different set of services, and check that the changes are
            // propagated to the associated topology
            simpleDesc = createFile(descriptorsDir, "four.json", "org/apache/knox/gateway/topology/file/simple-descriptor-five.json", System.currentTimeMillis());
            dm.onFileChange(simpleDesc);
            provider.reloadTopologies();
            topologies = provider.getTopologies();
            topology = topologies.iterator().next();
            assertNotEquals(serviceCount, topology.getServices().size());
            assertEquals(6, topology.getServices().size());
            // Delete the simple descriptor, and make sure that the associated topology file is deleted
            simpleDesc.delete();
            dm.onFileDelete(simpleDesc);
            provider.reloadTopologies();
            topologies = provider.getTopologies();
            assertTrue(topologies.isEmpty());
            // Delete a topology file, and make sure that the associated simple descriptor is deleted
            // Overwrite the simple descriptor with a different set of services, and check that the changes are
            // propagated to the associated topology
            simpleDesc = createFile(descriptorsDir, "deleteme.json", "org/apache/knox/gateway/topology/file/simple-descriptor-five.json", System.currentTimeMillis());
            dm.onFileChange(simpleDesc);
            provider.reloadTopologies();
            topologies = provider.getTopologies();
            assertFalse(topologies.isEmpty());
            topology = topologies.iterator().next();
            assertEquals("deleteme", topology.getName());
            File topologyFile = new File(topologyDir, topology.getName() + ".xml");
            assertTrue(topologyFile.exists());
            topologyFile.delete();
            provider.reloadTopologies();
            assertFalse("Simple descriptor should have been deleted because the associated topology was.", simpleDesc.exists());
        } finally {
            provCfgFile.delete();
        }
    } finally {
        FileUtils.deleteQuietly(dir);
    }
}

Example 12 with AliasService

use of org.apache.knox.gateway.services.security.AliasService in project knox by apache.

the class ServiceDiscoveryFactoryTest method testGetPropertiesFileImplWithAliasServiceInjection.

@Test
public void testGetPropertiesFileImplWithAliasServiceInjection() throws Exception {
    String TYPE = "PROPERTIES_FILE";
    ServiceDiscovery sd = ServiceDiscoveryFactory.get(TYPE, new DefaultAliasService());
    assertNotNull("Expected to get a ServiceDiscovery object.", sd);
    assertEquals("Unexpected ServiceDiscovery type.", TYPE, sd.getType());
    // Verify that the AliasService was injected as expected
    Field aliasServiceField = sd.getClass().getDeclaredField("aliasService");
    aliasServiceField.setAccessible(true);
    Object fieldValue = aliasServiceField.get(sd);
    assertNotNull(fieldValue);
    assertTrue(AliasService.class.isAssignableFrom(fieldValue.getClass()));
}

Example 13 with AliasService

use of org.apache.knox.gateway.services.security.AliasService in project knox by apache.

the class SimpleDescriptorHandler method provisionQueryParamEncryptionCredential.

/**
 * KNOX-1136
 *
 * Provision the query string encryption password prior to it being randomly generated during the topology
 * deployment.
 *
 * @param topologyName The name of the topology for which the credential will be provisioned.
 *
 * @return true if the credential was successfully provisioned; otherwise, false.
 */
private static boolean provisionQueryParamEncryptionCredential(final String topologyName) {
    boolean result = false;
    try {
        GatewayServices services = GatewayServer.getGatewayServices();
        if (services != null) {
            MasterService ms = services.getService("MasterService");
            if (ms != null) {
                KeystoreService ks = services.getService(GatewayServices.KEYSTORE_SERVICE);
                if (ks != null) {
                    if (!ks.isCredentialStoreForClusterAvailable(topologyName)) {
                        ks.createCredentialStoreForCluster(topologyName);
                    }
                    // If the credential store existed, or it was just successfully created
                    if (ks.getCredentialStoreForCluster(topologyName) != null) {
                        AliasService aliasService = services.getService(GatewayServices.ALIAS_SERVICE);
                        if (aliasService != null) {
                            // Derive and set the query param encryption password
                            String queryEncryptionPass = new String(ms.getMasterSecret()) + topologyName;
                            aliasService.addAliasForCluster(topologyName, "encryptQueryString", queryEncryptionPass);
                            result = true;
                        }
                    }
                }
            }
        }
    } catch (Exception e) {
        log.exceptionCreatingPasswordForEncryption(topologyName, e);
    }
    return result;
}

Example 14 with AliasService

use of org.apache.knox.gateway.services.security.AliasService in project knox by apache.

the class RemoteConfigurationRegistryClientServiceTest method doTestZooKeeperClient.

private void doTestZooKeeperClient(final CuratorFramework setupClient, final String testClientName, final GatewayConfig config, final String credentialAlias, final String digestPassword) throws Exception {
    boolean isSecureTest = (credentialAlias != null && digestPassword != null);
    // Mock alias service
    AliasService aliasService = EasyMock.createNiceMock(AliasService.class);
    EasyMock.expect(aliasService.getPasswordFromAliasForGateway(credentialAlias)).andReturn(isSecureTest ? digestPassword.toCharArray() : null).anyTimes();
    EasyMock.replay(aliasService);
    // Create the client service instance
    RemoteConfigurationRegistryClientService clientService = RemoteConfigurationRegistryClientServiceFactory.newInstance(config);
    assertEquals("Wrong registry client service type.", clientService.getClass(), CuratorClientService.class);
    clientService.setAliasService(aliasService);
    clientService.init(config, null);
    clientService.start();
    doTestZooKeeperClient(setupClient, testClientName, clientService, isSecureTest);
}

Example 15 with AliasService

use of org.apache.knox.gateway.services.security.AliasService in project knox by apache.

the class RemoteConfigurationRegistryJAASConfigTest method testZooKeeperDigestContextEntry.

@Test
public void testZooKeeperDigestContextEntry() throws Exception {
    List<RemoteConfigurationRegistryConfig> registryConfigs = new ArrayList<>();
    final String ENTRY_NAME = "my_digest_context";
    final String DIGEST_PRINCIPAL = "myIdentity";
    final String DIGEST_PWD_ALIAS = "myAlias";
    final String DIGEST_PWD = "mysecret";
    AliasService aliasService = EasyMock.createNiceMock(AliasService.class);
    EasyMock.expect(aliasService.getPasswordFromAliasForGateway(DIGEST_PWD_ALIAS)).andReturn(DIGEST_PWD.toCharArray()).anyTimes();
    EasyMock.replay(aliasService);
    registryConfigs.add(createDigestConfig(ENTRY_NAME, DIGEST_PRINCIPAL, DIGEST_PWD_ALIAS));
    try {
        RemoteConfigurationRegistryJAASConfig jaasConfig = RemoteConfigurationRegistryJAASConfig.configure(registryConfigs, aliasService);
        // Make sure there are no entries for an invalid context entry name
        assertNull(jaasConfig.getAppConfigurationEntry("invalid"));
        // Validate the intended context entry
        validateDigestContext(jaasConfig, ENTRY_NAME, RemoteConfigurationRegistryJAASConfig.digestLoginModules.get("ZOOKEEPER"), DIGEST_PRINCIPAL, DIGEST_PWD);
    } finally {
        Configuration.setConfiguration(null);
    }
}