This is an automated email from the ASF dual-hosted git repository.
isjarana pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata-custos.git
The following commit(s) were added to refs/heads/develop by this push:
new beb8455 Support ssh,password external token string
new 994f7b2 Merge pull request #124 from isururanawaka/vault_ssl
beb8455 is described below
commit beb845510611e9eaa035e2ed824652c3dcbeef63
Author: Isuru Ranawaka <irjanith@gmail.com>
AuthorDate: Fri Nov 13 13:43:54 2020 -0500
Support ssh,password external token string
---
.../resources/keycloak-client-truststore.pkcs12 | Bin 1682 -> 1674 bytes
.../resources/keycloak-client-truststore.pkcs12 | Bin 1682 -> 1674 bytes
.../manager/adaptor/inbound/CredentialReader.java | 139 ++++++++++++++-------
.../adaptor/outbound/CertificateCredential.java | 1 +
.../manager/adaptor/outbound/CredentialWriter.java | 93 ++++++++++++--
.../adaptor/outbound/PasswordCredential.java | 5 +
.../adaptor/outbound/ResourceCredential.java | 16 +++
.../manager/adaptor/outbound/SSHCredential.java | 37 +++---
.../local/repository/SecretRepository.java | 10 +-
.../secret/service/ResourceSecretService.java | 38 +++---
10 files changed, 249 insertions(+), 90 deletions(-)
diff --git a/custos-core-services/iam-admin-core-service/src/main/resources/keycloak-client-truststore.pkcs12
b/custos-core-services/iam-admin-core-service/src/main/resources/keycloak-client-truststore.pkcs12
index 63d9228..d2549b1 100644
Binary files a/custos-core-services/iam-admin-core-service/src/main/resources/keycloak-client-truststore.pkcs12
and b/custos-core-services/iam-admin-core-service/src/main/resources/keycloak-client-truststore.pkcs12
differ
diff --git a/custos-core-services/identity-core-service/src/main/resources/keycloak-client-truststore.pkcs12
b/custos-core-services/identity-core-service/src/main/resources/keycloak-client-truststore.pkcs12
index 63d9228..d2549b1 100644
Binary files a/custos-core-services/identity-core-service/src/main/resources/keycloak-client-truststore.pkcs12
and b/custos-core-services/identity-core-service/src/main/resources/keycloak-client-truststore.pkcs12
differ
diff --git a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/CredentialReader.java
b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/CredentialReader.java
index 8bc4e33..9f5de02 100644
--- a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/CredentialReader.java
+++ b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/CredentialReader.java
@@ -61,36 +61,47 @@ public class CredentialReader {
*/
public SSHCredential getSSHCredential(long tenantId, String token) {
- Optional<Secret> secret = repository.findById(token);
+ Secret secret = null;
+ if (token != null && !token.trim().equals("")) {
+ Optional<Secret> exSecret = repository.findById(token);
+ if (exSecret.isPresent()){
+ secret = exSecret.get();
+ }
+ }
+ if (secret == null) {
+ List<Secret> secrets = repository.findAllByExternalIdAndTenantId(token,
tenantId);
+ if (secrets != null && !secrets.isEmpty()) {
+ secret = secrets.get(0);
+ }
+ }
- if (secret.isEmpty()) {
+ if (secret == null) {
return null;
}
- Secret exSec = secret.get();
-
- String vaultPath = Constants.VAULT_RESOURCE_SECRETS_PATH + tenantId + "/" + exSec.getOwnerId()
+
- "/" + Constants.SSH_CREDENTIALS + "/" + token;
-
+ String vaultPath = Constants.VAULT_RESOURCE_SECRETS_PATH + tenantId + "/" + secret.getOwnerId()
+
+ "/" + Constants.SSH_CREDENTIALS + "/" + secret.getId();
VaultResponseSupport<SSHCredentialSecrets> response = vaultTemplate.read(vaultPath,
SSHCredentialSecrets.class);
if (response == null || response.getData() == null && response.getData().getPrivateKey()
== null) {
- repository.delete(exSec);
+ repository.delete(secret);
return null;
}
SSHCredentialSecrets sshCredentialSecrets = response.getData();
SecretMetadata metadata = SecretMetadata.newBuilder()
- .setOwnerId(exSec.getOwnerId())
+ .setOwnerId(secret.getOwnerId())
.setTenantId(tenantId)
- .setPersistedTime(exSec.getCreatedAt().getTime())
- .setDescription(exSec.getDiscription())
+ .setPersistedTime(secret.getCreatedAt().getTime())
+ .setDescription(secret.getDiscription())
.setResourceType(ResourceType.VAULT_CREDENTIAL)
.setSource(ResourceSource.EXTERNAL)
- .setToken(token)
+ .setToken(
+ (secret.getExternalId() != null &&
+ !secret.getExternalId().trim().equals(""))? secret.getExternalId():
secret.getId())
.build();
SSHCredential credential = SSHCredential.newBuilder()
@@ -112,37 +123,50 @@ public class CredentialReader {
* @param token
* @return
*/
- public org.apache.custos.resource.secret.service.PasswordCredential getPasswordCredential(long
tenantId, String token) {
- Optional<Secret> secret = repository.findById(token);
-
+ public org.apache.custos.resource.secret.service.PasswordCredential getPasswordCredential(long
tenantId,
+
String token) {
+ Secret secret = null;
+
+ if (token != null && !token.trim().equals("")) {
+ Optional<Secret> exSecret = repository.findById(token);
+ if (exSecret.isPresent()){
+ secret = exSecret.get();
+ }
+ } if (secret == null ) {
+ List<Secret> secrets = repository.findAllByExternalIdAndTenantId(token,
tenantId);
+ if (secrets != null && !secrets.isEmpty()) {
+ secret = secrets.get(0);
+ }
+ }
- if (secret.isEmpty()) {
+ if (secret == null) {
return null;
}
- Secret exSec = secret.get();
-
- String vaultPath = Constants.VAULT_RESOURCE_SECRETS_PATH + tenantId + "/" + exSec.getOwnerId()
+
- "/" + Constants.PASSWORD + "/" + token;
+ String vaultPath = Constants.VAULT_RESOURCE_SECRETS_PATH + tenantId + "/" + secret.getOwnerId()
+
+ "/" + Constants.PASSWORD + "/" + secret.getId();
VaultResponseSupport<PasswordSecret> response = vaultTemplate.read(vaultPath,
PasswordSecret.class);
if (response == null || response.getData() == null && response.getData().getPassword()
== null) {
- repository.delete(exSec);
+ repository.delete(secret);
return null;
}
PasswordSecret passwordSecret = response.getData();
SecretMetadata metadata = SecretMetadata.newBuilder()
- .setOwnerId(exSec.getOwnerId())
+ .setOwnerId(secret.getOwnerId())
.setTenantId(tenantId)
- .setPersistedTime(exSec.getCreatedAt().getTime())
- .setDescription(exSec.getDiscription())
+ .setPersistedTime(secret.getCreatedAt().getTime())
+ .setDescription(secret.getDiscription())
.setResourceType(ResourceType.VAULT_CREDENTIAL)
.setSource(ResourceSource.EXTERNAL)
- .setToken(token)
+ .setType(ResourceSecretType.PASSWORD)
+ .setToken(
+ (secret.getExternalId() != null ||
+ !secret.getExternalId().trim().equals(""))? secret.getExternalId():
secret.getId())
.build();
org.apache.custos.resource.secret.service.PasswordCredential credential =
@@ -164,34 +188,48 @@ public class CredentialReader {
* @return
*/
public CertificateCredential getCertificateCredential(long tenantId, String token) {
- Optional<Secret> secret = repository.findById(token);
+ Secret secret = null;
+
+ if (token != null && !token.trim().equals("")) {
+ Optional<Secret> exSecret = repository.findById(token);
+ if (exSecret.isPresent()){
+ secret = exSecret.get();
+ }
+ } if (secret == null) {
+ List<Secret> secrets = repository.findAllByExternalIdAndTenantId(token,
tenantId);
+ if (secrets != null && !secrets.isEmpty()) {
+ secret = secrets.get(0);
+ }
+ }
- if (secret.isEmpty()) {
+ if (secret == null) {
return null;
}
- Secret exSec = secret.get();
- String vaultPath = Constants.VAULT_RESOURCE_SECRETS_PATH + tenantId + "/" + exSec.getOwnerId()
+
- "/" + Constants.PASSWORD + "/" + token;
+ String vaultPath = Constants.VAULT_RESOURCE_SECRETS_PATH + tenantId + "/" + secret.getOwnerId()
+
+ "/" + Constants.PASSWORD + "/" + secret.getId();
VaultResponseSupport<Certificate> response = vaultTemplate.read(vaultPath,
Certificate.class);
if (response == null || response.getData() == null && response.getData().getCertificate()
== null) {
- repository.delete(exSec);
+ repository.delete(secret);
return null;
}
Certificate certificate = response.getData();
SecretMetadata metadata = SecretMetadata.newBuilder()
- .setOwnerId(exSec.getOwnerId())
+ .setOwnerId(secret.getOwnerId())
.setTenantId(tenantId)
- .setPersistedTime(exSec.getCreatedAt().getTime())
- .setDescription(exSec.getDiscription())
+ .setPersistedTime(secret.getCreatedAt().getTime())
+ .setDescription(secret.getDiscription())
.setResourceType(ResourceType.VAULT_CREDENTIAL)
.setSource(ResourceSource.EXTERNAL)
- .setToken(token)
+ .setType(ResourceSecretType.X509_CERTIFICATE)
+ .setToken(
+ (secret.getExternalId() != null &&
+ !secret.getExternalId().trim().equals(""))? secret.getExternalId():
secret.getId())
.build();
CertificateCredential certificateCredential = CertificateCredential.newBuilder()
@@ -216,16 +254,29 @@ public class CredentialReader {
*/
public SecretMetadata getCredentialSummary(long tenantId, String token) {
- Optional<Secret> exSec = repository.findById(token);
+ Secret secret = null;
- if (exSec.isEmpty()) {
- return null;
+ if (token != null && !token.trim().equals("")) {
+ Optional<Secret> exSecret = repository.findById(token);
+ if (exSecret.isPresent()){
+ secret = exSecret.get();
+ }
+ }
+ if (secret == null) {
+ List<Secret> secrets = repository.findAllByExternalIdAndTenantId(token,
tenantId);
+ if (secrets != null && !secrets.isEmpty()) {
+ secret = secrets.get(0);
+ }
}
- Secret secret = exSec.get();
+ if (secret == null) {
+ return null;
+ }
return SecretMetadata.newBuilder()
- .setToken(token)
+ .setToken(
+ (secret.getExternalId() != null &&
+ !secret.getExternalId().trim().equals(""))? secret.getExternalId():
secret.getId())
.setTenantId(tenantId)
.setDescription(secret.getDiscription())
.setPersistedTime(secret.getCreatedAt().getTime())
@@ -246,7 +297,7 @@ public class CredentialReader {
*/
public List<SecretMetadata> getAllCredentialSummaries(long tenantId, List<String>
tokens) {
- List<Secret> secrets = repository.findAllById(tokens);
+ List<Secret> secrets = repository.getAllSecretsByIdOrExternalId(tenantId, tokens,
tokens);
List<SecretMetadata> metadata = new ArrayList<>();
if (secrets != null && !secrets.isEmpty()) {
@@ -254,7 +305,9 @@ public class CredentialReader {
secrets.forEach(secret -> {
metadata.add(SecretMetadata.newBuilder()
- .setToken(secret.getId())
+ .setToken(
+ (secret.getExternalId() != null &&
+ !secret.getExternalId().trim().equals(""))? secret.getExternalId():
secret.getId())
.setTenantId(tenantId)
.setDescription(secret.getDiscription())
.setPersistedTime(secret.getCreatedAt().getTime())
@@ -318,7 +371,7 @@ public class CredentialReader {
public KVCredential getKVSecretByKey(String key, long tenantId, String ownerId) {
- List<Secret> secrets = repository.findAllByExternalIdAndOwnerId(key, ownerId);
+ List<Secret> secrets = repository.findAllByExternalIdAndOwnerIdAndTenantId(key,
ownerId, tenantId);
if (secrets != null && secrets.isEmpty()) {
return null;
diff --git a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/CertificateCredential.java
b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/CertificateCredential.java
index d52d677..5407c9f 100644
--- a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/CertificateCredential.java
+++ b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/CertificateCredential.java
@@ -45,6 +45,7 @@ public class CertificateCredential extends ResourceCredential {
private String privateKey;
+
public CertificateCredential(GeneratedMessageV3 message) throws CertificateException
{
super(message);
if (message instanceof org.apache.custos.resource.secret.service.CertificateCredential)
{
diff --git a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/CredentialWriter.java
b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/CredentialWriter.java
index a0f2fcf..e48b668 100644
--- a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/CredentialWriter.java
+++ b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/CredentialWriter.java
@@ -65,13 +65,32 @@ public class CredentialWriter {
if (exSecret.isPresent()) {
String msg = " Credential with token " + credential.getToken() + " already exist";
LOGGER.error(msg);
- throw new CredentialStoreException(msg, null);
+ throw new CredentialStoreException("Invalid token", null);
+ }
+
+ if (credential.getExternalId() != null && !credential.getExternalId().trim().equals(""))
{
+
+ Optional<Secret> exToSec = repository.findById(credential.getExternalId());
+
+ if (exToSec.isPresent()) {
+ String msg = " Credential with token " + credential.getToken() + " already
exist";
+ LOGGER.error(msg);
+ throw new CredentialStoreException("Invalid token", null);
+ }
+
+ List<Secret> secrets = repository.findAllByExternalIdAndTenantId(credential.getExternalId(),
+ credential.getTenantId());
+ if (secrets != null && !secrets.isEmpty()) {
+ String msg = " Credential with externalId " + credential.getExternalId()
+ " already exist";
+ LOGGER.error(msg);
+ throw new CredentialStoreException("Invalid token", null);
+ }
+
}
String path = Constants.VAULT_RESOURCE_SECRETS_PATH + credential.getTenantId() +
"/" + credential.getOwnerId()
+ "/" + Constants.SSH_CREDENTIALS + "/" + credential.getToken();
-
SSHCredentialSecrets sshCredentialSecrets = new SSHCredentialSecrets
(credential.getPrivateKey(), credential.getPublicKey(), credential.getPassPhrase());
vaultTemplate.write(path, sshCredentialSecrets);
@@ -92,6 +111,7 @@ public class CredentialWriter {
secret.setOwnerType(credential.getResourceOwnerType().name());
secret.setSecretType(ResourceSecretType.SSH.name());
secret.setTenantId(credential.getTenantId());
+ secret.setExternalId(credential.getExternalId());
repository.save(secret);
return true;
}
@@ -108,7 +128,26 @@ public class CredentialWriter {
if (exSecret.isPresent()) {
String msg = " Credential with token " + credential.getToken() + " already exist";
LOGGER.error(msg);
- throw new CredentialStoreException(msg, null);
+ throw new CredentialStoreException("Invalid token", null);
+ }
+
+ if (credential.getExternalId() != null && !credential.getExternalId().trim().equals(""))
{
+ Optional<Secret> exToSec = repository.findById(credential.getExternalId());
+
+ if (exToSec.isPresent()) {
+ String msg = " Credential with token " + credential.getToken() + " already
exist";
+ LOGGER.error(msg);
+ throw new CredentialStoreException("Invalid token", null);
+ }
+
+ List<Secret> secrets = repository.findAllByExternalIdAndTenantId(credential.getExternalId(),
+ credential.getTenantId());
+ if (secrets != null && !secrets.isEmpty()) {
+ String msg = " Credential with externalId " + credential.getExternalId()
+ " already exist";
+ LOGGER.error(msg);
+ throw new CredentialStoreException("Invalid token", null);
+ }
+
}
String path = Constants.VAULT_RESOURCE_SECRETS_PATH + credential.getTenantId() +
"/" + credential.getOwnerId()
@@ -134,6 +173,7 @@ public class CredentialWriter {
secret.setOwnerType(credential.getResourceOwnerType().name());
secret.setSecretType(ResourceSecretType.PASSWORD.name());
secret.setTenantId(credential.getTenantId());
+ secret.setExternalId(credential.getExternalId());
repository.save(secret);
return true;
}
@@ -150,9 +190,29 @@ public class CredentialWriter {
if (exSecret.isPresent()) {
String msg = " Credential with token " + credential.getToken() + " already exist";
LOGGER.error(msg);
- throw new CredentialStoreException(msg, null);
+ throw new CredentialStoreException("Invalid token", null);
}
+ if (credential.getExternalId() != null && !credential.getExternalId().trim().equals(""))
{
+ Optional<Secret> exToSec = repository.findById(credential.getExternalId());
+
+ if (exToSec.isPresent()) {
+ String msg = " Credential with token " + credential.getToken() + " already
exist";
+ LOGGER.error(msg);
+ throw new CredentialStoreException("Invalid token", null);
+ }
+
+ List<Secret> secrets = repository.findAllByExternalIdAndTenantId(credential.getExternalId(),
+ credential.getTenantId());
+ if (secrets != null && !secrets.isEmpty()) {
+ String msg = " Credential with externalId " + credential.getExternalId()
+ " already exist";
+ LOGGER.error(msg);
+ throw new CredentialStoreException("Invalid token", null);
+ }
+
+ }
+
+
String path = Constants.VAULT_RESOURCE_SECRETS_PATH + credential.getTenantId() +
"/" + credential.getOwnerId() +
"/" + Constants.SSH_CREDENTIALS + "/" + credential.getToken();
@@ -181,6 +241,7 @@ public class CredentialWriter {
secret.setOwnerType(credential.getResourceOwnerType().name());
secret.setSecretType(ResourceSecretType.X509_CERTIFICATE.name());
secret.setTenantId(credential.getTenantId());
+ secret.setExternalId(credential.getExternalId());
repository.save(secret);
return true;
}
@@ -195,13 +256,19 @@ public class CredentialWriter {
*/
public boolean deleteCredential(long tenantId, String token) {
+ Secret secret = null;
Optional<Secret> exSec = repository.findById(token);
- if (exSec.isEmpty()) {
- return true;
+ if (exSec.isPresent()) {
+ secret = exSec.get();
}
- Secret secret = exSec.get();
+ if (exSec.isEmpty()) {
+ List<Secret> secrets = repository.findAllByExternalIdAndTenantId(token,
tenantId);
+ if (secrets != null && !secrets.isEmpty()) {
+ secret = secrets.get(0);
+ }
+ }
String type = null;
@@ -215,7 +282,7 @@ public class CredentialWriter {
String path = Constants.VAULT_RESOURCE_SECRETS_PATH + tenantId + "/" + secret.getOwnerId()
+
- "/" + type + "/" + token;
+ "/" + type + "/" + secret.getId();
vaultTemplate.delete(path);
@@ -230,10 +297,10 @@ public class CredentialWriter {
if (exSecret.isPresent()) {
String msg = " Credential with token " + kvCredential.getToken() + " already
exist";
LOGGER.error(msg);
- throw new CredentialStoreException(msg, null);
+ throw new CredentialStoreException("Invalid token", null);
}
- List<Secret> secrets = repository.findAllByExternalIdAndOwnerId(kvCredential.getKey(),
kvCredential.getOwnerId());
+ List<Secret> secrets = repository.findAllByExternalIdAndOwnerIdAndTenantId(kvCredential.getKey(),
kvCredential.getOwnerId(), kvCredential.getTenantId());
if (secrets != null && !secrets.isEmpty()) {
String msg = " Credential with key " + kvCredential.getKey() + " of user " +
kvCredential.getOwnerId()
@@ -288,7 +355,8 @@ public class CredentialWriter {
} else {
List<Secret> secrets = repository.
- findAllByExternalIdAndOwnerId(kvCredential.getKey(), kvCredential.getMetadata().getOwnerId());
+ findAllByExternalIdAndOwnerIdAndTenantId(kvCredential.getKey(), kvCredential.getMetadata().getOwnerId(),
+ kvCredential.getMetadata().getTenantId());
if (secrets == null && secrets.isEmpty()) {
String msg = " Cannot find record "
@@ -338,7 +406,8 @@ public class CredentialWriter {
} else {
List<Secret> secrets = repository.
- findAllByExternalIdAndOwnerId(kvCredential.getKey(), kvCredential.getMetadata().getOwnerId());
+ findAllByExternalIdAndOwnerIdAndTenantId(kvCredential.getKey(), kvCredential.getMetadata().getOwnerId(),
+ kvCredential.getMetadata().getTenantId());
if (secrets == null && secrets.isEmpty()) {
String msg = " Cannot find record "
diff --git a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/PasswordCredential.java
b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/PasswordCredential.java
index 6b7b03c..0ac053f 100644
--- a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/PasswordCredential.java
+++ b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/PasswordCredential.java
@@ -28,10 +28,13 @@ public class PasswordCredential extends ResourceCredential {
private String password;
+
+
public PasswordCredential(GeneratedMessageV3 message) {
super(message);
if (message instanceof org.apache.custos.resource.secret.service.PasswordCredential)
{
this.password = ((org.apache.custos.resource.secret.service.PasswordCredential)
message).getPassword();
+
}
}
@@ -42,4 +45,6 @@ public class PasswordCredential extends ResourceCredential {
public void setPassword(String password) {
this.password = password;
}
+
+
}
diff --git a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/ResourceCredential.java
b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/ResourceCredential.java
index 01b1cf4..0425d82 100644
--- a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/ResourceCredential.java
+++ b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/ResourceCredential.java
@@ -41,6 +41,9 @@ public class ResourceCredential implements Credential {
private long tenantId;
+ private String externalId;
+
+
public ResourceCredential(GeneratedMessageV3 message) {
this.token = generateToken();
@@ -51,6 +54,7 @@ public class ResourceCredential implements Credential {
this.ownerId = metadata.getOwnerId();
this.tenantId = metadata.getTenantId();
this.resourceOwnerType = ResourceOwnerType.TENANT;
+ this.externalId = metadata.getToken();
} else if (message instanceof CertificateCredential) {
SecretMetadata metadata = ((CertificateCredential) message).getMetadata();
@@ -58,6 +62,7 @@ public class ResourceCredential implements Credential {
this.ownerId = metadata.getOwnerId();
this.tenantId = metadata.getTenantId();
this.resourceOwnerType = ResourceOwnerType.TENANT;
+ this.externalId = metadata.getToken();
} else if (message instanceof PasswordCredential) {
SecretMetadata metadata = ((PasswordCredential) message).getMetadata();
@@ -65,12 +70,14 @@ public class ResourceCredential implements Credential {
this.ownerId = metadata.getOwnerId();
this.tenantId = metadata.getTenantId();
this.resourceOwnerType = ResourceOwnerType.TENANT;
+ this.externalId = metadata.getToken();
} else if (message instanceof org.apache.custos.resource.secret.service.KVCredential)
{
SecretMetadata metadata = ((org.apache.custos.resource.secret.service.KVCredential)
message).getMetadata();
this.description = metadata.getDescription();
this.ownerId = metadata.getOwnerId();
this.tenantId = metadata.getTenantId();
this.resourceOwnerType = ResourceOwnerType.TENANT_USER;
+ this.externalId = ((org.apache.custos.resource.secret.service.KVCredential) message).getKey();
}
}
@@ -120,4 +127,13 @@ public class ResourceCredential implements Credential {
return UUID.randomUUID().toString();
}
+
+
+ public String getExternalId() {
+ return externalId;
+ }
+
+ public void setExternalId(String externalId) {
+ this.externalId = externalId;
+ }
}
diff --git a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/SSHCredential.java
b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/SSHCredential.java
index 5e2d6eb..ff6647a 100644
--- a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/SSHCredential.java
+++ b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/SSHCredential.java
@@ -26,7 +26,6 @@ import org.apache.commons.io.FileUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-
import java.io.File;
import java.util.UUID;
@@ -42,20 +41,24 @@ public class SSHCredential extends ResourceCredential {
private String privateKey;
private String passPhrase;
+
public SSHCredential(GeneratedMessageV3 message) throws Exception {
super(message);
- if (message instanceof org.apache.custos.resource.secret.service.SSHCredential) {
+ if (message instanceof org.apache.custos.resource.secret.service.SSHCredential) {
+
+ this.passPhrase = ((org.apache.custos.resource.secret.service.SSHCredential)
message).getPassphrase();
+ this.privateKey = ((org.apache.custos.resource.secret.service.SSHCredential)
message).getPrivateKey();
+ this.publicKey = ((org.apache.custos.resource.secret.service.SSHCredential) message).getPublicKey();
- this.passPhrase = ((org.apache.custos.resource.secret.service.SSHCredential) message).getPassphrase();
- this.privateKey = ((org.apache.custos.resource.secret.service.SSHCredential) message).getPrivateKey();
- this.publicKey = ((org.apache.custos.resource.secret.service.SSHCredential) message).getPublicKey();
- if (passPhrase == null || passPhrase.trim().equals("")) {
- this.passPhrase = String.valueOf(UUID.randomUUID());
- }
- this.generateKeyPair(this.passPhrase);
+ if (passPhrase == null || passPhrase.trim().equals("")) {
+ this.passPhrase = String.valueOf(UUID.randomUUID());
+ }
+ if (this.publicKey == null || this.publicKey.trim().equals("")) {
+ this.generateKeyPair(this.passPhrase);
+ }
- }
+ }
}
@@ -83,15 +86,16 @@ public class SSHCredential extends ResourceCredential {
this.passPhrase = passPhrase;
}
- private void generateKeyPair(String passPhrase) throws Exception{
- JSch jsch=new JSch();
- try{
- KeyPair kpair= KeyPair.genKeyPair(jsch, KeyPair.RSA, 2048);
+
+ private void generateKeyPair(String passPhrase) throws Exception {
+ JSch jsch = new JSch();
+ try {
+ KeyPair kpair = KeyPair.genKeyPair(jsch, KeyPair.RSA, 2048);
File file = File.createTempFile("id_rsa", "");
String fileName = file.getAbsolutePath();
kpair.writePrivateKey(fileName, passPhrase.getBytes());
- kpair.writePublicKey(fileName + ".pub" , "");
+ kpair.writePublicKey(fileName + ".pub", "");
kpair.dispose();
byte[] priKey = FileUtils.readFileToByteArray(new File(fileName));
@@ -99,8 +103,7 @@ public class SSHCredential extends ResourceCredential {
this.privateKey = new String(priKey);
this.publicKey = new String(pubKey);
- }
- catch(Exception e){
+ } catch (Exception e) {
LOGGER.error("Error while creating key pair", e);
throw new Exception("Error while creating key pair", e);
}
diff --git a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/persistance/local/repository/SecretRepository.java
b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/persistance/local/repository/SecretRepository.java
index c73610c..26b1d02 100644
--- a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/persistance/local/repository/SecretRepository.java
+++ b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/persistance/local/repository/SecretRepository.java
@@ -21,13 +21,21 @@ package org.apache.custos.resource.secret.persistance.local.repository;
import org.apache.custos.resource.secret.persistance.local.model.Secret;
import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Query;
+import java.util.Iterator;
import java.util.List;
public interface SecretRepository extends JpaRepository<Secret, String> {
- public List<Secret> findAllByExternalIdAndOwnerId(String externalId, String ownerId);
+ public List<Secret> findAllByExternalIdAndOwnerIdAndTenantId(String externalId,
String ownerId, long tenantId);
+
+ public List<Secret> findAllByExternalIdAndTenantId(String externalId, long tenantId);
+
+ @Query(value = "select * from secret s where s.tenant_id = ?1 and ( s.id IN ?2 " +
+ "or s.external_id IN ?3 )", nativeQuery = true)
+ public List<Secret> getAllSecretsByIdOrExternalId(long tenantId, List<String>
tokens, List<String> externalIds);
}
diff --git a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/service/ResourceSecretService.java
b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/service/ResourceSecretService.java
index b9ecbfb..8e25e14 100644
--- a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/service/ResourceSecretService.java
+++ b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/service/ResourceSecretService.java
@@ -76,7 +76,7 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
} catch (Exception ex) {
String msg = "Exception occurred while fetching credential summaries " +
- " : " + ex.getMessage();
+ " : " + ex;
LOGGER.error(msg);
responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
}
@@ -102,7 +102,8 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
AddResourceCredentialResponse resourceCredentialResponse = AddResourceCredentialResponse
.newBuilder()
- .setToken(sshCredential.getToken())
+ .setToken((sshCredential.getExternalId() != null &&
+ !sshCredential.getExternalId().trim().equals(""))?sshCredential.getExternalId():
sshCredential.getToken())
.build();
responseObserver.onNext(resourceCredentialResponse);
responseObserver.onCompleted();
@@ -110,7 +111,7 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
} catch (Exception ex) {
String msg = "Exception occurred while adding SSH credentials " + request.getMetadata().getToken()
+
- " : " + ex.getMessage();
+ " : " + ex;
LOGGER.error(msg);
responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
}
@@ -135,14 +136,15 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
AddResourceCredentialResponse resourceCredentialResponse = AddResourceCredentialResponse
.newBuilder()
- .setToken(passwordCredential.getToken())
+ .setToken((passwordCredential.getExternalId() != null &&
+ !passwordCredential.getExternalId().trim().equals(""))?passwordCredential.getExternalId():
passwordCredential.getToken())
.build();
responseObserver.onNext(resourceCredentialResponse);
responseObserver.onCompleted();
} catch (Exception ex) {
String msg = "Exception occurred while adding password credentials " + request.getMetadata().getToken()
+
- " : " + ex.getMessage();
+ " : " + ex;
LOGGER.error(msg);
responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
}
@@ -167,14 +169,16 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
AddResourceCredentialResponse resourceCredentialResponse = AddResourceCredentialResponse
.newBuilder()
- .setToken(certificateCredential.getToken())
+ .setToken((certificateCredential.getExternalId() != null &&
+ !certificateCredential.getExternalId().trim().equals(""))?
+ certificateCredential.getExternalId(): certificateCredential.getToken())
.build();
responseObserver.onNext(resourceCredentialResponse);
responseObserver.onCompleted();
} catch (Exception ex) {
String msg = "Exception occurred while adding certificate credential secret "
+ request.getMetadata().getToken() +
- " : " + ex.getMessage();
+ " : " + ex;
LOGGER.error(msg);
responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
}
@@ -194,7 +198,7 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
} catch (Exception ex) {
String msg = "Exception occurred while fetching resource credential summaries
" + request.getToken() +
- " : " + ex.getMessage();
+ " : " + ex;
LOGGER.error(msg);
responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
}
@@ -212,7 +216,7 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
} catch (Exception ex) {
String msg = "Exception occurred while fetching SSH credential " + request.getToken()
+
- " : " + ex.getMessage();
+ " : " + ex;
LOGGER.error(msg);
responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
}
@@ -231,7 +235,7 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
} catch (Exception ex) {
String msg = "Exception occurred while fetching password credential " + request.getToken()
+
- " : " + ex.getMessage();
+ " : " + ex;
LOGGER.error(msg);
responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
}
@@ -250,7 +254,7 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
} catch (Exception ex) {
String msg = "Exception occurred while fetching certificate credential " + request.getToken()
+
- " : " + ex.getMessage();
+ " : " + ex;
LOGGER.error(msg);
responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
}
@@ -277,7 +281,7 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
} catch (Exception ex) {
String msg = "Exception occurred while deleting SSH secret " + request.getToken()
+
- " : " + ex.getMessage();
+ " : " + ex;
LOGGER.error(msg);
responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
}
@@ -303,7 +307,7 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
} catch (Exception ex) {
String msg = "Exception occurred while deleting password credential " + request.getToken()
+
- " : " + ex.getMessage();
+ " : " + ex;
LOGGER.error(msg);
responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
}
@@ -329,7 +333,7 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
} catch (Exception ex) {
String msg = "Exception occurred while fetching KV credentials " +
- " : " + ex.getMessage();
+ " : " + ex;
LOGGER.error(msg);
responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
}
@@ -357,7 +361,7 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
} catch (Exception ex) {
String msg = "Exception occurred while setting KV credentials " +
- " : " + ex.getMessage();
+ " : " + ex;
LOGGER.error(msg);
responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
}
@@ -383,7 +387,7 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
} catch (Exception ex) {
String msg = "Exception occurred while updating KV credential " +
- " : " + ex.getMessage();
+ " : " + ex;
LOGGER.error(msg);
responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
}
@@ -409,7 +413,7 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
} catch (Exception ex) {
String msg = "Exception occurred while deleting KV credential " +
- " : " + ex.getMessage();
+ " : " + ex;
LOGGER.error(msg);
responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
}
|