brooklyn-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From henev...@apache.org
Subject [05/21] incubator-brooklyn git commit: add + fix location ssh tests
Date Tue, 27 Jan 2015 17:45:12 GMT
add + fix location ssh tests

including a sample yaml for quickly trying lots of weird combos


Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/f4346ef8
Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/f4346ef8
Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/f4346ef8

Branch: refs/heads/master
Commit: f4346ef8009a13f03c6a6ee4f03777bfeb0bbb21
Parents: aafddb5
Author: Alex Heneveld <alex.heneveld@cloudsoftcorp.com>
Authored: Thu Jan 22 21:38:52 2015 +0000
Committer: Alex Heneveld <alex.heneveld@cloudsoftcorp.com>
Committed: Thu Jan 22 23:21:36 2015 +0000

----------------------------------------------------------------------
 .../internal/BrooklynFeatureEnablement.java     |  5 +-
 .../location/basic/LocationConfigUtils.java     |  3 +-
 .../brooklyn/util/crypto/FluentKeySigner.java   |  6 ++-
 .../location/basic/LocationConfigUtilsTest.java |  4 +-
 .../jclouds/various-login-credentials.yaml      | 52 ++++++++++++++++++++
 pom.xml                                         |  2 +
 6 files changed, 67 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/f4346ef8/core/src/main/java/brooklyn/internal/BrooklynFeatureEnablement.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/brooklyn/internal/BrooklynFeatureEnablement.java b/core/src/main/java/brooklyn/internal/BrooklynFeatureEnablement.java
index 7ecd7cd..6839a75 100644
--- a/core/src/main/java/brooklyn/internal/BrooklynFeatureEnablement.java
+++ b/core/src/main/java/brooklyn/internal/BrooklynFeatureEnablement.java
@@ -96,10 +96,12 @@ public class BrooklynFeatureEnablement {
      */
     public static final String FEATURE_SSH_ASYNC_EXEC = FEATURE_PROPERTY_PREFIX+".ssh.asyncExec";
 
+    public static final String FEATURE_VALIDATE_LOCATION_SSH_KEYS = "brooklyn.validate.locationSshKeys";
+    
     private static final Map<String, Boolean> FEATURE_ENABLEMENTS = Maps.newLinkedHashMap();
 
     private static final Object MUTEX = new Object();
-    
+
     static void setDefaults() {
         // Idea is here one can put experimental features that are *enabled* by default,
but 
         // that can be turned off via system properties, or vice versa.
@@ -115,6 +117,7 @@ public class BrooklynFeatureEnablement {
         setDefault(FEATURE_RENAME_THREADS, false);
         setDefault(FEATURE_INFER_CATALOG_ITEM_ON_REBIND, true);
         setDefault(FEATURE_SSH_ASYNC_EXEC, false);
+        setDefault(FEATURE_VALIDATE_LOCATION_SSH_KEYS, true);
     }
     
     static {

http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/f4346ef8/core/src/main/java/brooklyn/location/basic/LocationConfigUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/brooklyn/location/basic/LocationConfigUtils.java b/core/src/main/java/brooklyn/location/basic/LocationConfigUtils.java
index 3518a0a..5e5b6e8 100644
--- a/core/src/main/java/brooklyn/location/basic/LocationConfigUtils.java
+++ b/core/src/main/java/brooklyn/location/basic/LocationConfigUtils.java
@@ -35,6 +35,7 @@ import org.slf4j.LoggerFactory;
 
 import brooklyn.config.ConfigKey;
 import brooklyn.entity.basic.ConfigKeys;
+import brooklyn.internal.BrooklynFeatureEnablement;
 import brooklyn.location.cloud.CloudLocationConfig;
 import brooklyn.management.ManagementContext;
 import brooklyn.util.ResourceUtils;
@@ -75,7 +76,7 @@ public class LocationConfigUtils {
         private boolean preferPassword = false;
         private boolean tryDefaultKeys = true;
         private boolean requirePublicKey = true;
-        private boolean doKeyValidation = true;
+        private boolean doKeyValidation = BrooklynFeatureEnablement.isEnabled(BrooklynFeatureEnablement.FEATURE_VALIDATE_LOCATION_SSH_KEYS);
         private boolean warnOnErrors = true;
         private boolean throwOnErrors = false;
         

http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/f4346ef8/core/src/main/java/brooklyn/util/crypto/FluentKeySigner.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/brooklyn/util/crypto/FluentKeySigner.java b/core/src/main/java/brooklyn/util/crypto/FluentKeySigner.java
index 0566b47..2dfbe98 100644
--- a/core/src/main/java/brooklyn/util/crypto/FluentKeySigner.java
+++ b/core/src/main/java/brooklyn/util/crypto/FluentKeySigner.java
@@ -22,6 +22,7 @@ import java.math.BigInteger;
 import java.security.KeyPair;
 import java.security.PublicKey;
 import java.security.SecureRandom;
+import java.security.Security;
 import java.security.cert.CertificateParsingException;
 import java.security.cert.X509Certificate;
 import java.util.Date;
@@ -31,6 +32,7 @@ import javax.security.auth.x500.X500Principal;
 import org.bouncycastle.asn1.x509.X509Extension;
 import org.bouncycastle.asn1.x509.X509Name;
 import org.bouncycastle.jce.X509Principal;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.x509.X509V3CertificateGenerator;
 import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;
 import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;
@@ -42,7 +44,9 @@ import brooklyn.util.exceptions.Exceptions;
  * X509v3CertificateBuilder drags in an add'l dependency (bcmail) and is harder to use. */
 @SuppressWarnings("deprecation")
 public class FluentKeySigner {
-    
+
+    static { Security.addProvider(new BouncyCastleProvider()); }
+
     protected X500Principal issuerPrincipal;
     protected KeyPair issuerKey;
 

http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/f4346ef8/core/src/test/java/brooklyn/location/basic/LocationConfigUtilsTest.java
----------------------------------------------------------------------
diff --git a/core/src/test/java/brooklyn/location/basic/LocationConfigUtilsTest.java b/core/src/test/java/brooklyn/location/basic/LocationConfigUtilsTest.java
index e515aab..4c2cc37 100644
--- a/core/src/test/java/brooklyn/location/basic/LocationConfigUtilsTest.java
+++ b/core/src/test/java/brooklyn/location/basic/LocationConfigUtilsTest.java
@@ -43,7 +43,7 @@ public class LocationConfigUtilsTest {
         config.put(LocationConfigKeys.PRIVATE_KEY_DATA, "mydata");
         config.put(LocationConfigKeys.PRIVATE_KEY_FILE, SSH_PRIVATE_KEY_FILE);
         
-        OsCredential creds = LocationConfigUtils.getOsCredential(config);
+        OsCredential creds = LocationConfigUtils.getOsCredential(config).doKeyValidation(false);
         Assert.assertTrue(creds.hasKey());
         // warnings, as it is malformed
         Assert.assertFalse(creds.getWarningMessages().isEmpty());
@@ -57,7 +57,7 @@ public class LocationConfigUtilsTest {
         ConfigBag config = ConfigBag.newInstance();
         config.put(LocationConfigKeys.PRIVATE_KEY_DATA, "mydata");
         
-        OsCredential creds = LocationConfigUtils.getOsCredential(config);
+        OsCredential creds = LocationConfigUtils.getOsCredential(config).doKeyValidation(false);
         Assert.assertTrue(creds.hasKey());
         Assert.assertFalse(creds.getWarningMessages().isEmpty());
         

http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/f4346ef8/locations/jclouds/src/test/resources/brooklyn/location/jclouds/various-login-credentials.yaml
----------------------------------------------------------------------
diff --git a/locations/jclouds/src/test/resources/brooklyn/location/jclouds/various-login-credentials.yaml
b/locations/jclouds/src/test/resources/brooklyn/location/jclouds/various-login-credentials.yaml
new file mode 100644
index 0000000..1cfe09e
--- /dev/null
+++ b/locations/jclouds/src/test/resources/brooklyn/location/jclouds/various-login-credentials.yaml
@@ -0,0 +1,52 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#  http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+name: various-login-credentials-test
+
+# not live tested, but useful for manual tests
+# assumes the keys listed here exist;
+# some children should pass, some should fail...
+
+services:
+- type: brooklyn.entity.basic.EmptySoftwareProcess
+  name: FAIL-missing-passphrase
+  location:
+    jclouds:aws-ec2:
+      privateKeyFile: ~/.ssh/passphrase-id_rsa
+- type: brooklyn.entity.basic.EmptySoftwareProcess
+  name: GOOD-key-w-passphrase-supplied
+  location:
+    jclouds:aws-ec2:
+      privateKeyFile: ~/.ssh/passphrase-id_rsa
+      privateKeyPassphrase: passphrase
+- type: brooklyn.entity.basic.EmptySoftwareProcess
+  name: GOOD-no-key-create-key
+  location:
+    jclouds:aws-ec2:
+      privateKeyFile: ""
+- type: brooklyn.entity.basic.EmptySoftwareProcess
+  # depends if image allows password access
+  name: MAYBE-explicit-password
+  location:
+    jclouds:aws-ec2:
+      password: foo
+- type: brooklyn.entity.basic.EmptySoftwareProcess
+  name: GOOD-default-should-use-id-rsa-or-create
+  location:
+    jclouds:aws-ec2

http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/f4346ef8/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 2cad93a..286ad96 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1200,6 +1200,8 @@
                   <exclude>**/MANIFEST.MF</exclude>
                   <exclude>**/test-output/**</exclude>
                   <exclude>**/*.pem.pub</exclude>
+                  <exclude>**/*_rsa.pub</exclude>
+                  <exclude>**/*_rsa</exclude>
                   <exclude>**/*.svg</exclude>
                   <exclude>**/*.crt</exclude>
                   <exclude>**/*.csr</exclude>


Mime
View raw message