@Test public void testPlainTextSystemCredentials() throws Throwable { // init EncryptionUtils File keyFile = Paths.get(folder.newFolder().getPath(), "encryption.key").toFile(); System.setProperty(EncryptionUtils.ENCRYPTION_KEY, keyFile.getPath()); System.setProperty(EncryptionUtils.INIT_KEY_IF_MISSING, "true"); EncryptionUtils.initEncryptionService(); AuthCredentialsServiceState credentials = createCredentials("username", "password", true); assertEquals("username", credentials.userEmail); assertNotNull(credentials.privateKey); assertFalse(credentials.privateKey.startsWith(EncryptionUtils.ENCRYPTION_PREFIX)); assertEquals("password", credentials.privateKey); credentials = createCredentials("username2", "password2", false); assertEquals("username2", credentials.userEmail); assertNotNull(credentials.privateKey); assertTrue(credentials.privateKey.startsWith(EncryptionUtils.ENCRYPTION_PREFIX)); // like AuthBootstrapService does AuthCredentialsServiceState credentialsPatch = new AuthCredentialsServiceState(); credentialsPatch.privateKey = "password2"; credentialsPatch.customProperties = new HashMap<>(); credentialsPatch.customProperties.put(AuthConfigProvider.PROPERTY_SCOPE, AuthConfigProvider.CredentialsScope.SYSTEM.toString()); credentials = doPatch(credentialsPatch, credentials.documentSelfLink); assertEquals("username2", credentials.userEmail); assertNotNull(credentials.privateKey); assertFalse(credentials.privateKey.startsWith(EncryptionUtils.ENCRYPTION_PREFIX)); assertEquals("password2", credentials.privateKey); }
AuthCredentialsServiceState authServiceState = new AuthCredentialsServiceState(); Map<String, String> customProperties = new HashMap<>(); customProperties.put(firstProperty, firstValue);
AuthCredentialsServiceState authServiceState = new AuthCredentialsServiceState(); Map<String, String> customProperties = new HashMap<>(); customProperties.put(firstProperty, firstValue);
dockerCredentials = new AuthCredentialsServiceState(); dockerCredentials.privateKeyId = getProperty(DOCKER_CLIENT_KEY, testProperties); dockerUri = UriUtils.buildUri(mockDockerHost, MockDockerPathConstants.BASE_PATH); dockerCredentials = new AuthCredentialsServiceState();
AuthCredentialsServiceState authState = new AuthCredentialsServiceState(); authState.type = AuthCredentialsType.Password.toString(); authState.userEmail = REGISTRY_USER;
state.email = USER; state.documentSelfLink = USER; AuthCredentialsServiceState authServiceState = new AuthCredentialsServiceState(); authServiceState.userEmail = USER; authServiceState.privateKey = PASSWORD;
state.email = USER; state.documentSelfLink = USER; AuthCredentialsServiceState authServiceState = new AuthCredentialsServiceState(); authServiceState.userEmail = USER; authServiceState.privateKey = PASSWORD;
AuthCredentialsServiceState credentials = new AuthCredentialsServiceState(); Throwable error;
ComputeDescriptionService.FACTORY_LINK); AuthCredentialsServiceState credentials = doPost(host, new AuthCredentialsServiceState(), AuthCredentialsService.FACTORY_LINK);
@Test public void seq() throws InterruptedException, ExecutionException { ArrayList<CompletableFuture<Operation>> futs = new ArrayList<CompletableFuture<Operation>>(); // create 10 services in parallel for (int i = 0; i < 10; i++) { AuthCredentialsServiceState state = new AuthCredentialsServiceState(); state.documentSelfLink = "" + i; state.privateKey = "" + i; CompletableFuture<Operation> f = this.host.sendWithFuture(Operation .createPost(this.host, AuthCredentialsService.FACTORY_LINK) .setBody(state) .setReferer(this.host.getReferer())); futs.add(f); } // wait for the 10 requests to complete CompletableFuture<List<Operation>> join = OperationFutures.join(futs); List<Operation> allServices = join.get(); for (Operation service : allServices) { this.host.log(service.getBody(AuthCredentialsServiceState.class).documentSelfLink); } // retrieve all created service in sequence Operation getFirst = Operation.createGet(this.host, UriUtils.buildUriPath(AuthCredentialsService.FACTORY_LINK, "0")); // chain 10 CompletableFuture<Operation> f = this.host.sendWithFuture(getFirst); for (int i = 1; i < 10; i++) { f = f.thenComposeAsync(this::getNextService); } assertEquals(f.get().getBody(AuthCredentialsServiceState.class).privateKey, "9"); }
/** * Make the credentials for the user. */ private void makeCredentials() { AuthCredentialsServiceState auth = new AuthCredentialsServiceState(); auth.userEmail = this.userEmail; auth.privateKey = this.userPassword; if (this.credentialsSelfLink != null) { auth.documentSelfLink = this.credentialsSelfLink; } URI credentialFactoryUri = AuthUtils .buildAuthProviderHostUri(this.host, ServiceUriPaths.CORE_CREDENTIALS); Operation postCreds = Operation.createPost(credentialFactoryUri) .setBody(auth) .setReferer(this.referer) .setCompletion((op, ex) -> { if (ex != null) { this.failureMessage = String.format( "Could not make credentials for user %s: %s", this.userEmail, ex); this.currentStep = UserCreationStep.FAILURE; setupUser(); return; } this.currentStep = UserCreationStep.MAKE_USER_GROUP; setupUser(); }); addReplicationFactor(postCreds); this.host.sendRequest(postCreds); }
private void createUserCredentials(LocalPrincipalState state, Operation op) { try { state.password = EncryptionUtils.decrypt(state.password); } catch (Exception e) { log(Level.SEVERE, "Could not initialize user '%s': %s", state.email, Utils.toString(e)); op.fail(e); return; } AuthCredentialsServiceState auth = new AuthCredentialsServiceState(); auth.userEmail = state.email; auth.privateKey = state.password; auth.customProperties = new HashMap<>(); auth.customProperties.put(PROPERTY_SCOPE, CredentialsScope.SYSTEM.toString()); auth.documentSelfLink = encode(state.email); URI credentialFactoryUri = UriUtils.buildUri(getHost(), ServiceUriPaths.CORE_CREDENTIALS); Operation postCreds = Operation.createPost(credentialFactoryUri) .setBody(auth) .setReferer(op.getUri()) .setCompletion((o, ex) -> { if (ex != null) { logWarning("Unable to create user credentials: %s", Utils.toString(ex)); op.fail(ex); return; } createUserSpecificRole(state, op); }); addReplicationFactor(postCreds); sendRequest(postCreds); }
@Before public void setUpMockKubernetesHost() throws Throwable { ServiceHost.Arguments args = new ServiceHost.Arguments(); args.sandbox = null; args.port = 0; mockKubernetesHost = createHost(); mockKubernetesHost.setMaintenanceIntervalMicros(TimeUnit.MILLISECONDS .toMicros(MAINTENANCE_INTERVAL_MILLIS)); kubernetesUri = UriUtils.buildUri(mockKubernetesHost, KubernetesPathConstants.BASE_PATH); kubernetesFailingUri = UriUtils.buildUri(mockKubernetesHost, KubernetesPathConstants.BASE_FAILING_PATH); kubernetesCredentials = new AuthCredentialsServiceState(); kubernetesCredentials.type = AuthCredentialsType.Password.name(); kubernetesCredentials.userEmail = "test@admiral"; kubernetesCredentials.privateKey = "password"; HostInitTestDcpServicesConfig.startServices(host); HostInitPhotonModelServiceConfig.startServices(host); HostInitCommonServiceConfig.startServices(host); HostInitComputeServicesConfig.startServices(host, false); HostInitKubernetesAdapterServiceConfig.startServices(host, false); waitForInitialBootServiceToBeSelfStopped(ComputeInitialBootService.SELF_LINK); host.log("Using test kubernetes URI: %s", kubernetesUri); System.setProperty("dcp.management.container.shell.availability.retry", "0"); host.startService( Operation.createPost(UriUtils.buildUri(host, MockTaskFactoryService.SELF_LINK)), new MockTaskFactoryService()); }
@Test public void seq() throws InterruptedException, ExecutionException { ArrayList<CompletableFuture<Operation>> futs = new ArrayList<CompletableFuture<Operation>>(); // create 10 services in parallel for (int i = 0; i < 10; i++) { AuthCredentialsServiceState state = new AuthCredentialsServiceState(); state.documentSelfLink = "" + i; state.privateKey = "" + i; CompletableFuture<Operation> f = this.host.sendWithFuture(Operation .createPost(this.host, AuthCredentialsService.FACTORY_LINK) .setBody(state) .setReferer(this.host.getReferer())); futs.add(f); } // wait for the 10 requests to complete CompletableFuture<List<Operation>> join = OperationFutures.join(futs); List<Operation> allServices = join.get(); for (Operation service : allServices) { this.host.log(service.getBody(AuthCredentialsServiceState.class).documentSelfLink); } // retrieve all created service in sequence Operation getFirst = Operation.createGet(this.host, UriUtils.buildUriPath(AuthCredentialsService.FACTORY_LINK, "0")); // chain 10 CompletableFuture<Operation> f = this.host.sendWithFuture(getFirst); for (int i = 1; i < 10; i++) { f = f.thenComposeAsync(this::getNextService); } assertEquals(f.get().getBody(AuthCredentialsServiceState.class).privateKey, "9"); }
@Test public void testCreateAuthorizationHeader() { // No credentials assertNull(AuthUtils.createAuthorizationHeader(null)); // Non-password credentials AuthCredentialsServiceState credentials = new AuthCredentialsServiceState(); credentials.type = AuthCredentialsType.PublicKey.toString(); assertNull(AuthUtils.createAuthorizationHeader(credentials)); // Password credentials String email = "test@test.test"; String password = "test"; String expectedHeader = String.format("Basic %s", new String(Base64.getEncoder() .encode(String.format("%s:%s", email, password).getBytes()))); credentials = new AuthCredentialsServiceState(); credentials.type = AuthCredentialsType.Password.toString(); credentials.userEmail = email; credentials.privateKey = password; assertEquals(expectedHeader, AuthUtils.createAuthorizationHeader(credentials)); // Bearer token String token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL"; expectedHeader = String.format("Bearer %s", token); credentials = new AuthCredentialsServiceState(); credentials.type = "Bearer"; credentials.privateKey = token; assertEquals(expectedHeader, AuthUtils.createAuthorizationHeader(credentials)); }
private void createCredentials(Operation op, String link, String token, KubeConfig kubeConfig, List<String> tenantLinks, Consumer<String> consumer) { AuthCredentialsServiceState credentials = new AuthCredentialsServiceState(); credentials.documentSelfLink = link; credentials.privateKey = token; credentials.type = AuthCredentialsType.Bearer.toString(); credentials.tenantLinks = tenantLinks; credentials.customProperties = new HashMap<>(4); credentials.customProperties.put(KUBE_CONFIG_PROP_NAME, Utils.toJson(kubeConfig)); // Set the display name of the credential to the cluster name, if it exists if (CollectionUtils.isNotEmpty(kubeConfig.clusters) && StringUtils.isNotEmpty(kubeConfig.clusters.get(0).name)) { credentials.customProperties.put(AuthUtils.AUTH_CREDENTIALS_NAME_PROP_NAME, kubeConfig.clusters.get(0).name); } Operation.createPost(getHost(), AuthCredentialsService.FACTORY_LINK) .setBodyNoCloning(credentials) .addPragmaDirective(Operation.PRAGMA_DIRECTIVE_FORCE_INDEX_UPDATE) .setCompletion((o, e) -> { if (e != null) { logWarning("Error creating PKS credentials state: %s", e.getMessage()); op.fail(e); return; } consumer.accept(link); }) .sendWith(this); }
@Test public void testGetSecurityContextWithDefaultHarborRegistryCredentials() throws Throwable { AuthCredentialsServiceState credentials = new AuthCredentialsServiceState(); credentials.userEmail = UUID.randomUUID().toString(); credentials.privateKey = UUID.randomUUID().toString(); credentials.type = AuthCredentialsType.Password.toString(); credentials = getOrCreateDocument(credentials, AuthCredentialsService.FACTORY_LINK); assertNotNull("Failed to create credentials", credentials); RegistryState registryState = new RegistryState(); registryState.documentSelfLink = Harbor.DEFAULT_REGISTRY_LINK; registryState.endpointType = RegistryState.DOCKER_REGISTRY_ENDPOINT_TYPE; registryState.address = "http://harbor.vic.com"; registryState.authCredentialsLink = credentials.documentSelfLink; registryState = getOrCreateDocument(registryState, RegistryFactoryService.SELF_LINK); assertNotNull("Failed to create registry", registryState); SecurityContext securityContext = getSecurityContextByCredentials(credentials.userEmail, credentials.privateKey); assertEquals(credentials.userEmail, securityContext.id); assertEquals(1, securityContext.roles.size()); assertTrue(securityContext.roles.contains(AuthRole.CLOUD_ADMIN)); securityContext = getSecurityContextByCredentials(USER_EMAIL_GLORIA, "Password1!"); assertEquals(USER_NAME_GLORIA, securityContext.name); assertEquals(USER_EMAIL_GLORIA, securityContext.id); assertTrue(securityContext.roles.contains(AuthRole.BASIC_USER)); assertTrue(securityContext.roles.contains(AuthRole.BASIC_USER_EXTENDED)); }
@Test public void testConstructKubeConfigWithPublicKey() { String clusterAddress = "https://testhost:8443"; AuthCredentialsServiceState creds = new AuthCredentialsServiceState(); creds.publicKey = "certificate"; creds.privateKey = "private_key"; creds.type = AuthCredentialsType.PublicKey.toString(); KubeConfig config = KubernetesUtil.constructKubeConfig(clusterAddress, creds); assertEquals("v1", config.apiVersion); assertEquals("Config", config.kind); assertNotNull(config.currentContext); assertNotNull(config.clusters); assertNotNull(config.contexts); assertNotNull(config.users); assertEquals(1, config.users.size()); assertEquals(1, config.contexts.size()); assertEquals(1, config.clusters.size()); assertEquals(config.contexts.get(0).context.user, config.users.get(0).name); assertEquals("Y2VydGlmaWNhdGU=", config.users.get(0).user.clientCertificateData); assertEquals("cHJpdmF0ZV9rZXk=", config.users.get(0).user.clientKeyData); assertEquals(config.clusters.get(0).name, config.contexts.get(0).context.cluster); assertEquals(config.currentContext, config.contexts.get(0).name); assertEquals(clusterAddress, config.clusters.get(0).cluster.server); assertTrue(config.clusters.get(0).cluster.insecureSkipTlsVerify); }
private AuthCredentialsServiceState translateCredentials(Operation op) { AuthSecrets secrets = op.getBody(AuthSecrets.class); if (secrets.environmentName == null) { secrets.environmentName = "Unknown"; } AuthCredentialsServiceState authState = new AuthCredentialsServiceState(); authState.tenantLinks = secrets.tenantLinks; switch (secrets.environmentName) { case ComputeDescriptionService.ComputeDescription.ENVIRONMENT_NAME_AWS: authState.privateKey = secrets.privateKey; authState.privateKeyId = secrets.privateKeyId; break; default: authState.userLink = secrets.client_id; authState.userEmail = secrets.client_email; authState.privateKey = secrets.private_key; authState.privateKeyId = secrets.private_key_id; authState.tokenReference = secrets.token_uri; authState.type = secrets.type; } return authState; } }
@Test public void testCloudAdminHasAccessToCredentials() throws Throwable { host.assumeIdentity(buildUserServicePath(USER_EMAIL_ADMIN)); AuthCredentialsServiceState cred = new AuthCredentialsServiceState(); cred.userEmail = "test"; // POST AuthCredentialsServiceState createdState = doPost(cred, AuthCredentialsService.FACTORY_LINK); assertNotNull(createdState); assertNotNull(createdState.documentSelfLink); // GET AuthCredentialsServiceState retrievedState = getDocument(AuthCredentialsServiceState.class, createdState.documentSelfLink); assertNotNull(retrievedState); // PUT createdState.userEmail = "updated-name"; AuthCredentialsServiceState updatedState = doPut(createdState); assertNotNull(updatedState); assertTrue(createdState.userEmail.equals(updatedState.userEmail)); // DELETE doDelete(UriUtils.buildUri(host, createdState.documentSelfLink), false); retrievedState = getDocumentNoWait(AuthCredentialsServiceState.class, createdState.documentSelfLink); assertNull(retrievedState); }