This is an automated email from the ASF dual-hosted git repository.
smolnar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new eb683275d KNOX-2948 - encryptQueryString provision should happen if
needed (#784)
eb683275d is described below
commit eb683275d312e9656f76767eb7928833c48702e9
Author: Sandor Molnar <[email protected]>
AuthorDate: Wed Aug 16 14:00:13 2023 +0200
KNOX-2948 - encryptQueryString provision should happen if needed (#784)
---
.../simple/SimpleDescriptorFactoryTest.java | 50 ++++++++++++++++++----
.../conf-full/conf/descriptors/test-topology.json | 1 +
.../gateway/SimpleDescriptorHandlerFuncTest.java | 1 +
.../gateway/topology/simple/SimpleDescriptor.java | 2 +
.../topology/simple/SimpleDescriptorHandler.java | 2 +-
.../topology/simple/SimpleDescriptorImpl.java | 12 ++++++
6 files changed, 58 insertions(+), 10 deletions(-)
diff --git
a/gateway-server/src/test/java/org/apache/knox/gateway/topology/simple/SimpleDescriptorFactoryTest.java
b/gateway-server/src/test/java/org/apache/knox/gateway/topology/simple/SimpleDescriptorFactoryTest.java
index cca10e015..985aa0006 100644
---
a/gateway-server/src/test/java/org/apache/knox/gateway/topology/simple/SimpleDescriptorFactoryTest.java
+++
b/gateway-server/src/test/java/org/apache/knox/gateway/topology/simple/SimpleDescriptorFactoryTest.java
@@ -47,13 +47,15 @@ public class SimpleDescriptorFactoryTest {
@Test
public void testParseJSONSimpleDescriptor() throws Exception {
- testParseSimpleDescriptor(FileType.JSON);
+ testParseSimpleDescriptor(FileType.JSON, false);
+ testParseSimpleDescriptor(FileType.JSON, true);
}
@Test
public void testParseYAMLSimpleDescriptor() throws Exception {
- testParseSimpleDescriptor(FileType.YML);
- testParseSimpleDescriptor(FileType.YAML);
+ testParseSimpleDescriptor(FileType.YML, true);
+ testParseSimpleDescriptor(FileType.YAML, false);
+ testParseSimpleDescriptor(FileType.YAML, true);
}
@Test
@@ -102,7 +104,7 @@ public class SimpleDescriptorFactoryTest {
}
- private void testParseSimpleDescriptor(FileType type) throws Exception {
+ private void testParseSimpleDescriptor(FileType type, boolean
provisionEncryptQueryStringCredential) throws Exception {
final String discoveryType = "AMBARI";
final String discoveryAddress =
"http://c6401.ambari.apache.org:8080";;
final String discoveryUser = "joeblow";
@@ -128,9 +130,10 @@ public class SimpleDescriptorFactoryTest {
discoveryUser,
providerConfig,
clusterName,
+
provisionEncryptQueryStringCredential,
services);
SimpleDescriptor sd =
SimpleDescriptorFactory.parse(testFile.getAbsolutePath());
- validateSimpleDescriptor(sd, discoveryType, discoveryAddress,
providerConfig, clusterName, services);
+ validateSimpleDescriptor(sd, discoveryType, discoveryAddress,
providerConfig, clusterName, provisionEncryptQueryStringCredential, services);
} catch (Exception e) {
e.printStackTrace();
} finally {
@@ -175,10 +178,11 @@ public class SimpleDescriptorFactoryTest {
discoveryUser,
providerConfig,
clusterName,
+ true,
services,
serviceVersions);
SimpleDescriptor sd =
SimpleDescriptorFactory.parse(testFile.getAbsolutePath());
- validateSimpleDescriptor(sd, discoveryType, discoveryAddress,
providerConfig, clusterName, services, serviceVersions);
+ validateSimpleDescriptor(sd, discoveryType, discoveryAddress,
providerConfig, clusterName, true, services, serviceVersions);
} catch (Exception e) {
e.printStackTrace();
} finally {
@@ -238,11 +242,12 @@ public class SimpleDescriptorFactoryTest {
discoveryUser,
providerConfig,
clusterName,
+ true,
services,
null,
serviceParams);
SimpleDescriptor sd =
SimpleDescriptorFactory.parse(testFile.getAbsolutePath());
- validateSimpleDescriptor(sd, discoveryType, discoveryAddress,
providerConfig, clusterName, services, null, serviceParams);
+ validateSimpleDescriptor(sd, discoveryType, discoveryAddress,
providerConfig, clusterName, true, services, null, serviceParams);
} finally {
if (testFile != null) {
try {
@@ -289,6 +294,7 @@ public class SimpleDescriptorFactoryTest {
discoveryUser,
providerConfig,
clusterName,
+ true,
null,
null,
null,
@@ -300,6 +306,7 @@ public class SimpleDescriptorFactoryTest {
discoveryAddress,
providerConfig,
clusterName,
+ true,
null,
null,
null,
@@ -378,6 +385,7 @@ public class SimpleDescriptorFactoryTest {
discoveryUser,
providerConfig,
clusterName,
+ true,
services,
null,
serviceParams,
@@ -389,6 +397,7 @@ public class SimpleDescriptorFactoryTest {
discoveryAddress,
providerConfig,
clusterName,
+ true,
services,
null,
serviceParams,
@@ -428,6 +437,7 @@ public class SimpleDescriptorFactoryTest {
String discoveryUser,
String providerConfig,
String clusterName,
+ boolean
provisionEncryptQueryStringCredential,
Map<String, List<String>> services)
throws Exception {
return writeDescriptorFile(type,
path,
@@ -436,6 +446,7 @@ public class SimpleDescriptorFactoryTest {
discoveryUser,
providerConfig,
clusterName,
+ provisionEncryptQueryStringCredential,
services,
null);
}
@@ -447,6 +458,7 @@ public class SimpleDescriptorFactoryTest {
String discoveryUser,
String providerConfig,
String clusterName,
+ boolean
provisionEncryptQueryStringCredential,
Map<String, List<String>> services,
Map<String, String>
serviceVersions) throws Exception {
return writeDescriptorFile(type,
@@ -456,6 +468,7 @@ public class SimpleDescriptorFactoryTest {
discoveryUser,
providerConfig,
clusterName,
+ provisionEncryptQueryStringCredential,
services,
serviceVersions,
null);
@@ -468,6 +481,7 @@ public class SimpleDescriptorFactoryTest {
String
discoveryUser,
String
providerConfig,
String
clusterName,
+ boolean
provisionEncryptQueryStringCredential,
Map<String, List<String>> services,
Map<String, String>
serviceVersions,
Map<String, Map<String, String>>
serviceParams) throws Exception {
@@ -478,6 +492,7 @@ public class SimpleDescriptorFactoryTest {
discoveryUser,
providerConfig,
clusterName,
+ provisionEncryptQueryStringCredential,
services,
serviceVersions,
serviceParams,
@@ -493,6 +508,7 @@ public class SimpleDescriptorFactoryTest {
String
discoveryUser,
String
providerConfig,
String
clusterName,
+ boolean
provisionEncryptQueryStringCredential,
Map<String, List<String>> services,
Map<String, String>
serviceVersions,
Map<String, Map<String, String>>
serviceParams,
@@ -507,6 +523,7 @@ public class SimpleDescriptorFactoryTest {
discoveryUser,
providerConfig,
clusterName,
+ provisionEncryptQueryStringCredential,
services,
serviceVersions,
serviceParams,
@@ -521,6 +538,7 @@ public class SimpleDescriptorFactoryTest {
discoveryUser,
providerConfig,
clusterName,
+ provisionEncryptQueryStringCredential,
services,
serviceVersions,
serviceParams,
@@ -538,6 +556,7 @@ public class SimpleDescriptorFactoryTest {
String discoveryUser,
String providerConfig,
String clusterName,
+ boolean provisionEncryptQueryStringCredential,
Map<String, List<String>> services,
Map<String, String> serviceVersions,
Map<String, Map<String, String>> serviceParams,
@@ -552,6 +571,9 @@ public class SimpleDescriptorFactoryTest {
fw.write("\"discovery-user\":\"" + discoveryUser + "\",\n");
fw.write("\"provider-config-ref\":\"" + providerConfig + "\",\n");
fw.write("\"cluster\":\"" + clusterName + "\"");
+ if (!provisionEncryptQueryStringCredential) {
+ fw.write("\"provision-encrypt-query-string-credential\":\"" +
provisionEncryptQueryStringCredential + "\"");
+ }
if (services != null && !services.isEmpty()) {
fw.write(",\n\"services\":[\n");
@@ -632,6 +654,7 @@ public class SimpleDescriptorFactoryTest {
String discoveryUser,
String providerConfig,
String clusterName,
+ boolean provisionEncryptQueryStringCredential,
Map<String, List<String>> services,
Map<String, String> serviceVersions,
Map<String, Map<String, String>> serviceParams,
@@ -647,6 +670,9 @@ public class SimpleDescriptorFactoryTest {
fw.write("discovery-user: " + discoveryUser + "\n");
fw.write("provider-config-ref: " + providerConfig + "\n");
fw.write("cluster: " + clusterName + "\n");
+ if (!provisionEncryptQueryStringCredential) {
+ fw.write("provision-encrypt-query-string-credential: " +
provisionEncryptQueryStringCredential + "\n");
+ }
if (services != null && !services.isEmpty()) {
fw.write("services:\n");
@@ -705,8 +731,9 @@ public class SimpleDescriptorFactoryTest {
String
discoveryAddress,
String
providerConfig,
String
clusterName,
+ boolean
provisionEncryptQueryStringCredential,
Map<String, List<String>>
expectedServices) {
- validateSimpleDescriptor(sd, discoveryType, discoveryAddress,
providerConfig, clusterName, expectedServices, null);
+ validateSimpleDescriptor(sd, discoveryType, discoveryAddress,
providerConfig, clusterName, provisionEncryptQueryStringCredential,
expectedServices, null);
}
@@ -715,9 +742,10 @@ public class SimpleDescriptorFactoryTest {
String
discoveryAddress,
String
providerConfig,
String
clusterName,
+ boolean
provisionEncryptQueryStringCredential,
Map<String, List<String>>
expectedServices,
Map<String, String>
expectedServiceVersions) {
- validateSimpleDescriptor(sd, discoveryType, discoveryAddress,
providerConfig, clusterName, expectedServices, expectedServiceVersions, null);
+ validateSimpleDescriptor(sd, discoveryType, discoveryAddress,
providerConfig, clusterName, provisionEncryptQueryStringCredential,
expectedServices, expectedServiceVersions, null);
}
@@ -726,6 +754,7 @@ public class SimpleDescriptorFactoryTest {
String
discoveryAddress,
String
providerConfig,
String
clusterName,
+ boolean
provisionEncryptQueryStringCredential,
Map<String, List<String>>
expectedServices,
Map<String, String>
expectedServiceVersions,
Map<String, Map<String, String>>
expectedServiceParameters) {
@@ -734,6 +763,7 @@ public class SimpleDescriptorFactoryTest {
discoveryAddress,
providerConfig,
clusterName,
+ provisionEncryptQueryStringCredential,
expectedServices,
expectedServiceVersions,
expectedServiceParameters,
@@ -746,6 +776,7 @@ public class SimpleDescriptorFactoryTest {
String
discoveryAddress,
String
providerConfig,
String
clusterName,
+ boolean
provisionEncryptQueryStringCredential,
Map<String, List<String>>
expectedServices,
Map<String, String>
expectedServiceVersions,
Map<String, Map<String, String>>
expectedServiceParameters,
@@ -756,6 +787,7 @@ public class SimpleDescriptorFactoryTest {
assertEquals(discoveryAddress, sd.getDiscoveryAddress());
assertEquals(providerConfig, sd.getProviderConfig());
assertEquals(clusterName, sd.getCluster());
+ assertEquals(provisionEncryptQueryStringCredential,
sd.isProvisionEncryptQueryStringCredential());
List<SimpleDescriptor.Service> actualServices = sd.getServices();
diff --git
a/gateway-server/src/test/resources/conf-full/conf/descriptors/test-topology.json
b/gateway-server/src/test/resources/conf-full/conf/descriptors/test-topology.json
index a8c173f11..5c60ab4bd 100644
---
a/gateway-server/src/test/resources/conf-full/conf/descriptors/test-topology.json
+++
b/gateway-server/src/test/resources/conf-full/conf/descriptors/test-topology.json
@@ -1,5 +1,6 @@
{
"provider-config-ref": "test-providers",
+ "provision-encrypt-query-string-credential": "false",
"services": [
{
"name": "KNOX"
diff --git
a/gateway-test/src/test/java/org/apache/knox/gateway/SimpleDescriptorHandlerFuncTest.java
b/gateway-test/src/test/java/org/apache/knox/gateway/SimpleDescriptorHandlerFuncTest.java
index 1a72a2c4a..7f3f5552b 100644
---
a/gateway-test/src/test/java/org/apache/knox/gateway/SimpleDescriptorHandlerFuncTest.java
+++
b/gateway-test/src/test/java/org/apache/knox/gateway/SimpleDescriptorHandlerFuncTest.java
@@ -153,6 +153,7 @@ public class SimpleDescriptorHandlerFuncTest {
EasyMock.expect(testDescriptor.getDiscoveryUser()).andReturn(null).anyTimes();
EasyMock.expect(testDescriptor.getProviderConfig()).andReturn(providerConfig.getAbsolutePath()).anyTimes();
EasyMock.expect(testDescriptor.getCluster()).andReturn(clusterName).anyTimes();
+
EasyMock.expect(testDescriptor.isProvisionEncryptQueryStringCredential()).andReturn(true).anyTimes();
List<SimpleDescriptor.Service> serviceMocks = new ArrayList<>();
for (String serviceName : serviceURLs.keySet()) {
SimpleDescriptor.Service svc =
EasyMock.createNiceMock(SimpleDescriptor.Service.class);
diff --git
a/gateway-topology-simple/src/main/java/org/apache/knox/gateway/topology/simple/SimpleDescriptor.java
b/gateway-topology-simple/src/main/java/org/apache/knox/gateway/topology/simple/SimpleDescriptor.java
index 04b06c7e9..2aa75b3c0 100644
---
a/gateway-topology-simple/src/main/java/org/apache/knox/gateway/topology/simple/SimpleDescriptor.java
+++
b/gateway-topology-simple/src/main/java/org/apache/knox/gateway/topology/simple/SimpleDescriptor.java
@@ -42,6 +42,8 @@ public interface SimpleDescriptor {
boolean isReadOnly();
+ boolean isProvisionEncryptQueryStringCredential();
+
List<Service> getServices();
Service getService(String serviceName);
diff --git
a/gateway-topology-simple/src/main/java/org/apache/knox/gateway/topology/simple/SimpleDescriptorHandler.java
b/gateway-topology-simple/src/main/java/org/apache/knox/gateway/topology/simple/SimpleDescriptorHandler.java
index 65731669f..81e15a012 100644
---
a/gateway-topology-simple/src/main/java/org/apache/knox/gateway/topology/simple/SimpleDescriptorHandler.java
+++
b/gateway-topology-simple/src/main/java/org/apache/knox/gateway/topology/simple/SimpleDescriptorHandler.java
@@ -191,7 +191,7 @@ public class SimpleDescriptorHandler {
// when the topology is deployed. This is to support Knox HA
deployments, where multiple Knox instances are
// generating topologies based on a shared remote descriptor, and they
must all be able to encrypt/decrypt
// query params with the same credentials. (KNOX-1136)
- if (!provisionQueryParamEncryptionCredential(desc.getName(), gws)) {
+ if (desc.isProvisionEncryptQueryStringCredential() &&
!provisionQueryParamEncryptionCredential(desc.getName(), gws)) {
log.unableCreatePasswordForEncryption(desc.getName());
}
diff --git
a/gateway-topology-simple/src/main/java/org/apache/knox/gateway/topology/simple/SimpleDescriptorImpl.java
b/gateway-topology-simple/src/main/java/org/apache/knox/gateway/topology/simple/SimpleDescriptorImpl.java
index c7b1c3fc9..1feec15b9 100644
---
a/gateway-topology-simple/src/main/java/org/apache/knox/gateway/topology/simple/SimpleDescriptorImpl.java
+++
b/gateway-topology-simple/src/main/java/org/apache/knox/gateway/topology/simple/SimpleDescriptorImpl.java
@@ -48,6 +48,9 @@ public class SimpleDescriptorImpl implements SimpleDescriptor
{
@JsonProperty("cluster")
private String cluster;
+ @JsonProperty("provision-encrypt-query-string-credential")
+ private boolean provisionEncryptQueryStringCredential = true;
+
@JsonProperty("services")
private List<Service> services;
@@ -128,6 +131,15 @@ public class SimpleDescriptorImpl implements
SimpleDescriptor {
this.readOnly = readOnly;
}
+ @Override
+ public boolean isProvisionEncryptQueryStringCredential() {
+ return provisionEncryptQueryStringCredential;
+ }
+
+ public void setProvisionEncryptQueryStringCredential(boolean
provisionEncryptQueryStringCredential) {
+ this.provisionEncryptQueryStringCredential =
provisionEncryptQueryStringCredential;
+ }
+
public void addService(Service service) {
if (services == null) {
services = new ArrayList<>();
