Repository: stratos Updated Branches: refs/heads/stratos-4.1.x 56be6fc4e -> 4eec2ffe7
Enable message broker authentication with username and password for PCA and AMQPConnector in Messaging Project: http://git-wip-us.apache.org/repos/asf/stratos/repo Commit: http://git-wip-us.apache.org/repos/asf/stratos/commit/4eec2ffe Tree: http://git-wip-us.apache.org/repos/asf/stratos/tree/4eec2ffe Diff: http://git-wip-us.apache.org/repos/asf/stratos/diff/4eec2ffe Branch: refs/heads/stratos-4.1.x Commit: 4eec2ffe7ee6d9e540e534406ce22684f30fea14 Parents: 56be6fc Author: Chamila de Alwis <[email protected]> Authored: Fri Oct 9 14:50:04 2015 +0530 Committer: Chamila de Alwis <[email protected]> Committed: Fri Oct 9 14:50:42 2015 +0530 ---------------------------------------------------------------------- .../broker/connect/amqp/AmqpTopicConnector.java | 12 +++++++++++- .../cartridge.agent/cartridge.agent/agent.conf | 2 ++ .../cartridge.agent/cartridge.agent/agent.py | 17 +++++++++++++---- .../cartridge.agent/cartridge.agent/constants.py | 2 ++ .../cartridge.agent/cartridge.agent/publisher.py | 17 ++++++++++++++--- .../cartridge.agent/cartridge.agent/subscriber.py | 7 ++++++- .../modules/integration/test-integration/pom.xml | 5 +++++ .../tests/PythonAgentIntegrationTest.java | 10 ++++++++++ .../ADCMTAppTenantUserTestCase/agent.conf | 2 ++ .../src/test/resources/ADCMTAppTestCase/agent.conf | 2 ++ .../src/test/resources/ADCTestCase/agent.conf | 2 ++ .../test/resources/AgentStartupTestCase/agent.conf | 2 ++ .../src/test/resources/common/jndi.properties | 2 ++ .../kubernetes-clusters/kubernetes-cluster-1.json | 8 ++++++++ .../kubernetes-clusters/kubernetes-cluster-2.json | 8 ++++++++ .../kubernetes-cluster-ec2.json | 8 ++++++++ .../cartridge-docker-images/base-image/files/run | 12 ++++++++++++ 17 files changed, 109 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/stratos/blob/4eec2ffe/components/org.apache.stratos.messaging/src/main/java/org/apache/stratos/messaging/broker/connect/amqp/AmqpTopicConnector.java ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.messaging/src/main/java/org/apache/stratos/messaging/broker/connect/amqp/AmqpTopicConnector.java b/components/org.apache.stratos.messaging/src/main/java/org/apache/stratos/messaging/broker/connect/amqp/AmqpTopicConnector.java index 7f2eb2f..6e91040 100644 --- a/components/org.apache.stratos.messaging/src/main/java/org/apache/stratos/messaging/broker/connect/amqp/AmqpTopicConnector.java +++ b/components/org.apache.stratos.messaging/src/main/java/org/apache/stratos/messaging/broker/connect/amqp/AmqpTopicConnector.java @@ -44,6 +44,9 @@ public abstract class AmqpTopicConnector implements TopicConnector { private TopicConnection topicConnection; private InitialContext initialContext; + private String mbUsername = null; + private String mbPassword = null; + @Override public void create() { try { @@ -53,6 +56,8 @@ public abstract class AmqpTopicConnector implements TopicConnector { jndiPropFileDir = CarbonUtils.getCarbonHome() + File.separator + "repository" + File.separator + "conf"; } Properties environment = MessagingUtil.getProperties(jndiPropFileDir + File.separator + "jndi.properties"); + mbUsername = environment.getProperty("java.naming.security.principal"); + mbPassword =environment.getProperty("java.naming.security.credentials"); environment.put("org.wso2.carbon.context.RequestBaseContext", "true"); // always returns the base context. initialContext = new InitialContext(environment); // Lookup connection factory @@ -73,7 +78,12 @@ public abstract class AmqpTopicConnector implements TopicConnector { @Override public void connect() { try { - topicConnection = connectionFactory.createTopicConnection(); + if (StringUtils.isNotEmpty(mbUsername)){ + topicConnection = connectionFactory.createTopicConnection(mbUsername, mbPassword); + }else{ + topicConnection = connectionFactory.createTopicConnection(); + } + topicConnection.setExceptionListener(new ExceptionListener() { @Override public void onException(JMSException e) { http://git-wip-us.apache.org/repos/asf/stratos/blob/4eec2ffe/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/agent.conf ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/agent.conf b/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/agent.conf index 926ea96..f16aa43 100644 --- a/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/agent.conf +++ b/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/agent.conf @@ -18,6 +18,8 @@ [agent] mb.ip =MB-IP mb.port =MB-PORT +mb.username =MB-USERNAME +mb.password =MB-PASSWORD listen.address =LISTEN_ADDR thrift.receiver.urls =CEP-URLS thrift.server.admin.username =CEP-ADMIN-USERNAME http://git-wip-us.apache.org/repos/asf/stratos/blob/4eec2ffe/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/agent.py ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/agent.py b/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/agent.py index b8cec20..1e58dba 100644 --- a/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/agent.py +++ b/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/agent.py @@ -44,11 +44,20 @@ class CartridgeAgent(threading.Thread): mb_ip = Config.read_property(constants.MB_IP) mb_port = Config.read_property(constants.MB_PORT) + mb_username = Config.read_property(constants.MB_USERNAME, False) + mb_password = Config.read_property(constants.MB_PASSWORD, False) - self.__inst_topic_subscriber = EventSubscriber(constants.INSTANCE_NOTIFIER_TOPIC, mb_ip, mb_port) - self.__tenant_topic_subscriber = EventSubscriber(constants.TENANT_TOPIC, mb_ip, mb_port) - self.__app_topic_subscriber = EventSubscriber(constants.APPLICATION_SIGNUP, mb_ip, mb_port) - self.__topology_event_subscriber = EventSubscriber(constants.TOPOLOGY_TOPIC, mb_ip, mb_port) + self.__inst_topic_subscriber = \ + EventSubscriber(constants.INSTANCE_NOTIFIER_TOPIC, mb_ip, mb_port, mb_username, mb_password) + + self.__tenant_topic_subscriber = \ + EventSubscriber(constants.TENANT_TOPIC, mb_ip, mb_port, mb_username, mb_password) + + self.__app_topic_subscriber = \ + EventSubscriber(constants.APPLICATION_SIGNUP, mb_ip, mb_port, mb_username, mb_password) + + self.__topology_event_subscriber = \ + EventSubscriber(constants.TOPOLOGY_TOPIC, mb_ip, mb_port, mb_username, mb_password) self.__event_handler = EventHandler() http://git-wip-us.apache.org/repos/asf/stratos/blob/4eec2ffe/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/constants.py ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/constants.py b/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/constants.py index 2fdeba8..a2709bf 100644 --- a/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/constants.py +++ b/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/constants.py @@ -21,6 +21,8 @@ EXTENSIONS_DIR = "extensions.dir" MB_IP = "mb.ip" MB_PORT = "mb.port" +MB_USERNAME = "mb.username" +MB_PASSWORD = "mb.password" CARTRIDGE_KEY = "CARTRIDGE_KEY" APPLICATION_ID = "APPLICATION_ID" http://git-wip-us.apache.org/repos/asf/stratos/blob/4eec2ffe/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/publisher.py ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/publisher.py b/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/publisher.py index 00b5fba..6a015f4 100644 --- a/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/publisher.py +++ b/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/publisher.py @@ -24,7 +24,6 @@ import healthstats import constants from config import Config - log = LogFactory().get_log(__name__) started = False @@ -174,7 +173,7 @@ def publish_instance_ready_to_shutdown_event(): cluster_instance_id = Config.cluster_instance_id network_partition_id = Config.network_partition_id partition_id = Config.partition_id - + instance_shutdown_event = InstanceReadyToShutdownEvent( service_name, cluster_id, @@ -204,11 +203,23 @@ class EventPublisher: """ Handles publishing events to topics to the provided message broker """ + def __init__(self, topic): self.__topic = topic def publish(self, event): mb_ip = Config.read_property(constants.MB_IP) mb_port = Config.read_property(constants.MB_PORT) + mb_username = Config.read_property(constants.MB_USERNAME, False) + mb_password = Config.read_property(constants.MB_PASSWORD, False) + if mb_username is None: + auth = None + else: + auth = {"username": mb_username, "password": mb_password} + payload = event.to_json() - publish.single(self.__topic, payload, hostname=mb_ip, port=mb_port) + publish.single(self.__topic, + payload, + hostname=mb_ip, + port=mb_port, + auth=auth) http://git-wip-us.apache.org/repos/asf/stratos/blob/4eec2ffe/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/subscriber.py ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/subscriber.py b/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/subscriber.py index 93d219b..908a44c 100644 --- a/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/subscriber.py +++ b/components/org.apache.stratos.python.cartridge.agent/src/main/python/cartridge.agent/cartridge.agent/subscriber.py @@ -28,7 +28,7 @@ class EventSubscriber(threading.Thread): register event handlers for various events. """ - def __init__(self, topic, ip, port): + def __init__(self, topic, ip, port, username, password): threading.Thread.__init__(self) self.__event_queue = Queue(maxsize=0) @@ -41,6 +41,8 @@ class EventSubscriber(threading.Thread): self.__subscribed = False self.__ip = ip self.__port = port + self.__username = username + self.__password = password def run(self): # Start the event executor thread @@ -48,6 +50,9 @@ class EventSubscriber(threading.Thread): self.__mb_client = mqtt.Client() self.__mb_client.on_connect = self.on_connect self.__mb_client.on_message = self.on_message + if self.__username is not None: + self.log.debug("Message broker credentials are... %s:%s" % (self.__username, self.__password)) + self.__mb_client.username_pw_set(self.__username, self.__password) self.log.debug("Connecting to the message broker with address %r:%r" % (self.__ip, self.__port)) self.__mb_client.connect(self.__ip, self.__port, 60) http://git-wip-us.apache.org/repos/asf/stratos/blob/4eec2ffe/products/python-cartridge-agent/modules/integration/test-integration/pom.xml ---------------------------------------------------------------------- diff --git a/products/python-cartridge-agent/modules/integration/test-integration/pom.xml b/products/python-cartridge-agent/modules/integration/test-integration/pom.xml index 035542a..5b9d0ed 100755 --- a/products/python-cartridge-agent/modules/integration/test-integration/pom.xml +++ b/products/python-cartridge-agent/modules/integration/test-integration/pom.xml @@ -143,6 +143,11 @@ <version>5.10.0</version> </dependency> <dependency> + <groupId>org.apache.activemq</groupId> + <artifactId>activemq-jaas</artifactId> + <version>5.10.0</version> + </dependency> + <dependency> <groupId>org.apache.stratos</groupId> <artifactId>org.apache.stratos.messaging</artifactId> <version>${project.version}</version> http://git-wip-us.apache.org/repos/asf/stratos/blob/4eec2ffe/products/python-cartridge-agent/modules/integration/test-integration/src/test/java/org/apache/stratos/python/cartridge/agent/integration/tests/PythonAgentIntegrationTest.java ---------------------------------------------------------------------- diff --git a/products/python-cartridge-agent/modules/integration/test-integration/src/test/java/org/apache/stratos/python/cartridge/agent/integration/tests/PythonAgentIntegrationTest.java b/products/python-cartridge-agent/modules/integration/test-integration/src/test/java/org/apache/stratos/python/cartridge/agent/integration/tests/PythonAgentIntegrationTest.java index 310a232..0cc8dc3 100644 --- a/products/python-cartridge-agent/modules/integration/test-integration/src/test/java/org/apache/stratos/python/cartridge/agent/integration/tests/PythonAgentIntegrationTest.java +++ b/products/python-cartridge-agent/modules/integration/test-integration/src/test/java/org/apache/stratos/python/cartridge/agent/integration/tests/PythonAgentIntegrationTest.java @@ -18,7 +18,10 @@ */ package org.apache.stratos.python.cartridge.agent.integration.tests; +import org.apache.activemq.broker.BrokerPlugin; import org.apache.activemq.broker.BrokerService; +import org.apache.activemq.security.AuthenticationUser; +import org.apache.activemq.security.SimpleAuthenticationPlugin; import org.apache.commons.exec.*; import org.apache.commons.io.FileUtils; import org.apache.commons.lang.StringUtils; @@ -211,9 +214,16 @@ public class PythonAgentIntegrationTest { } protected void startBroker() throws Exception { + System.setProperty("mb.username", "system"); + System.setProperty("mb.password", "manager"); + broker = new BrokerService(); broker.addConnector(amqpBindAddress); broker.addConnector(mqttBindAddress); + AuthenticationUser authenticationUser = new AuthenticationUser("system", "manager", "users,admins"); + List<AuthenticationUser> authUserList = new ArrayList<>(); + authUserList.add(authenticationUser); + broker.setPlugins(new BrokerPlugin[]{new SimpleAuthenticationPlugin(authUserList)}); broker.setBrokerName("testBroker"); broker.setDataDirectory( PythonAgentIntegrationTest.class.getResource(PATH_SEP).getPath() + PATH_SEP + ".." + PATH_SEP + http://git-wip-us.apache.org/repos/asf/stratos/blob/4eec2ffe/products/python-cartridge-agent/modules/integration/test-integration/src/test/resources/ADCMTAppTenantUserTestCase/agent.conf ---------------------------------------------------------------------- diff --git a/products/python-cartridge-agent/modules/integration/test-integration/src/test/resources/ADCMTAppTenantUserTestCase/agent.conf b/products/python-cartridge-agent/modules/integration/test-integration/src/test/resources/ADCMTAppTenantUserTestCase/agent.conf index 89eeae3..b5efb1c 100755 --- a/products/python-cartridge-agent/modules/integration/test-integration/src/test/resources/ADCMTAppTenantUserTestCase/agent.conf +++ b/products/python-cartridge-agent/modules/integration/test-integration/src/test/resources/ADCMTAppTenantUserTestCase/agent.conf @@ -18,6 +18,8 @@ [agent] mb.ip =localhost mb.port =1885 +mb.username =system +mb.password =manager listen.address =localhost thrift.receiver.urls =localhost:7712 thrift.server.admin.username =admin http://git-wip-us.apache.org/repos/asf/stratos/blob/4eec2ffe/products/python-cartridge-agent/modules/integration/test-integration/src/test/resources/ADCMTAppTestCase/agent.conf ---------------------------------------------------------------------- diff --git a/products/python-cartridge-agent/modules/integration/test-integration/src/test/resources/ADCMTAppTestCase/agent.conf b/products/python-cartridge-agent/modules/integration/test-integration/src/test/resources/ADCMTAppTestCase/agent.conf index 452129d..7362697 100755 --- a/products/python-cartridge-agent/modules/integration/test-integration/src/test/resources/ADCMTAppTestCase/agent.conf +++ b/products/python-cartridge-agent/modules/integration/test-integration/src/test/resources/ADCMTAppTestCase/agent.conf @@ -18,6 +18,8 @@ [agent] mb.ip =localhost mb.port =1885 +mb.username =system +mb.password =manager listen.address =localhost thrift.receiver.urls =localhost:7712 thrift.server.admin.username =admin http://git-wip-us.apache.org/repos/asf/stratos/blob/4eec2ffe/products/python-cartridge-agent/modules/integration/test-integration/src/test/resources/ADCTestCase/agent.conf ---------------------------------------------------------------------- diff --git a/products/python-cartridge-agent/modules/integration/test-integration/src/test/resources/ADCTestCase/agent.conf b/products/python-cartridge-agent/modules/integration/test-integration/src/test/resources/ADCTestCase/agent.conf index 42922ec..d01a246 100755 --- a/products/python-cartridge-agent/modules/integration/test-integration/src/test/resources/ADCTestCase/agent.conf +++ b/products/python-cartridge-agent/modules/integration/test-integration/src/test/resources/ADCTestCase/agent.conf @@ -18,6 +18,8 @@ [agent] mb.ip =localhost mb.port =1885 +mb.username =system +mb.password =manager listen.address =localhost thrift.receiver.urls =localhost:7712 thrift.server.admin.username =admin http://git-wip-us.apache.org/repos/asf/stratos/blob/4eec2ffe/products/python-cartridge-agent/modules/integration/test-integration/src/test/resources/AgentStartupTestCase/agent.conf ---------------------------------------------------------------------- diff --git a/products/python-cartridge-agent/modules/integration/test-integration/src/test/resources/AgentStartupTestCase/agent.conf b/products/python-cartridge-agent/modules/integration/test-integration/src/test/resources/AgentStartupTestCase/agent.conf index 41dfa38..abed7c9 100755 --- a/products/python-cartridge-agent/modules/integration/test-integration/src/test/resources/AgentStartupTestCase/agent.conf +++ b/products/python-cartridge-agent/modules/integration/test-integration/src/test/resources/AgentStartupTestCase/agent.conf @@ -18,6 +18,8 @@ [agent] mb.ip =localhost mb.port =1885 +mb.username =system +mb.password =manager listen.address =localhost thrift.receiver.urls =localhost:7712 thrift.server.admin.username =admin http://git-wip-us.apache.org/repos/asf/stratos/blob/4eec2ffe/products/python-cartridge-agent/modules/integration/test-integration/src/test/resources/common/jndi.properties ---------------------------------------------------------------------- diff --git a/products/python-cartridge-agent/modules/integration/test-integration/src/test/resources/common/jndi.properties b/products/python-cartridge-agent/modules/integration/test-integration/src/test/resources/common/jndi.properties index beefe3c..131b8da 100755 --- a/products/python-cartridge-agent/modules/integration/test-integration/src/test/resources/common/jndi.properties +++ b/products/python-cartridge-agent/modules/integration/test-integration/src/test/resources/common/jndi.properties @@ -20,3 +20,5 @@ connectionfactoryName=TopicConnectionFactory java.naming.provider.url=tcp://localhost:61617 java.naming.factory.initial=org.apache.activemq.jndi.ActiveMQInitialContextFactory +java.naming.security.principal=system +java.naming.security.credentials=manager http://git-wip-us.apache.org/repos/asf/stratos/blob/4eec2ffe/samples/kubernetes-clusters/kubernetes-cluster-1.json ---------------------------------------------------------------------- diff --git a/samples/kubernetes-clusters/kubernetes-cluster-1.json b/samples/kubernetes-clusters/kubernetes-cluster-1.json index ee8f3a1..be09d5f 100644 --- a/samples/kubernetes-clusters/kubernetes-cluster-1.json +++ b/samples/kubernetes-clusters/kubernetes-cluster-1.json @@ -41,6 +41,14 @@ "value": "1883" }, { + "name": "payload_parameter.MB_USERNAME", + "value": "system" + }, + { + "name": "payload_parameter.MB_PASSWORD", + "value": "manager" + }, + { "name": "payload_parameter.CEP_URLS", "value": "172.17.8.1:7711" }, http://git-wip-us.apache.org/repos/asf/stratos/blob/4eec2ffe/samples/kubernetes-clusters/kubernetes-cluster-2.json ---------------------------------------------------------------------- diff --git a/samples/kubernetes-clusters/kubernetes-cluster-2.json b/samples/kubernetes-clusters/kubernetes-cluster-2.json index 9614771..4107da8 100644 --- a/samples/kubernetes-clusters/kubernetes-cluster-2.json +++ b/samples/kubernetes-clusters/kubernetes-cluster-2.json @@ -41,6 +41,14 @@ "value": "1884" }, { + "name": "payload_parameter.MB_USERNAME", + "value": "system" + }, + { + "name": "payload_parameter.MB_PASSWORD", + "value": "manager" + }, + { "name": "payload_parameter.CEP_URLS", "value": "172.17.8.1:7711" }, http://git-wip-us.apache.org/repos/asf/stratos/blob/4eec2ffe/samples/kubernetes-clusters/kubernetes-cluster-ec2.json ---------------------------------------------------------------------- diff --git a/samples/kubernetes-clusters/kubernetes-cluster-ec2.json b/samples/kubernetes-clusters/kubernetes-cluster-ec2.json index dada472..1f65a53 100644 --- a/samples/kubernetes-clusters/kubernetes-cluster-ec2.json +++ b/samples/kubernetes-clusters/kubernetes-cluster-ec2.json @@ -49,6 +49,14 @@ "value": "1883" }, { + "name": "payload_parameter.MB_USERNAME", + "value": "system" + }, + { + "name": "payload_parameter.MB_PASSWORD", + "value": "manager" + }, + { "name": "payload_parameter.CEP_URLS", "value": "54.179.197.243:7711" }, http://git-wip-us.apache.org/repos/asf/stratos/blob/4eec2ffe/tools/docker-images/cartridge-docker-images/base-image/files/run ---------------------------------------------------------------------- diff --git a/tools/docker-images/cartridge-docker-images/base-image/files/run b/tools/docker-images/cartridge-docker-images/base-image/files/run index 44c3414..0b6151e0 100755 --- a/tools/docker-images/cartridge-docker-images/base-image/files/run +++ b/tools/docker-images/cartridge-docker-images/base-image/files/run @@ -186,6 +186,18 @@ else sed -i "s/LOG_LEVEL/${LOG_LEVEL}/g" ${PCA_HOME}/logging.ini fi +if [ -z "${MB_USERNAME}" ]; then + sed -i "s/MB-USERNAME/ /g" ${PCA_HOME}/agent.conf +else + sed -i "s#MB-USERNAME#${MB_USERNAME}#g" ${PCA_HOME}/agent.conf +fi + +if [ -z "${MB_PASSWORD}" ]; then + sed -i "s/MB-PASSWORD/ /g" ${PCA_HOME}/agent.conf +else + sed -i "s#MB-PASSWORD#${MB_PASSWORD}#g" ${PCA_HOME}/agent.conf +fi + # copy custom plugins to PCA cp -R /mnt/plugins ${PCA_HOME}/
