petrov-mg commented on code in PR #11604:
URL: https://github.com/apache/ignite/pull/11604#discussion_r1941863184
##########
modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/ArgumentParser.java:
##########
@@ -143,64 +143,46 @@ public class ArgumentParser {
/** */
private final List<CLIArgument<?>> common = new ArrayList<>();
- static {
- SENSITIVE_ARGUMENTS.add(CMD_PASSWORD);
- SENSITIVE_ARGUMENTS.add(CMD_KEYSTORE_PASSWORD);
- SENSITIVE_ARGUMENTS.add(CMD_TRUSTSTORE_PASSWORD);
- }
-
- /**
- * @param arg To check.
- * @return True if provided argument is among sensitive one and not should
be displayed.
- */
- public static boolean isSensitiveArgument(String arg) {
- return SENSITIVE_ARGUMENTS.contains(arg);
- }
+ /** Console instance. */
+ protected final GridConsole console;
/**
* @param log Logger.
* @param registry Supported commands.
+ * @param console Supported commands.
Review Comment:
`Supported commands` -> `console`.
##########
modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/argument/parser/CLIArgumentParser.java:
##########
@@ -177,6 +170,14 @@ public <T> T get(int position) {
return (T)parsedPositionalArgs.get(position);
}
+ /**
+ * @param name Argument name.
+ * @return Command line rgument.
Review Comment:
`Command line rgument.` -> `Argument descriptor.`
##########
modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/ConnectionAndSslParameters.java:
##########
@@ -249,4 +254,9 @@ public String sslFactoryConfigPath() {
public boolean verbose() {
return parser.get(CMD_VERBOSE);
}
+
+ /** @return safe command. */
+ public String getSafeCmd() {
Review Comment:
`getSafeCmd()` -> `safeCommandString()`
##########
modules/control-utility/src/test/java/org/apache/ignite/internal/processors/security/GridCommandHandlerSslWithSecurityTest.java:
##########
@@ -200,4 +200,127 @@ public void testConnector() throws Exception {
assertContains(log, testOutput, "--keystore-password *****");
assertContains(log, testOutput, "--truststore-password *****");
}
+
+ /**
+ * Verify that the command work correctly when request starts with the
--password argument
+ * without value that invoke console password input for user, and that it
is requested only once.
+ *
+ * @throws Exception If failed.
+ */
+ @Test
+ public void testInputKeyUserPwdOnlyOncePwdArgStart() throws Exception {
+ performTest(Arrays.asList(
+ "--password",
+ "--state",
+ "--user", login,
+ "--keystore", keyStorePath(CLI_CMD_HND.equals(commandHandler)
? "thinClient" : "connectorServer"),
+ "--keystore-password", keyStorePassword(),
+ "--truststore",
keyStorePath(CLI_CMD_HND.equals(commandHandler) ? "trusttwo" : "trustthree"),
+ "--truststore-password", keyStorePassword()));
+ }
+
+ /**
+ * Verify that the command work correctly when request contains the
--password argument inside
+ * without value that invoke console password input for user, and that it
is requested only once.
+ *
+ * @throws Exception If failed.
+ */
+ @Test
+ public void testInputKeyUserPwdOnlyOncePwdArgMiddle() throws Exception {
+ performTest(Arrays.asList(
+ "--state",
+ "--user", login,
+ "--password",
+ "--keystore", keyStorePath(CLI_CMD_HND.equals(commandHandler)
? "thinClient" : "connectorServer"),
+ "--keystore-password", keyStorePassword(),
+ "--truststore",
keyStorePath(CLI_CMD_HND.equals(commandHandler) ? "trusttwo" : "trustthree"),
+ "--truststore-password", keyStorePassword()));
+ }
+
+ /**
+ * Verify that the command work correctly when request ends with the
--password argument
+ * without value that invoke console password input for user, and that it
is requested only once.
+ *
+ * @throws Exception If failed.
+ */
+ @Test
+ public void testInputKeyUserPwdOnlyOncePwdArgEnd() throws Exception {
+ performTest(Arrays.asList(
+ "--state",
+ "--user", login,
+ "--keystore", keyStorePath(CLI_CMD_HND.equals(commandHandler)
? "thinClient" : "connectorServer"),
+ "--keystore-password", keyStorePassword(),
+ "--truststore",
keyStorePath(CLI_CMD_HND.equals(commandHandler) ? "trusttwo" : "trustthree"),
+ "--truststore-password", keyStorePassword(),
+ "--password"));
Review Comment:
List values are aligned with two tabs instead of one.
##########
modules/control-utility/src/test/java/org/apache/ignite/internal/processors/security/GridCommandHandlerSslWithSecurityTest.java:
##########
@@ -200,4 +200,127 @@ public void testConnector() throws Exception {
assertContains(log, testOutput, "--keystore-password *****");
assertContains(log, testOutput, "--truststore-password *****");
}
+
+ /**
+ * Verify that the command work correctly when request starts with the
--password argument
+ * without value that invoke console password input for user, and that it
is requested only once.
+ *
+ * @throws Exception If failed.
+ */
+ @Test
+ public void testInputKeyUserPwdOnlyOncePwdArgStart() throws Exception {
+ performTest(Arrays.asList(
+ "--password",
+ "--state",
+ "--user", login,
+ "--keystore", keyStorePath(CLI_CMD_HND.equals(commandHandler)
? "thinClient" : "connectorServer"),
+ "--keystore-password", keyStorePassword(),
+ "--truststore",
keyStorePath(CLI_CMD_HND.equals(commandHandler) ? "trusttwo" : "trustthree"),
+ "--truststore-password", keyStorePassword()));
+ }
+
+ /**
+ * Verify that the command work correctly when request contains the
--password argument inside
+ * without value that invoke console password input for user, and that it
is requested only once.
+ *
+ * @throws Exception If failed.
+ */
+ @Test
+ public void testInputKeyUserPwdOnlyOncePwdArgMiddle() throws Exception {
+ performTest(Arrays.asList(
+ "--state",
+ "--user", login,
+ "--password",
+ "--keystore", keyStorePath(CLI_CMD_HND.equals(commandHandler)
? "thinClient" : "connectorServer"),
+ "--keystore-password", keyStorePassword(),
+ "--truststore",
keyStorePath(CLI_CMD_HND.equals(commandHandler) ? "trusttwo" : "trustthree"),
+ "--truststore-password", keyStorePassword()));
+ }
+
+ /**
+ * Verify that the command work correctly when request ends with the
--password argument
+ * without value that invoke console password input for user, and that it
is requested only once.
+ *
+ * @throws Exception If failed.
+ */
+ @Test
+ public void testInputKeyUserPwdOnlyOncePwdArgEnd() throws Exception {
+ performTest(Arrays.asList(
+ "--state",
+ "--user", login,
+ "--keystore", keyStorePath(CLI_CMD_HND.equals(commandHandler)
? "thinClient" : "connectorServer"),
+ "--keystore-password", keyStorePassword(),
+ "--truststore",
keyStorePath(CLI_CMD_HND.equals(commandHandler) ? "trusttwo" : "trustthree"),
+ "--truststore-password", keyStorePassword(),
+ "--password"));
+ }
+
+ /**
+ * Perform the test with prepared List arguments.
+ *
+ * @param args List of query arguments.
+ * @throws Exception If failed.
+ */
+ private void performTest(List<String> args) throws Exception {
+ IgniteEx crd = startGrid();
+
+ crd.cluster().state(ACTIVE);
+
+ TestCommandHandler hnd = newCommandHandler();
+
+ AtomicInteger pwdCnt = new AtomicInteger();
+
+ ((CommandHandler)GridTestUtils.getFieldValue(hnd, "hnd")).console =
new NoopConsole() {
+ @Override public char[] readPassword(String fmt, Object... args) {
+ pwdCnt.incrementAndGet();
+
+ return pwd.toCharArray();
+ }
+ };
+
+ int exitCode = hnd.execute(args);
+
+ assertEquals(EXIT_CODE_OK, exitCode);
+ assertEquals(1, pwdCnt.get());
+ }
+
+ /**
+ * Verify that the command work correctly when request few arguments
+ * without value that invoke console input.
+ *
+ * @throws Exception If failed.
+ */
+ @Test
+ public void testInputKeyForFewRequestedArguments() throws Exception {
+ IgniteEx crd = startGrid();
+
+ crd.cluster().state(ACTIVE);
+
+ TestCommandHandler hnd = newCommandHandler();
+
+ AtomicInteger reqCnt = new AtomicInteger();
+
+ ((CommandHandler)GridTestUtils.getFieldValue(hnd, "hnd")).console =
new NoopConsole() {
+ @Override public char[] readPassword(String fmt, Object... args) {
+ reqCnt.incrementAndGet();
+ if (reqCnt.get() == 1)
Review Comment:
```suggestion
if (reqCnt.incrementAndGet() == 1)
```
##########
modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/ConnectionAndSslParameters.java:
##########
@@ -73,11 +76,13 @@ public class ConnectionAndSslParameters<A extends
IgniteDataTransferObject> {
public ConnectionAndSslParameters(
Deque<Command<?, ?>> cmdPath,
A arg,
- CLIArgumentParser parser
+ CLIArgumentParser parser,
+ String safeCmd
Review Comment:
Let's add JavaDoc parameter for safeCmd.
`@param safeCmd String representation of command with hidden values of
sensitive arguments.`
##########
modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/ConnectionAndSslParameters.java:
##########
@@ -65,6 +65,9 @@ public class ConnectionAndSslParameters<A extends
IgniteDataTransferObject> {
/** */
private final CLIArgumentParser parser;
+ /** Safe command. */
Review Comment:
`Safe command. ` -> `String representation of command with hidden values
of sensitive arguments.`
##########
modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/ConnectionAndSslParameters.java:
##########
@@ -249,4 +254,9 @@ public String sslFactoryConfigPath() {
public boolean verbose() {
return parser.get(CMD_VERBOSE);
}
+
+ /** @return safe command. */
Review Comment:
Let's start the sentence with a capital letter.
`safe command.` -> `String representation of command with hidden values
of sensitive arguments.`
##########
modules/control-utility/src/test/java/org/apache/ignite/internal/processors/security/GridCommandHandlerSslWithSecurityTest.java:
##########
@@ -200,4 +200,127 @@ public void testConnector() throws Exception {
assertContains(log, testOutput, "--keystore-password *****");
assertContains(log, testOutput, "--truststore-password *****");
}
+
+ /**
+ * Verify that the command work correctly when request starts with the
--password argument
+ * without value that invoke console password input for user, and that it
is requested only once.
+ *
+ * @throws Exception If failed.
+ */
+ @Test
+ public void testInputKeyUserPwdOnlyOncePwdArgStart() throws Exception {
+ performTest(Arrays.asList(
+ "--password",
+ "--state",
+ "--user", login,
+ "--keystore", keyStorePath(CLI_CMD_HND.equals(commandHandler)
? "thinClient" : "connectorServer"),
+ "--keystore-password", keyStorePassword(),
+ "--truststore",
keyStorePath(CLI_CMD_HND.equals(commandHandler) ? "trusttwo" : "trustthree"),
+ "--truststore-password", keyStorePassword()));
+ }
+
+ /**
+ * Verify that the command work correctly when request contains the
--password argument inside
+ * without value that invoke console password input for user, and that it
is requested only once.
+ *
+ * @throws Exception If failed.
+ */
+ @Test
+ public void testInputKeyUserPwdOnlyOncePwdArgMiddle() throws Exception {
+ performTest(Arrays.asList(
+ "--state",
+ "--user", login,
+ "--password",
+ "--keystore", keyStorePath(CLI_CMD_HND.equals(commandHandler)
? "thinClient" : "connectorServer"),
+ "--keystore-password", keyStorePassword(),
+ "--truststore",
keyStorePath(CLI_CMD_HND.equals(commandHandler) ? "trusttwo" : "trustthree"),
+ "--truststore-password", keyStorePassword()));
Review Comment:
List values are aligned with two tabs instead of one.
##########
modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/ArgumentParser.java:
##########
@@ -359,6 +336,37 @@ private CLIArgumentParser createArgumentParser() {
namedArgs.addAll(common);
- return new CLIArgumentParser(positionalArgs, namedArgs);
+ return new CLIArgumentParser(positionalArgs, namedArgs, console);
+ }
+
+ /** @return safe command for logging with hidden confidential values. */
Review Comment:
Let's start the sentence with a capital letter.
`safe command for logging with hidden confidential values.` -> `String
representation of command with hidden values of sensitive arguments.`
##########
modules/control-utility/src/test/java/org/apache/ignite/internal/processors/security/GridCommandHandlerSslWithSecurityTest.java:
##########
@@ -200,4 +200,127 @@ public void testConnector() throws Exception {
assertContains(log, testOutput, "--keystore-password *****");
assertContains(log, testOutput, "--truststore-password *****");
}
+
+ /**
+ * Verify that the command work correctly when request starts with the
--password argument
+ * without value that invoke console password input for user, and that it
is requested only once.
+ *
+ * @throws Exception If failed.
+ */
+ @Test
+ public void testInputKeyUserPwdOnlyOncePwdArgStart() throws Exception {
+ performTest(Arrays.asList(
+ "--password",
+ "--state",
+ "--user", login,
+ "--keystore", keyStorePath(CLI_CMD_HND.equals(commandHandler)
? "thinClient" : "connectorServer"),
+ "--keystore-password", keyStorePassword(),
+ "--truststore",
keyStorePath(CLI_CMD_HND.equals(commandHandler) ? "trusttwo" : "trustthree"),
+ "--truststore-password", keyStorePassword()));
+ }
+
+ /**
+ * Verify that the command work correctly when request contains the
--password argument inside
+ * without value that invoke console password input for user, and that it
is requested only once.
+ *
+ * @throws Exception If failed.
+ */
+ @Test
+ public void testInputKeyUserPwdOnlyOncePwdArgMiddle() throws Exception {
+ performTest(Arrays.asList(
+ "--state",
+ "--user", login,
+ "--password",
+ "--keystore", keyStorePath(CLI_CMD_HND.equals(commandHandler)
? "thinClient" : "connectorServer"),
+ "--keystore-password", keyStorePassword(),
+ "--truststore",
keyStorePath(CLI_CMD_HND.equals(commandHandler) ? "trusttwo" : "trustthree"),
+ "--truststore-password", keyStorePassword()));
+ }
+
+ /**
+ * Verify that the command work correctly when request ends with the
--password argument
+ * without value that invoke console password input for user, and that it
is requested only once.
+ *
+ * @throws Exception If failed.
+ */
+ @Test
+ public void testInputKeyUserPwdOnlyOncePwdArgEnd() throws Exception {
+ performTest(Arrays.asList(
+ "--state",
+ "--user", login,
+ "--keystore", keyStorePath(CLI_CMD_HND.equals(commandHandler)
? "thinClient" : "connectorServer"),
+ "--keystore-password", keyStorePassword(),
+ "--truststore",
keyStorePath(CLI_CMD_HND.equals(commandHandler) ? "trusttwo" : "trustthree"),
+ "--truststore-password", keyStorePassword(),
+ "--password"));
+ }
+
+ /**
+ * Perform the test with prepared List arguments.
+ *
+ * @param args List of query arguments.
+ * @throws Exception If failed.
+ */
+ private void performTest(List<String> args) throws Exception {
+ IgniteEx crd = startGrid();
+
+ crd.cluster().state(ACTIVE);
+
+ TestCommandHandler hnd = newCommandHandler();
+
+ AtomicInteger pwdCnt = new AtomicInteger();
+
+ ((CommandHandler)GridTestUtils.getFieldValue(hnd, "hnd")).console =
new NoopConsole() {
+ @Override public char[] readPassword(String fmt, Object... args) {
+ pwdCnt.incrementAndGet();
+
+ return pwd.toCharArray();
+ }
+ };
+
+ int exitCode = hnd.execute(args);
+
+ assertEquals(EXIT_CODE_OK, exitCode);
+ assertEquals(1, pwdCnt.get());
+ }
+
+ /**
+ * Verify that the command work correctly when request few arguments
+ * without value that invoke console input.
+ *
+ * @throws Exception If failed.
+ */
+ @Test
+ public void testInputKeyForFewRequestedArguments() throws Exception {
+ IgniteEx crd = startGrid();
+
+ crd.cluster().state(ACTIVE);
+
+ TestCommandHandler hnd = newCommandHandler();
+
+ AtomicInteger reqCnt = new AtomicInteger();
+
+ ((CommandHandler)GridTestUtils.getFieldValue(hnd, "hnd")).console =
new NoopConsole() {
+ @Override public char[] readPassword(String fmt, Object... args) {
+ reqCnt.incrementAndGet();
+ if (reqCnt.get() == 1)
+ return keyStorePassword().toCharArray();
+ else
+ return pwd.toCharArray();
+ }
+ };
+
+ int exitCode = hnd.execute(Arrays.asList(
+ "--state",
+ "--user", login,
+ "--verbose",
+ "--keystore", keyStorePath(CLI_CMD_HND.equals(commandHandler)
? "thinClient" : "connectorServer"),
+ "--keystore-password",
+ "--truststore",
keyStorePath(CLI_CMD_HND.equals(commandHandler) ? "trusttwo" : "trustthree"),
+ "--truststore-password", keyStorePassword(),
+ "--password"));
Review Comment:
List values are aligned with two tabs instead of one.
##########
modules/control-utility/src/test/java/org/apache/ignite/internal/processors/security/GridCommandHandlerSslWithSecurityTest.java:
##########
@@ -200,4 +200,127 @@ public void testConnector() throws Exception {
assertContains(log, testOutput, "--keystore-password *****");
assertContains(log, testOutput, "--truststore-password *****");
}
+
+ /**
+ * Verify that the command work correctly when request starts with the
--password argument
+ * without value that invoke console password input for user, and that it
is requested only once.
+ *
+ * @throws Exception If failed.
+ */
+ @Test
+ public void testInputKeyUserPwdOnlyOncePwdArgStart() throws Exception {
+ performTest(Arrays.asList(
+ "--password",
+ "--state",
+ "--user", login,
+ "--keystore", keyStorePath(CLI_CMD_HND.equals(commandHandler)
? "thinClient" : "connectorServer"),
+ "--keystore-password", keyStorePassword(),
+ "--truststore",
keyStorePath(CLI_CMD_HND.equals(commandHandler) ? "trusttwo" : "trustthree"),
+ "--truststore-password", keyStorePassword()));
Review Comment:
List values are aligned with two tabs instead of one.
##########
modules/control-utility/src/test/java/org/apache/ignite/internal/processors/security/GridCommandHandlerSslWithSecurityTest.java:
##########
@@ -200,4 +200,127 @@ public void testConnector() throws Exception {
assertContains(log, testOutput, "--keystore-password *****");
assertContains(log, testOutput, "--truststore-password *****");
}
+
+ /**
+ * Verify that the command work correctly when request starts with the
--password argument
+ * without value that invoke console password input for user, and that it
is requested only once.
+ *
+ * @throws Exception If failed.
+ */
+ @Test
+ public void testInputKeyUserPwdOnlyOncePwdArgStart() throws Exception {
+ performTest(Arrays.asList(
+ "--password",
+ "--state",
+ "--user", login,
+ "--keystore", keyStorePath(CLI_CMD_HND.equals(commandHandler)
? "thinClient" : "connectorServer"),
+ "--keystore-password", keyStorePassword(),
+ "--truststore",
keyStorePath(CLI_CMD_HND.equals(commandHandler) ? "trusttwo" : "trustthree"),
+ "--truststore-password", keyStorePassword()));
+ }
+
+ /**
+ * Verify that the command work correctly when request contains the
--password argument inside
+ * without value that invoke console password input for user, and that it
is requested only once.
+ *
+ * @throws Exception If failed.
+ */
+ @Test
+ public void testInputKeyUserPwdOnlyOncePwdArgMiddle() throws Exception {
+ performTest(Arrays.asList(
+ "--state",
+ "--user", login,
+ "--password",
+ "--keystore", keyStorePath(CLI_CMD_HND.equals(commandHandler)
? "thinClient" : "connectorServer"),
+ "--keystore-password", keyStorePassword(),
+ "--truststore",
keyStorePath(CLI_CMD_HND.equals(commandHandler) ? "trusttwo" : "trustthree"),
+ "--truststore-password", keyStorePassword()));
+ }
+
+ /**
+ * Verify that the command work correctly when request ends with the
--password argument
+ * without value that invoke console password input for user, and that it
is requested only once.
+ *
+ * @throws Exception If failed.
+ */
+ @Test
+ public void testInputKeyUserPwdOnlyOncePwdArgEnd() throws Exception {
+ performTest(Arrays.asList(
+ "--state",
+ "--user", login,
+ "--keystore", keyStorePath(CLI_CMD_HND.equals(commandHandler)
? "thinClient" : "connectorServer"),
+ "--keystore-password", keyStorePassword(),
+ "--truststore",
keyStorePath(CLI_CMD_HND.equals(commandHandler) ? "trusttwo" : "trustthree"),
+ "--truststore-password", keyStorePassword(),
+ "--password"));
+ }
+
+ /**
+ * Perform the test with prepared List arguments.
+ *
+ * @param args List of query arguments.
+ * @throws Exception If failed.
+ */
+ private void performTest(List<String> args) throws Exception {
Review Comment:
`performTest `-> `doPasswordInteractiveInputTest`
Let's move this method to the end of the file.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
