private Operation createCaCredentials(String caCert, String caKey) { AuthCredentialsServiceState authCredentials = new AuthCredentialsServiceState(); authCredentials.documentSelfLink = ManagementUriParts.AUTH_CREDENTIALS_CA_LINK; authCredentials.type = AuthCredentialsType.PublicKeyCA.name(); authCredentials.userEmail = "core"; authCredentials.publicKey = caCert; authCredentials.privateKey = caKey; return Operation.createPost(this, AuthCredentialsService.FACTORY_LINK) .addPragmaDirective(Operation.PRAGMA_DIRECTIVE_FORCE_INDEX_UPDATE) .setBody(authCredentials); }
private void createOrUpdateTargetSsl(KubernetesContext context) { URI uri = UriUtils.buildUri(context.host.address); if (!isSecure(uri)) { return; } String sslTrust = context.SSLTrustCertificate; if (sslTrust != null && trustManager != null) { String trustAlias = context.SSLTrustAlias; trustManager.putDelegate(trustAlias, sslTrust); } if (context.credentials == null || !AuthCredentialsType.PublicKey.name().equals(context.credentials.type)) { return; } String clientKey = EncryptionUtils.decrypt(context.credentials.privateKey); String clientCert = context.credentials.publicKey; String alias = context.host.address.toLowerCase(); if (clientKey != null && !clientKey.isEmpty()) { X509ExtendedKeyManager delegateKeyManager = (X509ExtendedKeyManager) CertificateUtil .getKeyManagers(alias, clientKey, clientCert)[0]; keyManager.putDelegate(alias, delegateKeyManager); } }
public static AuthCredentialsServiceState createAuthCredentials(boolean uniqueSelfLink) { AuthCredentialsServiceState authCredentials = new AuthCredentialsServiceState(); authCredentials.documentSelfLink = AUTH_CREDENTIALS_ID; if (uniqueSelfLink) { authCredentials.documentSelfLink += "-" + UUID.randomUUID(); } authCredentials.type = AuthCredentialsType.PublicKey.name(); authCredentials.userEmail = "core"; authCredentials.privateKey = getFileContent("docker-host-private-key.PEM"); return authCredentials; }
/** * Login in PKS and returns PKS context instance with token. */ private DeferredResult<PKSContext> login(Endpoint endpoint, AuthCredentialsServiceState authCredentials) { if (authCredentials == null) { return DeferredResult.completed(PKSContext.create(endpoint, null)); } AuthCredentialsType authCredentialsType = AuthCredentialsType.valueOf(authCredentials.type); if (AuthCredentialsType.Password == authCredentialsType) { String username = authCredentials.userEmail; String password = EncryptionUtils.decrypt(authCredentials.privateKey); return getClient() .login(endpoint.uaaEndpoint, username, password) .thenApply(uaaTokenResponse -> PKSContext.create(endpoint, uaaTokenResponse)); } throw new IllegalArgumentException("Credential type " + authCredentialsType.name() + " is not supported"); }
private Operation createClientCredentials(String caCert, String caKey) { X509Certificate caCertificate = CertificateUtil.createCertificate(caCert); KeyPair caKeyPair = CertificateUtil.createKeyPair(caKey); AuthCredentialsServiceState authCredentials = new AuthCredentialsServiceState(); authCredentials.documentSelfLink = ManagementUriParts.AUTH_CREDENTIALS_CLIENT_LINK; authCredentials.type = AuthCredentialsType.PublicKey.name(); authCredentials.userEmail = "core"; CertChainKeyPair signedForClient = CertificateUtil.generateSignedForClient("computeClient", caCertificate, caKeyPair.getPrivate()); authCredentials.publicKey = CertificateUtilExtended.toPEMformat( signedForClient.getCertificate(), getHost()); authCredentials.privateKey = CertificateUtilExtended.toPEMFormat( signedForClient.getPrivateKey(), getHost()); return Operation.createPost(this, AuthCredentialsService.FACTORY_LINK) .addPragmaDirective(Operation.PRAGMA_DIRECTIVE_FORCE_INDEX_UPDATE) .setBody(authCredentials); }
@Test public void testWithHarborProperty() throws Exception { createHarborConfigurationState("harbor.address"); TestContext t = new TestContext(1, Duration.ofSeconds(15)); harborInitRegistryService.handleStart(Operation .createGet(null) .setCompletion(t.getCompletion())); t.await(); RegistryState harborRegistry = getHarborRegistry(true); assertNotNull(harborRegistry); assertEquals("harbor.address", harborRegistry.address); assertNotNull(harborRegistry.authCredentialsLink); AuthCredentialsServiceState credentialsState = getCredentialsState( harborRegistry.authCredentialsLink); assertNotNull(credentialsState); assertNotNull(credentialsState.userEmail); assertNotNull(credentialsState.privateKey); assertEquals(AuthCredentialsType.Password.name(), credentialsState.type); assertTrue(credentialsState.userEmail.startsWith(Harbor.DEFAULT_REGISTRY_USER_PREFIX)); assertTrue(credentialsState.privateKey.length() > 20); }
@Test public void testWithNewHarborProperty() throws Exception { testWithHarborProperty(); RegistryState registryOld = getHarborRegistry(true); updateHarborConfigurationState("harbor.address.new"); TestContext t = new TestContext(1, Duration.ofSeconds(15)); harborInitRegistryService.handleStart(Operation .createGet(null) .setCompletion(t.getCompletion())); t.await(); RegistryState registryNew = getHarborRegistry(true); assertEquals("harbor.address.new", registryNew.address); assertNotNull(registryNew.authCredentialsLink); assertNotEquals(registryOld.authCredentialsLink, registryNew.authCredentialsLink); AuthCredentialsServiceState credentialsNew = getCredentialsState( registryNew.authCredentialsLink); assertNotNull(credentialsNew.userEmail); assertNotNull(credentialsNew.privateKey); assertEquals(AuthCredentialsType.Password.name(), credentialsNew.type); assertTrue(credentialsNew.userEmail.startsWith(Harbor.DEFAULT_REGISTRY_USER_PREFIX)); assertTrue(credentialsNew.privateKey.length() > 20); }
@Before public void setUpMockKubernetesHost() throws Throwable { ServiceHost.Arguments args = new ServiceHost.Arguments(); args.sandbox = null; args.port = 0; mockKubernetesHost = createHost(); mockKubernetesHost.setMaintenanceIntervalMicros(TimeUnit.MILLISECONDS .toMicros(MAINTENANCE_INTERVAL_MILLIS)); kubernetesUri = UriUtils.buildUri(mockKubernetesHost, KubernetesPathConstants.BASE_PATH); kubernetesFailingUri = UriUtils.buildUri(mockKubernetesHost, KubernetesPathConstants.BASE_FAILING_PATH); kubernetesCredentials = new AuthCredentialsServiceState(); kubernetesCredentials.type = AuthCredentialsType.Password.name(); kubernetesCredentials.userEmail = "test@admiral"; kubernetesCredentials.privateKey = "password"; HostInitTestDcpServicesConfig.startServices(host); HostInitPhotonModelServiceConfig.startServices(host); HostInitCommonServiceConfig.startServices(host); HostInitComputeServicesConfig.startServices(host, false); HostInitKubernetesAdapterServiceConfig.startServices(host, false); waitForInitialBootServiceToBeSelfStopped(ComputeInitialBootService.SELF_LINK); host.log("Using test kubernetes URI: %s", kubernetesUri); System.setProperty("dcp.management.container.shell.availability.retry", "0"); host.startService( Operation.createPost(UriUtils.buildUri(host, MockTaskFactoryService.SELF_LINK)), new MockTaskFactoryService()); }