public static String createAuthorizationHeader(AuthCredentialsServiceState authState) { if (authState == null) { return null; } if (AuthCredentialsType.Bearer.toString().equals(authState.type)) { String token = EncryptionUtils.decrypt(authState.privateKey); return "Bearer " + token; } AuthCredentialsType authCredentialsType = AuthCredentialsType.valueOf(authState.type); if (AuthCredentialsType.Password == authCredentialsType) { String username = authState.userEmail; String password = EncryptionUtils.decrypt(authState.privateKey); String code = new String(Base64.getEncoder().encode( (username + ":" + password).getBytes())); return "Basic " + code; } return null; }
private AuthCredentialsServiceState createCredentials(AuthCredentialsType type, boolean setKubeConfig) throws Throwable { AuthCredentialsServiceState credentials = new AuthCredentialsServiceState(); if (AuthCredentialsType.Bearer == type) { credentials.type = AuthCredentialsType.Bearer.toString(); credentials.publicKey = "token"; } else if (AuthCredentialsType.PublicKey == type) { credentials.type = AuthCredentialsType.PublicKey.toString(); credentials.publicKey = "certificate"; credentials.privateKey = "privateKey"; } else { credentials.type = type.toString(); } if (setKubeConfig) { credentials.customProperties = new HashMap<>(); credentials.customProperties.put("__kubeConfig", KUBE_CONFIG_JSON); } return doPost(credentials, AuthCredentialsService.FACTORY_LINK); }
private void createCredentials(Operation op, String link, String token, KubeConfig kubeConfig, List<String> tenantLinks, Consumer<String> consumer) { AuthCredentialsServiceState credentials = new AuthCredentialsServiceState(); credentials.documentSelfLink = link; credentials.privateKey = token; credentials.type = AuthCredentialsType.Bearer.toString(); credentials.tenantLinks = tenantLinks; credentials.customProperties = new HashMap<>(4); credentials.customProperties.put(KUBE_CONFIG_PROP_NAME, Utils.toJson(kubeConfig)); // Set the display name of the credential to the cluster name, if it exists if (CollectionUtils.isNotEmpty(kubeConfig.clusters) && StringUtils.isNotEmpty(kubeConfig.clusters.get(0).name)) { credentials.customProperties.put(AuthUtils.AUTH_CREDENTIALS_NAME_PROP_NAME, kubeConfig.clusters.get(0).name); } Operation.createPost(getHost(), AuthCredentialsService.FACTORY_LINK) .setBodyNoCloning(credentials) .addPragmaDirective(Operation.PRAGMA_DIRECTIVE_FORCE_INDEX_UPDATE) .setCompletion((o, e) -> { if (e != null) { logWarning("Error creating PKS credentials state: %s", e.getMessage()); op.fail(e); return; } consumer.accept(link); }) .sendWith(this); }
private void createHarborCredentials(Operation post, Consumer<String> callback) { AuthCredentialsServiceState state = new AuthCredentialsServiceState(); state.type = AuthCredentialsType.Password.toString(); state.userEmail = Harbor.DEFAULT_REGISTRY_USER_PREFIX + UUID.randomUUID(); state.privateKey = new BigInteger(160, new SecureRandom()).toString(32); sendRequest(Operation .createPost(UriUtils.buildUri(getHost(), ServiceUriPaths.CORE_CREDENTIALS)) .setBodyNoCloning(state) .setCompletion((o, e) -> { if (e != null) { logSevere("Unable to create default harbor credentials: %s", Utils.toString(e)); post.fail(e); return; } AuthCredentialsServiceState body = o.getBody(AuthCredentialsServiceState.class); callback.accept(body.documentSelfLink); })); }
protected AuthCredentialsServiceState createCredentials(String username, String password, boolean isSystem) throws Throwable { AuthCredentialsServiceState credentials = new AuthCredentialsServiceState(); credentials.userEmail = username; credentials.privateKey = password; credentials.type = AuthCredentialsType.Password.toString(); if (isSystem) { credentials.customProperties = new HashMap<>(); credentials.customProperties.put(AuthConfigProvider.PROPERTY_SCOPE, AuthConfigProvider.CredentialsScope.SYSTEM.toString()); } return getOrCreateDocument(credentials, AuthCredentialsService.FACTORY_LINK); }
protected AuthCredentialsServiceState createCredentialsWithKeys(String publicKey, String privateKey) throws Throwable { AuthCredentialsServiceState credentials = new AuthCredentialsServiceState(); credentials.publicKey = publicKey; credentials.privateKey = privateKey; credentials.type = AuthCredentialsType.PublicKey.toString(); return getOrCreateDocument(credentials, AuthCredentialsService.FACTORY_LINK); }
@Test public void testConstructKubeConfigWithBearerToken() { String clusterAddress = "https://testhost:8443"; String token = "bearer_token"; AuthCredentialsServiceState creds = new AuthCredentialsServiceState(); creds.privateKey = token; creds.type = AuthCredentialsType.Bearer.toString(); KubeConfig config = KubernetesUtil.constructKubeConfig(clusterAddress, creds); assertNotNull(config); assertEquals(token, config.users.get(0).user.token); }
@Test public void testConstructKubeConfigWithPassword() { String clusterAddress = "https://testhost:8443"; String username = "user1"; String password = "password123"; AuthCredentialsServiceState creds = new AuthCredentialsServiceState(); creds.userEmail = username; creds.privateKey = password; creds.type = AuthCredentialsType.Password.toString(); KubeConfig config = KubernetesUtil.constructKubeConfig(clusterAddress, creds); assertNotNull(config); assertEquals(username, config.users.get(0).user.username); assertEquals(password, config.users.get(0).user.password); }
@Test(expected = LocalizableValidationException.class) public void testFailConstructKubeConfigWithUnsupportedCredentials() { AuthCredentialsServiceState creds = new AuthCredentialsServiceState(); creds.type = AuthCredentialsType.PublicKeyCA.toString(); KubernetesUtil.constructKubeConfig("https://localhost:6443", creds); fail("KubeConfig construction should have failed with unsupported credentials"); }
@Test public void testCreateAuthorizationHeader() { // No credentials assertNull(AuthUtils.createAuthorizationHeader(null)); // Non-password credentials AuthCredentialsServiceState credentials = new AuthCredentialsServiceState(); credentials.type = AuthCredentialsType.PublicKey.toString(); assertNull(AuthUtils.createAuthorizationHeader(credentials)); // Password credentials String email = "test@test.test"; String password = "test"; String expectedHeader = String.format("Basic %s", new String(Base64.getEncoder() .encode(String.format("%s:%s", email, password).getBytes()))); credentials = new AuthCredentialsServiceState(); credentials.type = AuthCredentialsType.Password.toString(); credentials.userEmail = email; credentials.privateKey = password; assertEquals(expectedHeader, AuthUtils.createAuthorizationHeader(credentials)); // Bearer token String token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL"; expectedHeader = String.format("Bearer %s", token); credentials = new AuthCredentialsServiceState(); credentials.type = "Bearer"; credentials.privateKey = token; assertEquals(expectedHeader, AuthUtils.createAuthorizationHeader(credentials)); }
@Test public void testConstructKubeConfigWithPublicKey() { String clusterAddress = "https://testhost:8443"; AuthCredentialsServiceState creds = new AuthCredentialsServiceState(); creds.publicKey = "certificate"; creds.privateKey = "private_key"; creds.type = AuthCredentialsType.PublicKey.toString(); KubeConfig config = KubernetesUtil.constructKubeConfig(clusterAddress, creds); assertEquals("v1", config.apiVersion); assertEquals("Config", config.kind); assertNotNull(config.currentContext); assertNotNull(config.clusters); assertNotNull(config.contexts); assertNotNull(config.users); assertEquals(1, config.users.size()); assertEquals(1, config.contexts.size()); assertEquals(1, config.clusters.size()); assertEquals(config.contexts.get(0).context.user, config.users.get(0).name); assertEquals("Y2VydGlmaWNhdGU=", config.users.get(0).user.clientCertificateData); assertEquals("cHJpdmF0ZV9rZXk=", config.users.get(0).user.clientKeyData); assertEquals(config.clusters.get(0).name, config.contexts.get(0).context.cluster); assertEquals(config.currentContext, config.contexts.get(0).name); assertEquals(clusterAddress, config.clusters.get(0).cluster.server); assertTrue(config.clusters.get(0).cluster.insecureSkipTlsVerify); }
@Test public void testGetSecurityContextWithDefaultHarborRegistryCredentials() throws Throwable { AuthCredentialsServiceState credentials = new AuthCredentialsServiceState(); credentials.userEmail = UUID.randomUUID().toString(); credentials.privateKey = UUID.randomUUID().toString(); credentials.type = AuthCredentialsType.Password.toString(); credentials = getOrCreateDocument(credentials, AuthCredentialsService.FACTORY_LINK); assertNotNull("Failed to create credentials", credentials); RegistryState registryState = new RegistryState(); registryState.documentSelfLink = Harbor.DEFAULT_REGISTRY_LINK; registryState.endpointType = RegistryState.DOCKER_REGISTRY_ENDPOINT_TYPE; registryState.address = "http://harbor.vic.com"; registryState.authCredentialsLink = credentials.documentSelfLink; registryState = getOrCreateDocument(registryState, RegistryFactoryService.SELF_LINK); assertNotNull("Failed to create registry", registryState); SecurityContext securityContext = getSecurityContextByCredentials(credentials.userEmail, credentials.privateKey); assertEquals(credentials.userEmail, securityContext.id); assertEquals(1, securityContext.roles.size()); assertTrue(securityContext.roles.contains(AuthRole.CLOUD_ADMIN)); securityContext = getSecurityContextByCredentials(USER_EMAIL_GLORIA, "Password1!"); assertEquals(USER_NAME_GLORIA, securityContext.name); assertEquals(USER_EMAIL_GLORIA, securityContext.id); assertTrue(securityContext.roles.contains(AuthRole.BASIC_USER)); assertTrue(securityContext.roles.contains(AuthRole.BASIC_USER_EXTENDED)); }
credentials.type = AuthCredentialsType.PublicKey.toString(); try { error = dockerAdapterService.checkAuthCredentialsSupportedType(credentials, false); credentials.type = AuthCredentialsType.Password.toString(); try { error = dockerAdapterService.checkAuthCredentialsSupportedType(credentials, false);
authState.type = AuthCredentialsType.Password.toString(); authState.userEmail = REGISTRY_USER; authState.privateKey = REGISTRY_PASSWORD;