private AuthCredentialsServiceState configureAuth(EndpointState state) { AuthCredentialsServiceState authState = new AuthCredentialsServiceState(); authState.tenantLinks = state.tenantLinks; authState.customProperties = new HashMap<>(); if (state.customProperties != null) { authState.customProperties.putAll(state.customProperties); } authState.customProperties.put(CUSTOM_PROP_ENPOINT_TYPE, state.endpointType); if (state.documentSelfLink != null) { authState.customProperties.put(CUSTOM_PROP_ENDPOINT_LINK, state.documentSelfLink); } return authState; }
private AuthCredentialsServiceState configureAuth(EndpointState state) { AuthCredentialsServiceState authState = new AuthCredentialsServiceState(); authState.tenantLinks = state.tenantLinks; authState.customProperties = new HashMap<>(); if (state.customProperties != null) { authState.customProperties.putAll(state.customProperties); } authState.customProperties.put(CUSTOM_PROP_ENPOINT_TYPE, state.endpointType); if (state.documentSelfLink != null) { authState.customProperties.put(CUSTOM_PROP_ENDPOINT_LINK, state.documentSelfLink); } return authState; }
private void createHarborCredentials(Operation post, Consumer<String> callback) { AuthCredentialsServiceState state = new AuthCredentialsServiceState(); state.type = AuthCredentialsType.Password.toString(); state.userEmail = Harbor.DEFAULT_REGISTRY_USER_PREFIX + UUID.randomUUID(); state.privateKey = new BigInteger(160, new SecureRandom()).toString(32); sendRequest(Operation .createPost(UriUtils.buildUri(getHost(), ServiceUriPaths.CORE_CREDENTIALS)) .setBodyNoCloning(state) .setCompletion((o, e) -> { if (e != null) { logSevere("Unable to create default harbor credentials: %s", Utils.toString(e)); post.fail(e); return; } AuthCredentialsServiceState body = o.getBody(AuthCredentialsServiceState.class); callback.accept(body.documentSelfLink); })); }
@Test public void testCloudAdminHasAccessToCredentials() throws Throwable { host.assumeIdentity(buildUserServicePath(USER_EMAIL_ADMIN)); AuthCredentialsServiceState cred = new AuthCredentialsServiceState(); cred.userEmail = "test"; // POST AuthCredentialsServiceState createdState = doPost(cred, AuthCredentialsService.FACTORY_LINK); assertNotNull(createdState); assertNotNull(createdState.documentSelfLink); // GET AuthCredentialsServiceState retrievedState = getDocument(AuthCredentialsServiceState.class, createdState.documentSelfLink); assertNotNull(retrievedState); // PUT createdState.userEmail = "updated-name"; AuthCredentialsServiceState updatedState = doPut(createdState); assertNotNull(updatedState); assertTrue(createdState.userEmail.equals(updatedState.userEmail)); // DELETE doDelete(UriUtils.buildUri(host, createdState.documentSelfLink), false); retrievedState = getDocumentNoWait(AuthCredentialsServiceState.class, createdState.documentSelfLink); assertNull(retrievedState); }
@Test public void testProjectAdminRestrictionsToCredentials() throws Throwable { AuthCredentialsServiceState cred = new AuthCredentialsServiceState(); cred.userEmail = "test"; host.assumeIdentity(buildUserServicePath(USER_EMAIL_ADMIN)); AuthCredentialsServiceState createdState = doPost(cred, AuthCredentialsService.FACTORY_LINK); assertNotNull(createdState); assertNotNull(createdState.documentSelfLink); host.assumeIdentity(buildUserServicePath(USER_EMAIL_GLORIA)); // GET getDocumentNoWait(AuthCredentialsServiceState.class, createdState.documentSelfLink); // POST doPost(cred, AuthCredentialsService.FACTORY_LINK); // PUT createdState.userEmail = "updated-name"; doPut(createdState); // DELETE doDelete(UriUtils.buildUri(host, createdState.documentSelfLink), false); }
@Test public void testBasicUserRestrictionsToCredentials() throws Throwable { AuthCredentialsServiceState cred = new AuthCredentialsServiceState(); cred.userEmail = "test"; // GET host.assumeIdentity(buildUserServicePath(USER_EMAIL_ADMIN)); AuthCredentialsServiceState createdState = doPost(cred, AuthCredentialsService.FACTORY_LINK); assertNotNull(createdState); assertNotNull(createdState.documentSelfLink); host.assumeIdentity(buildUserServicePath(USER_EMAIL_BASIC_USER)); doGetWithRestrictionVerification(createdState, AuthCredentialsService.FACTORY_LINK, AuthCredentialsServiceState.class.getName()); // POST doPostWithRestrictionVerification(cred, AuthCredentialsService.FACTORY_LINK); // PUT createdState.userEmail = "updated-name"; doPutWithRestrictionVerification(createdState, AuthCredentialsService.FACTORY_LINK); // DELETE doDeleteWithRestrictionVerification(createdState, AuthCredentialsService.FACTORY_LINK); }
private AuthCredentialsServiceState createCredentials(AuthCredentialsType type, boolean setKubeConfig) throws Throwable { AuthCredentialsServiceState credentials = new AuthCredentialsServiceState(); if (AuthCredentialsType.Bearer == type) { credentials.type = AuthCredentialsType.Bearer.toString(); credentials.publicKey = "token"; } else if (AuthCredentialsType.PublicKey == type) { credentials.type = AuthCredentialsType.PublicKey.toString(); credentials.publicKey = "certificate"; credentials.privateKey = "privateKey"; } else { credentials.type = type.toString(); } if (setKubeConfig) { credentials.customProperties = new HashMap<>(); credentials.customProperties.put("__kubeConfig", KUBE_CONFIG_JSON); } return doPost(credentials, AuthCredentialsService.FACTORY_LINK); }
private Operation createClientCredentials(String caCert, String caKey) { X509Certificate caCertificate = CertificateUtil.createCertificate(caCert); KeyPair caKeyPair = CertificateUtil.createKeyPair(caKey); AuthCredentialsServiceState authCredentials = new AuthCredentialsServiceState(); authCredentials.documentSelfLink = ManagementUriParts.AUTH_CREDENTIALS_CLIENT_LINK; authCredentials.type = AuthCredentialsType.PublicKey.name(); authCredentials.userEmail = "core"; CertChainKeyPair signedForClient = CertificateUtil.generateSignedForClient("computeClient", caCertificate, caKeyPair.getPrivate()); authCredentials.publicKey = CertificateUtilExtended.toPEMformat( signedForClient.getCertificate(), getHost()); authCredentials.privateKey = CertificateUtilExtended.toPEMFormat( signedForClient.getPrivateKey(), getHost()); return Operation.createPost(this, AuthCredentialsService.FACTORY_LINK) .addPragmaDirective(Operation.PRAGMA_DIRECTIVE_FORCE_INDEX_UPDATE) .setBody(authCredentials); }
@Test public void testConstructKubeConfigWithPassword() { String clusterAddress = "https://testhost:8443"; String username = "user1"; String password = "password123"; AuthCredentialsServiceState creds = new AuthCredentialsServiceState(); creds.userEmail = username; creds.privateKey = password; creds.type = AuthCredentialsType.Password.toString(); KubeConfig config = KubernetesUtil.constructKubeConfig(clusterAddress, creds); assertNotNull(config); assertEquals(username, config.users.get(0).user.username); assertEquals(password, config.users.get(0).user.password); }
protected AuthCredentialsServiceState createCredentials(String username, String password, boolean isSystem) throws Throwable { AuthCredentialsServiceState credentials = new AuthCredentialsServiceState(); credentials.userEmail = username; credentials.privateKey = password; credentials.type = AuthCredentialsType.Password.toString(); if (isSystem) { credentials.customProperties = new HashMap<>(); credentials.customProperties.put(AuthConfigProvider.PROPERTY_SCOPE, AuthConfigProvider.CredentialsScope.SYSTEM.toString()); } return getOrCreateDocument(credentials, AuthCredentialsService.FACTORY_LINK); }
public static AuthCredentialsServiceState createAuthCredentials(boolean uniqueSelfLink) { AuthCredentialsServiceState authCredentials = new AuthCredentialsServiceState(); authCredentials.documentSelfLink = AUTH_CREDENTIALS_ID; if (uniqueSelfLink) { authCredentials.documentSelfLink += "-" + UUID.randomUUID(); } authCredentials.type = AuthCredentialsType.PublicKey.name(); authCredentials.userEmail = "core"; authCredentials.privateKey = getFileContent("docker-host-private-key.PEM"); return authCredentials; }
@Test public void testConstructKubeConfigWithBearerToken() { String clusterAddress = "https://testhost:8443"; String token = "bearer_token"; AuthCredentialsServiceState creds = new AuthCredentialsServiceState(); creds.privateKey = token; creds.type = AuthCredentialsType.Bearer.toString(); KubeConfig config = KubernetesUtil.constructKubeConfig(clusterAddress, creds); assertNotNull(config); assertEquals(token, config.users.get(0).user.token); }
private static void createAuthCredentials(BaseModelTest test, String endpointLink, List<String> tenantLinks) throws Throwable { AuthCredentialsServiceState auth = new AuthCredentialsServiceState(); auth.userEmail = "email"; auth.privateKey = "pass"; auth.customProperties = new HashMap<>(); auth.tenantLinks = tenantLinks; auth.customProperties.put(CUSTOM_PROP_ENDPOINT_LINK, endpointLink); test.postServiceSynchronously(AuthCredentialsService.FACTORY_LINK, auth, AuthCredentialsServiceState.class); }
private static String createAuth(BaseModelTest test, String username, String privateKey) throws Throwable { AuthCredentialsServiceState startState = new AuthCredentialsServiceState(); startState.userEmail = username; startState.privateKey = privateKey; AuthCredentialsServiceState returnState = test .postServiceSynchronously( AuthCredentialsService.FACTORY_LINK, startState, AuthCredentialsServiceState.class); return returnState.documentSelfLink; }
@Test(expected = LocalizableValidationException.class) public void testFailConstructKubeConfigWithUnsupportedCredentials() { AuthCredentialsServiceState creds = new AuthCredentialsServiceState(); creds.type = AuthCredentialsType.PublicKeyCA.toString(); KubernetesUtil.constructKubeConfig("https://localhost:6443", creds); fail("KubeConfig construction should have failed with unsupported credentials"); }
private String createUsers(VerificationHost host, String userName, String email) throws Throwable { AuthorizationHelper authHelper = new AuthorizationHelper(host); String userServiceLink = authHelper.createUserService(host, email); authHelper.createRoles(host, email); AuthCredentialsServiceState authServiceState = new AuthCredentialsServiceState(); authServiceState.userEmail = email; authServiceState.privateKey = email; URI authUri = UriUtils.buildUri(host, AuthCredentialsService.FACTORY_LINK); TestRequestSender sender = new TestRequestSender(host); sender.sendAndWait(Operation.createPost(authUri).setBody(authServiceState)); return userServiceLink; }
public static DeferredResult<AuthCredentialsServiceState> retrieveExternalToken(Service service, AuthorizationContext ctx) { return service.sendWithDeferredResult(Operation.createGet(buildSessionURI(service, ctx)), SessionState.class).thenApply(sessionState -> { AuthCredentialsServiceState creds = new AuthCredentialsServiceState(); creds.privateKey = sessionState.externalToken; return creds; }); } }
private Operation createCaCredentials(String caCert, String caKey) { AuthCredentialsServiceState authCredentials = new AuthCredentialsServiceState(); authCredentials.documentSelfLink = ManagementUriParts.AUTH_CREDENTIALS_CA_LINK; authCredentials.type = AuthCredentialsType.PublicKeyCA.name(); authCredentials.userEmail = "core"; authCredentials.publicKey = caCert; authCredentials.privateKey = caKey; return Operation.createPost(this, AuthCredentialsService.FACTORY_LINK) .addPragmaDirective(Operation.PRAGMA_DIRECTIVE_FORCE_INDEX_UPDATE) .setBody(authCredentials); }
protected AuthCredentialsServiceState createCredentialsWithKeys(String publicKey, String privateKey) throws Throwable { AuthCredentialsServiceState credentials = new AuthCredentialsServiceState(); credentials.publicKey = publicKey; credentials.privateKey = privateKey; credentials.type = AuthCredentialsType.PublicKey.toString(); return getOrCreateDocument(credentials, AuthCredentialsService.FACTORY_LINK); }
private String createUsers(VerificationHost host, String userName, String email) throws Throwable { AuthorizationHelper authHelper = new AuthorizationHelper(host); String userServiceLink = authHelper.createUserService(host, email); authHelper.createRoles(host, email); AuthCredentialsServiceState authServiceState = new AuthCredentialsServiceState(); authServiceState.userEmail = email; authServiceState.privateKey = email; URI authUri = UriUtils.buildUri(host, AuthCredentialsService.FACTORY_LINK); TestRequestSender sender = new TestRequestSender(host); sender.sendAndWait(Operation.createPost(authUri).setBody(authServiceState)); return userServiceLink; }