knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m...@apache.org
Subject knox git commit: KNOX-1254 - Make sure Remote Alias Registry prefers remote over local
Date Thu, 19 Apr 2018 01:29:27 GMT
Repository: knox
Updated Branches:
  refs/heads/master 7468deb44 -> d0aa9ec73


KNOX-1254 - Make sure Remote Alias Registry prefers remote over local


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/d0aa9ec7
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/d0aa9ec7
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/d0aa9ec7

Branch: refs/heads/master
Commit: d0aa9ec73f747554be8d588fa9db66fead26da5e
Parents: 7468deb
Author: Sandeep More <more@apache.org>
Authored: Wed Apr 18 21:29:22 2018 -0400
Committer: Sandeep More <more@apache.org>
Committed: Wed Apr 18 21:29:22 2018 -0400

----------------------------------------------------------------------
 .../security/impl/RemoteAliasService.java       | 22 ++++++++---------
 .../security/impl/RemoteAliasMonitorTest.java   | 25 +++++++++++++++++++-
 2 files changed, 35 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/d0aa9ec7/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/RemoteAliasService.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/RemoteAliasService.java
b/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/RemoteAliasService.java
index 9ba5d0b..b0a47f0 100644
--- a/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/RemoteAliasService.java
+++ b/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/RemoteAliasService.java
@@ -330,13 +330,7 @@ public class RemoteAliasService implements AliasService {
     /* convert all alias names to lower case since JDK expects the same behaviour */
     final String alias = givenAlias.toLowerCase();
 
-    char[] password;
-    /* try to get it from the local keystore, ignore generate flag. */
-    password = localAliasService
-        .getPasswordFromAliasForCluster(clusterName, alias);
-    if (password != null) {
-      return password;
-    }
+    char[] password = null;
 
     /* try to get it from remote registry */
     if (remoteClient != null) {
@@ -356,7 +350,7 @@ public class RemoteAliasService implements AliasService {
 
       } else {
         try {
-          return decrypt(encrypted).toCharArray();
+          password = decrypt(encrypted).toCharArray();
         } catch (final Exception e) {
           throw new AliasServiceException(e);
         }
@@ -364,9 +358,15 @@ public class RemoteAliasService implements AliasService {
 
     }
 
-    /* Case where remote registry is not configured and we need to generate password and
save it locally */
-    else if (generate) {
-      return localAliasService
+    /*
+     * If
+     * 1. Remote registry not configured or
+     * 2. Password not found for given alias in remote registry,
+     * Then try local keystore
+     */
+    if(password == null) {
+      /* try to get it from the local keystore, ignore generate flag. */
+      password = localAliasService
           .getPasswordFromAliasForCluster(clusterName, alias, generate);
     }
 

http://git-wip-us.apache.org/repos/asf/knox/blob/d0aa9ec7/gateway-server/src/test/java/org/apache/knox/gateway/security/impl/RemoteAliasMonitorTest.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/test/java/org/apache/knox/gateway/security/impl/RemoteAliasMonitorTest.java
b/gateway-server/src/test/java/org/apache/knox/gateway/security/impl/RemoteAliasMonitorTest.java
index b6a4ab9..2558bbe 100644
--- a/gateway-server/src/test/java/org/apache/knox/gateway/security/impl/RemoteAliasMonitorTest.java
+++ b/gateway-server/src/test/java/org/apache/knox/gateway/security/impl/RemoteAliasMonitorTest.java
@@ -66,6 +66,10 @@ public class RemoteAliasMonitorTest {
   private static String expectedClusterNameDev = "development";
   private static String expectedAliasDev = "knox.test.alias.dev";
   private static String expectedPasswordDev = "otherDummyPassword";
+
+  private static String preferRemoteAlias = "prefer.remote.alias";
+  private static String preferRemoteAliasEncryptedPassword = "QmgrK2JBRlE1MUU9OjpIYzZlVUttKzdaWkFOSjlYZVVyVzNRPT06Om5kdTQ3WTJ1by9vSHprZUZHcjBqVG5TaGxsMFVUdUNyN0EvUlZDV1ZHQUU9";
+  private static String preferRemoteAliasClearPassword = "ApacheKnoxPassword123";
   /* For CLI tests */
   private final ByteArrayOutputStream outContent = new ByteArrayOutputStream();
   private final ByteArrayOutputStream errContent = new ByteArrayOutputStream();
@@ -123,12 +127,21 @@ public class RemoteAliasMonitorTest {
         .withACL(acls).forPath(
         RemoteAliasService.PATH_KNOX_ALIAS_STORE_TOPOLOGY + RemoteAliasService.
             PATH_SEPARATOR + expectedClusterNameDev);
+
     assertNotNull("Failed to create node:"
         + RemoteAliasService.PATH_KNOX_ALIAS_STORE_TOPOLOGY
         + RemoteAliasService.
         PATH_SEPARATOR + expectedClusterNameDev, client.checkExists().forPath(
         RemoteAliasService.PATH_KNOX_ALIAS_STORE_TOPOLOGY + RemoteAliasService.
             PATH_SEPARATOR + expectedClusterNameDev));
+
+    /* Start Zookeeper with an existing alias */
+    client.create().withMode(CreateMode.PERSISTENT).
+        forPath(RemoteAliasService.PATH_KNOX_ALIAS_STORE_TOPOLOGY
+                + RemoteAliasService.
+                PATH_SEPARATOR + expectedClusterName
+                + RemoteAliasService.PATH_SEPARATOR + preferRemoteAlias,
+            preferRemoteAliasEncryptedPassword.getBytes());
   }
 
   @AfterClass
@@ -184,6 +197,9 @@ public class RemoteAliasMonitorTest {
     EasyMock.expect(defaultAlias.getAliasesForCluster(expectedClusterNameDev))
         .andReturn(new ArrayList<>()).anyTimes();
 
+    EasyMock.expect(defaultAlias.getPasswordFromAliasForCluster(expectedClusterName, preferRemoteAlias))
+        .andReturn("thisiswrong".toCharArray()).anyTimes();
+
     EasyMock.replay(defaultAlias);
 
     final DefaultMasterService ms = EasyMock
@@ -212,7 +228,7 @@ public class RemoteAliasMonitorTest {
         .getAliasesForCluster(expectedClusterNameDev);
 
     /* no alias added so ist should be empty */
-    Assert.assertEquals(aliases.size(), 0);
+    Assert.assertEquals(aliases.size(), 1);
     Assert.assertEquals(aliasesDev.size(), 0);
 
 
@@ -251,6 +267,13 @@ public class RemoteAliasMonitorTest {
     Assert.assertEquals(expectedPassword, new String(result));
     Assert.assertEquals(expectedPasswordDev, new String(result1));
 
+    /* test that remote alias service prefers remote over local */
+    final char[] prefAliasResult = zkAlias
+        .getPasswordFromAliasForCluster(expectedClusterName, preferRemoteAlias);
+    Assert.assertEquals(preferRemoteAliasClearPassword, new String(prefAliasResult));
+
+    zkAlias.stop();
+
   }
 
 }


Mime
View raw message