apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2699 from shapeblue/ldapConfigs

Browse Source 
remove old config artifacts from update path
This commit is contained in:
Paul Angus 2018-06-11 14:53:38 +01:00 committed by GitHub
commit 4afdee9896
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 78 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
engine/schema/src/com/cloud/upgrade/dao/Upgrade41100to41110.java
View File

@ -19,6 +19,11 @@
package com.cloud.upgrade.dao; package com.cloud.upgrade.dao;
import com.cloud.hypervisor.Hypervisor;
import com.cloud.utils.crypt.DBEncryptionUtil;
import com.cloud.utils.exception.CloudRuntimeException;
import org.apache.log4j.Logger;
import java.io.InputStream; import java.io.InputStream;
import java.sql.Connection; import java.sql.Connection;
import java.sql.PreparedStatement; import java.sql.PreparedStatement;
@ -29,11 +34,6 @@ import java.util.HashSet;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import org.apache.log4j.Logger;
import com.cloud.hypervisor.Hypervisor;
import com.cloud.utils.exception.CloudRuntimeException;
public class Upgrade41100to41110 implements DbUpgrade { public class Upgrade41100to41110 implements DbUpgrade {
final static Logger LOG = Logger.getLogger(Upgrade41000to41100.class); final static Logger LOG = Logger.getLogger(Upgrade41000to41100.class);
@ -66,6 +66,76 @@ public class Upgrade41100to41110 implements DbUpgrade {
@Override @Override
public void performDataMigration(Connection conn) { public void performDataMigration(Connection conn) {
updateSystemVmTemplates(conn); updateSystemVmTemplates(conn);
markUnnecessarySecureConfigsAsUnsecure(conn);
}
private void markUnnecessarySecureConfigsAsUnsecure(Connection conn) {
/*
* the following config items where added as 'Secure' in the past. For some this made sense but for the ones below,
* this makes no sense and is a inconvenience at best. The below method will
** retrieve,
** unencrypt,
** mark as 'Advanced' and then
** store the item
*/
String[] unsecureItems = new String[] {
"ldap.basedn",
"ldap.bind.principal",
"ldap.email.attribute",
"ldap.firstname.attribute",
"ldap.group.object",
"ldap.group.user.uniquemember",
"ldap.lastname.attribute",
"ldap.search.group.principle",
"ldap.truststore",
"ldap.user.object",
"ldap.username.attribute"
};
for (String name : unsecureItems) {
uncrypt(conn, name);
}
}
/**
* if encrypted, decrypt the ldap hostname and port and then update as they are not encrypted now.
*/
private void uncrypt(Connection conn, String name)
{
String value = null;
try (
PreparedStatement prepSelStmt = conn.prepareStatement("SELECT conf.category,conf.value FROM `cloud`.`configuration` conf WHERE conf.name= ?");
) {
prepSelStmt.setString(1,name);
try (
ResultSet resultSet = prepSelStmt.executeQuery();
) {
if (LOG.isInfoEnabled()) {
LOG.info("updating setting '" + name + "'");
}
if (resultSet.next()) {
if ("Secure".equals(resultSet.getString(1))) {
value = DBEncryptionUtil.decrypt(resultSet.getString(2));
try (
PreparedStatement prepUpdStmt= conn.prepareStatement("UPDATE `cloud`.`configuration` SET category = 'Advanced', value = ? WHERE name = ?" );
) {
prepUpdStmt.setString(1, value);
prepUpdStmt.setString(2, name);
prepUpdStmt.execute();
} catch (SQLException e) {
if (LOG.isInfoEnabled()) {
LOG.info("failed to update configuration item '" + name + "' with value '" + value + "'");
if (LOG.isDebugEnabled()) {
LOG.debug("no update because ", e);
}
}
}
}
}
}
} catch (SQLException e) {
throw new CloudRuntimeException("failed to update configuration item '" + name + "' with value '" + value + "'", e);
}
} }
@SuppressWarnings("serial") @SuppressWarnings("serial")

74
engine/schema/src/com/cloud/upgrade/dao/Upgrade421to430.java
View File

@ -23,9 +23,7 @@ import java.sql.Connection;
import java.sql.PreparedStatement; import java.sql.PreparedStatement;
import java.sql.ResultSet; import java.sql.ResultSet;
import java.sql.SQLException; import java.sql.SQLException;
import java.sql.Types;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import com.cloud.utils.crypt.DBEncryptionUtil; import com.cloud.utils.crypt.DBEncryptionUtil;
@ -62,7 +60,6 @@ public class Upgrade421to430 implements DbUpgrade {
@Override @Override
public void performDataMigration(Connection conn) { public void performDataMigration(Connection conn) {
encryptLdapConfigParams(conn);
encryptImageStoreDetails(conn); encryptImageStoreDetails(conn);
upgradeMemoryOfSsvmOffering(conn); upgradeMemoryOfSsvmOffering(conn);
} }
@ -94,77 +91,6 @@ public class Upgrade421to430 implements DbUpgrade {
s_logger.debug("Done upgrading RAM for service offering of Secondary Storage VM to " + newRamSize); s_logger.debug("Done upgrading RAM for service offering of Secondary Storage VM to " + newRamSize);
} }
private void encryptLdapConfigParams(Connection conn) {
String[][] ldapParams = { {"ldap.user.object", "inetOrgPerson", "Sets the object type of users within LDAP"},
{"ldap.username.attribute", "uid", "Sets the username attribute used within LDAP"}, {"ldap.email.attribute", "mail", "Sets the email attribute used within LDAP"},
{"ldap.firstname.attribute", "givenname", "Sets the firstname attribute used within LDAP"},
{"ldap.lastname.attribute", "sn", "Sets the lastname attribute used within LDAP"},
{"ldap.group.object", "groupOfUniqueNames", "Sets the object type of groups within LDAP"},
{"ldap.group.user.uniquemember", "uniquemember", "Sets the attribute for uniquemembers within a group"}};
String insertSql = "INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description) VALUES ('Secure', 'DEFAULT', 'management-server', ?, ?, "
+ "?) ON DUPLICATE KEY UPDATE category='Secure';";
try (PreparedStatement pstmt_insert_ldap_parameters = conn.prepareStatement(insertSql);){
for (String[] ldapParam : ldapParams) {
String name = ldapParam[0];
String value = ldapParam[1];
String desc = ldapParam[2];
String encryptedValue = DBEncryptionUtil.encrypt(value);
pstmt_insert_ldap_parameters.setString(1, name);
pstmt_insert_ldap_parameters.setBytes(2, encryptedValue.getBytes("UTF-8"));
pstmt_insert_ldap_parameters.setString(3, desc);
pstmt_insert_ldap_parameters.executeUpdate();
}
/**
* if encrypted, decrypt the ldap hostname and port and then update as they are not encrypted now.
*/
try (
PreparedStatement pstmt_ldap_hostname = conn.prepareStatement("SELECT conf.value FROM `cloud`.`configuration` conf WHERE conf.name='ldap.hostname'");
ResultSet resultSet_ldap_hostname = pstmt_ldap_hostname.executeQuery();
) {
String hostname = null;
String port;
int portNumber = 0;
if (resultSet_ldap_hostname.next()) {
hostname = DBEncryptionUtil.decrypt(resultSet_ldap_hostname.getString(1));
}
try (
PreparedStatement pstmt_ldap_port = conn.prepareStatement("SELECT conf.value FROM `cloud`.`configuration` conf WHERE conf.name='ldap.port'");
ResultSet resultSet_ldap_port = pstmt_ldap_port.executeQuery();
) {
if (resultSet_ldap_port.next()) {
port = DBEncryptionUtil.decrypt(resultSet_ldap_port.getString(1));
if (StringUtils.isNotBlank(port)) {
portNumber = Integer.parseInt(port);
}
}
if (StringUtils.isNotBlank(hostname)) {
try (PreparedStatement pstmt_insert_ldap_hostname_port = conn.prepareStatement("INSERT INTO `cloud`.`ldap_configuration`(hostname, port) VALUES(?,?)");) {
pstmt_insert_ldap_hostname_port.setString(1, hostname);
if (portNumber != 0) {
pstmt_insert_ldap_hostname_port.setInt(2, portNumber);
} else {
pstmt_insert_ldap_hostname_port.setNull(2, Types.INTEGER);
}
pstmt_insert_ldap_hostname_port.executeUpdate();
}
}
}
}
} catch (SQLException e) {
throw new CloudRuntimeException("Unable to insert ldap configuration values ", e);
} catch (UnsupportedEncodingException e) {
throw new CloudRuntimeException("Unable to insert ldap configuration values ", e);
}
s_logger.debug("Done encrypting ldap Config values");
}
private void encryptImageStoreDetails(Connection conn) { private void encryptImageStoreDetails(Connection conn) {
s_logger.debug("Encrypting image store details"); s_logger.debug("Encrypting image store details");
try ( try (

6
plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfiguration.java
View File

@ -88,7 +88,7 @@ public class LdapConfiguration implements Configurable{
ConfigKey.Scope.Domain); ConfigKey.Scope.Domain);
private static final ConfigKey<String> ldapBindPassword = new ConfigKey<String>( private static final ConfigKey<String> ldapBindPassword = new ConfigKey<String>(
"Advanced", "Secure",
String.class, String.class,
"ldap.bind.password", "ldap.bind.password",
null, null,
@ -96,7 +96,7 @@ public class LdapConfiguration implements Configurable{
true, true,
ConfigKey.Scope.Domain); ConfigKey.Scope.Domain);
private static final ConfigKey<String> ldapBindPrincipal = new ConfigKey<String>( private static final ConfigKey<String> ldapBindPrincipal = new ConfigKey<String>(
"Advanced", "Secure",
String.class, String.class,
"ldap.bind.principal", "ldap.bind.principal",
null, null,
@ -176,7 +176,7 @@ public class LdapConfiguration implements Configurable{
true, true,
ConfigKey.Scope.Domain); ConfigKey.Scope.Domain);
private static final ConfigKey<String> ldapTrustStorePassword = new ConfigKey<String>( private static final ConfigKey<String> ldapTrustStorePassword = new ConfigKey<String>(
"Advanced", "Secure",
String.class, String.class,
"ldap.truststore.password", "ldap.truststore.password",
null, null,