You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by bh...@apache.org on 2019/07/25 11:31:31 UTC
[incubator-dlab] 09/12: DLAB-2 added possibility to use admin key
during ssh connection
This is an automated email from the ASF dual-hosted git repository.
bhliva pushed a commit to branch v2.1.1
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
commit deb3d36497297d3972bc349d64db8c41ca731b7a
Author: bhliva <bo...@epam.com>
AuthorDate: Mon May 6 14:44:02 2019 +0300
DLAB-2 added possibility to use admin key during ssh connection
---
.../java/com/epam/dlab/rest/contracts/KeyAPI.java | 3 ++-
.../backendapi/resources/base/KeyResource.java | 25 ++++++++++++++-----
.../{ReuploadKeyService.java => KeyService.java} | 29 +++++++++++++++++++---
.../service/impl/GuacamoleServiceImpl.java | 17 ++++++++-----
.../service/impl/ReuploadKeyServiceImplTest.java | 10 ++++----
5 files changed, 63 insertions(+), 21 deletions(-)
diff --git a/services/dlab-webapp-common/src/main/java/com/epam/dlab/rest/contracts/KeyAPI.java b/services/dlab-webapp-common/src/main/java/com/epam/dlab/rest/contracts/KeyAPI.java
index 422d36b..4b5eba3 100644
--- a/services/dlab-webapp-common/src/main/java/com/epam/dlab/rest/contracts/KeyAPI.java
+++ b/services/dlab-webapp-common/src/main/java/com/epam/dlab/rest/contracts/KeyAPI.java
@@ -20,7 +20,8 @@
package com.epam.dlab.rest.contracts;
public class KeyAPI {
- public static final String REUPLOAD_KEY = "/reupload_key";
+ public static final String REUPLOAD_KEY = "/key/reupload";
+ public static final String GET_ADMIN_KEY = "/key";
public static final String KEY_EXTENTION = ".pub";
private KeyAPI() {
diff --git a/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/resources/base/KeyResource.java b/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/resources/base/KeyResource.java
index 9e8b975..fcacef0 100644
--- a/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/resources/base/KeyResource.java
+++ b/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/resources/base/KeyResource.java
@@ -23,7 +23,7 @@ package com.epam.dlab.backendapi.resources.base;
import com.epam.dlab.auth.UserInfo;
import com.epam.dlab.backendapi.ProvisioningServiceApplicationConfiguration;
import com.epam.dlab.backendapi.core.commands.DockerAction;
-import com.epam.dlab.backendapi.service.impl.ReuploadKeyService;
+import com.epam.dlab.backendapi.service.impl.KeyService;
import com.epam.dlab.dto.reuploadkey.ReuploadKeyDTO;
import com.epam.dlab.rest.contracts.KeyAPI;
import com.epam.dlab.util.FileUtils;
@@ -39,26 +39,39 @@ import java.util.UUID;
/**
* Provides API for reuploading keys
*/
-@Path(KeyAPI.REUPLOAD_KEY)
+@Path("key")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public class KeyResource {
+ private final KeyService keyService;
+ private final ProvisioningServiceApplicationConfiguration configuration;
+ private final String keyContent;
+
@Inject
- private ReuploadKeyService reuploadKeyService;
- @Inject
- private ProvisioningServiceApplicationConfiguration configuration;
+ public KeyResource(KeyService keyService, ProvisioningServiceApplicationConfiguration configuration) {
+ this.keyService = keyService;
+ this.configuration = configuration;
+ this.keyContent = keyService.getAdminKey();
+ }
+
+ @Path("/reupload")
@POST
public String reuploadKey(@Auth UserInfo ui, @DefaultValue("true") @QueryParam("is_primary_reuploading")
boolean isPrimaryReuploading, ReuploadKeyDTO dto) throws IOException {
if (isPrimaryReuploading) {
replaceKeyfile(dto);
}
- reuploadKeyService.reuploadKeyAction(ui.getName(), dto, DockerAction.REUPLOAD_KEY);
+ keyService.reuploadKeyAction(ui.getName(), dto, DockerAction.REUPLOAD_KEY);
return UUID.randomUUID().toString();
}
+ @GET
+ public String getAdminKey(@Auth UserInfo userInfo) {
+ return keyContent;
+ }
+
private void replaceKeyfile(ReuploadKeyDTO dto) throws IOException {
String edgeUserName = dto.getEdgeUserName();
String filename = UsernameUtils.replaceWhitespaces(edgeUserName) + KeyAPI.KEY_EXTENTION;
diff --git a/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/service/impl/ReuploadKeyService.java b/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/service/impl/KeyService.java
similarity index 82%
rename from services/provisioning-service/src/main/java/com/epam/dlab/backendapi/service/impl/ReuploadKeyService.java
rename to services/provisioning-service/src/main/java/com/epam/dlab/backendapi/service/impl/KeyService.java
index e3889cb..6394564 100644
--- a/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/service/impl/ReuploadKeyService.java
+++ b/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/service/impl/KeyService.java
@@ -20,28 +20,42 @@
package com.epam.dlab.backendapi.service.impl;
import com.epam.dlab.auth.SystemUserInfoService;
+import com.epam.dlab.backendapi.ProvisioningServiceApplicationConfiguration;
import com.epam.dlab.backendapi.core.Directories;
import com.epam.dlab.backendapi.core.commands.DockerAction;
import com.epam.dlab.backendapi.core.commands.DockerCommands;
import com.epam.dlab.backendapi.core.commands.RunDockerCommand;
import com.epam.dlab.backendapi.core.response.handlers.ReuploadKeyCallbackHandler;
-import com.epam.dlab.backendapi.service.impl.DockerService;
import com.epam.dlab.dto.reuploadkey.ReuploadKeyCallbackDTO;
import com.epam.dlab.dto.reuploadkey.ReuploadKeyDTO;
+import com.epam.dlab.exceptions.DlabException;
import com.epam.dlab.model.ResourceData;
import com.epam.dlab.rest.contracts.ApiCallbacks;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import lombok.extern.slf4j.Slf4j;
+import java.io.IOException;
+
+import static java.lang.String.format;
+import static java.nio.file.Files.readAllBytes;
+import static java.nio.file.Paths.get;
+
@Slf4j
@Singleton
-public class ReuploadKeyService extends DockerService implements DockerCommands {
+public class KeyService extends DockerService implements DockerCommands {
private static final String REUPLOAD_KEY_ACTION = "reupload_key";
+ private final SystemUserInfoService systemUserInfoService;
+ private final ProvisioningServiceApplicationConfiguration conf;
+
@Inject
- private SystemUserInfoService systemUserInfoService;
+ public KeyService(SystemUserInfoService systemUserInfoService, ProvisioningServiceApplicationConfiguration conf) {
+ this.systemUserInfoService = systemUserInfoService;
+ this.conf = conf;
+ }
+
public void reuploadKeyAction(String userName, ReuploadKeyDTO dto, DockerAction action) {
log.debug("{} for edge user {}", action, dto.getEdgeUserName());
@@ -57,6 +71,15 @@ public class ReuploadKeyService extends DockerService implements DockerCommands
log.debug("Executed {} Docker commands", count);
}
+ public String getAdminKey() {
+ try {
+ return new String(readAllBytes(get(format("%s/%s.pem", conf.getKeyDirectory(), conf.getAdminKey()))));
+ } catch (IOException e) {
+ log.error("Can not read admin key: {}", e.getMessage());
+ throw new DlabException("Can not read admin key: " + e.getMessage(), e);
+ }
+ }
+
private String getUuid() {
return DockerCommands.generateUUID();
}
diff --git a/services/self-service/src/main/java/com/epam/dlab/backendapi/service/impl/GuacamoleServiceImpl.java b/services/self-service/src/main/java/com/epam/dlab/backendapi/service/impl/GuacamoleServiceImpl.java
index 7292646..62721ec 100644
--- a/services/self-service/src/main/java/com/epam/dlab/backendapi/service/impl/GuacamoleServiceImpl.java
+++ b/services/self-service/src/main/java/com/epam/dlab/backendapi/service/impl/GuacamoleServiceImpl.java
@@ -3,7 +3,10 @@ package com.epam.dlab.backendapi.service.impl;
import com.epam.dlab.auth.UserInfo;
import com.epam.dlab.backendapi.SelfServiceApplicationConfiguration;
import com.epam.dlab.backendapi.service.GuacamoleService;
+import com.epam.dlab.constants.ServiceConsts;
import com.epam.dlab.exceptions.DlabException;
+import com.epam.dlab.rest.client.RESTService;
+import com.epam.dlab.rest.contracts.KeyAPI;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import lombok.extern.slf4j.Slf4j;
@@ -13,6 +16,7 @@ import org.apache.guacamole.net.SimpleGuacamoleTunnel;
import org.apache.guacamole.protocol.ConfiguredGuacamoleSocket;
import org.apache.guacamole.protocol.GuacamoleConfiguration;
+import javax.inject.Named;
import java.util.Map;
@Slf4j
@@ -23,20 +27,21 @@ public class GuacamoleServiceImpl implements GuacamoleService {
private static final String HOSTNAME_PARAM = "hostname";
private static final String CONNECTION_PROTOCOL_PARAM = "connectionProtocol";
private final SelfServiceApplicationConfiguration conf;
+ private final RESTService provisioningService;
@Inject
- public GuacamoleServiceImpl(SelfServiceApplicationConfiguration conf) {
+ public GuacamoleServiceImpl(SelfServiceApplicationConfiguration conf,
+ @Named(ServiceConsts.PROVISIONING_SERVICE_NAME) RESTService provisioningService) {
this.conf = conf;
+ this.provisioningService = provisioningService;
}
@Override
public GuacamoleTunnel getTunnel(UserInfo userInfo, String host) {
try {
- final String privateKeyContent = "";// TODO figure out from which place private key should be taken
- final InetGuacamoleSocket socket = new InetGuacamoleSocket(conf.getGuacamoleHost(),
- conf.getGuacamolePort());
- final GuacamoleConfiguration guacamoleConfig = getGuacamoleConfig(privateKeyContent, conf.getGuacamole(),
- host);
+ String key = provisioningService.get(KeyAPI.GET_ADMIN_KEY, userInfo.getAccessToken(), String.class);
+ InetGuacamoleSocket socket = new InetGuacamoleSocket(conf.getGuacamoleHost(), conf.getGuacamolePort());
+ GuacamoleConfiguration guacamoleConfig = getGuacamoleConfig(key, conf.getGuacamole(), host);
return new SimpleGuacamoleTunnel(new ConfiguredGuacamoleSocket(socket, guacamoleConfig));
} catch (Exception e) {
log.error("Can not create guacamole tunnel due to: " + e.getMessage());
diff --git a/services/self-service/src/test/java/com/epam/dlab/backendapi/service/impl/ReuploadKeyServiceImplTest.java b/services/self-service/src/test/java/com/epam/dlab/backendapi/service/impl/ReuploadKeyServiceImplTest.java
index 06dd1a5..6e4bdc1 100644
--- a/services/self-service/src/test/java/com/epam/dlab/backendapi/service/impl/ReuploadKeyServiceImplTest.java
+++ b/services/self-service/src/test/java/com/epam/dlab/backendapi/service/impl/ReuploadKeyServiceImplTest.java
@@ -141,7 +141,7 @@ public class ReuploadKeyServiceImplTest {
Arrays.asList(RUNNING, REUPLOADING_KEY), Arrays.asList(DataEngineType.SPARK_STANDALONE,
DataEngineType.CLOUD_SERVICE), RUNNING);
verify(requestBuilder).newKeyReupload(refEq(userInfo), anyString(), eq(keyContent), any(List.class));
- verify(provisioningService).post("/reupload_key", TOKEN, reuploadFile, String.class);
+ verify(provisioningService).post("/key/reupload", TOKEN, reuploadFile, String.class);
verifyNoMoreInteractions(userResourceService, exploratoryService, keyDAO, exploratoryDAO, computationalDAO,
requestBuilder, provisioningService);
verifyZeroInteractions(requestId);
@@ -184,7 +184,7 @@ public class ReuploadKeyServiceImplTest {
Arrays.asList(RUNNING, REUPLOADING_KEY), Arrays.asList(DataEngineType.SPARK_STANDALONE,
DataEngineType.CLOUD_SERVICE), RUNNING);
verify(requestBuilder).newKeyReupload(refEq(userInfo), anyString(), eq(keyContent), any(List.class));
- verify(provisioningService).post("/reupload_key", TOKEN, reuploadFile, String.class);
+ verify(provisioningService).post("/key/reupload", TOKEN, reuploadFile, String.class);
verifyNoMoreInteractions(userResourceService, exploratoryService, keyDAO, exploratoryDAO, computationalDAO,
requestBuilder, provisioningService);
verifyZeroInteractions(requestId);
@@ -299,7 +299,7 @@ public class ReuploadKeyServiceImplTest {
verify(keyDAO).updateEdgeStatus(USER, "reuploading key");
verify(requestBuilder).newKeyReupload(refEq(userInfo), anyString(), eq(""), any(List.class));
- verify(provisioningService).post("/reupload_key", TOKEN, reuploadFile, String.class,
+ verify(provisioningService).post("/key/reupload", TOKEN, reuploadFile, String.class,
Collections.singletonMap("is_primary_reuploading", false));
verify(requestId).put(USER, expectedUuid);
verifyNoMoreInteractions(keyDAO, requestBuilder, provisioningService, requestId);
@@ -347,7 +347,7 @@ public class ReuploadKeyServiceImplTest {
verify(exploratoryDAO).updateStatusForExploratory(USER, EXPLORATORY_NAME, REUPLOADING_KEY);
verify(requestBuilder).newKeyReupload(refEq(userInfo), anyString(), eq(""), any(List.class));
- verify(provisioningService).post("/reupload_key", TOKEN, reuploadFile, String.class,
+ verify(provisioningService).post("/key/reupload", TOKEN, reuploadFile, String.class,
Collections.singletonMap("is_primary_reuploading", false));
verify(requestId).put(USER, expectedUuid);
verifyNoMoreInteractions(exploratoryDAO, requestBuilder, provisioningService, requestId);
@@ -399,7 +399,7 @@ public class ReuploadKeyServiceImplTest {
verify(computationalDAO).updateStatusForComputationalResource(USER, EXPLORATORY_NAME,
"compName", REUPLOADING_KEY);
verify(requestBuilder).newKeyReupload(refEq(userInfo), anyString(), eq(""), any(List.class));
- verify(provisioningService).post("/reupload_key", TOKEN, reuploadFile, String.class,
+ verify(provisioningService).post("/key/reupload", TOKEN, reuploadFile, String.class,
Collections.singletonMap("is_primary_reuploading", false));
verify(requestId).put(USER, expectedUuid);
verifyNoMoreInteractions(computationalDAO, requestBuilder, provisioningService, requestId);
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org