From 1a0299e1857aa941cd6d384841db66373414b270 Mon Sep 17 00:00:00 2001 From: Sarah Date: Fri, 29 Jan 2021 17:51:20 -0500 Subject: [PATCH 1/5] Add security credentils for geode store to gemfire.properties file --- lib/java_buildpack/container/tomcat/tomcat_geode_store.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/java_buildpack/container/tomcat/tomcat_geode_store.rb b/lib/java_buildpack/container/tomcat/tomcat_geode_store.rb index 31ddfc84c2..d91b47aecc 100644 --- a/lib/java_buildpack/container/tomcat/tomcat_geode_store.rb +++ b/lib/java_buildpack/container/tomcat/tomcat_geode_store.rb @@ -44,6 +44,9 @@ def release credentials = @application.services.find_service(FILTER, KEY_LOCATORS, KEY_USERS)['credentials'] user = credentials[KEY_USERS].find { |u| cluster_operator?(u) } + File.open(@droplet.root + "gemfire.properties", "w") {|f| f.write("security-username=" + user['username'] + + "\nsecurity-password=" + user['password']) } + @droplet.java_opts.add_system_property 'gemfire.security-username', user['username'] @droplet.java_opts.add_system_property 'gemfire.security-password', user['password'] @droplet.java_opts.add_system_property 'gemfire.security-client-auth-init', From 295f71f26c2c4ef4db60f31d5e56060ba1208fc1 Mon Sep 17 00:00:00 2001 From: Sarah Date: Fri, 29 Jan 2021 17:56:34 -0500 Subject: [PATCH 2/5] Remove credentials from JAVA_OPTS --- lib/java_buildpack/container/tomcat/tomcat_geode_store.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/java_buildpack/container/tomcat/tomcat_geode_store.rb b/lib/java_buildpack/container/tomcat/tomcat_geode_store.rb index d91b47aecc..2d4aefdb65 100644 --- a/lib/java_buildpack/container/tomcat/tomcat_geode_store.rb +++ b/lib/java_buildpack/container/tomcat/tomcat_geode_store.rb @@ -47,8 +47,6 @@ def release File.open(@droplet.root + "gemfire.properties", "w") {|f| f.write("security-username=" + user['username'] + "\nsecurity-password=" + user['password']) } - @droplet.java_opts.add_system_property 'gemfire.security-username', user['username'] - @droplet.java_opts.add_system_property 'gemfire.security-password', user['password'] @droplet.java_opts.add_system_property 'gemfire.security-client-auth-init', 'io.pivotal.cloudcache.ClientAuthInitialize.create' end From 433ecc43f382d1f5852b57e045143c4c9f86b68f Mon Sep 17 00:00:00 2001 From: Sarah Date: Mon, 1 Feb 2021 16:52:40 -0500 Subject: [PATCH 3/5] Updated tests --- .../container/tomcat/tomcat_geode_store.rb | 5 +++-- spec/fixtures/expected_gemfire_properties | 2 ++ .../expected_gemfire_properties_without_role | 2 ++ .../container/tomcat/tomcat_geode_store_spec.rb | 12 ++++++++---- 4 files changed, 15 insertions(+), 6 deletions(-) create mode 100644 spec/fixtures/expected_gemfire_properties create mode 100644 spec/fixtures/expected_gemfire_properties_without_role diff --git a/lib/java_buildpack/container/tomcat/tomcat_geode_store.rb b/lib/java_buildpack/container/tomcat/tomcat_geode_store.rb index 2d4aefdb65..d445bb5e00 100644 --- a/lib/java_buildpack/container/tomcat/tomcat_geode_store.rb +++ b/lib/java_buildpack/container/tomcat/tomcat_geode_store.rb @@ -44,8 +44,9 @@ def release credentials = @application.services.find_service(FILTER, KEY_LOCATORS, KEY_USERS)['credentials'] user = credentials[KEY_USERS].find { |u| cluster_operator?(u) } - File.open(@droplet.root + "gemfire.properties", "w") {|f| f.write("security-username=" + user['username'] + - "\nsecurity-password=" + user['password']) } + File.open(@droplet.root + 'gemfire.properties', 'w') do |f| + f.write('security-username=' + user['username'] + "\nsecurity-password=" + user['password']) + end @droplet.java_opts.add_system_property 'gemfire.security-client-auth-init', 'io.pivotal.cloudcache.ClientAuthInitialize.create' diff --git a/spec/fixtures/expected_gemfire_properties b/spec/fixtures/expected_gemfire_properties new file mode 100644 index 0000000000..b41259c569 --- /dev/null +++ b/spec/fixtures/expected_gemfire_properties @@ -0,0 +1,2 @@ +security-username=some-username +security-password=some-password \ No newline at end of file diff --git a/spec/fixtures/expected_gemfire_properties_without_role b/spec/fixtures/expected_gemfire_properties_without_role new file mode 100644 index 0000000000..6ea9a92335 --- /dev/null +++ b/spec/fixtures/expected_gemfire_properties_without_role @@ -0,0 +1,2 @@ +security-username=cluster_operator +security-password=some-password \ No newline at end of file diff --git a/spec/java_buildpack/container/tomcat/tomcat_geode_store_spec.rb b/spec/java_buildpack/container/tomcat/tomcat_geode_store_spec.rb index 3beea3622e..ec40d8d33d 100644 --- a/spec/java_buildpack/container/tomcat/tomcat_geode_store_spec.rb +++ b/spec/java_buildpack/container/tomcat/tomcat_geode_store_spec.rb @@ -107,8 +107,10 @@ expect(java_opts).to include( '-Dgemfire.security-client-auth-init=io.pivotal.cloudcache.ClientAuthInitialize.create' ) - expect(java_opts).to include('-Dgemfire.security-username=some-username') - expect(java_opts).to include('-Dgemfire.security-password=some-password') + + expect(app_dir + 'gemfire.properties').to exist + expect((app_dir + 'gemfire.properties').read) + .to eq(Pathname.new('spec/fixtures/expected_gemfire_properties').read) end end @@ -139,8 +141,10 @@ expect(java_opts).to include( '-Dgemfire.security-client-auth-init=io.pivotal.cloudcache.ClientAuthInitialize.create' ) - expect(java_opts).to include('-Dgemfire.security-username=cluster_operator') - expect(java_opts).to include('-Dgemfire.security-password=some-password') + + expect(app_dir + 'gemfire.properties').to exist + expect((app_dir + 'gemfire.properties').read) + .to eq(Pathname.new('spec/fixtures/expected_gemfire_properties_without_role').read) end end end From cf9f88762fd3ff85bfd3e0b13ee38ee3e8cbe0f7 Mon Sep 17 00:00:00 2001 From: Ben Ross Date: Thu, 11 Feb 2021 10:39:20 -0800 Subject: [PATCH 4/5] Removed unnecessary gemfire.properties --- .../container/tomcat/tomcat_geode_store.rb | 7 ---- spec/fixtures/expected_gemfire_properties | 2 - .../expected_gemfire_properties_without_role | 2 - .../tomcat/tomcat_geode_store_spec.rb | 38 ------------------- 4 files changed, 49 deletions(-) delete mode 100644 spec/fixtures/expected_gemfire_properties delete mode 100644 spec/fixtures/expected_gemfire_properties_without_role diff --git a/lib/java_buildpack/container/tomcat/tomcat_geode_store.rb b/lib/java_buildpack/container/tomcat/tomcat_geode_store.rb index d445bb5e00..80f30f4c3c 100644 --- a/lib/java_buildpack/container/tomcat/tomcat_geode_store.rb +++ b/lib/java_buildpack/container/tomcat/tomcat_geode_store.rb @@ -41,13 +41,6 @@ def compile def release return unless supports? - credentials = @application.services.find_service(FILTER, KEY_LOCATORS, KEY_USERS)['credentials'] - user = credentials[KEY_USERS].find { |u| cluster_operator?(u) } - - File.open(@droplet.root + 'gemfire.properties', 'w') do |f| - f.write('security-username=' + user['username'] + "\nsecurity-password=" + user['password']) - end - @droplet.java_opts.add_system_property 'gemfire.security-client-auth-init', 'io.pivotal.cloudcache.ClientAuthInitialize.create' end diff --git a/spec/fixtures/expected_gemfire_properties b/spec/fixtures/expected_gemfire_properties deleted file mode 100644 index b41259c569..0000000000 --- a/spec/fixtures/expected_gemfire_properties +++ /dev/null @@ -1,2 +0,0 @@ -security-username=some-username -security-password=some-password \ No newline at end of file diff --git a/spec/fixtures/expected_gemfire_properties_without_role b/spec/fixtures/expected_gemfire_properties_without_role deleted file mode 100644 index 6ea9a92335..0000000000 --- a/spec/fixtures/expected_gemfire_properties_without_role +++ /dev/null @@ -1,2 +0,0 @@ -security-username=cluster_operator -security-password=some-password \ No newline at end of file diff --git a/spec/java_buildpack/container/tomcat/tomcat_geode_store_spec.rb b/spec/java_buildpack/container/tomcat/tomcat_geode_store_spec.rb index ec40d8d33d..9ddd46b1bd 100644 --- a/spec/java_buildpack/container/tomcat/tomcat_geode_store_spec.rb +++ b/spec/java_buildpack/container/tomcat/tomcat_geode_store_spec.rb @@ -107,44 +107,6 @@ expect(java_opts).to include( '-Dgemfire.security-client-auth-init=io.pivotal.cloudcache.ClientAuthInitialize.create' ) - - expect(app_dir + 'gemfire.properties').to exist - expect((app_dir + 'gemfire.properties').read) - .to eq(Pathname.new('spec/fixtures/expected_gemfire_properties').read) - end - end - - context 'when there is session replication service and service credentials do not include roles' do - before do - allow(services).to receive(:one_service?).with(/session-replication/, 'locators', 'users') - .and_return(true) - allow(services).to receive(:find_service).and_return( - 'credentials' => { - 'locators' => ['some-locator[some-port]', 'some-other-locator[some-other-port]'], - 'users' => - [ - { - 'password' => 'some-password', - 'username' => 'cluster_operator' - } - ] - } - ) - end - - it 'assumes usernames represent roles and passes security properties to the release', - app_fixture: 'container_tomcat_geode_store', - cache_fixture: 'stub-geode-store.tar' do - - component.release - - expect(java_opts).to include( - '-Dgemfire.security-client-auth-init=io.pivotal.cloudcache.ClientAuthInitialize.create' - ) - - expect(app_dir + 'gemfire.properties').to exist - expect((app_dir + 'gemfire.properties').read) - .to eq(Pathname.new('spec/fixtures/expected_gemfire_properties_without_role').read) end end end From d0707a28adf93b3f851775322487198e9a8eecca Mon Sep 17 00:00:00 2001 From: Sarah Date: Tue, 16 Feb 2021 12:27:20 -0500 Subject: [PATCH 5/5] Removes unused function --- lib/java_buildpack/container/tomcat/tomcat_geode_store.rb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lib/java_buildpack/container/tomcat/tomcat_geode_store.rb b/lib/java_buildpack/container/tomcat/tomcat_geode_store.rb index 80f30f4c3c..58279aaefc 100644 --- a/lib/java_buildpack/container/tomcat/tomcat_geode_store.rb +++ b/lib/java_buildpack/container/tomcat/tomcat_geode_store.rb @@ -71,10 +71,6 @@ def supports? :CACHE_CLIENT_LISTENER_CLASS_NAME, :SCHEMA_URL, :SCHEMA_INSTANCE_URL, :SCHEMA_LOCATION, :LOCATOR_REGEXP - def cluster_operator?(user) - user['username'] == 'cluster_operator' || user['roles'] && (user['roles'].include? 'cluster_operator') - end - def add_client_cache(document) client_cache = document.add_element 'client-cache', 'xmlns' => SCHEMA_URL,