diff --git a/conf/sidecar.yaml b/conf/sidecar.yaml index 62e521858..c8330d4b6 100644 --- a/conf/sidecar.yaml +++ b/conf/sidecar.yaml @@ -325,8 +325,11 @@ access_control: driver_parameters: contact_points: - "127.0.0.1:9042" - username: cassandra - password: cassandra + auth_provider: + class_name: org.apache.cassandra.sidecar.cluster.auth.ConfigProvider + parameters: + username: cassandra + password: cassandra ssl: enabled: false keystore: diff --git a/docs/src/user.adoc b/docs/src/user.adoc index d8ef90a7a..ec6f65965 100644 --- a/docs/src/user.adoc +++ b/docs/src/user.adoc @@ -99,8 +99,16 @@ driver_parameters: contact_points: - ":" - ":" - username: - password: + auth_provider: + class_name: org.apache.cassandra.sidecar.cluster.auth.ConfigProvider + parameters: + username: + password: + # Alternative option is to read username and password from a file + # class_name: org.apache.cassandra.sidecar.cluster.auth.FileProvider + # parameters: + # username_path: + # password_path: ssl: enabled: keystore: @@ -338,8 +346,9 @@ This section of the `sidecar.yaml` file configures how requests are authenticate The `driver_parameters` section of the `sidecar.yaml` file is used to configure the Cassandra driver used by Cassandra Sidecar to connect to Cassandra over CQL. The following properties are defined: * `contact_points`: This is a list of IP Addresses or hostnames and ports of the Cassandra instances that Cassandra Sidecar can use to bootstrap its connection to the Cassandra cluster. -* `username`: This is the username used to authenticate with the Cassandra cluster. -* `password`: This is the password used to authenticate with the Cassandra cluster. +* `auth_provider`: Provider entry used to resolve driver authentication details. Implementation choices are `org.apache.cassandra.sidecar.cluster.auth.FileProvider` and `org.apache.cassandra.sidecar.cluster.auth.ConfigProvider`. If both `auth_provider` and `username`/`password` are configured, Sidecar uses `auth_provider` and uses `username`/`password` as fallback when no provider is configured. +* `username`: This is the username used to authenticate with the Cassandra cluster. This is a legacy fallback and is deprecated in favor of `auth_provider` with `ConfigProvider`. +* `password`: This is the password used to authenticate with the Cassandra cluster. This is a legacy fallback and is deprecated in favor of `auth_provider` with `ConfigProvider`. * `ssl`: This defines how the Cassandra driver can connect to Cassandra over SSL. See the above <> section for more information. * `num_connections`: This defines the number of connections that the Cassandra driver will open to each Cassandra instance. By default, 2. * `local_dc`: This configures the local data center of the Cassandra driver. Ensure that this is the same value as the data center of the Cassandra nodes which this Cassandra Sidecar manages. diff --git a/integration-tests/src/integrationTest/resources/config/sidecar.yaml.template b/integration-tests/src/integrationTest/resources/config/sidecar.yaml.template index 48a334402..7e09ba677 100644 --- a/integration-tests/src/integrationTest/resources/config/sidecar.yaml.template +++ b/integration-tests/src/integrationTest/resources/config/sidecar.yaml.template @@ -267,8 +267,17 @@ access_control: driver_parameters: contact_points: - "127.0.0.1:9042" - username: cassandra - password: cassandra + auth_provider: + # Authentication information, implementing org.apache.cassandra.sidecar.cluster.auth.CqlAuthProvider; + # used to provide username/password to connect to the Cassandra cluster. + # class_name: org.apache.cassandra.sidecar.cluster.auth.FileProvider + # parameters: + # username_path: /opt/sidecar/superuser/username + # password_path: /opt/sidecar/superuser/password + class_name: org.apache.cassandra.sidecar.cluster.auth.ConfigProvider + parameters: + username: cassandra + password: cassandra ssl: enabled: false keystore: diff --git a/server/src/main/java/org/apache/cassandra/sidecar/cluster/CQLSessionProviderImpl.java b/server/src/main/java/org/apache/cassandra/sidecar/cluster/CQLSessionProviderImpl.java index 491ec3621..7130a92d7 100644 --- a/server/src/main/java/org/apache/cassandra/sidecar/cluster/CQLSessionProviderImpl.java +++ b/server/src/main/java/org/apache/cassandra/sidecar/cluster/CQLSessionProviderImpl.java @@ -27,7 +27,9 @@ import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; +import java.util.HashMap; import java.util.List; +import java.util.Map; import java.util.concurrent.ExecutionException; import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeoutException; @@ -51,6 +53,8 @@ import com.datastax.driver.core.policies.ReconnectionPolicy; import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslContextBuilder; +import org.apache.cassandra.sidecar.cluster.auth.ConfigProvider; +import org.apache.cassandra.sidecar.cluster.auth.CqlAuthProvider; import org.apache.cassandra.sidecar.cluster.driver.SidecarLoadBalancingPolicy; import org.apache.cassandra.sidecar.common.server.CQLSessionProvider; import org.apache.cassandra.sidecar.common.server.utils.DriverUtils; @@ -80,8 +84,7 @@ public class CQLSessionProviderImpl implements CQLSessionProvider private final NettyOptions nettyOptions; private final ReconnectionPolicy reconnectionPolicy; private final List localInstances; - private final String username; - private final String password; + private final CqlAuthProvider authProvider; private final DriverUtils driverUtils; private volatile Session session; @@ -119,8 +122,10 @@ public CQLSessionProviderImpl(List contactPoints, this.localInstances = localInstances; this.localDc = localDc; this.numAdditionalConnections = numAdditionalConnections; - this.username = username; - this.password = password; + Map namedParameters = new HashMap<>(); + namedParameters.put("username", username); + namedParameters.put("password", password); + this.authProvider = new ConfigProvider(namedParameters); this.sslConfiguration = sslConfiguration; this.nettyOptions = options; this.reconnectionPolicy = new ExponentialReconnectionPolicy(500, healthCheckFrequencyMillis); @@ -129,6 +134,7 @@ public CQLSessionProviderImpl(List contactPoints, public CQLSessionProviderImpl(SidecarConfiguration configuration, NettyOptions options, + CqlAuthProvider authProvider, DriverUtils driverUtils) { this.driverUtils = driverUtils; @@ -139,11 +145,10 @@ public CQLSessionProviderImpl(SidecarConfiguration configuration, .map(i -> new InetSocketAddress(i.host(), i.port())) .collect(Collectors.toList()); this.localDc = driverConfiguration.localDc(); - this.username = driverConfiguration.username(); - this.password = driverConfiguration.password(); this.sslConfiguration = driverConfiguration.sslConfiguration(); this.numAdditionalConnections = driverConfiguration.numConnections(); this.nettyOptions = options; + this.authProvider = authProvider; long maxDelayMs = configuration.healthCheckConfiguration().executeInterval().toMillis(); this.reconnectionPolicy = new ExponentialReconnectionPolicy(500, maxDelayMs); } @@ -208,9 +213,14 @@ public synchronized Session get() throws CassandraUnavailableException builder.withSSL(sslOptions); } - if (username != null && password != null) + if (authProvider != null) { - builder.withCredentials(username, password); + String username = authProvider.username(); + String password = authProvider.password(); + if (username != null && password != null) + { + builder.withCredentials(username, password); + } } // During mTLS connections, when client sends in keystore, we should have an AuthProvider passed along. // hence we pass empty username and password in PlainTextAuthProvider here, in case user hasn't already diff --git a/server/src/main/java/org/apache/cassandra/sidecar/cluster/auth/ConfigProvider.java b/server/src/main/java/org/apache/cassandra/sidecar/cluster/auth/ConfigProvider.java new file mode 100644 index 000000000..8e0005a4d --- /dev/null +++ b/server/src/main/java/org/apache/cassandra/sidecar/cluster/auth/ConfigProvider.java @@ -0,0 +1,64 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.cassandra.sidecar.cluster.auth; + +import java.util.Map; +import java.util.Objects; + +import org.apache.cassandra.sidecar.exceptions.ConfigurationException; + +/** + * Loads CQL username/password directly from auth_provider parameters. + */ +public class ConfigProvider implements CqlAuthProvider +{ + static final String USERNAME_PARAM = "username"; + static final String PASSWORD_PARAM = "password"; + + private final String username; + private final String password; + + public ConfigProvider(Map parameters) + { + Objects.requireNonNull(parameters, "parameters must not be null"); + this.username = requiredParameter(parameters, USERNAME_PARAM); + this.password = requiredParameter(parameters, PASSWORD_PARAM); + } + + private static String requiredParameter(Map parameters, String key) + { + if (!parameters.containsKey(key)) + { + throw new ConfigurationException("Missing required auth_provider parameter \"" + key + "\""); + } + return parameters.get(key); + } + + @Override + public String username() + { + return username; + } + + @Override + public String password() + { + return password; + } +} diff --git a/server/src/main/java/org/apache/cassandra/sidecar/cluster/auth/CqlAuthProvider.java b/server/src/main/java/org/apache/cassandra/sidecar/cluster/auth/CqlAuthProvider.java new file mode 100644 index 000000000..941f331c5 --- /dev/null +++ b/server/src/main/java/org/apache/cassandra/sidecar/cluster/auth/CqlAuthProvider.java @@ -0,0 +1,35 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.cassandra.sidecar.cluster.auth; + +/** + * Provides authentication details used by Sidecar's internal Cassandra CQL client. + */ +public interface CqlAuthProvider +{ + /** + * @return username for the CQL connection + */ + String username(); + + /** + * @return password for the CQL connection + */ + String password(); +} diff --git a/server/src/main/java/org/apache/cassandra/sidecar/cluster/auth/FileProvider.java b/server/src/main/java/org/apache/cassandra/sidecar/cluster/auth/FileProvider.java new file mode 100644 index 000000000..b7b031452 --- /dev/null +++ b/server/src/main/java/org/apache/cassandra/sidecar/cluster/auth/FileProvider.java @@ -0,0 +1,94 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.cassandra.sidecar.cluster.auth; + +import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.InvalidPathException; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.util.Map; +import java.util.Objects; + +import org.apache.cassandra.sidecar.exceptions.ConfigurationException; + +/** + * Loads CQL username/password from files. + */ +public class FileProvider implements CqlAuthProvider +{ + static final String USERNAME_PATH_PARAM = "username_path"; + static final String PASSWORD_PATH_PARAM = "password_path"; + + private final Path usernamePath; + private final Path passwordPath; + + public FileProvider(Map parameters) + { + Objects.requireNonNull(parameters, "parameters must not be null"); + this.usernamePath = resolvePath(parameters, USERNAME_PATH_PARAM); + this.passwordPath = resolvePath(parameters, PASSWORD_PATH_PARAM); + } + + private static Path resolvePath(Map parameters, String key) + { + if (!parameters.containsKey(key)) + { + throw new ConfigurationException("Missing required auth_provider parameter \"" + key + "\""); + } + + try + { + return Paths.get(parameters.get(key)); + } + catch (InvalidPathException e) + { + throw new ConfigurationException("Invalid path in auth_provider parameter \"" + key + "\"", e); + } + } + + private static String readSecret(Path path, String key) + { + try + { + String secret = Files.readString(path).trim(); + if (secret.isEmpty()) + { + throw new ConfigurationException("Empty content in auth_provider file for parameter \"" + key + "\""); + } + return secret; + } + catch (IOException e) + { + throw new ConfigurationException("Unable to read auth_provider file for parameter \"" + key + "\"", e); + } + } + + @Override + public String username() + { + return readSecret(usernamePath, USERNAME_PATH_PARAM); + } + + @Override + public String password() + { + return readSecret(passwordPath, PASSWORD_PATH_PARAM); + } +} diff --git a/server/src/main/java/org/apache/cassandra/sidecar/config/DriverConfiguration.java b/server/src/main/java/org/apache/cassandra/sidecar/config/DriverConfiguration.java index 84b60f66c..3fcf79014 100644 --- a/server/src/main/java/org/apache/cassandra/sidecar/config/DriverConfiguration.java +++ b/server/src/main/java/org/apache/cassandra/sidecar/config/DriverConfiguration.java @@ -47,15 +47,26 @@ public interface DriverConfiguration String localDc(); /** + * @deprecated use {@link #authProvider()} with + * {@code org.apache.cassandra.sidecar.cluster.auth.ConfigProvider} instead. * @return the username used for connecting to the Cassandra instance */ + @Deprecated String username(); /** + * @deprecated use {@link #authProvider()} with + * {@code org.apache.cassandra.sidecar.cluster.auth.ConfigProvider} instead. * @return the password used for connecting to the Cassandra instance */ + @Deprecated String password(); + /** + * @return Configured authentication provider for CQL connections. + */ + ParameterizedClassConfiguration authProvider(); + /** * @return Configuration such as keystore, truststore needed for establishing SSL/mTLS connection with * Cassandra instance. diff --git a/server/src/main/java/org/apache/cassandra/sidecar/config/yaml/DriverConfigurationImpl.java b/server/src/main/java/org/apache/cassandra/sidecar/config/yaml/DriverConfigurationImpl.java index 8755cc00b..4990817b8 100644 --- a/server/src/main/java/org/apache/cassandra/sidecar/config/yaml/DriverConfigurationImpl.java +++ b/server/src/main/java/org/apache/cassandra/sidecar/config/yaml/DriverConfigurationImpl.java @@ -24,6 +24,7 @@ import com.fasterxml.jackson.annotation.JsonProperty; import org.apache.cassandra.sidecar.config.DriverConfiguration; +import org.apache.cassandra.sidecar.config.ParameterizedClassConfiguration; import org.apache.cassandra.sidecar.config.SslConfiguration; /** @@ -47,12 +48,15 @@ public class DriverConfigurationImpl implements DriverConfiguration @JsonProperty("password") private final String password; + @JsonProperty("auth_provider") + private final ParameterizedClassConfiguration authProvider; + @JsonProperty("ssl") private final SslConfiguration sslConfiguration; public DriverConfigurationImpl() { - this(Collections.emptyList(), null, DEFAULT_NUM_CONNECTIONS, null, null, null); + this(Collections.emptyList(), null, DEFAULT_NUM_CONNECTIONS, null, null, null, null); } public DriverConfigurationImpl(List contactPoints, @@ -60,6 +64,7 @@ public DriverConfigurationImpl(List contactPoints, int numConnections, String username, String password, + ParameterizedClassConfiguration authProvider, SslConfiguration sslConfiguration) { this.contactPoints = contactPoints; @@ -67,6 +72,7 @@ public DriverConfigurationImpl(List contactPoints, this.numConnections = numConnections; this.username = username; this.password = password; + this.authProvider = authProvider; this.sslConfiguration = sslConfiguration; } @@ -103,6 +109,7 @@ public String localDc() /** * {@inheritDoc} */ + @Deprecated @Override @JsonProperty("username") public String username() @@ -113,6 +120,7 @@ public String username() /** * {@inheritDoc} */ + @Deprecated @Override @JsonProperty("password") public String password() @@ -120,6 +128,16 @@ public String password() return password; } + /** + * {@inheritDoc} + */ + @Override + @JsonProperty("auth_provider") + public ParameterizedClassConfiguration authProvider() + { + return authProvider; + } + /** * {@inheritDoc} */ diff --git a/server/src/main/java/org/apache/cassandra/sidecar/modules/ConfigurationModule.java b/server/src/main/java/org/apache/cassandra/sidecar/modules/ConfigurationModule.java index 785104b6a..d9f544f61 100644 --- a/server/src/main/java/org/apache/cassandra/sidecar/modules/ConfigurationModule.java +++ b/server/src/main/java/org/apache/cassandra/sidecar/modules/ConfigurationModule.java @@ -20,7 +20,9 @@ import java.io.IOException; import java.nio.file.Path; +import java.util.HashMap; import java.util.List; +import java.util.Map; import java.util.stream.Collectors; import com.google.common.util.concurrent.SidecarRateLimiter; @@ -41,6 +43,9 @@ import org.apache.cassandra.sidecar.cluster.CassandraAdapterDelegate; import org.apache.cassandra.sidecar.cluster.InstancesMetadata; import org.apache.cassandra.sidecar.cluster.InstancesMetadataImpl; +import org.apache.cassandra.sidecar.cluster.auth.ConfigProvider; +import org.apache.cassandra.sidecar.cluster.auth.CqlAuthProvider; +import org.apache.cassandra.sidecar.cluster.auth.FileProvider; import org.apache.cassandra.sidecar.cluster.instance.InstanceMetadata; import org.apache.cassandra.sidecar.cluster.instance.InstanceMetadataImpl; import org.apache.cassandra.sidecar.common.server.CQLSessionProvider; @@ -49,12 +54,15 @@ import org.apache.cassandra.sidecar.common.server.utils.DriverUtils; import org.apache.cassandra.sidecar.common.server.utils.SidecarVersionProvider; import org.apache.cassandra.sidecar.config.CassandraInputValidationConfiguration; +import org.apache.cassandra.sidecar.config.DriverConfiguration; import org.apache.cassandra.sidecar.config.InstanceConfiguration; import org.apache.cassandra.sidecar.config.JmxConfiguration; +import org.apache.cassandra.sidecar.config.ParameterizedClassConfiguration; import org.apache.cassandra.sidecar.config.ServiceConfiguration; import org.apache.cassandra.sidecar.config.SidecarConfiguration; import org.apache.cassandra.sidecar.config.yaml.SidecarConfigurationImpl; import org.apache.cassandra.sidecar.db.schema.TableSchemaFetcher; +import org.apache.cassandra.sidecar.exceptions.ConfigurationException; import org.apache.cassandra.sidecar.metrics.MetricRegistryFactory; import org.apache.cassandra.sidecar.metrics.instance.InstanceHealthMetrics; import org.apache.cassandra.sidecar.utils.CassandraVersionProvider; @@ -117,15 +125,51 @@ CassandraInputValidationConfiguration validationConfiguration(SidecarConfigurati @Singleton CQLSessionProvider cqlSessionProvider(Vertx vertx, SidecarConfiguration sidecarConfiguration, + CqlAuthProvider cqlAuthProvider, DriverUtils driverUtils) { CQLSessionProviderImpl cqlSessionProvider = new CQLSessionProviderImpl(sidecarConfiguration, NettyOptions.DEFAULT_INSTANCE, + cqlAuthProvider, driverUtils); vertx.eventBus().localConsumer(ON_SERVER_STOP.address(), message -> cqlSessionProvider.close()); return cqlSessionProvider; } + @Provides + @Singleton + CqlAuthProvider cqlAuthProvider(SidecarConfiguration sidecarConfiguration) + { + DriverConfiguration driverConfiguration = sidecarConfiguration.driverConfiguration(); + + ParameterizedClassConfiguration config = driverConfiguration.authProvider(); + if (config == null) + { + // Fallback to the old one + Map namedParameters = new HashMap<>(); + namedParameters.put("username", driverConfiguration.username()); + namedParameters.put("password", driverConfiguration.password()); + return new ConfigProvider(namedParameters); + } + + if (config.namedParameters() == null) + { + throw new ConfigurationException("Missing parameters for auth_provider"); + } + + Map namedParameters = config.namedParameters(); + + if (config.className().equalsIgnoreCase(ConfigProvider.class.getName())) + { + return new ConfigProvider(namedParameters); + } + if (config.className().equalsIgnoreCase(FileProvider.class.getName())) + { + return new FileProvider(namedParameters); + } + throw new ConfigurationException("Unrecognized cql auth_provider " + config.className() + " set"); + } + @Provides @Singleton CassandraVersionProvider cassandraVersionProvider(DnsResolver dnsResolver, DriverUtils driverUtils, TableSchemaFetcher tableSchemaFetcher) diff --git a/server/src/test/java/org/apache/cassandra/sidecar/cluster/auth/ConfigProviderTest.java b/server/src/test/java/org/apache/cassandra/sidecar/cluster/auth/ConfigProviderTest.java new file mode 100644 index 000000000..9d023b53a --- /dev/null +++ b/server/src/test/java/org/apache/cassandra/sidecar/cluster/auth/ConfigProviderTest.java @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.cassandra.sidecar.cluster.auth; + +import java.util.Map; + +import org.junit.jupiter.api.Test; + +import org.apache.cassandra.sidecar.exceptions.ConfigurationException; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.assertThatExceptionOfType; + +class ConfigProviderTest +{ + @Test + void testInterfaceGetters() + { + CqlAuthProvider provider = new ConfigProvider(Map.of(ConfigProvider.USERNAME_PARAM, "cassandra", + ConfigProvider.PASSWORD_PARAM, "cassandra")); + assertThat(provider.username()).isEqualTo("cassandra"); + assertThat(provider.password()).isEqualTo("cassandra"); + } + + @Test + void testMissingParameterThrows() + { + assertThatExceptionOfType(ConfigurationException.class) + .isThrownBy(() -> new ConfigProvider(Map.of(ConfigProvider.USERNAME_PARAM, "cassandra"))) + .withMessageContaining("Missing required auth_provider parameter"); + } +} diff --git a/server/src/test/java/org/apache/cassandra/sidecar/cluster/auth/FileProviderTest.java b/server/src/test/java/org/apache/cassandra/sidecar/cluster/auth/FileProviderTest.java new file mode 100644 index 000000000..a1d0b6733 --- /dev/null +++ b/server/src/test/java/org/apache/cassandra/sidecar/cluster/auth/FileProviderTest.java @@ -0,0 +1,75 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.cassandra.sidecar.cluster.auth; + +import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.Path; +import java.util.Map; + +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.io.TempDir; + +import org.apache.cassandra.sidecar.exceptions.ConfigurationException; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.assertThatExceptionOfType; + +class FileProviderTest +{ + @TempDir + Path tempDir; + + @Test + void testInterfaceGetters() throws IOException + { + Path usernamePath = tempDir.resolve("username"); + Path passwordPath = tempDir.resolve("password"); + Files.writeString(usernamePath, "cassandra-user\n"); + Files.writeString(passwordPath, "cassandra-pass\n"); + + CqlAuthProvider provider = new FileProvider(Map.of(FileProvider.USERNAME_PATH_PARAM, usernamePath.toString(), + FileProvider.PASSWORD_PATH_PARAM, passwordPath.toString())); + assertThat(provider.username()).isEqualTo("cassandra-user"); + assertThat(provider.password()).isEqualTo("cassandra-pass"); + } + + @Test + void testMissingParameterThrows() + { + assertThatExceptionOfType(ConfigurationException.class) + .isThrownBy(() -> new FileProvider(Map.of(FileProvider.USERNAME_PATH_PARAM, "/tmp/username"))) + .withMessageContaining("Missing required auth_provider parameter"); + } + + @Test + void testEmptySecretThrows() throws IOException + { + Path usernamePath = tempDir.resolve("username"); + Path passwordPath = tempDir.resolve("password"); + Files.writeString(usernamePath, " \n"); + Files.writeString(passwordPath, "secret"); + + FileProvider provider = new FileProvider(Map.of(FileProvider.USERNAME_PATH_PARAM, usernamePath.toString(), + FileProvider.PASSWORD_PATH_PARAM, passwordPath.toString())); + assertThatExceptionOfType(ConfigurationException.class) + .isThrownBy(provider::username) + .withMessageContaining("Empty content in auth_provider file for parameter"); + } +} diff --git a/server/src/test/java/org/apache/cassandra/sidecar/config/SidecarConfigurationTest.java b/server/src/test/java/org/apache/cassandra/sidecar/config/SidecarConfigurationTest.java index e33463d90..21388278d 100644 --- a/server/src/test/java/org/apache/cassandra/sidecar/config/SidecarConfigurationTest.java +++ b/server/src/test/java/org/apache/cassandra/sidecar/config/SidecarConfigurationTest.java @@ -224,6 +224,22 @@ void testDriverParameters() throws IOException assertThat(sslConfiguration.truststore().password()).isEqualTo("password"); } + @Test + void testDriverParametersWithAuthProvider() throws IOException + { + Path yamlPath = yaml("config/sidecar_driver_params_config_provider.yaml"); + SidecarConfiguration config = SidecarConfigurationImpl.readYamlConfiguration(yamlPath); + + DriverConfiguration driverConfiguration = config.driverConfiguration(); + assertThat(driverConfiguration).isNotNull(); + assertThat(driverConfiguration.authProvider()).isNotNull(); + ParameterizedClassConfiguration authProvider = driverConfiguration.authProvider(); + assertThat(authProvider.className()).isEqualTo("org.apache.cassandra.sidecar.cluster.auth.ConfigProvider"); + assertThat(authProvider.namedParameters()) + .containsExactlyInAnyOrderEntriesOf(Map.of("username", "cassandra", + "password", "cassandra")); + } + @Test void testReadCustomSchemaKeyspaceConfiguration() throws IOException { diff --git a/server/src/test/resources/config/sidecar_driver_params_config_provider.yaml b/server/src/test/resources/config/sidecar_driver_params_config_provider.yaml new file mode 100644 index 000000000..18f918928 --- /dev/null +++ b/server/src/test/resources/config/sidecar_driver_params_config_provider.yaml @@ -0,0 +1,23 @@ +driver_parameters: + contact_points: + - "127.0.0.1:9042" + auth_provider: + class_name: org.apache.cassandra.sidecar.cluster.auth.ConfigProvider + parameters: + username: cassandra + password: cassandra + ssl: + enabled: true + accepted_protocols: + - TLSv1.2 + - TLSv1.3 + keystore: + type: PKCS12 + path: path/to/keystore.p12 + password: password + truststore: + type: PKCS12 + path: path/to/keystore.p12 + password: password + num_connections: 6 + local_dc: dc1