search

indigo-dc / orchestrator

The INDIGO PaaS Orchestrator
https://www.indigo-datacloud.eu/paas-orchestrator
Apache License 2.0
17 stars 21 forks source link

Generic credential #376

Closed Wareek closed 4 years ago

Wareek commented 4 years ago

Replacement of credential management with vault service for username and password storage

t6pc-bot commented 4 years ago

Can one of the admins verify this patch?

alberto-brigandi commented 4 years ago

Add to whitelist

codecov-io commented 4 years ago

Codecov Report

Merging #376 into master will increase coverage by 0.71%. The diff coverage is 82.3%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master     #376      +/-   ##
============================================
+ Coverage     62.93%   63.64%   +0.71%     
- Complexity      938      946       +8     
============================================
  Files           180      183       +3     
  Lines          5644     5645       +1     
  Branches        355      351       -4     
============================================
+ Hits           3552     3593      +41     
+ Misses         1956     1915      -41     
- Partials        136      137       +1
Flag Coverage Δ Complexity Δ
#integration 8.57% <4.61%> (+0.06%) 171 <4> (+2) :arrow_up:
#unittests 59.75% <80.76%> (+0.68%) 871 <15> (+7) :arrow_up:
Impacted Files Coverage Δ Complexity Δ
...it/reply/orchestrator/dto/cmdb/ChronosService.java 100% <ø> (ø) 1 <0> (ø) :arrow_down:
.../orchestrator/dto/policies/ToscaPolicyFactory.java 0% <ø> (ø) 0 <0> (ø) :arrow_down:
...t/reply/orchestrator/dto/cmdb/MarathonService.java 70% <ø> (ø) 1 <0> (ø) :arrow_down:
...a/it/reply/orchestrator/dto/cmdb/CloudService.java 78.57% <ø> (ø) 11 <0> (ø) :arrow_down:
.../reply/orchestrator/dto/CloudProviderEndpoint.java 84.21% <ø> (ø) 3 <0> (ø) :arrow_down:
...y/orchestrator/dto/cmdb/MesosFrameworkService.java 100% <ø> (ø) 1 <0> (ø) :arrow_down:
...orchestrator/service/commands/ProviderTimeout.java 75% <ø> (ø) 2 <0> (ø) :arrow_down:
...ava/it/reply/orchestrator/dto/cmdb/QcgService.java 100% <ø> (ø) 1 <0> (ø) :arrow_down:
...it/reply/orchestrator/dto/cmdb/ComputeService.java 100% <ø> (ø) 1 <0> (ø) :arrow_down:
...t/reply/orchestrator/service/ToscaServiceImpl.java 55.19% <0%> (ø) 107 <0> (ø) :arrow_down:
... and 16 more

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 887943f...772c51b. Read the comment docs.

maricaantonacci commented 4 years ago

Hi @alberto-brigandi and @Wareek I've started to test the changes included in this PR and I had to modify the code as follows in order to make it work (only Openstack and AWS have been tested so far):

  1. pass the Vault role (read from config) when calling the login API;
  2. add the no args constructor for the classes GenericServiceCredential and GenericServiceCredentialWithTenant.

(1) is needed to avoid the permission denied error since the default policy does not allow to read from the path used to store the service credentials. (2) is needed to fix the following error: org.springframework.http.converter.HttpMessageNotReadableException: JSON parse error: Can not construct instance of it.reply.orchestrator.dto.security.GenericServiceCredentialWithTenant: no suitable constructor found, can not deserialize from Object value (missing default constructor or creator, or perhaps need to add/enable type information?); nested exception is com.fasterxml.jackson.databind.JsonMappingException: Can not construct instance of it.reply.orchestrator.dto.security.GenericServiceCredentialWithTenant: no suitable constructor found, can not deserialize from Object value (missing default constructor or creator, or perhaps need to add/enable type information?) at [Source: java.io.PushbackInputStream@7038e49c; line: 1, column: 119] (through reference chain: org.springframework.vault.support.VaultResponseSupport["data"]) at org.springframework.http.converter.json.AbstractJackson2HttpMessageConverter.readJavaType(AbstractJackson2HttpMessageConverter.java:240) at org.springframework.http.converter.json.AbstractJackson2HttpMessageConverter.read(AbstractJackson2HttpMessageConverter.java:225) at org.springframework.web.client.HttpMessageConverterExtractor.extractData(HttpMessageConverterExtractor.java:96) at org.springframework.web.client.RestTemplate$ResponseEntityResponseExtractor.extractData(RestTemplate.java:934) at org.springframework.web.client.RestTemplate$ResponseEntityResponseExtractor.extractData(RestTemplate.java:918) at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:664) at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:622) at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:568) at org.springframework.vault.core.VaultTemplate.read(VaultTemplate.java:238) at it.reply.orchestrator.service.VaultServiceImpl.readSecret(VaultServiceImpl.java:104) at it.reply.orchestrator.service.VaultServiceImpl.readSecret(VaultServiceImpl.java:109) at it.reply.orchestrator.service.deployment.providers.CredentialProviderServiceImpl.credentialProvider(CredentialProviderServiceImpl.java:69) at it.reply.orchestrator.service.deployment.providers.factory.ImClientFactory.getOpenStackAuthHeader(ImClientFactory.java:107)

sonarcloud[bot] commented 4 years ago

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities (and Security Hotspot 0 Security Hotspots to review)
Code Smell A 13 Code Smells

81.0% 81.0% Coverage
0.0% 0.0% Duplication