Merge pull request #851 from BenjaminPerryRoss/geode-security-credentials

ekcasey · web-flow · commit a2a7b29776a8 · 2021-03-15T17:23:50.000-04:00
Remove security credentials for geode store from JAVA_OPTS
diff --git a/lib/java_buildpack/container/tomcat/tomcat_geode_store.rb b/lib/java_buildpack/container/tomcat/tomcat_geode_store.rb
@@ -41,11 +41,6 @@ def compile
       def release
         return unless supports?
 
-        credentials = @application.services.find_service(FILTER, KEY_LOCATORS, KEY_USERS)['credentials']
-        user = credentials[KEY_USERS].find { |u| cluster_operator?(u) }
-
-        @droplet.java_opts.add_system_property 'gemfire.security-username', user['username']
-        @droplet.java_opts.add_system_property 'gemfire.security-password', user['password']
         @droplet.java_opts.add_system_property 'gemfire.security-client-auth-init',
                                                'io.pivotal.cloudcache.ClientAuthInitialize.create'
       end
@@ -76,10 +71,6 @@ def supports?
                        :CACHE_CLIENT_LISTENER_CLASS_NAME, :SCHEMA_URL, :SCHEMA_INSTANCE_URL, :SCHEMA_LOCATION,
                        :LOCATOR_REGEXP
 
-      def cluster_operator?(user)
-        user['username'] == 'cluster_operator' || user['roles'] && (user['roles'].include? 'cluster_operator')
-      end
-
       def add_client_cache(document)
         client_cache = document.add_element 'client-cache',
                                             'xmlns' => SCHEMA_URL,
diff --git a/spec/java_buildpack/container/tomcat/tomcat_geode_store_spec.rb b/spec/java_buildpack/container/tomcat/tomcat_geode_store_spec.rb
@@ -107,40 +107,6 @@
       expect(java_opts).to include(
         '-Dgemfire.security-client-auth-init=io.pivotal.cloudcache.ClientAuthInitialize.create'
       )
-      expect(java_opts).to include('-Dgemfire.security-username=some-username')
-      expect(java_opts).to include('-Dgemfire.security-password=some-password')
-    end
-  end
-
-  context 'when there is session replication service and service credentials do not include roles' do
-    before do
-      allow(services).to receive(:one_service?).with(/session-replication/, 'locators', 'users')
-                                               .and_return(true)
-      allow(services).to receive(:find_service).and_return(
-        'credentials' => {
-          'locators' => ['some-locator[some-port]', 'some-other-locator[some-other-port]'],
-          'users' =>
-            [
-              {
-                'password' => 'some-password',
-                'username' => 'cluster_operator'
-              }
-            ]
-        }
-      )
-    end
-
-    it 'assumes usernames represent roles and passes security properties to the release',
-       app_fixture: 'container_tomcat_geode_store',
-       cache_fixture: 'stub-geode-store.tar' do
-
-      component.release
-
-      expect(java_opts).to include(
-        '-Dgemfire.security-client-auth-init=io.pivotal.cloudcache.ClientAuthInitialize.create'
-      )
-      expect(java_opts).to include('-Dgemfire.security-username=cluster_operator')
-      expect(java_opts).to include('-Dgemfire.security-password=some-password')
     end
   end
 end
