More base64 encoded files

Allow to configure Auth/GSSAPI and TLS files encoded in base64

Author: eolivelli

common/src/main/java/com/datastax/oss/common/sink/config/CassandraSinkConfig.java

@@ -15,6 +15,11 @@
  */
 package com.datastax.oss.common.sink.config;
 
+import static com.datastax.oss.common.sink.config.AuthenticatorConfig.KEYTAB_OPT;
+import static com.datastax.oss.common.sink.config.SslConfig.KEYSTORE_PATH_OPT;
+import static com.datastax.oss.common.sink.config.SslConfig.OPENSSL_KEY_CERT_CHAIN_OPT;
+import static com.datastax.oss.common.sink.config.SslConfig.OPENSSL_PRIVATE_KEY_OPT;
+import static com.datastax.oss.common.sink.config.SslConfig.TRUSTSTORE_PATH_OPT;
 import static com.datastax.oss.driver.api.core.config.DefaultDriverOption.CONTACT_POINTS;
 import static com.datastax.oss.driver.api.core.config.DefaultDriverOption.METADATA_SCHEMA_REFRESHED_KEYSPACES;
 import static com.datastax.oss.driver.api.core.config.DefaultDriverOption.METRICS_NODE_ENABLED;
@@ -252,7 +257,18 @@ public CassandraSinkConfig(Map<String, String> settings) {
       globalConfig = new AbstractConfig(GLOBAL_CONFIG_DEF, globalSettings, false);
 
       populateDriverSettingsWithConnectorSettings(globalSettings);
-      decodeBase64EncodedSecureBundle(javaDriverSettings);
+
+      // for Pulsar Sink we want to make it easy to deploy these files
+      // as simple base64 encoded strings, because there is no
+      // automatic mechanism to distribute files to the workers that
+      // execute the Sink
+      decodeBase64EncodedFile(SECURE_CONNECT_BUNDLE_DRIVER_SETTING, javaDriverSettings);
+      decodeBase64EncodedFile(KEYSTORE_PATH_OPT, sslSettings);
+      decodeBase64EncodedFile(TRUSTSTORE_PATH_OPT, sslSettings);
+      decodeBase64EncodedFile(OPENSSL_PRIVATE_KEY_OPT, sslSettings);
+      decodeBase64EncodedFile(OPENSSL_KEY_CERT_CHAIN_OPT, sslSettings);
+      decodeBase64EncodedFile(KEYTAB_OPT, authSettings);
+
       boolean cloud = isCloud();
 
       if (!cloud) {
@@ -352,27 +368,27 @@ private void deprecatedSecureBundle(Map<String, String> connectorSettings) {
         Function.identity());
   }
 
-  static void decodeBase64EncodedSecureBundle(Map<String, String> javaDriverSettings) {
+  static void decodeBase64EncodedFile(String key, Map<String, String> javaDriverSettings) {
     // if the path is base64:xxxx we decode the payload and create
     // a temporary file
     // we are setting permissions such that only current user can access the file
     // the file will be deleted at JVM exit
-    String encoded = javaDriverSettings.get(SECURE_CONNECT_BUNDLE_DRIVER_SETTING);
+    String encoded = javaDriverSettings.get(key);
     if (encoded != null && encoded.startsWith("base64:")) {
       try {
         encoded = encoded.replace("\n", "").replace("\r", "").trim();
         encoded = encoded.substring("base64:".length());
         byte[] decoded = Base64.getDecoder().decode(encoded);
-        Path file = Files.createTempFile("cassandra.sink.securebundle", ".zip");
+        Path file = Files.createTempFile("cassandra.sink.", ".tmp");
         Files.setPosixFilePermissions(file, PosixFilePermissions.fromString("rw-------"));
         file.toFile().deleteOnExit();
         Files.write(file, decoded);
         String path = file.toAbsolutePath().toString();
-        log.info("Decoded bundle to temporary file {}", path);
-        javaDriverSettings.put(SECURE_CONNECT_BUNDLE_DRIVER_SETTING, path);
+        log.info("Decoded {} to temporary file {}", key, path);
+        javaDriverSettings.put(key, path);
       } catch (IOException ex) {
         throw new RuntimeException(
-            "Cannot decode base64 secure bundle and create temporary file: " + ex, ex);
+            "Cannot decode base64 " + key + " and create temporary file: " + ex, ex);
       }
     }
   }

common/src/test/java/com/datastax/oss/common/sink/config/CassandraSinkConfigTest.java

@@ -15,6 +15,7 @@
  */
 package com.datastax.oss.common.sink.config;
 
+import static com.datastax.oss.common.sink.config.AuthenticatorConfig.KEYTAB_OPT;
 import static com.datastax.oss.common.sink.config.CassandraSinkConfig.COMPRESSION_DEFAULT;
 import static com.datastax.oss.common.sink.config.CassandraSinkConfig.COMPRESSION_DRIVER_SETTING;
 import static com.datastax.oss.common.sink.config.CassandraSinkConfig.COMPRESSION_OPT;
@@ -39,13 +40,18 @@
 import static com.datastax.oss.common.sink.config.CassandraSinkConfig.SECURE_CONNECT_BUNDLE_OPT;
 import static com.datastax.oss.common.sink.config.CassandraSinkConfig.SSL_OPT_PREFIX;
 import static com.datastax.oss.common.sink.config.CassandraSinkConfig.withDriverPrefix;
+import static com.datastax.oss.common.sink.config.SslConfig.KEYSTORE_PATH_OPT;
+import static com.datastax.oss.common.sink.config.SslConfig.OPENSSL_KEY_CERT_CHAIN_OPT;
+import static com.datastax.oss.common.sink.config.SslConfig.OPENSSL_PRIVATE_KEY_OPT;
 import static com.datastax.oss.common.sink.config.SslConfig.PROVIDER_OPT;
+import static com.datastax.oss.common.sink.config.SslConfig.TRUSTSTORE_PATH_OPT;
 import static com.datastax.oss.common.sink.config.TableConfig.MAPPING_OPT;
 import static com.datastax.oss.common.sink.config.TableConfig.getTableSettingPath;
 import static com.datastax.oss.driver.api.core.config.DefaultDriverOption.CONTACT_POINTS;
 import static com.datastax.oss.driver.api.core.config.DefaultDriverOption.METRICS_SESSION_CQL_REQUESTS_INTERVAL;
 import static com.datastax.oss.driver.api.core.config.DefaultDriverOption.METRICS_SESSION_ENABLED;
 import static com.datastax.oss.dsbulk.tests.assertions.TestAssertions.assertThat;
+import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
@@ -59,7 +65,6 @@
 import com.datastax.oss.driver.shaded.guava.common.collect.Maps;
 import com.datastax.oss.dsbulk.tests.logging.LogInterceptingExtension;
 import com.datastax.oss.dsbulk.tests.logging.LogInterceptor;
-import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.nio.file.Files;
 import java.nio.file.attribute.PosixFilePermission;
@@ -69,9 +74,8 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.function.Function;
 import java.util.stream.Stream;
-import java.util.zip.ZipEntry;
-import java.util.zip.ZipOutputStream;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.params.ParameterizedTest;
@@ -680,33 +684,80 @@ void should_set_default_driver_setting(String driverSettingName, String expected
   }
 
   @Test
-  void should_unpack_base64_zip_file_legacy_name() throws Exception {
-    should_unpack_base64_zip_file(SECURE_CONNECT_BUNDLE_OPT);
+  void should_unpack_base64_secureBundle_legacy_name() throws Exception {
+    should_unpack_base64_file(
+        SECURE_CONNECT_BUNDLE_OPT,
+        (CassandraSinkConfig config) -> {
+          assertThat(config.isCloud()).isEqualTo(true);
+          return config.getJavaDriverSettings().get(SECURE_CONNECT_BUNDLE_DRIVER_SETTING);
+        });
   }
 
   @Test
-  void should_unpack_base64_zip_file() throws Exception {
-    should_unpack_base64_zip_file(SECURE_CONNECT_BUNDLE_DRIVER_SETTING);
+  void should_unpack_base64_secureBundle() throws Exception {
+    should_unpack_base64_file(
+        SECURE_CONNECT_BUNDLE_DRIVER_SETTING,
+        (CassandraSinkConfig config) -> {
+          assertThat(config.isCloud()).isEqualTo(true);
+          return config.getJavaDriverSettings().get(SECURE_CONNECT_BUNDLE_DRIVER_SETTING);
+        });
   }
 
-  void should_unpack_base64_zip_file(String entryName) throws Exception {
-    ByteArrayOutputStream buffer = new ByteArrayOutputStream();
-    // it is not necessary that we really have a zip file here
-    // but this gives the flavour of the type of content we expect
-    // to be encoded in the secureBundleZip
-    try (ZipOutputStream zip = new ZipOutputStream(buffer)) {
-      zip.putNextEntry(new ZipEntry("file.bin"));
-      zip.write(1234);
-      zip.closeEntry();
-    }
-    byte[] zipFileContents = buffer.toByteArray();
+  @Test
+  void should_unpack_base64_ssl_keystore() throws Exception {
+    should_unpack_base64_file(
+        KEYSTORE_PATH_OPT,
+        (CassandraSinkConfig config) -> {
+          return config.getSslConfig().getKeystorePath().toString();
+        });
+  }
+
+  @Test
+  void should_unpack_base64_ssl_trustore() throws Exception {
+    should_unpack_base64_file(
+        TRUSTSTORE_PATH_OPT,
+        (CassandraSinkConfig config) -> {
+          return config.getSslConfig().getTruststorePath().toString();
+        });
+  }
+
+  @Test
+  void should_unpack_base64_ssl_openssl_private_key() throws Exception {
+    should_unpack_base64_file(
+        OPENSSL_PRIVATE_KEY_OPT,
+        (CassandraSinkConfig config) -> {
+          return config.getSslConfig().getOpenSslPrivateKey().toString();
+        });
+  }
+
+  @Test
+  void should_unpack_base64_ssl_openssl_cert_chain() throws Exception {
+    should_unpack_base64_file(
+        OPENSSL_KEY_CERT_CHAIN_OPT,
+        (CassandraSinkConfig config) -> {
+          return config.getSslConfig().getOpenSslKeyCertChain().toString();
+        });
+  }
+
+  @Test
+  void should_unpack_base64_auth_keytab() throws Exception {
+    should_unpack_base64_file(
+        KEYTAB_OPT,
+        (CassandraSinkConfig config) -> {
+          return config.getAuthenticatorConfig().getKeyTabPath().toString();
+        });
+  }
+
+  void should_unpack_base64_file(
+      String entryName, Function<CassandraSinkConfig, String> parameterAccessor) throws Exception {
+
+    byte[] zipFileContents = "foo".getBytes(UTF_8);
     String encoded = "base64:" + Base64.getEncoder().encodeToString(zipFileContents);
     Map<String, String> inputSettings = new HashMap<>();
     inputSettings.put(entryName, encoded);
     CassandraSinkConfig cassandraSinkConfig = new CassandraSinkConfig(inputSettings);
-    assertThat(cassandraSinkConfig.isCloud()).isEqualTo(true);
-    Map<String, String> javaDriverSettings = cassandraSinkConfig.getJavaDriverSettings();
-    String path = javaDriverSettings.get(SECURE_CONNECT_BUNDLE_DRIVER_SETTING);
+
+    String path = parameterAccessor.apply(cassandraSinkConfig);
     File file = new File(path);
     assertThat(file.isFile()).isEqualTo(true);
     Set<PosixFilePermission> posixFilePermissions = Files.getPosixFilePermissions(file.toPath());