Added config params for k8s (#1238)

* Added config params for k8s
* Update docker config and rendering
* Fix password comparison
* More efficient default password check

Author: codepitbull

docker/config-k8s.xml

@@ -71,6 +71,55 @@
             </https-listener>
             ${IF:HIVEMQ_HTTPS_ENABLED}
         </listeners>
+        ${IF:HIVEMQ_LDAP_ENABLED}
+        <ldap>
+            <servers>
+                <ldap-server>
+                    <host>${ENV:HIVEMQ_LDAP_SERVER1_HOST}</host>
+                    <port>${ENV:HIVEMQ_LDAP_SERVER1_PORT}</port>
+                </ldap-server>
+                ${IF:HIVEMQ_LDAP_SERVER2_ENABLED}
+                <ldap-server>
+                    <host>${ENV:HIVEMQ_LDAP_SERVER2_HOST}</host>
+                    <port>${ENV:HIVEMQ_LDAP_SERVER2_PORT}</port>
+                </ldap-server>
+                ${IF:HIVEMQ_LDAP_SERVER2_ENABLED}
+                ${IF:HIVEMQ_LDAP_SERVER3_ENABLED}
+                <ldap-server>
+                    <host>${ENV:HIVEMQ_LDAP_SERVER3_HOST}</host>
+                    <port>${ENV:HIVEMQ_LDAP_SERVER3_PORT}</port>
+                </ldap-server>
+                ${IF:HIVEMQ_LDAP_SERVER3_ENABLED}
+            </servers>
+
+            <tls-mode>${ENV:HIVEMQ_LDAP_TLS_MODE}</tls-mode>
+            ${IF:HIVEMQ_LDAP_TLS_TRUSTSTORE_ENABLED}
+            <tls>
+                <truststore-path>${ENV:HIVEMQ_LDAP_TRUSTSTORE_PATH}</truststore-path>
+                <truststore-password>${ENV:HIVEMQ_LDAP_TRUSTSTORE_PASSWORD}</truststore-password>
+                <truststore-type>JKS</truststore-type>
+            </tls>
+            ${IF:HIVEMQ_LDAP_TLS_TRUSTSTORE_ENABLED}
+
+            <simple-bind>
+                <rdns>${ENV:HIVEMQ_LDAP_SIMPLEBIND_RDNS}</rdns>
+                <userPassword>${ENV:HIVEMQ_LDAP_SIMPLEBIND_PASSWORD}</userPassword>
+            </simple-bind>
+
+            <uid-attribute>${ENV:HIVEMQ_LDAP_UID}</uid-attribute>
+            <rdns>${ENV:HIVEMQ_LDAP_RDNS}</rdns>
+            <directory-descent>${ENV:HIVEMQ_LDAP_DIRECTORY_DESCENT}</directory-descent>
+            ${IF:HIVEMQ_LDAP_OBJECT_CLASS_ENABLED}
+            <required-object-class>${ENV:HIVEMQ_LDAP_OBJECT_CLASS}</required-object-class>
+            ${IF:HIVEMQ_LDAP_OBJECT_CLASS_ENABLED}
+
+            <max-connections>${ENV:HIVEMQ_LDAP_MAX_CONNECTION}</max-connections>
+            <connect-timeout-millis>${ENV:HIVEMQ_LDAP_CONNECT_TIMEOUT_MS}</connect-timeout-millis>
+            <response-timeout-millis>${ENV:HIVEMQ_LDAP_RESPONSE_TIMEOUT_MS}</response-timeout-millis>
+            <search-timeout-seconds>${ENV:HIVEMQ_LDAP_SEARCH_TIMEOUT_S}</search-timeout-seconds>
+        </ldap>
+        ${IF:HIVEMQ_LDAP_ENABLED}
+        ${IF:HIVEMQ_USERS_ENABLED}
         <users>
             <user>
                 <username>${ENV:HIVEMQ_ADMIN_USER}</username>
@@ -80,6 +129,7 @@
                 </roles>
             </user>
         </users>
+        ${IF:HIVEMQ_USERS_ENABLED}
     </admin-api>
     <persistence>
         <mode>${ENV:HIVEMQ_PERSISTENCE_MODE}</mode>

hivemq-edge/src/main/java/com/hivemq/api/auth/provider/impl/ldap/LdapConnectionProperties.java

@@ -30,7 +30,9 @@
 
 import javax.net.ssl.SSLContext;
 import java.security.GeneralSecurityException;
+import java.util.Arrays;
 import java.util.List;
+import java.util.Objects;
 
 import static com.hivemq.api.auth.ApiRoles.ADMIN;
 import static java.util.Arrays.stream;
@@ -83,17 +85,50 @@ public static LdapSimpleBind fromEntity(final @NotNull LdapSimpleBindEntity ldap
                     ldapSimpleBindEntity.getRdns(),
                     ldapSimpleBindEntity.getUserPassword());
         }
+
+        @Override
+        public boolean equals(final Object o) {
+            if (o == null || getClass() != o.getClass()) return false;
+            final LdapSimpleBind that = (LdapSimpleBind) o;
+            return Objects.equals(rdns(), that.rdns()) && Objects.equals(userPassword(), that.userPassword());
+        }
+
+        @Override
+        public int hashCode() {
+            return Objects.hash(rdns(), userPassword());
+        }
     }
 
     /**
      * This class represents the simple bind credentials for an LDAP connection.
      */
     public record LdapServers (@NotNull String[] hosts, int @NotNull [] ports){
+
+        /**
+         * Compact constructor that makes defensive copies of the arrays to ensure immutability.
+         */
+        public LdapServers {
+            hosts = hosts.clone();
+            ports = ports.clone();
+        }
+
         public static LdapServers fromEntity(final @NotNull List<LdapServerEntity> ldapServerEntities) {
             final String[] hosts = ldapServerEntities.stream().map(LdapServerEntity::getHost).toArray(String[]::new);
             final int[] ports = ldapServerEntities.stream().mapToInt(LdapServerEntity::getPort).toArray();
             return new LdapServers(hosts, ports);
         }
+
+        @Override
+        public boolean equals(final Object o) {
+            if (o == null || getClass() != o.getClass()) return false;
+            final LdapServers that = (LdapServers) o;
+            return Objects.deepEquals(hosts(), that.hosts()) && Objects.deepEquals(ports(), that.ports());
+        }
+
+        @Override
+        public int hashCode() {
+            return Objects.hash(Arrays.hashCode(hosts()), Arrays.hashCode(ports()));
+        }
     }
 
     /**
@@ -106,6 +141,20 @@ public static TrustStore fromEntity(final @NotNull TrustStoreEntity trustStoreEn
                     trustStoreEntity.getTrustStorePassword(),
                     trustStoreEntity.getTrustStoreType());
         }
+
+        @Override
+        public boolean equals(final Object o) {
+            if (o == null || getClass() != o.getClass()) return false;
+            final TrustStore that = (TrustStore) o;
+            return Objects.equals(trustStorePath(), that.trustStorePath()) &&
+                    Objects.equals(trustStoreType(), that.trustStoreType()) &&
+                    Objects.equals(trustStorePassword(), that.trustStorePassword());
+        }
+
+        @Override
+        public int hashCode() {
+            return Objects.hash(trustStorePath(), trustStorePassword(), trustStoreType());
+        }
     }
 
     /**
@@ -280,4 +329,42 @@ public static TrustStore fromEntity(final @NotNull TrustStoreEntity trustStoreEn
 
         return options;
     }
+
+    @Override
+    public boolean equals(final Object o) {
+        if (o == null || getClass() != o.getClass()) return false;
+        final LdapConnectionProperties that = (LdapConnectionProperties) o;
+        return maxConnections() == that.maxConnections() &&
+                connectTimeoutMillis() == that.connectTimeoutMillis() &&
+                searchTimeoutSeconds() == that.searchTimeoutSeconds() &&
+                responseTimeoutMillis() == that.responseTimeoutMillis() &&
+                acceptAnyCertificateForTesting() == that.acceptAnyCertificateForTesting() &&
+                Objects.equals(rdns(), that.rdns()) &&
+                tlsMode() == that.tlsMode() &&
+                Objects.equals(servers(), that.servers()) &&
+                Objects.equals(uidAttribute(), that.uidAttribute()) &&
+                Objects.equals(assignedRole(), that.assignedRole()) &&
+                Objects.equals(trustStore(), that.trustStore()) &&
+                Objects.equals(searchScope(), that.searchScope()) &&
+                Objects.equals(requiredObjectClass(), that.requiredObjectClass()) &&
+                Objects.equals(ldapSimpleBind(), that.ldapSimpleBind());
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(servers(),
+                tlsMode(),
+                trustStore(),
+                connectTimeoutMillis(),
+                responseTimeoutMillis(),
+                maxConnections(),
+                uidAttribute(),
+                rdns(),
+                requiredObjectClass(),
+                searchScope(),
+                searchTimeoutSeconds(),
+                assignedRole(),
+                acceptAnyCertificateForTesting(),
+                ldapSimpleBind());
+    }
 }

hivemq-edge/src/main/java/com/hivemq/api/utils/ApiUtils.java

@@ -16,32 +16,33 @@
 package com.hivemq.api.utils;
 
 import com.google.common.base.Preconditions;
-import com.hivemq.api.config.ApiListener;
 import com.hivemq.api.config.HttpsListener;
 import com.hivemq.configuration.service.ApiConfigurationService;
-import org.jetbrains.annotations.NotNull;
 import com.hivemq.http.core.UsernamePasswordRoles;
+import org.jetbrains.annotations.NotNull;
 
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.util.List;
+import java.util.Objects;
 
 /**
  * @author Simon L Johnson
  */
 public class ApiUtils {
 
-    public static boolean hasDefaultUser(List<UsernamePasswordRoles> users){
+    public static boolean hasDefaultUser(final List<UsernamePasswordRoles> users){
         if(!users.isEmpty()){
-            return users.stream().filter(user -> (UsernamePasswordRoles.DEFAULT_USERNAME.equals(user.getUserName())
-                && UsernamePasswordRoles.DEFAULT_PASSWORD.equals(user.getPassword()))).count() > 0;
+            return users.stream()
+                    .anyMatch(user -> (UsernamePasswordRoles.DEFAULT_USERNAME.equals(user.getUserName()) &&
+                                    Objects.deepEquals(UsernamePasswordRoles.DEFAULT_PASSWORD_BYTES, user.getPassword())));
         }
         return false;
     }
 
     public static String getWebContextRoot(final @NotNull ApiConfigurationService apiConfigurationService, final boolean trailingSlash){
 
-        List<ApiListener> listeners = apiConfigurationService.getListeners();
+        final var listeners = apiConfigurationService.getListeners();
         if(listeners == null || listeners.isEmpty()){
             return null;
         }
@@ -50,10 +51,10 @@ public static String getWebContextRoot(final @NotNull ApiConfigurationService ap
         int port = 80;
         String host = null;
 
-        for(ApiListener listener : listeners){
+        for(final var listener : listeners){
             try {
                 host = getHostName(listener.getBindAddress());
-            } catch(UnknownHostException e){
+            } catch(final UnknownHostException e){
                 host = listener.getBindAddress();
             }
             port = listener.getPort();
@@ -75,7 +76,7 @@ public static String getHostName(final @NotNull String name) throws UnknownHostE
             return "localhost";
 //            return InetAddress.getLocalHost().getHostName();
         }
-        InetAddress host = InetAddress.getByName(name);
+        final var host = InetAddress.getByName(name);
         return host.getHostName();
     }
 }

hivemq-edge/src/main/java/com/hivemq/configuration/entity/api/ldap/LdapServerEntity.java

@@ -5,6 +5,8 @@
 import jakarta.xml.bind.annotation.XmlElement;
 import org.jetbrains.annotations.NotNull;
 
+import java.util.Objects;
+
 @XmlAccessorType(XmlAccessType.NONE)
 @SuppressWarnings("NotNullFieldNotInitialized")
 public class LdapServerEntity {
@@ -35,4 +37,16 @@ public LdapServerEntity(final @NotNull String host, final int port) {
     public int getPort() {
         return port;
     }
+
+    @Override
+    public boolean equals(final Object o) {
+        if (o == null || getClass() != o.getClass()) return false;
+        final LdapServerEntity that = (LdapServerEntity) o;
+        return getPort() == that.getPort() && Objects.equals(getHost(), that.getHost());
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(getHost(), getPort());
+    }
 }

hivemq-edge/src/main/java/com/hivemq/configuration/entity/api/ldap/LdapSimpleBindEntity.java

@@ -5,6 +5,8 @@
 import jakarta.xml.bind.annotation.XmlElement;
 import org.jetbrains.annotations.NotNull;
 
+import java.util.Objects;
+
 /**
  * This class represents the simple bind credentials for an LDAP connection.
  */
@@ -33,4 +35,16 @@ public LdapSimpleBindEntity(final @NotNull String rdns, final @NotNull String pa
     public @NotNull String getUserPassword() {
         return userPassword;
     }
+
+    @Override
+    public boolean equals(final Object o) {
+        if (o == null || getClass() != o.getClass()) return false;
+        final LdapSimpleBindEntity that = (LdapSimpleBindEntity) o;
+        return Objects.equals(getRdns(), that.getRdns()) && Objects.equals(getUserPassword(), that.getUserPassword());
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(getRdns(), getUserPassword());
+    }
 }

hivemq-edge/src/main/java/com/hivemq/http/core/UsernamePasswordRoles.java

@@ -17,12 +17,14 @@
 
 import org.jetbrains.annotations.NotNull;
 
+import java.nio.charset.StandardCharsets;
 import java.util.Set;
 
 public class UsernamePasswordRoles {
 
     public static final String DEFAULT_USERNAME = "admin";
     public static final String DEFAULT_PASSWORD = "hivemq";
+    public static final byte[] DEFAULT_PASSWORD_BYTES = DEFAULT_PASSWORD.getBytes(StandardCharsets.UTF_8);
 
     private String userName;
     private byte[] password;

hivemq-edge/src/main/java/com/hivemq/util/render/EnvVarUtil.java

@@ -21,7 +21,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
 /**
@@ -44,7 +43,7 @@ public class EnvVarUtil {
      */
     public static @Nullable String getValue(final @NotNull String name) {
         //also check java properties if system variable is not found
-        final String systemProperty = System.getProperty(name);
+        final var systemProperty = System.getProperty(name);
         if (systemProperty != null) {
             return systemProperty;
         }
@@ -60,10 +59,9 @@ public class EnvVarUtil {
      * @throws UnrecoverableException if a variable used in a placeholder is not set
      */
     public static @NotNull String replaceEnvironmentVariablePlaceholders(final @NotNull String text) {
+        final var resultString = new StringBuilder();
 
-        final StringBuffer resultString = new StringBuffer();
-
-        final Matcher matcher = Pattern.compile(ENV_VAR_PATTERN)
+        final var matcher = Pattern.compile(ENV_VAR_PATTERN)
                 .matcher(text);
 
         while (matcher.find()) {
@@ -75,9 +73,9 @@ public class EnvVarUtil {
                 continue;
             }
 
-            final String varName = matcher.group(1);
+            final var varName = matcher.group(1);
 
-            final String replacement = getValue(varName);
+            final var replacement = getValue(varName);
 
             if (replacement == null) {
                 log.error("Environment Variable {} for HiveMQ config.xml is not set.", varName);