Merge pull request #506 from BillFarber/feature/deployCredentials

Now have deploy/undeploy credentials commands

Author: BillFarber

src/main/java/com/marklogic/appdeployer/ConfigDir.java

@@ -262,4 +262,8 @@ public File getProjectDir() {
 	public File getSecureCredentialsDir() {
 		return new File(getSecurityDir(), "secure-credentials");
 	}
+
+	public File getCredentialsDir() {
+		return new File(getSecurityDir(), "credentials");
+	}
 }

src/main/java/com/marklogic/appdeployer/command/CommandMapBuilder.java

@@ -161,6 +161,7 @@ private void addCommandsThatDoNotWriteToDatabases(Map<String, List<Command>> map
 		securityCommands.add(new InsertCertificateHostsTemplateCommand());
 		securityCommands.add(new DeployExternalSecurityCommand());
 		securityCommands.add(new DeploySecureCredentialsCommand());
+		securityCommands.add(new DeployCredentialsCommand());
 		securityCommands.add(new DeployPrivilegesCommand());
 		securityCommands.add(new DeployPrivilegeRolesCommand());
 		securityCommands.add(new DeployProtectedCollectionsCommand());

src/main/java/com/marklogic/appdeployer/command/SortOrderConstants.java

@@ -33,6 +33,7 @@ public abstract class SortOrderConstants {
 
 	public static Integer DEPLOY_EXTERNAL_SECURITY = 35;
 	public static Integer DEPLOY_SECURE_CREDENTIALS = 36;
+	public static Integer DEPLOY_CREDENTIALS = 37;
 	public static Integer DEPLOY_PROTECTED_COLLECTIONS = 40;
 	public static Integer DEPLOY_MIMETYPES = 45;
 

src/main/java/com/marklogic/appdeployer/command/security/DeployCredentialsCommand.java

@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2023 MarkLogic Corporation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.marklogic.appdeployer.command.security;
+
+import com.marklogic.appdeployer.command.AbstractResourceCommand;
+import com.marklogic.appdeployer.command.CommandContext;
+import com.marklogic.appdeployer.command.SortOrderConstants;
+import com.marklogic.appdeployer.command.UndoableCommand;
+import com.marklogic.mgmt.resource.ResourceManager;
+import com.marklogic.mgmt.resource.security.CredentialsManager;
+
+import java.io.File;
+
+public class DeployCredentialsCommand extends AbstractResourceCommand implements UndoableCommand {
+
+	public DeployCredentialsCommand() {
+		setExecuteSortOrder(SortOrderConstants.DEPLOY_CREDENTIALS);
+		setUndoSortOrder(SortOrderConstants.DEPLOY_CREDENTIALS);
+	}
+
+	@Override
+	protected File[] getResourceDirs(CommandContext context) {
+		return findResourceDirs(context, configDir -> configDir.getCredentialsDir());
+	}
+
+	@Override
+	protected ResourceManager getResourceManager(CommandContext context) {
+		return new CredentialsManager(context.getManageClient());
+	}
+}

src/main/java/com/marklogic/mgmt/ManageClient.java

@@ -22,6 +22,7 @@
 import com.marklogic.rest.util.RestConfig;
 import com.marklogic.rest.util.RestTemplateUtil;
 import org.jdom2.Namespace;
+import org.springframework.core.io.Resource;
 import org.springframework.http.*;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
@@ -204,16 +205,28 @@ public String getJsonAsSecurityUser(String path) {
 			.getBody();
 	}
 
-	public void delete(String path) {
+	public void delete(String path, String... headerNamesAndValues) {
         logRequest(path, "", "DELETE");
-        getRestTemplate().delete(buildUri(path));
+		delete(getRestTemplate(), path, headerNamesAndValues);
     }
 
-    public void deleteAsSecurityUser(String path) {
+    public void deleteAsSecurityUser(String path, String... headerNamesAndValues) {
 	    logSecurityUserRequest(path, "", "DELETE");
-	    getSecurityUserRestTemplate().delete(buildUri(path));
+		delete(getSecurityUserRestTemplate(), path, headerNamesAndValues);
     }
 
+	private void delete(RestTemplate restTemplate, String path, String... headerNamesAndValues) {
+		URI uri = buildUri(path);
+		HttpHeaders headers = new HttpHeaders();
+		if (headerNamesAndValues != null) {
+			for (int i = 0; i < headerNamesAndValues.length; i += 2) {
+				headers.add(headerNamesAndValues[i], headerNamesAndValues[i + 1]);
+			}
+		}
+		HttpEntity<Resource> entity = new HttpEntity<>(null, headers);
+		restTemplate.exchange(uri, HttpMethod.DELETE, entity, String.class);
+	}
+
 	/**
 	 * Per #187 and version 3.1.0, when an HttpEntity is constructed with a JSON payload, this method will check to see
 	 * if it should "clean" the JSON via the Jackson library, which is primarily intended for removing comments from

src/main/java/com/marklogic/mgmt/resource/AbstractResourceManager.java

@@ -32,11 +32,17 @@ public abstract class AbstractResourceManager extends AbstractManager implements
 
     private ManageClient manageClient;
     private boolean updateAllowed = true;
+	protected final boolean usePutForCreate;
 
     public AbstractResourceManager(ManageClient client) {
-        this.manageClient = client;
+		this(client, false);
     }
 
+	public AbstractResourceManager(ManageClient client, boolean usePutForCreate) {
+		this.manageClient = client;
+		this.usePutForCreate = usePutForCreate;
+	}
+
     public String getResourcesPath() {
         return format("/manage/v2/%ss", getResourceName());
     }
@@ -119,7 +125,9 @@ protected SaveReceipt createNewResource(String payload, String resourceId) {
 		    logger.info(format("Creating %s: %s", label, resourceId));
 	    }
 	    String path = getCreateResourcePath(payload);
-	    ResponseEntity<String> response = postPayload(manageClient, path, payload);
+	    ResponseEntity<String> response = this.usePutForCreate ?
+			putPayload(manageClient, path, payload) :
+			postPayload(manageClient, path, payload);
 	    if (logger.isInfoEnabled()) {
 		    logger.info(format("Created %s: %s", label, resourceId));
 	    }
@@ -194,14 +202,15 @@ protected void beforeDelete(String resourceId, String path, String... resourceUr
      * Convenience method for performing a delete once the correct path for the resource has been constructed.
      *
      * @param path
+	 * @param headerNamesAndValues optional sequence of header names and values to be included in the DELETE request.
      */
-    public void deleteAtPath(String path) {
+    public void deleteAtPath(String path, String... headerNamesAndValues) {
         String label = getResourceName();
         logger.info(format("Deleting %s at path %s", label, path));
 	    if (useSecurityUser()) {
-		    manageClient.deleteAsSecurityUser(path);
+		    manageClient.deleteAsSecurityUser(path, headerNamesAndValues);
 	    } else {
-		    manageClient.delete(path);
+		    manageClient.delete(path, headerNamesAndValues);
 	    }
 	    logger.info(format("Deleted %s at path %s", label, path));
     }

src/main/java/com/marklogic/mgmt/resource/security/CredentialsManager.java

@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2023 MarkLogic Corporation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.marklogic.mgmt.resource.security;
+
+import com.marklogic.mgmt.DeleteReceipt;
+import com.marklogic.mgmt.ManageClient;
+import com.marklogic.mgmt.resource.AbstractResourceManager;
+
+public class CredentialsManager extends AbstractResourceManager {
+
+	public CredentialsManager(ManageClient client) {
+		super(client, true);
+	}
+
+	@Override
+	public String getResourcesPath() {
+		return "/manage/v2/credentials/properties";
+	}
+
+
+	@Override
+	protected String getIdFieldName() {
+		return "type";
+	}
+
+	@Override
+	protected String getResourceId(String payload) {
+		return getCredentialsType(payload);
+	}
+
+	@Override
+	public DeleteReceipt delete(String payload, String... resourceUrlParams) {
+		final String type = getCredentialsType(payload);
+		final String path = "/manage/v2/credentials/properties?type=" + type;
+		// The DELETE endpoint - https://docs.marklogic.com/REST/DELETE/manage/v2/credentials/properties - seems to
+		// erroneously require a Content-type header, even though there's no request body.
+		super.deleteAtPath(path, "Content-type", "application/json");
+		return new DeleteReceipt(type, path, true);
+	}
+
+	private String getCredentialsType(String payload) {
+		if (payloadParser.isJsonPayload(payload)) {
+			return payloadParser.getPayloadFieldValue(payload, getIdFieldName());
+		}
+		return payloadParser.getPayloadFieldValue(payload, "azure", false) != null ? "azure" : "aws";
+	}
+}

src/main/java/com/marklogic/rest/util/Fragment.java

@@ -63,6 +63,7 @@ public Fragment(String xml, Namespace... namespaces) {
             list.add(Namespace.getNamespace("sec", "http://marklogic.com/xdmp/security"));
 			list.add(Namespace.getNamespace("ts", "http://marklogic.com/manage/task-server"));
 	        list.add(Namespace.getNamespace("t", "http://marklogic.com/manage/tasks"));
+			list.add(Namespace.getNamespace("creds", "http://marklogic.com/manage/credentials/properties"));
 			list.addAll(Arrays.asList(namespaces));
             this.namespaces = list.toArray(new Namespace[] {});
         } catch (Exception e) {

src/test/java/com/marklogic/appdeployer/command/security/DeployCredentialsTest.java

@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2023 MarkLogic Corporation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.marklogic.appdeployer.command.security;
+
+import com.marklogic.appdeployer.command.AbstractManageResourceTest;
+import com.marklogic.appdeployer.command.Command;
+import com.marklogic.mgmt.resource.ResourceManager;
+import com.marklogic.mgmt.resource.security.CredentialsManager;
+import com.marklogic.rest.util.Fragment;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+public class DeployCredentialsTest extends AbstractManageResourceTest {
+
+	@Override
+	protected ResourceManager newResourceManager() {
+		return new CredentialsManager(manageClient);
+	}
+
+	@Override
+	protected Command newCommand() {
+		return new DeployCredentialsCommand();
+	}
+
+	@Override
+	protected String[] getResourceNames() {
+		return new String[]{};
+	}
+
+	@Override
+	protected void afterResourcesCreated() {
+		Fragment f =  manageClient.getXml(new CredentialsManager(manageClient).getResourcesPath()+"?format=xml");
+		assertEquals("AWS-ACCESS-KEY", f.getElementValue("/creds:credentials-properties/creds:aws/creds:access-key"));
+		assertEquals("AZURE-STORAGE-ACCOUNT", f.getElementValue("/creds:credentials-properties/creds:azure/creds:storage-account"));
+	}
+
+	@Override
+	protected void verifyResourcesWereDeleted(ResourceManager mgr) {
+		Fragment f =  manageClient.getXml(new CredentialsManager(manageClient).getResourcesPath()+"?format=xml");
+        assertNull(f.getElementValue("/creds:credentials-properties/creds:aws/creds:access-key"));
+        assertNull(f.getElementValue("/creds:credentials-properties/creds:azure/creds:storage-account"));
+	}
+}

src/test/resources/sample-app/src/main/ml-config/security/credentials/credentials-aws.json

@@ -0,0 +1,5 @@
+{
+	"type": "aws",
+	"access-key": "AWS-ACCESS-KEY",
+	"secret-key": "SECRET-KEY"
+}