Merge pull request #470 from marklogic-community/feature/189-mlAuth

DEVEXP-189: Added mlAuthentication and mlSslHostnameVerifier

Author: rjrudin

src/main/java/com/marklogic/appdeployer/DefaultAppConfigFactory.java

@@ -309,7 +309,7 @@ public void initialize() {
 			config.setRestConnectionType(DatabaseClient.ConnectionType.valueOf(prop));
 		});
 		propertyConsumerMap.put("mlRestAuthentication", (config, prop) -> {
-			logger.info("App REST authentication: " + prop);
+			logger.info("REST authentication: " + prop);
 			config.setRestSecurityContextType(SecurityContextType.valueOf(prop.toUpperCase()));
 		});
 		propertyConsumerMap.put("mlRestCertFile", (config, prop) -> {
@@ -335,6 +335,29 @@ public void initialize() {
 			config.setTestRestBasePath(prop);
 		});
 
+		// Need this to be after mlRestAuthentication and mlAppServicesAuthentication are processed so
+		// that it doesn't override those values.
+		propertyConsumerMap.put("mlAuthentication", (config, prop) -> {
+			if (!propertyExists("mlAppServicesAuthentication")) {
+				logger.info("App Services authentication: " + prop);
+				config.setAppServicesSecurityContextType(SecurityContextType.valueOf(prop.toUpperCase()));
+			}
+			if (!propertyExists("mlRestAuthentication")) {
+				logger.info("REST authentication: " + prop);
+				config.setRestSecurityContextType(SecurityContextType.valueOf(prop.toUpperCase()));
+			}
+		});
+		propertyConsumerMap.put("mlSslHostnameVerifier", (config, prop) -> {
+			if (!propertyExists("mlAppServicesSslHostnameVerifier")) {
+				logger.info("App-Services SSL hostname verifier: " + prop);
+				config.setAppServicesSslHostnameVerifier(JavaClientUtil.toSSLHostnameVerifier(prop));
+			}
+			if (!propertyExists("mlRestSslHostnameVerifier")) {
+				logger.info("REST SSL hostname verifier: " + prop);
+				config.setRestSslHostnameVerifier(JavaClientUtil.toSSLHostnameVerifier(prop));
+			}
+		});
+
 		/**
 		 * When modules are loaded via the Client REST API, if the app server requires an SSL connection, then
 		 * setting this property will force the simplest SSL connection to be created.

src/main/java/com/marklogic/mgmt/DefaultManageConfigFactory.java

@@ -49,7 +49,14 @@ public void initialize() {
 			config.setSecurityContextType(prop);
 		});
 
-	    propertyConsumerMap.put("mlManageUsername", (config, prop) -> {
+		propertyConsumerMap.put("mlAuthentication", (config, prop) -> {
+			if (!propertyExists("mlManageAuthentication")) {
+				logger.info("Manage authentication: " + prop);
+				config.setSecurityContextType(prop);
+			}
+		});
+
+		propertyConsumerMap.put("mlManageUsername", (config, prop) -> {
 		    logger.info("Manage username: " + prop);
 		    config.setUsername(prop);
 	    });
@@ -117,6 +124,12 @@ public void initialize() {
 			logger.info("Manage SSL hostname verifier: " + prop);
 			config.setSslHostnameVerifier(JavaClientUtil.toSSLHostnameVerifier(prop));
 		});
+		propertyConsumerMap.put("mlSslHostnameVerifier", (config, prop) -> {
+			if (!propertyExists("mlManageSslHostnameVerifier")) {
+				logger.info("Manage SSL hostname verifier: " + prop);
+				config.setSslHostnameVerifier(JavaClientUtil.toSSLHostnameVerifier(prop));
+			}
+		});
 
 	    propertyConsumerMap.put("mlManageUseDefaultKeystore", (config, prop) -> {
 	    	logger.info("Using default JVM keystore for SSL for Manage app server: " + prop);

src/main/java/com/marklogic/mgmt/admin/DefaultAdminConfigFactory.java

@@ -48,6 +48,13 @@ public void initialize() {
 			config.setSecurityContextType(prop);
 		});
 
+		propertyConsumerMap.put("mlAuthentication", (config, prop) -> {
+			if (!propertyExists("mlAdminAuthentication")) {
+				logger.info("Admin authentication: " + prop);
+				config.setSecurityContextType(prop);
+			}
+		});
+
 	    /**
 	     * The Manage API endpoints in the Admin interface still just require the manage-admin role, so the value of
 	     * mlManageUsername should work for these calls.
@@ -113,6 +120,12 @@ public void initialize() {
 			logger.info("Admin SSL hostname verifier: " + prop);
 			config.setSslHostnameVerifier(JavaClientUtil.toSSLHostnameVerifier(prop));
 		});
+		propertyConsumerMap.put("mlSslHostnameVerifier", (config, prop) -> {
+			if (!propertyExists("mlAdminSslHostnameVerifier")) {
+				logger.info("Admin SSL hostname verifier: " + prop);
+				config.setSslHostnameVerifier(JavaClientUtil.toSSLHostnameVerifier(prop));
+			}
+		});
 
 	    propertyConsumerMap.put("mlAdminUseDefaultKeystore", (config, prop) -> {
 		    logger.info("Using default JVM keystore for SSL for Admin app server: " + prop);

src/test/java/com/marklogic/appdeployer/DefaultAppConfigFactoryTest.java

@@ -696,6 +696,32 @@ void sslHostnameVerifier() {
 			ex.getMessage());
 	}
 
+	@Test
+	void mlSslHostnameVerifier() {
+		AppConfig config = new DefaultAppConfigFactory(new SimplePropertySource(
+			"mlSslHostnameVerifier", "ANY"
+		)).newAppConfig();
+
+		assertEquals(DatabaseClientFactory.SSLHostnameVerifier.ANY, config.getRestSslHostnameVerifier());
+		assertEquals(DatabaseClientFactory.SSLHostnameVerifier.ANY, config.getAppServicesSslHostnameVerifier());
+
+		config = new DefaultAppConfigFactory(new SimplePropertySource(
+			"mlSslHostnameVerifier", "ANY",
+			"mlRestSslHostnameVerifier", "STRICT"
+		)).newAppConfig();
+
+		assertEquals(DatabaseClientFactory.SSLHostnameVerifier.STRICT, config.getRestSslHostnameVerifier());
+		assertEquals(DatabaseClientFactory.SSLHostnameVerifier.ANY, config.getAppServicesSslHostnameVerifier());
+
+		config = new DefaultAppConfigFactory(new SimplePropertySource(
+			"mlSslHostnameVerifier", "ANY",
+			"mlAppServicesSslHostnameVerifier", "STRICT"
+		)).newAppConfig();
+
+		assertEquals(DatabaseClientFactory.SSLHostnameVerifier.ANY, config.getRestSslHostnameVerifier());
+		assertEquals(DatabaseClientFactory.SSLHostnameVerifier.STRICT, config.getAppServicesSslHostnameVerifier());
+	}
+
 	@Test
 	void samlTokens() {
 		AppConfig config = new DefaultAppConfigFactory(new SimplePropertySource(
@@ -720,4 +746,36 @@ void samlTokens() {
 		assertTrue(context instanceof DatabaseClientFactory.SAMLAuthContext);
 		assertEquals("my-app-token", ((DatabaseClientFactory.SAMLAuthContext) context).getToken());
 	}
+
+	@Test
+	void mlAuthentication() {
+		AppConfig config = new DefaultAppConfigFactory(new SimplePropertySource(
+			"mlAuthentication", "cloud"
+		)).newAppConfig();
+
+		assertEquals(SecurityContextType.CLOUD, config.getRestSecurityContextType());
+		assertEquals(SecurityContextType.CLOUD, config.getAppServicesSecurityContextType());
+	}
+
+	@Test
+	void mlAuthenticationAndRestOverridden() {
+		AppConfig config = new DefaultAppConfigFactory(new SimplePropertySource(
+			"mlAuthentication", "cloud",
+			"mlRestAuthentication", "basic"
+		)).newAppConfig();
+
+		assertEquals(SecurityContextType.BASIC, config.getRestSecurityContextType());
+		assertEquals(SecurityContextType.CLOUD, config.getAppServicesSecurityContextType());
+	}
+
+	@Test
+	void mlAuthenticationAndAppServicesOverridden() {
+		AppConfig config = new DefaultAppConfigFactory(new SimplePropertySource(
+			"mlAuthentication", "cloud",
+			"mlAppServicesAuthentication", "saml"
+		)).newAppConfig();
+
+		assertEquals(SecurityContextType.CLOUD, config.getRestSecurityContextType());
+		assertEquals(SecurityContextType.SAML, config.getAppServicesSecurityContextType());
+	}
 }

src/test/java/com/marklogic/mgmt/DefaultManageConfigFactoryTest.java

@@ -180,6 +180,30 @@ void sslHostnameVerifier() {
 		assertThrows(IllegalArgumentException.class, () -> configure("mlManageSslHostnameVerifier", "bogus"));
 	}
 
+	@Test
+	void mlSslHostnameVerifier() {
+		ManageConfig config = configure("mlSslHostnameVerifier", "any");
+		assertEquals(DatabaseClientFactory.SSLHostnameVerifier.ANY, config.getSslHostnameVerifier());
+
+		config = configure(
+			"mlSslHostnameVerifier", "any",
+			"mlManageSslHostnameVerifier", "strict"
+		);
+		assertEquals(DatabaseClientFactory.SSLHostnameVerifier.STRICT, config.getSslHostnameVerifier());
+	}
+
+	@Test
+	void mlAuthentication() {
+		ManageConfig config = configure("mlAuthentication", "cloud");
+		assertEquals("cloud", config.getSecurityContextType());
+
+		config = configure(
+			"mlAuthentication", "cloud",
+			"mlManageAuthentication", "basic"
+		);
+		assertEquals("basic", config.getSecurityContextType());
+	}
+
 	private ManageConfig configure(String... properties) {
 		return new DefaultManageConfigFactory(new SimplePropertySource(properties)).newManageConfig();
 	}

src/test/java/com/marklogic/mgmt/admin/DefaultAdminConfigFactoryTest.java

@@ -139,6 +139,30 @@ void sslHostnameVerifier() {
 		assertThrows(IllegalArgumentException.class, () -> configure("mlAdminSslHostnameVerifier", "bogus"));
 	}
 
+	@Test
+	void mlSslHostnameVerifier() {
+		AdminConfig config = configure("mlSslHostnameVerifier", "any");
+		assertEquals(DatabaseClientFactory.SSLHostnameVerifier.ANY, config.getSslHostnameVerifier());
+
+		config = configure(
+			"mlSslHostnameVerifier", "any",
+			"mlAdminSslHostnameVerifier", "strict"
+		);
+		assertEquals(DatabaseClientFactory.SSLHostnameVerifier.STRICT, config.getSslHostnameVerifier());
+	}
+
+	@Test
+	void mlAuthentication() {
+		AdminConfig config = configure("mlAuthentication", "cloud");
+		assertEquals("cloud", config.getSecurityContextType());
+
+		config = configure(
+			"mlAuthentication", "cloud",
+			"mlAdminAuthentication", "basic"
+		);
+		assertEquals("basic", config.getSecurityContextType());
+	}
+
 	private AdminConfig configure(String... properties) {
 		return new DefaultAdminConfigFactory(new SimplePropertySource(properties)).newAdminConfig();
 	}