Merge pull request #464 from marklogic-community/feature/171-cloud-auth

DEVEXP-171: Added properties for cloud auth

Author: rjrudin

src/main/java/com/marklogic/appdeployer/AppConfig.java

@@ -71,6 +71,7 @@ public class AppConfig {
 	public static final String DEFAULT_PASSWORD = "admin";
 
 	private String host = DEFAULT_HOST;
+	private String cloudApiKey;
 
 	private boolean catchDeployExceptions = false;
 	private boolean catchUndeployExceptions = false;
@@ -97,9 +98,11 @@ public class AppConfig {
 	private boolean restUseDefaultKeystore;
 	private String restSslProtocol;
 	private String restTrustManagementAlgorithm;
+	private String restBasePath;
 
 	private Integer restPort = DEFAULT_PORT;
 	private Integer testRestPort;
+	private String testRestBasePath;
 
 	// Connection info for using the App Services client REST API - e.g. to load non-REST API modules
 	private DatabaseClient.ConnectionType appServicesConnectionType;
@@ -116,6 +119,7 @@ public class AppConfig {
 	private boolean appServicesUseDefaultKeystore;
 	private String appServicesSslProtocol;
 	private String appServicesTrustManagementAlgorithm;
+	private String appServicesBasePath;
 
 	// These can all be set to override the default names that are generated off of the "name" attribute.
 	private String groupName = DEFAULT_GROUP;
@@ -367,7 +371,11 @@ public DatabaseClient newDatabaseClient() {
 	 * @return
 	 */
 	public DatabaseClient newTestDatabaseClient() {
-		return configuredDatabaseClientFactory.newDatabaseClient(newRestDatabaseClientConfig(getTestRestPort()));
+		DatabaseClientConfig config = newRestDatabaseClientConfig(getTestRestPort());
+		if (StringUtils.hasText(getTestRestBasePath())) {
+			config.setBasePath(getTestRestBasePath());
+		}
+		return configuredDatabaseClientFactory.newDatabaseClient(config);
 	}
 
 	public DatabaseClientConfig newRestDatabaseClientConfig(int port) {
@@ -377,6 +385,8 @@ public DatabaseClientConfig newRestDatabaseClientConfig(int port) {
 		config.setConnectionType(restConnectionType);
 		config.setExternalName(restExternalName);
 		config.setSecurityContextType(restSecurityContextType);
+		config.setCloudApiKey(cloudApiKey);
+		config.setBasePath(restBasePath);
 
 		if (restUseDefaultKeystore) {
 		    config.setSslProtocol(StringUtils.hasText(restSslProtocol) ? restSslProtocol : SslUtil.DEFAULT_SSL_PROTOCOL);
@@ -417,6 +427,8 @@ public DatabaseClient newAppServicesDatabaseClient(String databaseName) {
 		config.setDatabase(databaseName);
 		config.setExternalName(appServicesExternalName);
 		config.setSecurityContextType(appServicesSecurityContextType);
+		config.setCloudApiKey(cloudApiKey);
+		config.setBasePath(appServicesBasePath);
 
 		if (appServicesUseDefaultKeystore) {
 		    config.setSslProtocol(StringUtils.hasText(appServicesSslProtocol) ? appServicesSslProtocol : SslUtil.DEFAULT_SSL_PROTOCOL);
@@ -1451,4 +1463,36 @@ public String getModuleUriPrefix() {
 	public void setModuleUriPrefix(String moduleUriPrefix) {
 		this.moduleUriPrefix = moduleUriPrefix;
 	}
+
+	public String getCloudApiKey() {
+		return cloudApiKey;
+	}
+
+	public void setCloudApiKey(String cloudApiKey) {
+		this.cloudApiKey = cloudApiKey;
+	}
+
+	public String getRestBasePath() {
+		return restBasePath;
+	}
+
+	public void setRestBasePath(String restBasePath) {
+		this.restBasePath = restBasePath;
+	}
+
+	public String getAppServicesBasePath() {
+		return appServicesBasePath;
+	}
+
+	public void setAppServicesBasePath(String appServicesBasePath) {
+		this.appServicesBasePath = appServicesBasePath;
+	}
+
+	public String getTestRestBasePath() {
+		return testRestBasePath;
+	}
+
+	public void setTestRestBasePath(String testRestBasePath) {
+		this.testRestBasePath = testRestBasePath;
+	}
 }

src/main/java/com/marklogic/appdeployer/DefaultAppConfigFactory.java

@@ -184,6 +184,11 @@ public void initialize() {
 			config.setHost(prop);
 		});
 
+		propertyConsumerMap.put("mlCloudApiKey", (config, prop) -> {
+			logger.info("Setting cloud API key");
+			config.setCloudApiKey(prop);
+		});
+
 		/**
 		 * Defaults to port 8000. In rare cases, the ML App-Services app server will have been changed to listen on a
 		 * different port, in which case you can set this to that port.
@@ -251,6 +256,11 @@ public void initialize() {
 			config.setAppServicesTrustManagementAlgorithm(prop);
 		});
 
+		propertyConsumerMap.put("mlAppServicesBasePath", (config, prop) -> {
+			logger.info("App-Services base path: " + prop);
+			config.setAppServicesBasePath(prop);
+		});
+
 		/**
 		 * Set this to true to prevent creating a REST API server by default.
 		 */
@@ -304,6 +314,14 @@ public void initialize() {
 			logger.info("REST external name: " + prop);
 			config.setRestExternalName(prop);
 		});
+		propertyConsumerMap.put("mlRestBasePath", (config, prop) -> {
+			logger.info("REST base path: " + prop);
+			config.setRestBasePath(prop);
+		});
+		propertyConsumerMap.put("mlTestRestBasePath", (config, prop) -> {
+			logger.info("Test REST base path: " + prop);
+			config.setTestRestBasePath(prop);
+		});
 
 		/**
 		 * When modules are loaded via the Client REST API, if the app server requires an SSL connection, then
@@ -373,7 +391,7 @@ public void initialize() {
 		 * If a test REST API server is created, it will use the following port.
 		 */
 		propertyConsumerMap.put("mlTestRestPort", (config, prop) -> {
-			logger.info("App test REST port: " + prop);
+			logger.info("Test REST port: " + prop);
 			config.setTestRestPort(Integer.parseInt(prop));
 		});
 

src/main/java/com/marklogic/mgmt/DefaultManageConfigFactory.java

@@ -72,6 +72,16 @@ public void initialize() {
 		    }
 	    });
 
+		propertyConsumerMap.put("mlCloudApiKey", (config, prop) -> {
+			logger.info("Setting cloud API key");
+			config.setCloudApiKey(prop);
+		});
+
+		propertyConsumerMap.put("mlManageBasePath", (config, prop) -> {
+			logger.info("Manage base path: " + prop);
+			config.setBasePath(prop);
+		});
+
 	    propertyConsumerMap.put("mlManageScheme", (config, prop) -> {
 		    logger.info("Manage scheme: " + prop);
 		    config.setScheme(prop);

src/main/java/com/marklogic/mgmt/ManageClient.java

@@ -62,15 +62,12 @@ public void setManageConfig(ManageConfig config) {
 			    logger.info(format("Initializing separate connection to Manage API with user '%s' that should have the 'manage-admin' and 'security' roles", securityUsername));
 		    }
 
-		    RestConfig rc = new RestConfig(config.getHost(), config.getPort(), securityUsername, config.getSecurityPassword());
-		    rc.setScheme(config.getScheme());
-		    rc.setConfigureSimpleSsl(config.isConfigureSimpleSsl());
-		    rc.setHostnameVerifier(config.getHostnameVerifier());
-
+			RestConfig rc = new RestConfig(config);
+			// Override settings based on the 3 "security user"-specific properties known by ManageConfig
+			rc.setUsername(config.getSecurityUsername());
+			rc.setPassword(config.getSecurityPassword());
 		    if (config.getSecuritySslContext() != null) {
 		    	rc.setSslContext(config.getSecuritySslContext());
-		    } else {
-		    	rc.setSslContext(config.getSslContext());
 		    }
 
 		    this.securityUserRestTemplate = RestTemplateUtil.newRestTemplate(rc);
@@ -267,14 +264,14 @@ public HttpEntity<String> buildXmlEntity(String xml) {
     protected void logRequest(String path, String contentType, String method) {
         if (logger.isInfoEnabled()) {
         	String username = manageConfig != null ? manageConfig.getUsername() : "(unknown)";
-            logger.info(String.format("Sending %s %s request as user '%s' to path: %s", contentType, method, username, path));
+            logger.info(String.format("Sending %s %s request as user '%s' to path: %s", contentType, method, username, buildUri(path)));
         }
     }
 
     protected void logSecurityUserRequest(String path, String contentType, String method) {
         if (logger.isInfoEnabled()) {
             logger.info(String.format("Sending %s %s request as user '%s' (who should have the 'manage-admin' and 'security' roles) to path: %s",
-	            contentType, method, determineUsernameForSecurityUserRequest(), path));
+	            contentType, method, determineUsernameForSecurityUserRequest(), buildUri(path)));
         }
     }
 

src/main/java/com/marklogic/mgmt/admin/AdminConfig.java

@@ -20,7 +20,13 @@ public AdminConfig(String host, int port, String username, String password) {
         super(host, port, username, password);
     }
 
-    public AdminConfig(AdminConfig other) {
+	/**
+	 * Because this class adds no state and only sets sensible default values for connecting to MarkLogic's Admin app
+	 * server, this copy constructor only requires an instance of {@code RestConfig}.
+	 *
+	 * @param other
+	 */
+    public AdminConfig(RestConfig other) {
     	super(other);
 	}
 }

src/main/java/com/marklogic/mgmt/admin/AdminManager.java

@@ -2,6 +2,7 @@
 
 import com.marklogic.mgmt.AbstractManager;
 import com.marklogic.rest.util.Fragment;
+import com.marklogic.rest.util.RestConfig;
 import com.marklogic.rest.util.RestTemplateUtil;
 import org.springframework.core.io.ByteArrayResource;
 import org.springframework.core.io.Resource;
@@ -189,19 +190,21 @@ public void setSslFipsEnabled(final boolean enabled, final int appServicesPort)
         invokeActionRequiringRestart(new ActionRequiringRestart() {
             @Override
             public boolean execute() {
-                RestTemplate rt = RestTemplateUtil.newRestTemplate(adminConfig.getHost(), appServicesPort,
-                        adminConfig.getUsername(), adminConfig.getPassword());
+				RestConfig evalConfig = new RestConfig(adminConfig);
+				evalConfig.setPort(appServicesPort);
+
                 HttpHeaders headers = new HttpHeaders();
                 headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
                 MultiValueMap<String, String> map = new LinkedMultiValueMap<>();
                 map.add("xquery", xquery);
                 HttpEntity<MultiValueMap<String, String>> entity = new HttpEntity<>(map,
 					headers);
-                String url = format("http://%s:%d/v1/eval", adminConfig.getHost(), appServicesPort);
+
                 if (logger.isInfoEnabled()) {
                     logger.info("Setting SSL FIPS enabled: " + enabled);
                 }
-                rt.exchange(url, HttpMethod.POST, entity, String.class);
+				URI url = evalConfig.buildUri("/v1/eval");
+				RestTemplateUtil.newRestTemplate(evalConfig).exchange(url, HttpMethod.POST, entity, String.class);
                 if (logger.isInfoEnabled()) {
                     logger.info("Finished setting SSL FIPS enabled: " + enabled);
                 }

src/main/java/com/marklogic/mgmt/admin/DefaultAdminConfigFactory.java

@@ -68,7 +68,17 @@ public void initialize() {
 		    }
 	    });
 
-	    propertyConsumerMap.put("mlAdminScheme", (config, prop) -> {
+		propertyConsumerMap.put("mlCloudApiKey", (config, prop) -> {
+			logger.info("Setting cloud API key");
+			config.setCloudApiKey(prop);
+		});
+
+		propertyConsumerMap.put("mlAdminBasePath", (config, prop) -> {
+			logger.info("Admin base path: " + prop);
+			config.setBasePath(prop);
+		});
+
+		propertyConsumerMap.put("mlAdminScheme", (config, prop) -> {
 		    logger.info("Admin interface scheme: " + prop);
 		    config.setScheme(prop);
 	    });

src/main/java/com/marklogic/mgmt/resource/clusters/ClusterManager.java

@@ -2,10 +2,12 @@
 
 import com.marklogic.mgmt.AbstractManager;
 import com.marklogic.mgmt.ManageClient;
+import com.marklogic.mgmt.ManageConfig;
 import com.marklogic.mgmt.admin.ActionRequiringRestart;
 import com.marklogic.mgmt.admin.AdminConfig;
 import com.marklogic.mgmt.admin.AdminManager;
 import com.marklogic.rest.util.Fragment;
+import com.marklogic.rest.util.RestConfig;
 import org.springframework.web.client.ResourceAccessException;
 
 public class ClusterManager extends AbstractManager {
@@ -85,7 +87,8 @@ public void addHost(AdminManager adminManager, String hostname) throws Exception
     public void addHost(AdminManager adminManager, String hostname, String group, String zone) throws Exception{
     	AdminConfig adminConfig = adminManager.getAdminConfig();
 
-		AdminConfig joiningHostAdminConfig = new AdminConfig(hostname, 8001, adminConfig.getUsername(), adminConfig.getPassword());
+		AdminConfig joiningHostAdminConfig = new AdminConfig(adminConfig);
+		joiningHostAdminConfig.setHost(hostname);
 		AdminManager joiningHostAdminManager = new AdminManager(joiningHostAdminConfig);
 
 		// get the joining host's configuration
@@ -111,13 +114,17 @@ public void addHost(AdminManager adminManager, String hostname, String group, St
 
 	/**
 	 * Removes the specified host from the cluster. Assumes connection information is of the host to remove
+	 *
 	 * @param hostname hostname of the server to remove from the cluster
 	 */
-	public void removeHost(String hostname){
-		AdminConfig adminConfig = new AdminConfig(hostname, 8001, manageClient.getManageConfig().getUsername(), manageClient.getManageConfig().getPassword());
-		AdminManager adminManager = new AdminManager(adminConfig);
-		adminManager.leaveCluster();
-
+	public void removeHost(String hostname) {
+		removeHost(hostname, 8001);
 	}
 
+	public void removeHost(String hostname, int adminPort) {
+		AdminConfig removeConfig = new AdminConfig(manageClient.getManageConfig());
+		removeConfig.setHost(hostname);
+		removeConfig.setPort(adminPort);
+		new AdminManager(removeConfig).leaveCluster();
+	}
 }

src/main/java/com/marklogic/rest/util/RestConfig.java

@@ -18,6 +18,8 @@ public class RestConfig {
 	private int port;
 	private String username;
 	private String password;
+	private String cloudApiKey;
+	private String basePath;
 	private String scheme = "http";
 
 	private boolean configureSimpleSsl;
@@ -45,6 +47,9 @@ public RestConfig(RestConfig other) {
 			this.scheme = other.scheme;
 		}
 
+		this.cloudApiKey = other.cloudApiKey;
+		this.basePath = other.basePath;
+
 		this.configureSimpleSsl = other.configureSimpleSsl;
 		this.useDefaultKeystore = other.useDefaultKeystore;
 		this.sslProtocol = other.sslProtocol;
@@ -58,10 +63,12 @@ public DatabaseClientBuilder newDatabaseClientBuilder() {
 		DatabaseClientBuilder builder = new DatabaseClientBuilder()
 			.withHost(getHost())
 			.withPort(getPort())
+			.withBasePath(getBasePath())
 			// TODO Will support all types before the 4.5.0 release
-			.withSecurityContextType("digest")
+			.withSecurityContextType(StringUtils.hasText(getCloudApiKey()) ? "cloud" : "digest")
 			.withUsername(getUsername())
-			.withPassword(getPassword());
+			.withPassword(getPassword())
+			.withCloudApiKey(getCloudApiKey());
 
 		if (getSslContext() != null) {
 			builder.withSSLContext(getSslContext());
@@ -105,8 +112,18 @@ public String toString() {
 	 * @return
 	 */
 	public URI buildUri(String path) {
+		String basePathToAppend = "";
+		if (basePath != null) {
+			if (!basePath.startsWith("/")) {
+				basePathToAppend = "/";
+			}
+			basePathToAppend += basePath;
+			if (path.startsWith("/") && basePathToAppend.endsWith("/")) {
+				basePathToAppend = basePathToAppend.substring(0, basePathToAppend.length() - 1);
+			}
+		}
 		try {
-			return new URI(String.format("%s://%s:%d%s", getScheme(), getHost(), getPort(), path.replace(" ", "+")));
+			return new URI(String.format("%s://%s:%d%s%s", getScheme(), getHost(), getPort(), basePathToAppend, path.replace(" ", "+")));
 		} catch (URISyntaxException ex) {
 			throw new RuntimeException("Unable to build URI for path: " + path + "; cause: " + ex.getMessage(), ex);
 		}
@@ -213,4 +230,20 @@ public DatabaseClientFactory.SSLHostnameVerifier getSslHostnameVerifier() {
 	public void setSslHostnameVerifier(DatabaseClientFactory.SSLHostnameVerifier sslHostnameVerifier) {
 		this.sslHostnameVerifier = sslHostnameVerifier;
 	}
+
+	public String getCloudApiKey() {
+		return cloudApiKey;
+	}
+
+	public void setCloudApiKey(String cloudApiKey) {
+		this.cloudApiKey = cloudApiKey;
+	}
+
+	public String getBasePath() {
+		return basePath;
+	}
+
+	public void setBasePath(String basePath) {
+		this.basePath = basePath;
+	}
 }