From: Ioakeim Samaras Date: Fri, 4 Oct 2019 09:02:51 +0000 (+0300) Subject: [UI] Optional trust of all SSL Certificates X-Git-Tag: 2.0.0~21^2 X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F36%2F1736%2F2;p=validation.git [UI] Optional trust of all SSL Certificates The user can select whether the UI should trust all SSL certificates or not. JIRA: VAL-63 Signed-off-by: Ioakeim Samaras Change-Id: I3d1b7dba74342550aa743f906affba7cf7ddd7fc --- diff --git a/docker/README.rst b/docker/README.rst index 9ddbc27..1708db1 100644 --- a/docker/README.rst +++ b/docker/README.rst @@ -100,7 +100,8 @@ In order for the container to be easily created, the deploy.sh script has been d CONTAINER_NAME, name of the container, default value is akraino-validation-mysql MYSQL_ROOT_PASSWORD, the desired mysql root user password, this variable is required -MYSQL_AKRAINO_PASSWORD, the desired mysql akraino user password, this variable is required +MYSQL_USER, the desired mysql user, the default value is 'akraino' +MYSQL_PASSWORD, the desired mysql user password, this variable is required REGISTRY, registry of the mysql image, default value is akraino NAME, name of the mysql image, default value is validation TAG_PRE, first part of the image version, default value is mysql @@ -114,7 +115,7 @@ Example (assuming the default variables have been utilized for building the imag .. code-block:: console cd validation/docker/mysql - ./deploy.sh MYSQL_ROOT_PASSWORD=root_password MYSQL_AKRAINO_PASSWORD=akraino_password + ./deploy.sh --MYSQL_ROOT_PASSWORD root_password --MYSQL_PASSWORD akraino_password Also, in order to re-deploy the database (it is assumed that the corresponding mysql container has been stopped and deleted) while the persistent storage already exists (currently, the 'akraino-validation-mysql' docker volume is used), a different approach should be used after the image building process. @@ -162,7 +163,8 @@ In order for the container to be easily created, the deploy.sh script has been d CONTAINER_NAME, the name of the contaner, default value is akraino-validation-ui DB_IP_PORT, the IP and port of the mysql instance, this variable is required -MYSQL_AKRAINO_PASSWORD, the mysql akraino user password, this variable is required +MYSQL_USER, the mysql user, the default value is 'akraino' +MYSQL_PASSWORD, the mysql user password, this variable is required REGISTRY, the registry of the mysql image, default value is akraino NAME, the name of the mysql image, default value is validation TAG_PRE, the first part of the image version, default value is ui @@ -176,6 +178,7 @@ JENKINS_PROXY, the needed proxy in order for the Jenkins server to be reachable, CERTDIR, the directory where the SSL certificates can be found, default value is the working directory where self signed certificates exist only for demo purposes ENCRYPTION_KEY, the key that should be used by the AES algorithm for encrypting passwords stored in database, this variable is required UI_ADMIN_PASSWORD, the desired Blueprint Validation UI password for the admin user, this variable is required +TRUST_ALL, the variable that defines whether the UI should trust all certificates or not, default value is false Note that, for a functional UI, the following prerequisites are needed: @@ -192,7 +195,7 @@ Example (assuming the default variables have been utilized for building the imag .. code-block:: console cd validation/docker/ui - ./deploy.sh DB_IP_PORT=172.17.0.3:3306 MYSQL_AKRAINO_PASSWORD=akraino_password ENCRYPTION_KEY=AGADdG4D04BKm2IxIWEr8o== UI_ADMIN_PASSWORD=admin + ./deploy.sh --DB_IP_PORT 172.17.0.3:3306 --MYSQL_PASSWORD akraino_password --ENCRYPTION_KEY AGADdG4D04BKm2IxIWEr8o== --UI_ADMIN_PASSWORD admin The kube-conformance container ============================== diff --git a/docker/mysql/deploy.sh b/docker/mysql/deploy.sh index 7357cd1..2a62184 100755 --- a/docker/mysql/deploy.sh +++ b/docker/mysql/deploy.sh @@ -23,7 +23,8 @@ DOCKER_VOLUME_NAME="akraino-validation-mysql" CONTAINER_NAME="akraino-validation-mysql" # Container input variables MYSQL_ROOT_PASSWORD="" -MYSQL_AKRAINO_PASSWORD="" +MYSQL_USER="akraino" +MYSQL_PASSWORD="" # Image data REGISTRY=akraino NAME=validation @@ -31,21 +32,12 @@ TAG_PRE=mysql TAG_VER=latest MYSQL_HOST_PORT=3307 -for ARGUMENT in "$@" -do - KEY=$(echo $ARGUMENT | cut -f1 -d=) - VALUE=$(echo $ARGUMENT | cut -f2 -d=) - case "$KEY" in - REGISTRY) REGISTRY=${VALUE} ;; - NAME) NAME=${VALUE} ;; - TAG_VER) TAG_VER=${VALUE} ;; - TAG_PRE) TAG_PRE=${VALUE} ;; - MYSQL_ROOT_PASSWORD) MYSQL_ROOT_PASSWORD=${VALUE} ;; - MYSQL_AKRAINO_PASSWORD) MYSQL_AKRAINO_PASSWORD=${VALUE} ;; - CONTAINER_NAME) CONTAINER_NAME=${VALUE} ;; - MYSQL_HOST_PORT) MYSQL_HOST_PORT=${VALUE} ;; - *) - esac +while [ $# -gt 0 ]; do + if [[ $1 == *"--"* ]]; then + v="${1/--/}" + declare $v="$2" + fi + shift done if [ -z "$MYSQL_ROOT_PASSWORD" ] @@ -54,13 +46,13 @@ if [ -z "$MYSQL_ROOT_PASSWORD" ] exit 1 fi -if [ -z "$MYSQL_AKRAINO_PASSWORD" ] +if [ -z "$MYSQL_PASSWORD" ] then - echo "ERROR: You must specify the mysql database akraino user password" + echo "ERROR: You must specify the mysql database user password" exit 1 fi IMAGE="$REGISTRY"/"$NAME":"$TAG_PRE"-"$TAG_VER" chmod 0444 "/$(pwd)/mysql.conf" -docker run --detach --name $CONTAINER_NAME --publish $MYSQL_HOST_PORT:3306 -v $DOCKER_VOLUME_NAME:/var/lib/mysql -v "/$(pwd)/mysql.conf:/etc/mysql/conf.d/my.cnf" -e MYSQL_ROOT_PASSWORD="$MYSQL_ROOT_PASSWORD" -e MYSQL_DATABASE="akraino_bluvalui" -e MYSQL_USER="akraino" -e MYSQL_PASSWORD="$MYSQL_AKRAINO_PASSWORD" $IMAGE +docker run --detach --name $CONTAINER_NAME --publish $MYSQL_HOST_PORT:3306 -v $DOCKER_VOLUME_NAME:/var/lib/mysql -v "$(pwd)/mysql.conf:/etc/mysql/conf.d/my.cnf" -e MYSQL_ROOT_PASSWORD="$MYSQL_ROOT_PASSWORD" -e MYSQL_DATABASE="akraino_bluvalui" -e MYSQL_USER="$MYSQL_USER" -e MYSQL_PASSWORD="$MYSQL_PASSWORD" $IMAGE sleep 10 diff --git a/docker/mysql/deploy_with_existing_persistent_storage.sh b/docker/mysql/deploy_with_existing_persistent_storage.sh index bd449ec..13aeaef 100755 --- a/docker/mysql/deploy_with_existing_persistent_storage.sh +++ b/docker/mysql/deploy_with_existing_persistent_storage.sh @@ -28,21 +28,14 @@ TAG_PRE=mysql TAG_VER=latest MYSQL_HOST_PORT=3307 -for ARGUMENT in "$@" -do - KEY=$(echo $ARGUMENT | cut -f1 -d=) - VALUE=$(echo $ARGUMENT | cut -f2 -d=) - case "$KEY" in - REGISTRY) REGISTRY=${VALUE} ;; - NAME) NAME=${VALUE} ;; - TAG_VER) TAG_VER=${VALUE} ;; - TAG_PRE) TAG_PRE=${VALUE} ;; - CONTAINER_NAME) CONTAINER_NAME=${VALUE} ;; - MYSQL_HOST_PORT) MYSQL_HOST_PORT=${VALUE} ;; - *) - esac +while [ $# -gt 0 ]; do + if [[ $1 == *"--"* ]]; then + v="${1/--/}" + declare $v="$2" + fi + shift done IMAGE="$REGISTRY"/"$NAME":"$TAG_PRE"-"$TAG_VER" -docker run --detach --name $CONTAINER_NAME --publish $MYSQL_HOST_PORT:3306 -v $DOCKER_VOLUME_NAME:/var/lib/mysql -v "/$(pwd)/mysql.conf:/etc/mysql/conf.d/my.cnf" $IMAGE +docker run --detach --name $CONTAINER_NAME --publish $MYSQL_HOST_PORT:3306 -v $DOCKER_VOLUME_NAME:/var/lib/mysql -v "$(pwd)/mysql.conf:/etc/mysql/conf.d/my.cnf" $IMAGE sleep 10 diff --git a/docker/ui/deploy.sh b/docker/ui/deploy.sh index 8e782c6..d7970d5 100755 --- a/docker/ui/deploy.sh +++ b/docker/ui/deploy.sh @@ -24,7 +24,8 @@ NAME=validation TAG_PRE=ui TAG_VER=latest # Container input parameters -MYSQL_AKRAINO_PASSWORD="" +MYSQL_USER="akraino" +MYSQL_PASSWORD="" JENKINS_URL="https://jenkins.akraino.org/" JENKINS_USERNAME="demo" JENKINS_USER_PASSWORD="demo" @@ -35,30 +36,14 @@ JENKINS_PROXY="" CERTDIR=$(pwd) ENCRYPTION_KEY="" UI_ADMIN_PASSWORD="" +TRUST_ALL="false" -for ARGUMENT in "$@" -do - KEY=$(echo $ARGUMENT | cut -f1 -d=) - VALUE=$(echo $ARGUMENT | cut -f2 -d=) - case "$KEY" in - REGISTRY) REGISTRY=${VALUE} ;; - NAME) NAME=${VALUE} ;; - TAG_PRE) TAG_PRE=${VALUE} ;; - TAG_VER) TAG_VER=${VALUE} ;; - MYSQL_AKRAINO_PASSWORD) MYSQL_AKRAINO_PASSWORD=${VALUE} ;; - JENKINS_URL) JENKINS_URL=${VALUE} ;; - JENKINS_USERNAME) JENKINS_USERNAME=${VALUE} ;; - JENKINS_USER_PASSWORD) JENKINS_USER_PASSWORD=${VALUE} ;; - JENKINS_JOB_NAME) JENKINS_JOB_NAME=${VALUE} ;; - DB_IP_PORT) DB_IP_PORT=${VALUE} ;; - CONTAINER_NAME) CONTAINER_NAME=${VALUE} ;; - NEXUS_PROXY) NEXUS_PROXY=${VALUE} ;; - JENKINS_PROXY) JENKINS_PROXY=${VALUE} ;; - CERTDIR) CERTDIR=${VALUE} ;; - ENCRYPTION_KEY) ENCRYPTION_KEY=${VALUE} ;; - UI_ADMIN_PASSWORD) UI_ADMIN_PASSWORD=${VALUE} ;; - *) - esac +while [ $# -gt 0 ]; do + if [[ $1 == *"--"* ]]; then + v="${1/--/}" + declare $v="$2" + fi + shift done if [ -z "$DB_IP_PORT" ] @@ -67,9 +52,9 @@ if [ -z "$DB_IP_PORT" ] exit 1 fi -if [ -z "$MYSQL_AKRAINO_PASSWORD" ] +if [ -z "$MYSQL_PASSWORD" ] then - echo "ERROR: You must specify the mysql akraino user password" + echo "ERROR: You must specify the mysql user password" exit 1 fi @@ -88,5 +73,5 @@ fi echo "Note: If there is a password already stored in database, the supplied UI_ADMIN_PASSWORD will be ignored." IMAGE="$REGISTRY"/"$NAME":"$TAG_PRE"-"$TAG_VER" -docker run --detach --name $CONTAINER_NAME --network="host" -v "$(pwd)/server.xml:/usr/local/tomcat/conf/server.xml" -v "$CERTDIR/bluval.key:/usr/local/tomcat/bluval.key" -v "$CERTDIR/bluval.crt:/usr/local/tomcat/bluval.crt" -v "$(pwd)/root_index.jsp:/usr/local/tomcat/webapps/ROOT/index.jsp" -e DB_IP_PORT="$DB_IP_PORT" -e MYSQL_AKRAINO_PASSWORD="$MYSQL_AKRAINO_PASSWORD" -e JENKINS_URL="$JENKINS_URL" -e JENKINS_USERNAME="$JENKINS_USERNAME" -e JENKINS_USER_PASSWORD="$JENKINS_USER_PASSWORD" -e JENKINS_JOB_NAME="$JENKINS_JOB_NAME" -e NEXUS_PROXY="$NEXUS_PROXY" -e JENKINS_PROXY="$JENKINS_PROXY" -e ENCRYPTION_KEY="$ENCRYPTION_KEY" -e UI_ADMIN_PASSWORD="$UI_ADMIN_PASSWORD" $IMAGE +docker run --detach --name $CONTAINER_NAME --network="host" -v "$(pwd)/server.xml:/usr/local/tomcat/conf/server.xml" -v "$CERTDIR/bluval.key:/usr/local/tomcat/bluval.key" -v "$CERTDIR/bluval.crt:/usr/local/tomcat/bluval.crt" -v "$(pwd)/root_index.jsp:/usr/local/tomcat/webapps/ROOT/index.jsp" -e DB_IP_PORT="$DB_IP_PORT" -e MYSQL_USER="$MYSQL_USER" -e MYSQL_PASSWORD="$MYSQL_PASSWORD" -e JENKINS_URL="$JENKINS_URL" -e JENKINS_USERNAME="$JENKINS_USERNAME" -e JENKINS_USER_PASSWORD="$JENKINS_USER_PASSWORD" -e JENKINS_JOB_NAME="$JENKINS_JOB_NAME" -e NEXUS_PROXY="$NEXUS_PROXY" -e JENKINS_PROXY="$JENKINS_PROXY" -e ENCRYPTION_KEY="$ENCRYPTION_KEY" -e UI_ADMIN_PASSWORD="$UI_ADMIN_PASSWORD" -e TRUST_ALL="$TRUST_ALL" $IMAGE sleep 10 diff --git a/ui/CHANGELOG.md b/ui/CHANGELOG.md index 0e73fa8..bea59b6 100644 --- a/ui/CHANGELOG.md +++ b/ui/CHANGELOG.md @@ -233,3 +233,13 @@ All notable changes to this project will be documented in this file. - 'akraino' database has been renamed to 'akraino_bluvalui' ### Removed + +## [0.4.4-SNAPSHOT] - 4 October 2019 +### Added +- The user can define whether the UI can trust all SSL certificates or not. +- The mysql user name can be configured. + +### Changed +- New approach is used for interpreting shell script input variables. Now, all symbols are recognized. + +### Removed diff --git a/ui/README.rst b/ui/README.rst index e8051f4..035ac53 100644 --- a/ui/README.rst +++ b/ui/README.rst @@ -169,15 +169,14 @@ Also, a script has been developed, namely validation/docker/mysql/deploy.sh whic CONTAINER_NAME, name of the container, default value is akraino-validation-mysql MYSQL_ROOT_PASSWORD, the desired mysql root user password, this variable is required -MYSQL_AKRAINO_PASSWORD, the desired mysql akraino user password, this variable is required +MYSQL_USER, the mysql user, the default value is 'akraino' +MYSQL_PASSWORD, the desired mysql user password, this variable is required REGISTRY, registry of the mysql image, default value is akraino NAME, name of the mysql image, default value is validation TAG_PRE, first part of the image version, default value is mysql TAG_VER, last part of the image version, default value is latest MYSQL_HOST_PORT, port on which mysql is exposed on host, default value is 3307 -Currently, one user is supported by the UI, namely admin (full privileges). Its password is initialized during UI deployment (refer to UI deployment section). This password can be modified using the UI. Furthermore, more users can be created/modified using the UI. - In order to build and deploy the image using only the required parameters, the below instructions should be followed: The mysql root password, mysql akraino user password (currently the UI connects to the database using the akraino user), the UI admin password and the UI akraino password should be configured using the appropriate variables and the following commands should be executed: @@ -187,7 +186,7 @@ The mysql root password, mysql akraino user password (currently the UI connects cd validation/ui mvn docker:build -Ddocker.filter=akraino/validation:dev-mysql-latest cd ../docker/mysql - ./deploy.sh TAG_PRE=dev-mysql MYSQL_ROOT_PASSWORD= MYSQL_AKRAINO_PASSWORD= + ./deploy.sh --TAG_PRE dev-mysql --MYSQL_ROOT_PASSWORD --MYSQL_PASSWORD mysql -p -uakraino -h < ../../ui/db-scripts/examples/initialize_db_example.sql In order to retrieve the IP of the mysql container, the following command should be executed: @@ -216,7 +215,7 @@ The mysql root user password should be configured using the appropriate variable .. code-block:: console cd validation/docker/mysql - ./deploy_with_existing_persistent_storage.sh TAG_PRE=dev-mysql + ./deploy_with_existing_persistent_storage.sh --TAG_PRE dev-mysql Finally, if the database must be re-deployed (it is assumed that the corresponding mysql container has been stopped and deleted) and the old persistent storage must be deleted, the used docker volume should be first deleted (note that all database's data will be lost). @@ -226,7 +225,7 @@ To this end, after the image build process, the following commands should be exe docker volume rm akraino-validation-mysql cd validation/docker/mysql - ./deploy.sh TAG_PRE=dev-mysql MYSQL_ROOT_PASSWORD= MYSQL_AKRAINO_PASSWORD= + ./deploy.sh --TAG_PRE dev-mysql --MYSQL_ROOT_PASSWORD --MYSQL_PASSWORD mysql -p -uakraino -h < ../../ui/db-scripts/examples/initialize_db_example.sql In the context of the UI application, the following tables exist in the database: @@ -395,7 +394,8 @@ Also, a script has been developed, namely validation/docker/ui/deploy.sh which e CONTAINER_NAME, the name of the container, default value is akraino-validation-ui DB_IP_PORT, the IP and port of the mysql instance, this variable is required -MYSQL_AKRAINO_PASSWORD, the mysql akraino user password, this variable is required +MYSQL_USER, the mysql user, the default value is 'akraino' +MYSQL_PASSWORD, the mysql user password, this variable is required REGISTRY, the registry of the ui image, default value is akraino NAME, the name of the ui image, default value is validation TAG_PRE, the first part of the image version, default value is ui @@ -409,6 +409,7 @@ JENKINS_PROXY, the needed proxy in order for the Jenkins server to be reachable, CERTDIR, the directory where the SSL certificates can be found, default value is the working directory where self signed certificates exist only for demo purposes ENCRYPTION_KEY, the key that should be used by the AES algorithm for encrypting passwords stored in database, this variable is required UI_ADMIN_PASSWORD, the desired Blueprint Validation UI password for the admin user, this variable is required +TRUST_ALL, the variable that defines whether the UI should trust all certificates or not, default value is false So, for a functional UI, the following prerequisites are needed: @@ -420,9 +421,11 @@ Then, the following commands can be executed in order to deploy the UI container .. code-block:: console cd ../docker/ui - ./deploy.sh TAG_PRE=dev-ui DB_IP_PORT= MYSQL_AKRAINO_PASSWORD= ENCRYPTION_KEY= UI_ADMIN_PASSWORD= + ./deploy.sh --TAG_PRE dev-ui --DB_IP_PORT --MYSQL_PASSWORD --ENCRYPTION_KEY --UI_ADMIN_PASSWORD + +The content of the DB_IP_PORT can be for example '172.17.0.3:3306'. Also, the value of the encryption key can be for example 'AGADdG4D04BKm2IxIWEr8o=='. -The content of the DB_IP_PORT can be for example '172.17.0.3:3306'. Also, the value of the encryption key can be for example 'AGADdG4D04BKm2IxIWEr8o'. Note that the symbol '=' is not recognized. +Currently, one user is supported by the UI, namely admin (full privileges). Its password is initialized during UI deployment. This password can be modified using the UI. Furthermore, more users can be created/modified using the UI. Furthermore, the TAG_PRE variable should be defined as the default value is 'ui' (note that the 'dev-ui' is used for development purposes - look at pom.xml file). diff --git a/ui/pom.xml b/ui/pom.xml index e0be1e0..d69dbd2 100644 --- a/ui/pom.xml +++ b/ui/pom.xml @@ -14,7 +14,7 @@ org.akraino.validation ui - 0.4.3-SNAPSHOT + 0.4.4-SNAPSHOT Bluval UI Maven Webapp war diff --git a/ui/src/main/java/org/akraino/validation/ui/conf/ExternalAppConfig.java b/ui/src/main/java/org/akraino/validation/ui/conf/ExternalAppConfig.java index 738722a..c4a92c0 100644 --- a/ui/src/main/java/org/akraino/validation/ui/conf/ExternalAppConfig.java +++ b/ui/src/main/java/org/akraino/validation/ui/conf/ExternalAppConfig.java @@ -115,8 +115,8 @@ public class ExternalAppConfig extends AppConfig implements Configurable { dataSource.setDriverClass(SystemProperties.getProperty(SystemProperties.DB_DRIVER)); dataSource.setJdbcUrl("jdbc:mysql://" + System.getenv("DB_IP_PORT") + "/" + PortalApiProperties.getProperty("akraino_database_name")); - dataSource.setUser(SystemProperties.getProperty(SystemProperties.DB_USERNAME)); - String password = System.getenv("MYSQL_AKRAINO_PASSWORD"); + dataSource.setUser(System.getenv("MYSQL_USER")); + String password = System.getenv("MYSQL_PASSWORD"); if (SystemProperties.containsProperty(SystemProperties.DB_ENCRYPT_FLAG)) { String encryptFlag = SystemProperties.getProperty(SystemProperties.DB_ENCRYPT_FLAG); if (encryptFlag != null && encryptFlag.equalsIgnoreCase("true")) { diff --git a/ui/src/main/java/org/akraino/validation/ui/conf/UiInitializer.java b/ui/src/main/java/org/akraino/validation/ui/conf/UiInitializer.java index 0052040..0520f58 100644 --- a/ui/src/main/java/org/akraino/validation/ui/conf/UiInitializer.java +++ b/ui/src/main/java/org/akraino/validation/ui/conf/UiInitializer.java @@ -74,15 +74,17 @@ public class UiInitializer { @EventListener(ContextRefreshedEvent.class) public void setHttpProperties() throws NoSuchAlgorithmException, KeyManagementException { - SSLContext sslContext = SSLContext.getInstance("SSL"); - sslContext.init(null, this.trustAll, new java.security.SecureRandom()); - HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); - // Install the all-trusting host verifier - HttpsURLConnection.setDefaultHostnameVerifier(this.hostnameVerifier); - DefaultClientConfig config = new DefaultClientConfig(); - Map properties = config.getProperties(); - HTTPSProperties httpsProperties = new HTTPSProperties((str, sslSession) -> true, sslContext); - properties.put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, httpsProperties); + if (System.getenv("TRUST_ALL") != null && System.getenv("TRUST_ALL").equals("true")) { + SSLContext sslContext = SSLContext.getInstance("SSL"); + sslContext.init(null, this.trustAll, new java.security.SecureRandom()); + HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); + // Install the all-trusting host verifier + HttpsURLConnection.setDefaultHostnameVerifier(this.hostnameVerifier); + DefaultClientConfig config = new DefaultClientConfig(); + Map properties = config.getProperties(); + HTTPSProperties httpsProperties = new HTTPSProperties((str, sslSession) -> true, sslContext); + properties.put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, httpsProperties); + } } @EventListener(ContextRefreshedEvent.class)