safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-10-30 16:43:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-641: Automatically pull Guacamole properties from vault.

Browse Source
This commit is contained in:
Michael Jumper
2022-01-21 15:23:41 -08:00
parent 46501f4b63
commit 86d1de5f2c
4 changed files with 118 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
extensions/guacamole-vault/modules/guacamole-vault-base/src/main/java/org/apache/guacamole/vault/VaultAuthenticationProvider.java
View File

@@ -22,10 +22,12 @@ package org.apache.guacamole.vault;
import com.google.inject.Guice;
import com.google.inject.Injector;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.environment.Environment;
import org.apache.guacamole.net.auth.AbstractAuthenticationProvider;
import org.apache.guacamole.net.auth.AuthenticatedUser;
import org.apache.guacamole.net.auth.Credentials;
import org.apache.guacamole.net.auth.UserContext;
import org.apache.guacamole.vault.conf.VaultConfigurationService;
import org.apache.guacamole.vault.user.VaultUserContextFactory;
/**
@@ -47,10 +49,22 @@ public abstract class VaultAuthenticationProvider
*
* @param module
* The module to use to configure dependency injection.
*
* @throws GuacamoleException
* If the properties file containing vault-mapped Guacamole
* configuration properties exists but cannot be read.
*/
protected VaultAuthenticationProvider(VaultAuthenticationProviderModule module) {
protected VaultAuthenticationProvider(VaultAuthenticationProviderModule module)
throws GuacamoleException {
Injector injector = Guice.createInjector(module);
this.userContextFactory = injector.getInstance(VaultUserContextFactory.class);
// Automatically pull properties from vault
Environment environment = injector.getInstance(Environment.class);
VaultConfigurationService confService = injector.getInstance(VaultConfigurationService.class);
environment.addGuacamoleProperties(confService.getProperties());
}
@Override

77
extensions/guacamole-vault/modules/guacamole-vault-base/src/main/java/org/apache/guacamole/vault/conf/VaultConfigurationService.java
View File

@@ -27,10 +27,16 @@ import java.io.File;
import java.io.IOException;
import java.util.Collections;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ExecutionException;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleServerException;
import org.apache.guacamole.environment.Environment;
import org.apache.guacamole.properties.FileGuacamoleProperties;
import org.apache.guacamole.properties.GuacamoleProperties;
import org.apache.guacamole.properties.PropertiesGuacamoleProperties;
import org.apache.guacamole.vault.VaultAuthenticationProviderModule;
import org.apache.guacamole.vault.secret.VaultSecretService;
/**
* Base class for services which retrieve key vault configuration information.
@@ -47,6 +53,9 @@ public abstract class VaultConfigurationService {
@Inject
private Environment environment;
@Inject
private VaultSecretService secretService;
/**
* ObjectMapper for deserializing YAML.
*/
@@ -58,15 +67,30 @@ public abstract class VaultConfigurationService {
*/
private final String tokenMappingFilename;
/**
* The name of the properties file containing Guacamole configuration
* properties. Unlike guacamole.properties, the values of these properties
* are read from the vault. Each property is expected to contain a secret
* name instead of a property value.
*/
private final String propertiesFilename;
/**
* Creates a new VaultConfigurationService which retrieves the token/secret
* mapping from a YAML file having the given name.
* mappings and Guacamole configuration properties from the files with the
* given names.
*
* @param tokenMappingFilename
* The name of the YAML file containing the token/secret mapping.
*
* @param propertiesFilename
* The name of the properties file containing Guacamole configuration
* properties whose values are the names of corresponding secrets.
*/
protected VaultConfigurationService(String tokenMappingFilename) {
protected VaultConfigurationService(String tokenMappingFilename,
String propertiesFilename) {
this.tokenMappingFilename = tokenMappingFilename;
this.propertiesFilename = propertiesFilename;
}
/**
@@ -114,4 +138,53 @@ public abstract class VaultConfigurationService {
}
/**
* Returns a GuacamoleProperties instance which automatically reads the
* values of requested properties from the vault. The name of the secret
* corresponding to a property stored in the vault is defined via the
* properties filename supplied at construction time.
*
* @return
* A GuacamoleProperties instance which automatically reads property
* values from the vault.
*
* @throws GuacamoleException
* If the properties file containing the property/secret mappings
* exists but cannot be read.
*/
public GuacamoleProperties getProperties() throws GuacamoleException {
// Use empty properties if file cannot be found
File propFile = new File(environment.getGuacamoleHome(), propertiesFilename);
if (!propFile.exists())
return new PropertiesGuacamoleProperties(new Properties());
// Automatically pull properties from vault
return new FileGuacamoleProperties(propFile) {
@Override
public String getProperty(String name) throws GuacamoleException {
try {
String secretName = super.getProperty(name);
if (secretName == null)
return null;
return secretService.getValue(secretName).get();
}
catch (InterruptedException | ExecutionException e) {
if (e.getCause() instanceof GuacamoleException)
throw (GuacamoleException) e;
throw new GuacamoleServerException(String.format("Property "
+ "\"%s\" could not be retrieved from the vault.", name), e);
}
}
};
}
}