GUACAMOLE-641: Merge expand extension API to allow properties to be retrieved from key vaults.

2025-09-06 21:27:40 +00:00 · 2021-05-30 21:28:08 -04:00
parent 78904863c4 4dd2a80c84
commit a9f0e55958
30 changed files with 589 additions and 232 deletions
--- a/guacamole/src/main/java/org/apache/guacamole/GuacamoleServletContextListener.java
+++ b/guacamole/src/main/java/org/apache/guacamole/GuacamoleServletContextListener.java
@@ -24,6 +24,7 @@ import com.google.inject.Guice;
 import com.google.inject.Injector;
 import com.google.inject.Stage;
 import com.google.inject.servlet.GuiceServletContextListener;
+import java.io.File;
 import java.util.List;
 import java.util.concurrent.atomic.AtomicReference;
 import javax.inject.Inject;
@@ -33,6 +34,8 @@ import org.apache.guacamole.environment.LocalEnvironment;
 import org.apache.guacamole.extension.ExtensionModule;
 import org.apache.guacamole.log.LogModule;
 import org.apache.guacamole.net.auth.AuthenticationProvider;
+import org.apache.guacamole.properties.BooleanGuacamoleProperty;
+import org.apache.guacamole.properties.FileGuacamoleProperties;
 import org.apache.guacamole.rest.RESTServiceModule;
 import org.apache.guacamole.rest.auth.HashTokenSessionMap;
 import org.apache.guacamole.rest.auth.TokenSessionMap;
@@ -86,6 +89,18 @@ public class GuacamoleServletContextListener extends GuiceServletContextListener
     */
    private final Logger logger = LoggerFactory.getLogger(GuacamoleServletContextListener.class);

+    /**
+     * A property that determines whether environment variables are evaluated
+     * to override properties specified in guacamole.properties.
+     */
+    private static final BooleanGuacamoleProperty ENABLE_ENVIRONMENT_PROPERTIES =
+        new BooleanGuacamoleProperty() {
+            @Override
+            public String getName() {
+                return "enable-environment-properties";
+            }
+        };
+
    /**
     * The Guacamole server environment.
     */
@@ -111,16 +126,38 @@ public class GuacamoleServletContextListener extends GuiceServletContextListener
    @Override
    public void contextInitialized(ServletContextEvent servletContextEvent) {

+        environment = LocalEnvironment.getInstance();
+
+        // Read configuration information from GUACAMOLE_HOME/guacamole.properties
        try {
-            environment = new LocalEnvironment();
-            sessionMap = new HashTokenSessionMap(environment);
+            File guacProperties = new File(environment.getGuacamoleHome(), "guacamole.properties");
+            environment.addGuacamoleProperties(new FileGuacamoleProperties(guacProperties));
+            logger.info("Read configuration parameters from \"{}\".", guacProperties);
        }
        catch (GuacamoleException e) {
            logger.error("Unable to read guacamole.properties: {}", e.getMessage());
            logger.debug("Error reading guacamole.properties.", e);
-            throw new RuntimeException(e);
        }

+        // For any values not defined in GUACAMOLE_HOME/guacamole.properties,
+        // read from system environment if "enable-environment-properties" is
+        // set to "true"
+        try {
+            if (environment.getProperty(ENABLE_ENVIRONMENT_PROPERTIES, false)) {
+                environment.addGuacamoleProperties(new SystemEnvironmentGuacamoleProperties());
+                logger.info("Additional configuration parameters may be read "
+                        + "from environment variables.");
+            }
+        }
+        catch (GuacamoleException e) {
+            logger.error("Unable to configure support for environment properties: {}", e.getMessage());
+            logger.debug("Error reading \"{}\" property from guacamole.properties.", ENABLE_ENVIRONMENT_PROPERTIES.getName(), e);
+        }
+
+        // Now that at least the main guacamole.properties source of
+        // configuration information is available, initialize the session map
+        sessionMap = new HashTokenSessionMap(environment);
+
        // NOTE: The superclass implementation of contextInitialized() is
        // expected to invoke getInjector(), hence the need to call AFTER
        // setting up the environment and session map
--- a/guacamole/src/main/java/org/apache/guacamole/SystemEnvironmentGuacamoleProperties.java
+++ b/guacamole/src/main/java/org/apache/guacamole/SystemEnvironmentGuacamoleProperties.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole;
+
+import org.apache.guacamole.properties.GuacamoleProperties;
+import org.apache.guacamole.token.TokenName;
+
+/**
+ * GuacamoleProperties implementation which reads all properties from
+ * environment variables. The name of the environment variable corresponding to
+ * any particular property is determined using
+ * {@link TokenName#canonicalize(java.lang.String)}.
+ */
+public class SystemEnvironmentGuacamoleProperties implements GuacamoleProperties {
+
+    @Override
+    public String getProperty(String name) {
+        return System.getenv(TokenName.canonicalize(name));
+    }
+
+}
--- a/guacamole/src/main/java/org/apache/guacamole/auth/file/FileAuthenticationProvider.java
+++ b/guacamole/src/main/java/org/apache/guacamole/auth/file/FileAuthenticationProvider.java
@@ -63,25 +63,13 @@ public class FileAuthenticationProvider extends SimpleAuthenticationProvider {
    /**
     * Guacamole server environment.
     */
-    private final Environment environment;
+    private final Environment environment = LocalEnvironment.getInstance();

    /**
     * The filename to use for the user mapping.
     */
    public static final String USER_MAPPING_FILENAME = "user-mapping.xml";
    
-    /**
-     * Creates a new FileAuthenticationProvider that authenticates users against
-     * simple, monolithic XML file.
-     *
-     * @throws GuacamoleException
-     *     If a required property is missing, or an error occurs while parsing
-     *     a property.
-     */
-    public FileAuthenticationProvider() throws GuacamoleException {
-        environment = new LocalEnvironment();
-    }
-
    @Override
    public String getIdentifier() {
        return "default";
--- a/guacamole/src/main/java/org/apache/guacamole/rest/schema/SchemaResource.java
+++ b/guacamole/src/main/java/org/apache/guacamole/rest/schema/SchemaResource.java
@@ -171,7 +171,7 @@ public class SchemaResource {
    public Map<String, ProtocolInfo> getProtocols() throws GuacamoleException {

        // Get and return a map of all protocols.
-        Environment env = new LocalEnvironment();
+        Environment env = LocalEnvironment.getInstance();
        return env.getProtocols();

    }