From f7d90a641ee4d0d715c4b0f53f7ed1368cb850cc Mon Sep 17 00:00:00 2001 From: James Muehlner Date: Tue, 28 Jun 2022 20:55:19 +0000 Subject: [PATCH] GUACAMOLE-1629: Add configuration properties and associated translations. --- .../vault/conf/VaultAttributeService.java | 40 ++++++++++++ .../vault/user/VaultUserContext.java | 16 +++++ .../ksm/KsmAuthenticationProviderModule.java | 3 + .../vault/ksm/conf/KsmAttributeService.java | 63 +++++++++++++++++++ .../src/main/resources/translations/en.json | 12 ++++ 5 files changed, 134 insertions(+) create mode 100644 extensions/guacamole-vault/modules/guacamole-vault-base/src/main/java/org/apache/guacamole/vault/conf/VaultAttributeService.java create mode 100644 extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/conf/KsmAttributeService.java create mode 100644 extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/resources/translations/en.json diff --git a/extensions/guacamole-vault/modules/guacamole-vault-base/src/main/java/org/apache/guacamole/vault/conf/VaultAttributeService.java b/extensions/guacamole-vault/modules/guacamole-vault-base/src/main/java/org/apache/guacamole/vault/conf/VaultAttributeService.java new file mode 100644 index 000000000..b77601621 --- /dev/null +++ b/extensions/guacamole-vault/modules/guacamole-vault-base/src/main/java/org/apache/guacamole/vault/conf/VaultAttributeService.java @@ -0,0 +1,40 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.vault.conf; + +import java.util.Collection; + +import org.apache.guacamole.form.Form; + +/** + * A service that exposes attributes for the admin UI, specific to the vault + * implementation. Any vault implementation will need to expose the attributes + * necessary for that implementation. + */ +public interface VaultAttributeService { + + /** + * Return all connection group attributes to be exposed through the admin UI. + * + * @return + * All connection group attributes to be exposed through the admin UI. + */ + public Collection
getConnectionGroupAttributes(); +} diff --git a/extensions/guacamole-vault/modules/guacamole-vault-base/src/main/java/org/apache/guacamole/vault/user/VaultUserContext.java b/extensions/guacamole-vault/modules/guacamole-vault-base/src/main/java/org/apache/guacamole/vault/user/VaultUserContext.java index 53901483e..58056842b 100644 --- a/extensions/guacamole-vault/modules/guacamole-vault-base/src/main/java/org/apache/guacamole/vault/user/VaultUserContext.java +++ b/extensions/guacamole-vault/modules/guacamole-vault-base/src/main/java/org/apache/guacamole/vault/user/VaultUserContext.java @@ -22,12 +22,15 @@ package org.apache.guacamole.vault.user; import com.google.inject.Inject; import com.google.inject.assistedinject.Assisted; import com.google.inject.assistedinject.AssistedInject; + +import java.util.Collection; import java.util.HashMap; import java.util.Map; import java.util.concurrent.ExecutionException; import java.util.concurrent.Future; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleServerException; +import org.apache.guacamole.form.Form; import org.apache.guacamole.net.auth.Connection; import org.apache.guacamole.net.auth.ConnectionGroup; import org.apache.guacamole.net.auth.TokenInjectingUserContext; @@ -35,6 +38,7 @@ import org.apache.guacamole.net.auth.UserContext; import org.apache.guacamole.protocol.GuacamoleConfiguration; import org.apache.guacamole.token.GuacamoleTokenUndefinedException; import org.apache.guacamole.token.TokenFilter; +import org.apache.guacamole.vault.conf.VaultAttributeService; import org.apache.guacamole.vault.conf.VaultConfigurationService; import org.apache.guacamole.vault.secret.VaultSecretService; import org.slf4j.Logger; @@ -121,6 +125,13 @@ public class VaultUserContext extends TokenInjectingUserContext { @Inject private VaultSecretService secretService; + /** + * Service for retrieving any custom attributes defined for the + * current vault implementation. + */ + @Inject + private VaultAttributeService attributeService; + /** * Creates a new VaultUserContext which automatically injects tokens * containing values of secrets retrieved from a vault. The given @@ -403,4 +414,9 @@ public class VaultUserContext extends TokenInjectingUserContext { } + @Override + public Collection getConnectionGroupAttributes() { + return attributeService.getConnectionGroupAttributes(); + } + } diff --git a/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/KsmAuthenticationProviderModule.java b/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/KsmAuthenticationProviderModule.java index bcc5a784e..17580b8a0 100644 --- a/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/KsmAuthenticationProviderModule.java +++ b/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/KsmAuthenticationProviderModule.java @@ -21,8 +21,10 @@ package org.apache.guacamole.vault.ksm; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.vault.VaultAuthenticationProviderModule; +import org.apache.guacamole.vault.ksm.conf.KsmAttributeService; import org.apache.guacamole.vault.ksm.conf.KsmConfigurationService; import org.apache.guacamole.vault.ksm.secret.KsmSecretService; +import org.apache.guacamole.vault.conf.VaultAttributeService; import org.apache.guacamole.vault.conf.VaultConfigurationService; import org.apache.guacamole.vault.ksm.secret.KsmClient; import org.apache.guacamole.vault.ksm.secret.KsmRecordService; @@ -51,6 +53,7 @@ public class KsmAuthenticationProviderModule // Bind services specific to Keeper Secrets Manager bind(KsmClient.class); bind(KsmRecordService.class); + bind(VaultAttributeService.class).to(KsmAttributeService.class); bind(VaultConfigurationService.class).to(KsmConfigurationService.class); bind(VaultSecretService.class).to(KsmSecretService.class); } diff --git a/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/conf/KsmAttributeService.java b/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/conf/KsmAttributeService.java new file mode 100644 index 000000000..ade0f97e9 --- /dev/null +++ b/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/conf/KsmAttributeService.java @@ -0,0 +1,63 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.vault.ksm.conf; + +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; + +import org.apache.guacamole.form.Form; +import org.apache.guacamole.form.MultilineField; +import org.apache.guacamole.vault.conf.VaultAttributeService; + +import com.google.inject.Singleton; + +/** + * A service that exposes KSM-specific attributes, allowing setting KSM + * configuration through the admin interface. + */ +@Singleton +public class KsmAttributeService implements VaultAttributeService { + + /** + * The name of the attribute which can contain a KSM configuration blob + * associated with a connection group. + */ + public static final String KSM_CONFIGURATION_ATTRIBUTE = "ksm-config"; + + /** + * All attributes related to configuring the KSM vault on a + * per-connection-group basis. + */ + public static final Form KSM_CONFIGURATION_FORM = new Form("ksm-config", + Arrays.asList(new MultilineField(KSM_CONFIGURATION_ATTRIBUTE))); + + /** + * All KSM-specific connection group attributes, organized by form. + */ + public static final Collection KSM_CONNECTION_GROUP_ATTRIBUTES = + Collections.unmodifiableCollection(Arrays.asList(KSM_CONFIGURATION_FORM)); + + @Override + public Collection getConnectionGroupAttributes() { + return KSM_CONNECTION_GROUP_ATTRIBUTES; + } + +} diff --git a/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/resources/translations/en.json b/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/resources/translations/en.json new file mode 100644 index 000000000..abda16cef --- /dev/null +++ b/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/resources/translations/en.json @@ -0,0 +1,12 @@ +{ + + "DATA_SOURCE_KEEPER_SECRETS_MANAGER" : { + "NAME" : "Keeper Secrets Manager" + }, + + "CONNECTION_GROUP_ATTRIBUTES" : { + "SECTION_HEADER_KSM_CONFIG" : "Keeper Secrets Manager", + "FIELD_HEADER_KSM_CONFIG" : "KSM Service Configuration " + } + +}