From 43bc3c5f7515885b180fa902bffdef2c7df52940 Mon Sep 17 00:00:00 2001 From: Jonathan Cobb Date: Fri, 10 Jan 2020 03:22:53 -0500 Subject: [PATCH] set network ssh key to be installed when filtering db --- .../roles/bubble/files/bubble_role.json | 3 +-- .../service/cloud/AnsiblePrepService.java | 15 +------------ .../dbfilter/DatabaseFilterService.java | 5 +++-- .../service/dbfilter/EntityIterator.java | 21 +++++++++++++++++-- .../dbfilter/FilteredEntityIterator.java | 14 ++++++++----- .../service/dbfilter/FullEntityIterator.java | 2 +- .../models/tests/network/simple_network.json | 4 ++-- utils/cobbzilla-wizard | 2 +- 8 files changed, 37 insertions(+), 29 deletions(-) diff --git a/automation/roles/bubble/files/bubble_role.json b/automation/roles/bubble/files/bubble_role.json index 113f7005..909a098e 100644 --- a/automation/roles/bubble/files/bubble_role.json +++ b/automation/roles/bubble/files/bubble_role.json @@ -22,9 +22,8 @@ {"name": "is_fork", "value": "[[fork]]"}, {"name": "restore_key", "value": "[[restoreKey]]"}, {"name": "restore_timeout", "value": "[[restoreTimeoutSeconds]]"}, - {"name": "rsa_key", "value": "[[rsa_key]]"}, {"name": "test_mode", "value": "[[testMode]]"} ], - "optionalConfigNames": ["restore_key", "restore_timeout", "ssh_key"], + "optionalConfigNames": ["restore_key", "restore_timeout"], "tgzB64": "" } \ No newline at end of file diff --git a/bubble-server/src/main/java/bubble/service/cloud/AnsiblePrepService.java b/bubble-server/src/main/java/bubble/service/cloud/AnsiblePrepService.java index a1ace175..9c5513e1 100644 --- a/bubble-server/src/main/java/bubble/service/cloud/AnsiblePrepService.java +++ b/bubble-server/src/main/java/bubble/service/cloud/AnsiblePrepService.java @@ -2,7 +2,6 @@ package bubble.service.cloud; import bubble.dao.account.AccountSshKeyDAO; import bubble.model.account.Account; -import bubble.model.account.AccountSshKey; import bubble.model.cloud.AnsibleInstallType; import bubble.model.cloud.AnsibleRole; import bubble.model.cloud.BubbleNetwork; @@ -71,18 +70,6 @@ public class AnsiblePrepService { ctx.put("restoreKey", restoreKey); ctx.put("restoreTimeoutSeconds", RESTORE_MONITOR_SCRIPT_TIMEOUT_SECONDS); } - if (network.hasSshKey()) { - final AccountSshKey sshKey = sshKeyDAO.findByAccountAndId(account.getUuid(), network.getSshKey()); - if (sshKey == null) { - return die("prepAnsible: SSH key not found: "+network.getSshKey()); - } else if (sshKey.expired()) { - return die("prepAnsible: SSH key expired: "+network.getSshKey()); - } else { - ctx.put("rsa_key", sshKey.getSshPublicKey()); - } - } else { - ctx.put("rsa_key", "disabled"); - } ctx.put("network", network); ctx.put("node", node); ctx.put("roles", installRoles.stream().map(AnsibleRole::getRoleName).collect(Collectors.toList())); @@ -90,7 +77,7 @@ public class AnsiblePrepService { // Copy database with new encryption key if (installRoles.stream().anyMatch(r->r.getName().startsWith("bubble-"))) { - final String key = dbFilter.copyDatabase(fork, node, account, new File(bubbleFilesDir, "bubble.sql.gz")); + final String key = dbFilter.copyDatabase(fork, network, node, account, new File(bubbleFilesDir, "bubble.sql.gz")); ctx.put("dbEncryptionKey", key); // if this is a fork, and current server is local, then sage will be self diff --git a/bubble-server/src/main/java/bubble/service/dbfilter/DatabaseFilterService.java b/bubble-server/src/main/java/bubble/service/dbfilter/DatabaseFilterService.java index bfefae7e..a50eef0c 100644 --- a/bubble-server/src/main/java/bubble/service/dbfilter/DatabaseFilterService.java +++ b/bubble-server/src/main/java/bubble/service/dbfilter/DatabaseFilterService.java @@ -5,6 +5,7 @@ import bubble.main.RekeyDatabaseOptions; import bubble.main.rekey.RekeyOptions; import bubble.main.rekey.RekeyReaderMain; import bubble.model.account.Account; +import bubble.model.cloud.BubbleNetwork; import bubble.model.cloud.BubbleNode; import bubble.server.BubbleConfiguration; import lombok.Cleanup; @@ -47,7 +48,7 @@ public class DatabaseFilterService { @Autowired private BubbleConfiguration configuration; - public String copyDatabase(boolean fork, BubbleNode node, Account account, File pgDumpFile) { + public String copyDatabase(boolean fork, BubbleNetwork network, BubbleNode node, Account account, File pgDumpFile) { final String dbName = ("bubble_slice_"+randomAlphanumeric(8)+"_"+now()).toLowerCase(); log.info("copyDatabase: starting with dbName: "+dbName); @@ -98,7 +99,7 @@ public class DatabaseFilterService { @Override protected Iterator getEntityProducer(BubbleConfiguration fromConfig, AtomicReference error) { return fork ? new FullEntityIterator(configuration, readerError) - : new FilteredEntityIterator(configuration, account, node, readerError); + : new FilteredEntityIterator(configuration, account, network, node, readerError); } }.runInBackground(readerError::set); diff --git a/bubble-server/src/main/java/bubble/service/dbfilter/EntityIterator.java b/bubble-server/src/main/java/bubble/service/dbfilter/EntityIterator.java index c330d84e..79ae6e6c 100644 --- a/bubble-server/src/main/java/bubble/service/dbfilter/EntityIterator.java +++ b/bubble-server/src/main/java/bubble/service/dbfilter/EntityIterator.java @@ -2,6 +2,8 @@ package bubble.service.dbfilter; import bubble.cloud.storage.local.LocalStorageConfig; import bubble.cloud.storage.local.LocalStorageDriver; +import bubble.model.account.AccountSshKey; +import bubble.model.cloud.BubbleNetwork; import bubble.model.cloud.BubbleNode; import bubble.model.cloud.CloudService; import lombok.Getter; @@ -66,15 +68,30 @@ public abstract class EntityIterator implements Iterator { } } - public void addEntities(Class c, List entities, BubbleNode node) { + public void addEntities(Class c, + List entities, + BubbleNetwork network, + BubbleNode node) { if (CloudService.class.isAssignableFrom(c)) { entities.forEach(e -> add(setLocalStoragePath((CloudService) e))); + + } else if (AccountSshKey.class.isAssignableFrom(c)) { + entities.forEach(e -> add(setInstallKey((AccountSshKey) e, network))); + } else { entities.forEach(this::add); } } - public CloudService setLocalStoragePath(CloudService cloudService) { + private AccountSshKey setInstallKey(AccountSshKey sshKey, BubbleNetwork network) { + if (network == null) return sshKey; + if (network.hasSshKey() && network.getSshKey().equals(sshKey.getUuid())) { + sshKey.setInstallSshKey(true); + } + return sshKey; + } + + private CloudService setLocalStoragePath(CloudService cloudService) { if (!cloudService.usesDriver(LocalStorageDriver.class)) { return cloudService; } diff --git a/bubble-server/src/main/java/bubble/service/dbfilter/FilteredEntityIterator.java b/bubble-server/src/main/java/bubble/service/dbfilter/FilteredEntityIterator.java index 3d7e0a01..6ee7ce2a 100644 --- a/bubble-server/src/main/java/bubble/service/dbfilter/FilteredEntityIterator.java +++ b/bubble-server/src/main/java/bubble/service/dbfilter/FilteredEntityIterator.java @@ -6,6 +6,7 @@ import bubble.dao.cloud.BubbleNodeDAO; import bubble.dao.cloud.BubbleNodeKeyDAO; import bubble.model.account.Account; import bubble.model.account.HasAccount; +import bubble.model.cloud.BubbleNetwork; import bubble.model.cloud.BubbleNode; import bubble.model.cloud.BubbleNodeKey; import bubble.model.device.Device; @@ -37,15 +38,18 @@ public class FilteredEntityIterator extends EntityIterator { private final BubbleConfiguration configuration; private final Account account; + private final BubbleNetwork network; private final BubbleNode node; - public FilteredEntityIterator (BubbleConfiguration configuration, - Account account, - BubbleNode node, - AtomicReference error) { + public FilteredEntityIterator(BubbleConfiguration configuration, + Account account, + BubbleNetwork network, + BubbleNode node, + AtomicReference error) { super(error); this.configuration = configuration; this.account = account; + this.network = network; this.node = node; } @@ -72,7 +76,7 @@ public class FilteredEntityIterator extends EntityIterator { final List entities = aoDAO.dbFilterIncludeAll() ? aoDAO.findAll() : aoDAO.findByAccount(account.getUuid()); - addEntities(c, entities, node); + addEntities(c, entities, network, node); } }); diff --git a/bubble-server/src/main/java/bubble/service/dbfilter/FullEntityIterator.java b/bubble-server/src/main/java/bubble/service/dbfilter/FullEntityIterator.java index aed6543d..be16b019 100644 --- a/bubble-server/src/main/java/bubble/service/dbfilter/FullEntityIterator.java +++ b/bubble-server/src/main/java/bubble/service/dbfilter/FullEntityIterator.java @@ -17,7 +17,7 @@ public class FullEntityIterator extends EntityIterator { protected void iterate() { config.getEntityClasses().forEach(c -> { - addEntities(c, config.getDaoForEntityClass(c).findAll(), null); + addEntities(c, config.getDaoForEntityClass(c).findAll(), null, null); }); log.info("iterate: completed"); } diff --git a/bubble-server/src/test/resources/models/tests/network/simple_network.json b/bubble-server/src/test/resources/models/tests/network/simple_network.json index 92321854..6b90f54f 100644 --- a/bubble-server/src/test/resources/models/tests/network/simple_network.json +++ b/bubble-server/src/test/resources/models/tests/network/simple_network.json @@ -116,13 +116,13 @@ { "comment": "add an ssh key", - "onlyIf": "'{{TEST_SSH_KEY}}'.startsWith('ssh-rsa ')", + "onlyIf": "'{{serverConfig.environment.TEST_SSH_KEY}}'.startsWith('ssh-rsa ')", "request": { "uri": "me/keys", "method": "put", "entity": { "name": "test-key", - "sshPublicKey": "{{TEST_SSH_KEY}}" + "sshPublicKey": "{{serverConfig.environment.TEST_SSH_KEY}}" } }, "response": { diff --git a/utils/cobbzilla-wizard b/utils/cobbzilla-wizard index 80070a2a..33c38a7d 160000 --- a/utils/cobbzilla-wizard +++ b/utils/cobbzilla-wizard @@ -1 +1 @@ -Subproject commit 80070a2a1a03c6b62a64246766269ba9d45a9551 +Subproject commit 33c38a7d30e6c9c9aeeb5d45d2db2a681a1d903e