yifan-c commented on code in PR #318: URL: https://github.com/apache/cassandra-sidecar/pull/318#discussion_r2839449447
########## server/src/main/java/org/apache/cassandra/sidecar/cluster/auth/CqlAuthProvider.java: ########## @@ -0,0 +1,28 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.cassandra.sidecar.cluster.auth; + +/** + * Provides authentication details used by Sidecar's internal Cassandra CQL client. + */ +public interface CqlAuthProvider +{ + String username(); + String password(); Review Comment: Please add javadoc, although the method name is self-explanatory. ########## server/src/main/java/org/apache/cassandra/sidecar/cluster/auth/FileProvider.java: ########## @@ -0,0 +1,94 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.cassandra.sidecar.cluster.auth; + +import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.InvalidPathException; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.util.Map; +import java.util.Objects; + +import org.apache.cassandra.sidecar.exceptions.ConfigurationException; + +/** + * Loads CQL username/password from files. + */ +public class FileProvider implements CqlAuthProvider +{ + static final String USERNAME_PATH_PARAM = "username_path"; + static final String PASSWORD_PATH_PARAM = "password_path"; + + private final Path usernamePath; + private final Path passwordPath; + + public FileProvider(Map<String, String> parameters) + { + Objects.requireNonNull(parameters, "parameters must not be null"); + this.usernamePath = resolvePath(parameters, USERNAME_PATH_PARAM); + this.passwordPath = resolvePath(parameters, PASSWORD_PATH_PARAM); + } + + private static Path resolvePath(Map<String, String> parameters, String key) + { + if (!parameters.containsKey(key)) + { + throw new ConfigurationException("Missing required auth_provider parameter \"" + key + "\""); + } + + try + { + return Paths.get(parameters.get(key)); + } + catch (InvalidPathException e) + { + throw new ConfigurationException("Invalid path in auth_provider parameter \"" + key + "\"", e); + } + } + + private static String readSecret(Path path, String key) + { + try + { + String secret = Files.readString(path).trim(); + if (secret.isEmpty()) + { + throw new ConfigurationException("Empty content in auth_provider file for parameter \"" + key + "\""); + } + return secret; + } + catch (IOException e) + { + throw new ConfigurationException("Unable to read auth_provider file for parameter \"" + key + "\"", e); + } + } + + @Override + public String username() + { + return readSecret(usernamePath, USERNAME_PATH_PARAM); + } + + @Override + public String password() + { + return readSecret(passwordPath, PASSWORD_PATH_PARAM); + } Review Comment: It reads from the file every single time per call. Do you expect the username/password to change? And the indentation is wrong. ########## server/src/main/java/org/apache/cassandra/sidecar/cluster/auth/ConfigProvider.java: ########## @@ -0,0 +1,64 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.cassandra.sidecar.cluster.auth; + +import java.util.Map; +import java.util.Objects; + +import org.apache.cassandra.sidecar.exceptions.ConfigurationException; + +/** + * Loads CQL username/password directly from auth_provider parameters. + */ +public class ConfigProvider implements CqlAuthProvider +{ + static final String USERNAME_PARAM = "username"; + static final String PASSWORD_PARAM = "password"; + + private final String username; + private final String password; + + public ConfigProvider(Map<String, String> parameters) + { + Objects.requireNonNull(parameters, "parameters must not be null"); + this.username = requiredParameter(parameters, USERNAME_PARAM); + this.password = requiredParameter(parameters, PASSWORD_PARAM); + } + + private static String requiredParameter(Map<String, String> parameters, String key) + { + if (!parameters.containsKey(key)) + { + throw new ConfigurationException("Missing required auth_provider parameter \"" + key + "\""); + } + return parameters.get(key); + } + + @Override + public String username() + { + return username; + } + + @Override + public String password() + { + return password; + } Review Comment: indentation space is wrong - please use 4 spaces. ########## server/src/main/java/org/apache/cassandra/sidecar/modules/ConfigurationModule.java: ########## @@ -121,11 +128,45 @@ CQLSessionProvider cqlSessionProvider(Vertx vertx, { CQLSessionProviderImpl cqlSessionProvider = new CQLSessionProviderImpl(sidecarConfiguration, NettyOptions.DEFAULT_INSTANCE, + cqlAuthProvider(sidecarConfiguration), driverUtils); vertx.eventBus().localConsumer(ON_SERVER_STOP.address(), message -> cqlSessionProvider.close()); return cqlSessionProvider; } + CqlAuthProvider cqlAuthProvider(SidecarConfiguration sidecarConfiguration) + { + DriverConfiguration driverConfiguration = sidecarConfiguration.driverConfiguration(); + + ParameterizedClassConfiguration config = driverConfiguration.authProvider(); + if (config == null) + { + // Fallback to the old one + String username = driverConfiguration.username() != null ? driverConfiguration.username() : ""; + String password = driverConfiguration.password() != null ? driverConfiguration.password() : ""; Review Comment: I do not think defaulting to empty string is the old behavior, which allows `null` for username and password. The reason of defaulting to the empty string seems to only to conform the `Map.of()` constructor. A workaround could be wrap HashMap (which permits `null` value) with unmodifiable. ########## server/src/main/java/org/apache/cassandra/sidecar/modules/ConfigurationModule.java: ########## @@ -121,11 +128,45 @@ CQLSessionProvider cqlSessionProvider(Vertx vertx, { CQLSessionProviderImpl cqlSessionProvider = new CQLSessionProviderImpl(sidecarConfiguration, NettyOptions.DEFAULT_INSTANCE, + cqlAuthProvider(sidecarConfiguration), driverUtils); vertx.eventBus().localConsumer(ON_SERVER_STOP.address(), message -> cqlSessionProvider.close()); return cqlSessionProvider; } + CqlAuthProvider cqlAuthProvider(SidecarConfiguration sidecarConfiguration) + { + DriverConfiguration driverConfiguration = sidecarConfiguration.driverConfiguration(); + + ParameterizedClassConfiguration config = driverConfiguration.authProvider(); + if (config == null) + { + // Fallback to the old one + String username = driverConfiguration.username() != null ? driverConfiguration.username() : ""; + String password = driverConfiguration.password() != null ? driverConfiguration.password() : ""; + + return new ConfigProvider( + Map.of("username", username, "password", password)); + } + + if (config.namedParameters() == null) + { + throw new ConfigurationException("Missing parameters for auth_provider"); + } + + Map<String, String> namedParameters = config.namedParameters(); + + if (config.className().equalsIgnoreCase(ConfigProvider.class.getName())) + { + return new ConfigProvider(namedParameters); + } + if (config.className().equalsIgnoreCase(FileProvider.class.getName())) + { + return new FileProvider(namedParameters); + } + throw new ConfigurationException("Unrecognized cql auth_provider " + config.className() + " set"); Review Comment: To truly make it pluggable, we need to use reflection to construct the instance from the supplied class name, instead of throwing. For example, ```suggestion try { Class<?> cls = Class.forName(config.className()); return (CqlAuthProvider) cls.getDeclaredConstructor(Map.class).newInstance(namedParameters); } catch (ReflectiveOperationException e) { throw new ConfigurationException("Failed to instantiate auth_provider " + config.className(), e); } ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
