Skip to content

Commit

Permalink
HPCC-30160 Automatic SOAPCALL secret credentials
Browse files Browse the repository at this point in the history
Signed-off-by: Anthony Fishbeck <[email protected]>
  • Loading branch information
afishbeck committed Sep 21, 2023
1 parent 2078c1b commit 875692d
Show file tree
Hide file tree
Showing 9 changed files with 406 additions and 63 deletions.
155 changes: 105 additions & 50 deletions common/thorhelper/thorsoapcall.cpp

Large diffs are not rendered by default.

87 changes: 87 additions & 0 deletions ecl/eclcmd/eclcmd_core.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
#include <stdio.h>
#include "jlog.hpp"
#include "jfile.hpp"
#include "jsecrets.hpp"
#include "jargv.hpp"
#include "jflz.hpp"
#include "httpclient.hpp"
Expand Down Expand Up @@ -2115,6 +2116,90 @@ class EclCmdZapGen : public EclCmdCommon
};



class EclCmdUrlMapSecretName : public CInterfaceOf<IEclCommand>
{
public:
EclCmdUrlMapSecretName()
{

}

virtual eclCmdOptionMatchIndicator parseCommandLineOptions(ArgvIterator &iter) override
{
eclCmdOptionMatchIndicator retVal = EclCmdOptionNoMatch;
if (iter.done())
return EclCmdOptionNoMatch;

for (; !iter.done(); iter.next())
{
const char *arg = iter.query();
if (*arg != '-') //parameters don't start with '-'
{
if (optUrl.length())
{
fprintf(stderr, "\nunrecognized argument %s\n", arg);
return EclCmdOptionCompletion;
}
optUrl.set(arg);
retVal = EclCmdOptionMatch;
continue;
}
if (iter.matchOption(optUsername, ECLOPT_USERNAME))
{
retVal = EclCmdOptionMatch;
continue;
}
}
return retVal;
}
virtual bool finalizeOptions(IProperties *globals) override
{
if (optUrl.isEmpty())
{
fprintf(stdout, "\n URL parameter required.\n");
return false;
}
return true;
}
virtual int processCMD() override
{
StringBuffer secretName;
generateDynamicUrlSecretName(secretName, optUrl, optUsername);
if (secretName.isEmpty())
{
fputs("Error genenerating secret name.", stderr);
return 1;
}
fputs(secretName.str(), stdout);
fputs("\n", stdout);
return 0;
}
virtual void usage() override
{
fputs("\nUsage:\n"
"\n"
"The 'url-secret-name' command generates a secret name from a url that can be used to support\n"
" ECL SOAPCALL/HTTPCALL automated url to secret mapping.\n"
" Username can either be embedded in the url, such as https://[email protected], or\n"
" Passed in as a parameter --username=username\n"
" Passwords embedded in the URL are not needed and will be ignored.\n"
"\n"
"When ECL SOAPCALL URL secret mapping is enabled SOAPCALL will convert the URL provided into a name of this format.\n"
" ECL will then attempt to lookup the secret, and if found will use the contents of the secret, rather then the original url.\n"
"\n"
"ecl url-secret-name <URL> [--username=<username>]\n"
"\n"
" URL the URL to convert into a secret name\n"
" Options:\n"
" --username Username to associate with the URL. Will override any username embedded in the URL.\n",
stdout);
}
private:
StringAttr optUrl;
StringAttr optUsername;
};

//=========================================================================================

IEclCommand *createCoreEclCommand(const char *cmdname)
Expand Down Expand Up @@ -2145,6 +2230,8 @@ IEclCommand *createCoreEclCommand(const char *cmdname)
return new EclCmdStatus();
if (strieq(cmdname, "zapgen"))
return new EclCmdZapGen();
if (strieq(cmdname, "url-secret-name"))
return new EclCmdUrlMapSecretName();
if (strieq(cmdname, "sign"))
return createSignEclCommand();
if (strieq(cmdname, "listkeyuid"))
Expand Down
45 changes: 45 additions & 0 deletions helm/hpcc/values.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -1507,6 +1507,21 @@
},
"hpa": {
"$ref": "#/definitions/hpa"
},
"mapHttpCallUrlsToSecrets": {
"type": "boolean",
"default": false,
"description": "In SOAPCALL and HTTPCALL check if URLs have been mapped to secrets"
},
"warnIfUrlNotMappedToSecret": {
"type": "boolean",
"default": false,
"description": "In SOAPCALL and HTTPCALL warn if URLs not mapped to secrets"
},
"requireUrlsMappedToSecrets": {
"type": "boolean",
"default": false,
"description": "Require SOAPCALL and HTTPCALL URLs are secrets or mapped to secrets"
}
}
},
Expand Down Expand Up @@ -2189,6 +2204,21 @@
"minimum": 0,
"description": "Interval (in milliseconds) between checks that client socket is still open"
},
"mapHttpCallUrlsToSecrets": {
"type": "boolean",
"default": false,
"description": "In SOAPCALL and HTTPCALL check if URLs have been mapped to secrets"
},
"warnIfUrlNotMappedToSecret": {
"type": "boolean",
"default": false,
"description": "In SOAPCALL and HTTPCALL warn if URLs not mapped to secrets"
},
"requireUrlsMappedToSecrets": {
"type": "boolean",
"default": false,
"description": "Require SOAPCALL and HTTPCALL URLs are secrets or mapped to secrets"
},
"expert": {
"description": "Custom internal options usually reserved for internal testing",
"type": "object"
Expand Down Expand Up @@ -2426,6 +2456,21 @@
},
"allowedPipePrograms": {
"$ref" : "#/definitions/allowedPipePrograms"
},
"mapHttpCallUrlsToSecrets": {
"type": "boolean",
"default": false,
"description": "In SOAPCALL and HTTPCALL check if URLs have been mapped to secrets"
},
"warnIfUrlNotMappedToSecret": {
"type": "boolean",
"default": false,
"description": "In SOAPCALL and HTTPCALL warn if URLs not mapped to secrets"
},
"requireUrlsMappedToSecrets": {
"type": "boolean",
"default": false,
"description": "Require SOAPCALL and HTTPCALL URLs are secrets or mapped to secrets"
}
}
},
Expand Down
9 changes: 9 additions & 0 deletions initfiles/componentfiles/configxml/agentexec.xsl
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,15 @@
<xsl:attribute name="analyzeWorkunit">
<xsl:value-of select="@analyzeWorkunit"/>
</xsl:attribute>
<xsl:attribute name="mapHttpCallUrlsToSecrets">
<xsl:value-of select="@mapHttpCallUrlsToSecrets"/>
</xsl:attribute>
<xsl:attribute name="warnIfUrlNotMappedToSecret">
<xsl:value-of select="@warnIfUrlNotMappedToSecret"/>
</xsl:attribute>
<xsl:attribute name="requireUrlsMappedToSecrets">
<xsl:value-of select="@requireUrlsMappedToSecrets"/>
</xsl:attribute>

<xsl:attribute name="thorConnectTimeout">
<xsl:value-of select="@thorConnectTimeout"/>
Expand Down
21 changes: 21 additions & 0 deletions initfiles/componentfiles/configxml/eclagent_config.xsd.in
Original file line number Diff line number Diff line change
Expand Up @@ -286,6 +286,27 @@
</xs:appinfo>
</xs:annotation>
</xs:attribute>
<xs:attribute name="mapHttpCallUrlsToSecrets" type="xs:boolean" use="optional" default="false">
<xs:annotation>
<xs:appinfo>
<tooltip>In SOAPCALL and HTTPCALL check if URLs have been mapped to secrets</tooltip>
</xs:appinfo>
</xs:annotation>
</xs:attribute>
<xs:attribute name="warnIfUrlNotMappedToSecret" type="xs:boolean" use="optional" default="false">
<xs:annotation>
<xs:appinfo>
<tooltip>In SOAPCALL and HTTPCALL warn if URLs not mapped to secrets</tooltip>
</xs:appinfo>
</xs:annotation>
</xs:attribute>
<xs:attribute name="requireUrlsMappedToSecrets" type="xs:boolean" use="optional" default="false">
<xs:annotation>
<xs:appinfo>
<tooltip>Require SOAPCALL and HTTPCALL URLs are secrets or mapped to secrets</tooltip>
</xs:appinfo>
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>

</xs:schema>
21 changes: 21 additions & 0 deletions initfiles/componentfiles/configxml/roxie.xsd.in
Original file line number Diff line number Diff line change
Expand Up @@ -673,6 +673,27 @@
</xs:appinfo>
</xs:annotation>
</xs:attribute>
<xs:attribute name="mapHttpCallUrlsToSecrets" type="xs:boolean" use="optional" default="false">
<xs:annotation>
<xs:appinfo>
<tooltip>In SOAPCALL and HTTPCALL check if URLs have been mapped to secrets</tooltip>
</xs:appinfo>
</xs:annotation>
</xs:attribute>
<xs:attribute name="warnIfUrlNotMappedToSecret" type="xs:boolean" use="optional" default="false">
<xs:annotation>
<xs:appinfo>
<tooltip>In SOAPCALL and HTTPCALL warn if URLs not mapped to secrets</tooltip>
</xs:appinfo>
</xs:annotation>
</xs:attribute>
<xs:attribute name="requireUrlsMappedToSecrets" type="xs:boolean" use="optional" default="false">
<xs:annotation>
<xs:appinfo>
<tooltip>Require SOAPCALL and HTTPCALL URLs are secrets or mapped to secrets</tooltip>
</xs:appinfo>
</xs:annotation>
</xs:attribute>
<xs:attribute name="ignoreOrphans" type="xs:boolean" use="optional" default="true">
<xs:annotation>
<xs:appinfo>
Expand Down
21 changes: 21 additions & 0 deletions initfiles/componentfiles/configxml/thor.xsd.in
Original file line number Diff line number Diff line change
Expand Up @@ -656,6 +656,27 @@
</xs:annotation>
</xs:attribute>
</xs:complexType>
<xs:attribute name="mapHttpCallUrlsToSecrets" type="xs:boolean" use="optional" default="false">
<xs:annotation>
<xs:appinfo>
<tooltip>In SOAPCALL and HTTPCALL check if URLs have been mapped to secrets</tooltip>
</xs:appinfo>
</xs:annotation>
</xs:attribute>
<xs:attribute name="warnIfUrlNotMappedToSecret" type="xs:boolean" use="optional" default="false">
<xs:annotation>
<xs:appinfo>
<tooltip>In SOAPCALL and HTTPCALL warn if URLs not mapped to secrets</tooltip>
</xs:appinfo>
</xs:annotation>
</xs:attribute>
<xs:attribute name="requireUrlsMappedToSecrets" type="xs:boolean" use="optional" default="false">
<xs:annotation>
<xs:appinfo>
<tooltip>Require SOAPCALL and HTTPCALL URLs are secrets or mapped to secrets</tooltip>
</xs:appinfo>
</xs:annotation>
</xs:attribute>
<xs:attribute name="fieldTranslationEnabled" use="optional" default="payload">
<xs:annotation>
<xs:appinfo>
Expand Down
Loading

0 comments on commit 875692d

Please sign in to comment.