secrets provider: custom non-bundled connectors support, some javadoc

Evolveum · Feb 7, 2024 · f31b496 · f31b496
1 parent 361ed47
commit f31b496
Show file tree

Hide file tree

Showing 5 changed files with 86 additions and 35 deletions.
diff --git a/infra/common/src/main/java/com/evolveum/midpoint/common/secrets/SecretsProviderConsumer.java b/infra/common/src/main/java/com/evolveum/midpoint/common/secrets/SecretsProviderConsumer.java
diff --git a/infra/common/src/main/java/com/evolveum/midpoint/common/secrets/SecretsProviderManager.java b/infra/common/src/main/java/com/evolveum/midpoint/common/secrets/SecretsProviderManager.java
@@ -13,13 +13,18 @@
 import java.util.Map;
 import java.util.stream.Collectors;
 
-import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
-
 import org.springframework.stereotype.Component;
 
 import com.evolveum.midpoint.prism.crypto.SecretsProvider;
+import com.evolveum.midpoint.prism.crypto.SecretsProviderConsumer;
 import com.evolveum.midpoint.util.exception.SystemException;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
 
+/**
+ * Manages secrets providers instances.
+ *
+ * It's used to handle configuration changes in {@link SystemConfigurationType} related to secrets providers.
+ */
 @Component
 public class SecretsProviderManager {
 
@@ -40,6 +45,7 @@ public synchronized void configure(SecretsProviderConsumer consumer, SecretsProv
         configurations.add(configuration.getDockerSecretsProvider());
         configurations.addAll(configuration.getKubernetesSecretsProvider());
         configurations.addAll(configuration.getPropertiesSecretsProvider());
+        configurations.addAll(configuration.getCustomSecretsProvider());
 
         configurations = configurations.stream()
                 .filter(c -> c != null)
@@ -73,19 +79,37 @@ private void destroyProvider(SecretsProviderConsumer consumer, SecretsProvider p
         }
     }
 
+    @SuppressWarnings("unchecked")
     private <C extends AbstractSecretsProviderType> SecretsProvider createProvider(C configuration) {
         if (configuration == null) {
             return null;
         }
 
-        Class<? extends SecretsProvider> providerClass = PROVIDER_TYPES.get(configuration.getClass());
-        if (providerClass == null) {
-            throw new SystemException(
-                    "Unknown secrets provider type for configuration of type: " + configuration.getClass());
+        Class<? extends SecretsProvider> providerClass;
+        if (configuration instanceof CustomSecretsProviderType custom) {
+            String className = custom.getClassName();
+            if (className == null) {
+                throw new SystemException("No class name specified for custom secrets provider");
+            }
+
+            try {
+                providerClass = (Class<? extends SecretsProvider>) Class.forName(className);
+            } catch (Exception ex) {
+                throw new SystemException("Couldn't find custom secrets provider class: " + className, ex);
+            }
+        } else {
+            providerClass = PROVIDER_TYPES.get(configuration.getClass());
+
+            if (providerClass == null) {
+                throw new SystemException(
+                        "Unknown secrets provider type for configuration of type: " + configuration.getClass());
+            }
         }
 
         try {
-            SecretsProvider provider = providerClass.getConstructor(configuration.getClass()).newInstance(configuration);
+            SecretsProvider provider = providerClass
+                    .getConstructor(configuration.getClass())
+                    .newInstance(configuration);
             provider.init();
 
             return provider;

diff --git a/infra/schema/src/main/resources/xml/ns/public/common/common-security-3.xsd b/infra/schema/src/main/resources/xml/ns/public/common/common-security-3.xsd
@@ -3468,6 +3468,7 @@
             <xsd:element ref="tns:dockerSecretsProvider" minOccurs="0"/>
             <xsd:element ref="tns:propertiesSecretsProvider" minOccurs="0" maxOccurs="unbounded"/>
             <xsd:element ref="tns:kubernetesSecretsProvider" minOccurs="0" maxOccurs="unbounded"/>
+            <xsd:element ref="tns:customSecretsProvider" minOccurs="0" maxOccurs="unbounded"/>
         </xsd:sequence>
     </xsd:complexType>
 
@@ -3525,6 +3526,56 @@
         </xsd:sequence>
     </xsd:complexType>
 
+    <xsd:complexType name="CustomSecretsProviderType">
+        <xsd:annotation>
+            <xsd:documentation>
+                Environment variables secrets provider.
+            </xsd:documentation>
+            <xsd:appinfo>
+                <a:container>true</a:container>
+                <a:since>4.9</a:since>
+            </xsd:appinfo>
+        </xsd:annotation>
+        <xsd:complexContent>
+            <xsd:extension base="tns:AbstractSecretsProviderType">
+                <xsd:sequence>
+                    <xsd:element name="className" type="xsd:string">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Class name of the custom secrets provider.
+                                Class must be available on classpath.
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                    <xsd:element name="configuration" type="tns:CustomSecretsProviderConfigurationType" minOccurs="0">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Configuration of the custom secrets provider.
+                            </xsd:documentation>
+                        </xsd:annotation>
+                    </xsd:element>
+                </xsd:sequence>
+            </xsd:extension>
+        </xsd:complexContent>
+    </xsd:complexType>
+
+    <xsd:element name="customSecretsProvider" type="tns:CustomSecretsProviderType"/>
+
+    <xsd:complexType name="CustomSecretsProviderConfigurationType">
+        <xsd:annotation>
+            <xsd:documentation>
+                Configuration of the custom secrets provider.
+            </xsd:documentation>
+            <xsd:appinfo>
+                <a:container>true</a:container>
+                <a:since>4.9</a:since>
+            </xsd:appinfo>
+        </xsd:annotation>
+        <xsd:sequence>
+            <xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+        </xsd:sequence>
+    </xsd:complexType>
+
     <xsd:complexType name="EnvironmentVariablesSecretsProviderType">
         <xsd:annotation>
             <xsd:documentation>

diff --git a/...main/java/com/evolveum/midpoint/repo/sqlbase/SystemConfigurationChangeDispatcherImpl.java b/...main/java/com/evolveum/midpoint/repo/sqlbase/SystemConfigurationChangeDispatcherImpl.java
@@ -10,7 +10,7 @@
 import java.util.Collections;
 import java.util.concurrent.ConcurrentHashMap;
 
-import com.evolveum.midpoint.common.secrets.SecretsProviderConsumer;
+import com.evolveum.midpoint.prism.crypto.SecretsProviderConsumer;
 import com.evolveum.midpoint.common.secrets.SecretsProviderManager;
 
 import com.evolveum.midpoint.prism.crypto.Protector;

diff --git a/repo/system-init/src/main/java/com/evolveum/midpoint/init/ConfigurableProtector.java b/repo/system-init/src/main/java/com/evolveum/midpoint/init/ConfigurableProtector.java
@@ -12,14 +12,13 @@
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
-import com.evolveum.midpoint.common.secrets.SecretsProviderConsumer;
+import com.evolveum.midpoint.prism.crypto.SecretsProviderConsumer;
 import com.evolveum.midpoint.prism.crypto.EncryptionException;
 import com.evolveum.midpoint.prism.crypto.ProtectedData;
 import com.evolveum.midpoint.prism.crypto.SecretsProvider;
 import com.evolveum.midpoint.prism.impl.crypto.KeyStoreBasedProtectorImpl;
 import com.evolveum.midpoint.util.exception.SchemaException;
 import com.evolveum.prism.xml.ns._public.types_3.ExternalDataType;
-import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
 
 import org.jetbrains.annotations.NotNull;
 
@@ -28,12 +27,12 @@ public class ConfigurableProtector extends KeyStoreBasedProtectorImpl implements
     private final Map<String, SecretsProvider> providers = new ConcurrentHashMap<>();
 
     @Override
-    public void addSecretsProvider(SecretsProvider provider) {
+    public void addSecretsProvider(@NotNull SecretsProvider provider) {
         providers.put(provider.getIdentifier(), provider);
     }
 
     @Override
-    public void removeSecretsProvider(SecretsProvider provider) {
+    public void removeSecretsProvider(@NotNull SecretsProvider provider) {
         providers.remove(provider.getIdentifier());
     }