jboss-openshift · rcernich · Aug 21, 2017 · Jul 13, 2017
@@ -91,6 +91,7 @@ function add_secure_transport(){
       fi
     fi
 
+    # JDBC
     transport="<transport name=\"secure-jdbc\" socket-binding=\"secure-teiid-jdbc\" protocol=\"teiid\"><authentication security-domain=\"teiid-security\"/><ssl mode=\"enabled\" authentication-mode=\"$auth_mode\" ssl-protocol=\"TLSv1.2\" keymanagement-algorithm=\"SunX509\">"
 
     if [ "$auth_mode" != "anonymous" ]; then 
@@ -99,6 +100,15 @@ function add_secure_transport(){
 
     transport="$transport </ssl></transport>"
 
+    # ODBC
+    transport="$transport <transport name=\"secure-odbc\" socket-binding=\"secure-teiid-odbc\" protocol=\"pg\"><authentication security-domain=\"teiid-security\"/><ssl mode=\"enabled\" authentication-mode=\"$auth_mode\" ssl-protocol=\"TLSv1.2\" keymanagement-algorithm=\"SunX509\">"
+
+    if [ "$auth_mode" != "anonymous" ]; then
+      transport="$transport <keystore name=\"${keystore_dir}/${keystore}\" password=\"$DATAVIRT_TRANSPORT_KEYSTORE_PASSWORD\" type=\"$keystore_type\" key-alias=\"$key_alias\"/><truststore name=\"${keystore_dir}/${keystore}\" password=\"$keystore_pwd\"/>"
+    fi
+
+    transport="$transport </ssl></transport>"
+
     sed -i "s|<!-- ##TEIID_SECURE_TRANSPORT## -->|${transport}|g" ${CONFIG_FILE}
   fi
 }

@@ -533,6 +533,7 @@
             <!-- ##TEIID_SECURE_TRANSPORT## -->
             <transport name="odbc" socket-binding="teiid-odbc" protocol="pg">
                 <authentication security-domain="teiid-security"/>
+                <ssl mode="disabled"/>
             </transport>
             <translator name="jdbc-simple" module="org.jboss.teiid.translator.jdbc"/>
             <translator name="jdbc-ansi" module="org.jboss.teiid.translator.jdbc"/>
@@ -629,6 +630,7 @@
         <socket-binding name="teiid-jdbc" port="31000" interface="any"/>
         <socket-binding name="secure-teiid-jdbc" port="31443" interface="any"/>
         <socket-binding name="teiid-odbc" port="35432"/>
+        <socket-binding name="secure-teiid-odbc" port="35443"/>
         <socket-binding name="txn-recovery-environment" port="4712"/>
         <socket-binding name="txn-status-manager" port="4713"/>
         <outbound-socket-binding name="mail-smtp">

@@ -77,7 +77,7 @@ Feature: OpenShift Datavirt tests
       And file /opt/eap/standalone/configuration/application-roles.properties should contain user2=group2
       And file /opt/eap/standalone/configuration/application-roles.properties should not contain teiidUser
 
-  Scenario: check for secure jdbc config
+  Scenario: check for secure jdbc/odbc config
     When container is started with env  
       | variable                                 | value                                       |
       | DATAVIRT_TRANSPORT_KEYSTORE              | keystore.jks                                |
@@ -90,13 +90,21 @@ Feature: OpenShift Datavirt tests
     Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value SunX509 on XPath //*[local-name()='transport'][@name="secure-jdbc"]/*[local-name()='ssl']/@keymanagement-algorithm
     Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value /etc/jdv-secret-volume/keystore.jks on XPath //*[local-name()='transport'][@name="secure-jdbc"]/*[local-name()='ssl']/*[local-name()='keystore']/@name
     Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value /etc/jdv-secret-volume/keystore.jks on XPath //*[local-name()='transport'][@name="secure-jdbc"]/*[local-name()='ssl']/*[local-name()='truststore']/@name
+    Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value secure-odbc on XPath //*[local-name()='transport']/@name
+    Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value 1-way on XPath //*[local-name()='transport'][@name="secure-odbc"]/*[local-name()='ssl']/@authentication-mode
+    Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value TLSv1.2 on XPath //*[local-name()='transport'][@name="secure-odbc"]/*[local-name()='ssl']/@ssl-protocol
+    Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value SunX509 on XPath //*[local-name()='transport'][@name="secure-odbc"]/*[local-name()='ssl']/@keymanagement-algorithm
+    Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value /etc/jdv-secret-volume/keystore.jks on XPath //*[local-name()='transport'][@name="secure-odbc"]/*[local-name()='ssl']/*[local-name()='keystore']/@name
+    Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value /etc/jdv-secret-volume/keystore.jks on XPath //*[local-name()='transport'][@name="secure-odbc"]/*[local-name()='ssl']/*[local-name()='truststore']/@name
 
-   Scenario: check for secure jdbc config with anonymous auth mode
+   Scenario: check for secure jdbc/odbc config with anonymous auth mode
     When container is started with env
       | variable                                 | value                                       |
       | DATAVIRT_TRANSPORT_AUTHENTICATION_MODE   | anonymous                                   |
     Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value secure-jdbc on XPath //*[local-name()='transport']/@name
     Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value anonymous on XPath //*[local-name()='transport'][@name="secure-jdbc"]/*[local-name()='ssl']/@authentication-mode
+    Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value secure-odbc on XPath //*[local-name()='transport']/@name
+    Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value anonymous on XPath //*[local-name()='transport'][@name="secure-odbc"]/*[local-name()='ssl']/@authentication-mode
 
     Scenario: check for secure jdbc config with missing config
     When container is started with env