[artemiscloud#37] The security CR's management.connector config is wr…

…ongly handled

(cherry picked from commit 7b045d5)

downstream: ENTMQBR-8538

script/cfg/apply_security.py

@@ -771,19 +771,38 @@ def __init__(self, mgmtxml, is_from_yacfg):
             self.namespaces = {'mgmt': "http://activemq.org/schema"}
         else:
             self.namespaces = {'mgmt': "http://activemq.apache.org/schema"}
+        self.connector_keymap = OrderedDict([
+            ('host', 'connector-host'),
+            ('port', 'connector-port'),
+            ('rmiregistryport', 'rmi-registry-port'),
+            ('jmxrealm', 'jmx-realm'),
+            ('objectname', 'object-name'),
+            ('authenticatortype', 'authenticator-type'),
+            ('secured', 'secured'),
+            ('keystoreprovider', 'key-store-provider'),
+            ('keystoretype', 'key-store-type'),
+            ('keystorepath', 'key-store-path'),
+            ('keystorepassword', 'key-store-password'),
+            ('truststoreprovider', 'trust-store-provider'),
+            ('truststoretype', 'trust-store-type'),
+            ('truststorepath', 'trust-store-path'),
+            ('truststorepassword', 'trust-store-password'),
+            ('passwordcodec', 'password-codec')
+        ])
 
     def merge_connector_from(self, new_connector):
         new_connector_str = StringIO()
         new_connector_str.write('<connector ')
-        for prop in ['connector-host', 'connector-port', 'rmi-registry-port', 'jmx-realm', 'object-name',
-                     'authenticator-type', 'secured', 'key-store-provider', 'key-store-type', 'key-store-path',
-                     'key-store-password', 'trust-store-provider', 'trust-store-type', 'trust-store-path',
-                     'trust-store-password', 'password-codec']:
-            something_written = False
-            if prop in new_connector and new_connector[prop] is not None:
-                new_connector_str.write(prop)
+        something_written = False
+        for prop_key, prop_name in self.connector_keymap.items():
+            prop_value = new_connector.get(prop_key)
+            if prop_value is not None:
+                new_connector_str.write(prop_name)
                 new_connector_str.write('=\"')
-                new_connector_str.write(new_connector[prop])
+                if isinstance(prop_value, str):
+                    new_connector_str.write(prop_value)
+                else:
+                    new_connector_str.write(str(prop_value).lower())
                 new_connector_str.write('\" ')
                 something_written = True
         new_connector_str.write('/>\n')

script/cfg/security_config_test.py

@@ -196,6 +196,27 @@ def test_hawtio_domain_update_in_artemis_profile(self):
         the_checker = checker.SecurityConfigurationChecker(self.context)
         self.assertTrue(the_checker.artemis_profile_has_key("-Dhawtio.realm=console2"))
 
+    def test_management_connector_attr(self):
+        self.context.parse_config_cr("./test-mgmt-connector-cr.yaml")
+        self.context.apply()
+        the_checker = checker.SecurityConfigurationChecker(self.context)
+        self.assertTrue(the_checker.management_has_connector())
+        self.assertTrue(the_checker.management_has_connector_attribute("secured", "false"))
+        self.assertTrue(the_checker.management_has_connector_attribute("connector-port", "9091"))
+        self.assertTrue(the_checker.management_has_connector_attribute("rmi-registry-port", "1234"))
+        self.assertTrue(the_checker.management_has_connector_attribute("connector-host", "0.0.0.0"))
+        self.assertTrue(the_checker.management_has_connector_attribute("jmx-realm", "activemq"))
+        self.assertTrue(the_checker.management_has_connector_attribute("object-name", "connector:name=rmi"))
+        self.assertTrue(the_checker.management_has_connector_attribute("authenticator-type", "password"))
+        self.assertTrue(the_checker.management_has_connector_attribute("key-store-path", "/etc/keystore/broker.ks"))
+        self.assertTrue(the_checker.management_has_connector_attribute("key-store-password", "kspassword"))
+        self.assertTrue(the_checker.management_has_connector_attribute("trust-store-provider", "tSUN"))
+        self.assertTrue(the_checker.management_has_connector_attribute("trust-store-path", "/etc/truststore/broker.ts"))
+        self.assertTrue(the_checker.management_has_connector_attribute("trust-store-password", "tspassword"))
+        self.assertTrue(the_checker.management_has_connector_attribute("password-codec", "org.apache.activemq.SomeClass"))
+        self.assertTrue(the_checker.management_has_connector_attribute("key-store-type", "PKCS12"))
+        self.assertTrue(the_checker.management_has_connector_attribute("trust-store-type", "JKS"))
+
 
 if __name__ == '__main__':
     unittest.main()

script/cfg/security_configuration_checker.py

@@ -554,3 +554,30 @@ def artemis_profile_has_key(self, expected_key):
                 if each_line.find(expected_key) >= 0:
                     return True
         return False
+
+    def management_has_connector_secured(self, is_secured):
+        expected_value = "false"
+        if is_secured:
+            expected_value = "true"
+        mgmt_xml = self.context.get_management_xml_file()
+        with open(mgmt_xml, "rt") as mgmt_stream:
+            for each_line in mgmt_stream:
+                if each_line.find("<!--") >= 0:
+                    # ignore one line comment
+                    continue
+                if each_line.find('<connector ') >= 0:
+                    secured_str='secured="' + expected_value + '"'
+                    print('connector found checking', secured_str)
+                    if each_line.find(secured_str) >= 0:
+                        print('ok')
+                        return True
+        return False
+
+    def management_has_connector_attribute(self, key, value):
+        expected_value = key + '="' + value + '"'
+        mgmt_xml = self.context.get_management_xml_file()
+        with open(mgmt_xml, "rt") as mgmt_stream:
+            for each_line in mgmt_stream:
+                if each_line.find(expected_value) >= 0:
+                    return True
+        return False

script/cfg/test-mgmt-connector-cr.yaml

@@ -0,0 +1,65 @@
+typemeta:
+  kind: ActiveMQArtemisSecurity
+  apiversion: broker.amq.io/v1beta1
+objectmeta:
+  name:
+  generatename:
+  namespace:
+  selflink:
+  uid:
+  resourceversion:
+  generation: 0
+  creationtimestamp: 0001-01-01T00:00:00Z
+  deletiontimestamp: null
+  deletiongraceperiodseconds: null
+  labels: {}
+  annotations: {}
+  ownerreferences: []
+  finalizers: []
+  clustername:
+  managedfields: []
+spec:
+  loginmodules:
+    propertiesloginmodules:
+    - name: prop-module
+      users:
+      - name: bob
+        password: mysecret
+        roles:
+        - root
+    guestloginmodules: []
+    keycloakloginmodules: []
+  securitydomains:
+    brokerdomain:
+      name: null
+      loginmodules: []
+    consoledomain:
+      name: null
+      loginmodules: []
+  securitysettings:
+    broker: []
+    management:
+      hawtioroles: []
+      connector:
+        host: 0.0.0.0
+        port: 9091
+        rmiregistryport: 1234
+        jmxrealm: activemq
+        objectname: connector:name=rmi
+        authenticatortype: password
+        secured: false
+        keystoreprovider: SUN
+        keystorepath: /etc/keystore/broker.ks
+        keystorepassword: kspassword
+        truststoreprovider: tSUN
+        truststorepath: /etc/truststore/broker.ts
+        truststorepassword: tspassword
+        passwordcodec: org.apache.activemq.SomeClass
+        keystoretype: PKCS12
+        truststoretype: JKS
+      authorisation:
+        allowedlist: []
+        defaultaccess: []
+        roleaccess: []
+  applytocrnames: []
+status: {}