mirror of https://github.com/apache/cloudstack.git
bug 12337: encrypt Hidden category config values only
reviewed-by: Abhi
This commit is contained in:
kishan
parent
3e5e36e767
commit
a2ed3fa5e2
|
|
@ -59,7 +59,7 @@ public interface ConfigurationManager extends ConfigurationService, Manager {
|
|||
* @param name
|
||||
* @param value
|
||||
*/
|
||||
void updateConfiguration(long userId, String name, String value);
|
||||
void updateConfiguration(long userId, String name, String category, String value);
|
||||
|
||||
/**
|
||||
* Creates a new service offering
|
||||
|
|
|
|||
|
|
@ -299,7 +299,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
|
|||
s_logger.warn("Management network CIDR is not configured originally. Set it default to " + localCidrs[0]);
|
||||
|
||||
_alertMgr.sendAlert(AlertManager.ALERT_TYPE_MANAGMENT_NODE, 0, new Long(0), "Management network CIDR is not configured originally. Set it default to " + localCidrs[0], "");
|
||||
_configDao.update(Config.ManagementNetwork.key(), localCidrs[0]);
|
||||
_configDao.update(Config.ManagementNetwork.key(), Config.ManagementNetwork.getCategory(), localCidrs[0]);
|
||||
} else {
|
||||
s_logger.warn("Management network CIDR is not properly configured and we are not able to find a default setting");
|
||||
_alertMgr.sendAlert(AlertManager.ALERT_TYPE_MANAGMENT_NODE, 0, new Long(0), "Management network CIDR is not properly configured and we are not able to find a default setting", "");
|
||||
|
|
@ -316,7 +316,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
|
|||
|
||||
@Override
|
||||
@DB
|
||||
public void updateConfiguration(long userId, String name, String value) {
|
||||
public void updateConfiguration(long userId, String name, String category, String value) {
|
||||
if (value != null && (value.trim().isEmpty() || value.equals("null"))) {
|
||||
value = null;
|
||||
}
|
||||
|
|
@ -332,7 +332,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
|
|||
Transaction txn = Transaction.currentTxn();
|
||||
txn.start();
|
||||
|
||||
if (!_configDao.update(name, value)) {
|
||||
if (!_configDao.update(name, category, value)) {
|
||||
s_logger.error("Failed to update configuration option, name: " + name + ", value:" + value);
|
||||
throw new CloudRuntimeException("Failed to update configuration value. Please contact Cloud Support.");
|
||||
}
|
||||
|
|
@ -435,7 +435,8 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
|
|||
String value = cmd.getValue();
|
||||
UserContext.current().setEventDetails(" Name: " + name + " New Value: " + ((value == null) ? "" : value));
|
||||
// check if config value exists
|
||||
if (_configDao.findByName(name) == null) {
|
||||
ConfigurationVO config = _configDao.findByName(name);
|
||||
if (config == null) {
|
||||
throw new InvalidParameterValueException("Config parameter with name " + name + " doesn't exist");
|
||||
}
|
||||
|
||||
|
|
@ -443,7 +444,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
|
|||
return _configDao.findByName(name);
|
||||
}
|
||||
|
||||
updateConfiguration(userId, name, value);
|
||||
updateConfiguration(userId, name, config.getCategory(), value);
|
||||
if (_configDao.getValue(name).equalsIgnoreCase(value)) {
|
||||
return _configDao.findByName(name);
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -69,4 +69,6 @@ public interface ConfigurationDao extends GenericDao<ConfigurationVO, String> {
|
|||
boolean isPremium();
|
||||
|
||||
ConfigurationVO findByName(String name);
|
||||
|
||||
boolean update(String name, String category, String value);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -122,7 +122,8 @@ public class ConfigurationDaoImpl extends GenericDaoBase<ConfigurationVO, String
|
|||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
//Use update method with category instead
|
||||
@Override @Deprecated
|
||||
public boolean update(String name, String value) {
|
||||
Transaction txn = Transaction.currentTxn();
|
||||
try {
|
||||
|
|
@ -136,6 +137,22 @@ public class ConfigurationDaoImpl extends GenericDaoBase<ConfigurationVO, String
|
|||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean update(String name, String category, String value) {
|
||||
Transaction txn = Transaction.currentTxn();
|
||||
try {
|
||||
value = "Hidden".equals(category) ? DBEncryptionUtil.encrypt(value) : value;
|
||||
PreparedStatement stmt = txn.prepareStatement(UPDATE_CONFIGURATION_SQL);
|
||||
stmt.setString(1, value);
|
||||
stmt.setString(2, name);
|
||||
stmt.executeUpdate();
|
||||
return true;
|
||||
} catch (Exception e) {
|
||||
s_logger.warn("Unable to update Configuration Value", e);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getValue(String name) {
|
||||
|
|
|
|||
|
|
@ -1069,8 +1069,8 @@ public class ConsoleProxyManagerImpl implements ConsoleProxyManager, ConsoleProx
|
|||
}
|
||||
|
||||
if (lastState != state) {
|
||||
_configDao.update(Config.ConsoleProxyManagementLastState.key(), lastState.toString());
|
||||
_configDao.update(Config.ConsoleProxyManagementState.key(), state.toString());
|
||||
_configDao.update(Config.ConsoleProxyManagementLastState.key(), Config.ConsoleProxyManagementLastState.getCategory(), lastState.toString());
|
||||
_configDao.update(Config.ConsoleProxyManagementState.key(), Config.ConsoleProxyManagementState.getCategory(), state.toString());
|
||||
}
|
||||
|
||||
txn.commit();
|
||||
|
|
@ -1109,7 +1109,7 @@ public class ConsoleProxyManagerImpl implements ConsoleProxyManager, ConsoleProx
|
|||
}
|
||||
|
||||
if (lastState != state) {
|
||||
_configDao.update(Config.ConsoleProxyManagementState.key(), lastState.toString());
|
||||
_configDao.update(Config.ConsoleProxyManagementState.key(), Config.ConsoleProxyManagementState.getCategory(), lastState.toString());
|
||||
}
|
||||
|
||||
txn.commit();
|
||||
|
|
|
|||
|
|
@ -174,16 +174,17 @@ public class ConfigurationServerImpl implements ConfigurationServer {
|
|||
String instance = "DEFAULT";
|
||||
String component = c.getComponent();
|
||||
String value = c.getDefaultValue();
|
||||
value = ("Hidden".equals(category)) ? DBEncryptionUtil.encrypt(value) : value;
|
||||
String description = c.getDescription();
|
||||
ConfigurationVO configVO = new ConfigurationVO(category, instance, component, name, value, description);
|
||||
_configDao.persist(configVO);
|
||||
}
|
||||
}
|
||||
|
||||
_configDao.update("secondary.storage.vm", "true");
|
||||
_configDao.update(Config.UseSecondaryStorageVm.key(), Config.UseSecondaryStorageVm.getCategory(), "true");
|
||||
s_logger.debug("ConfigurationServer made secondary storage vm required.");
|
||||
|
||||
_configDao.update("secstorage.encrypt.copy", "true");
|
||||
_configDao.update(Config.SecStorageEncryptCopy.key(), Config.SecStorageEncryptCopy.getCategory(), "true");
|
||||
s_logger.debug("ConfigurationServer made secondary storage copy encrypted.");
|
||||
|
||||
_configDao.update("secstorage.secure.copy.cert", "realhostip");
|
||||
|
|
@ -201,7 +202,7 @@ public class ConfigurationServerImpl implements ConfigurationServer {
|
|||
// Save the mount parent to the configuration table
|
||||
String mountParent = getMountParent();
|
||||
if (mountParent != null) {
|
||||
_configDao.update("mount.parent", mountParent);
|
||||
_configDao.update(Config.MountParent.key(), Config.MountParent.getCategory(), mountParent);
|
||||
s_logger.debug("ConfigurationServer saved \"" + mountParent + "\" as mount.parent.");
|
||||
} else {
|
||||
s_logger.debug("ConfigurationServer could not detect mount.parent.");
|
||||
|
|
@ -209,7 +210,7 @@ public class ConfigurationServerImpl implements ConfigurationServer {
|
|||
|
||||
String hostIpAdr = NetUtils.getDefaultHostIp();
|
||||
if (hostIpAdr != null) {
|
||||
_configDao.update("host", hostIpAdr);
|
||||
_configDao.update(Config.ManagementHostIPAdr.key(), Config.ManagementHostIPAdr.getCategory(), hostIpAdr);
|
||||
s_logger.debug("ConfigurationServer saved \"" + hostIpAdr + "\" as host.");
|
||||
}
|
||||
|
||||
|
|
@ -266,7 +267,7 @@ public class ConfigurationServerImpl implements ConfigurationServer {
|
|||
updateCloudIdentifier();
|
||||
|
||||
// Set init to true
|
||||
_configDao.update("init", "true");
|
||||
_configDao.update("init", "Hidden", "true");
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -402,7 +403,7 @@ public class ConfigurationServerImpl implements ConfigurationServer {
|
|||
String currentCloudIdentifier = _configDao.getValue("cloud.identifier");
|
||||
if (currentCloudIdentifier == null || currentCloudIdentifier.isEmpty()) {
|
||||
String uuid = UUID.randomUUID().toString();
|
||||
_configDao.update("cloud.identifier", uuid);
|
||||
_configDao.update(Config.CloudIdentifier.key(),Config.CloudIdentifier.getCategory(), uuid);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -492,7 +493,7 @@ public class ConfigurationServerImpl implements ConfigurationServer {
|
|||
// Check if they are the same one, otherwise override with local keystore
|
||||
String base64Keystore = getBase64Keystore(keystorePath);
|
||||
if (base64Keystore.compareTo(dbString) != 0) {
|
||||
_configDao.update("ssl.keystore", DBEncryptionUtil.encrypt(base64Keystore));
|
||||
_configDao.update("ssl.keystore", "Hidden", base64Keystore);
|
||||
s_logger.info("Updated database keystore with local one.");
|
||||
}
|
||||
} else { // !keystoreFile.exists() and dbExisted
|
||||
|
|
@ -702,7 +703,7 @@ public class ConfigurationServerImpl implements ConfigurationServer {
|
|||
SecretKey key = generator.generateKey();
|
||||
encodedKey = Base64.encodeBase64URLSafeString(key.getEncoded());
|
||||
|
||||
_configDao.update("security.singlesignon.key", encodedKey);
|
||||
_configDao.update(Config.SSOKey.key(), Config.SSOKey.getCategory(), encodedKey);
|
||||
} catch (NoSuchAlgorithmException ex) {
|
||||
s_logger.error("error generating sso key", ex);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue