solr/solrj-zookeeper/src/java/org/apache/solr/common/cloud/VMParamsZkCredentialsInjector.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.solr.common.cloud;

import static org.apache.solr.common.cloud.ZkCredentialsInjector.ZkCredential.Perms;

import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.Reader;
import java.lang.invoke.MethodHandles;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
import org.apache.solr.common.SolrException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * Reads credentials from System Properties and injects them into {@link
 * DigestZkCredentialsProvider} & {@link DigestZkACLProvider} Usage:
 *
 * <pre>
 *   -DzkCredentialsInjector=org.apache.solr.common.cloud.VMParamsZkCredentialsInjector \
 *   -DzkDigestUsername=admin-user -DzkDigestPassword=CHANGEME-ADMIN-PASSWORD \
 *   -DzkDigestReadonlyUsername=readonly-user -DzkDigestReadonlyPassword=CHANGEME-READONLY-PASSWORD
 * </pre>
 *
 * Or from a Java property file:
 *
 * <pre>
 *   -DzkCredentialsInjector=org.apache.solr.common.cloud.VMParamsZkCredentialsInjector \
 *   -DzkDigestCredentialsFile=SOLR_HOME_DIR/server/etc/zookeepercredentials.properties
 * </pre>
 *
 * Example of a Java property file:
 *
 * <pre>
 * zkDigestUsername=admin-user
 * zkDigestPassword=CHANGEME-ADMIN-PASSWORD
 * zkDigestReadonlyUsername=readonly-user
 * zkDigestReadonlyPassword=CHANGEME-READONLY-PASSWORD
 * </pre>
 */
public class VMParamsZkCredentialsInjector implements ZkCredentialsInjector {

  public static final String DEFAULT_DIGEST_USERNAME_VM_PARAM_NAME = "zkDigestUsername";
  public static final String DEFAULT_DIGEST_PASSWORD_VM_PARAM_NAME = "zkDigestPassword";
  public static final String DEFAULT_DIGEST_READONLY_USERNAME_VM_PARAM_NAME =
      "zkDigestReadonlyUsername";
  public static final String DEFAULT_DIGEST_READONLY_PASSWORD_VM_PARAM_NAME =
      "zkDigestReadonlyPassword";
  public static final String DEFAULT_DIGEST_FILE_VM_PARAM_NAME = "zkDigestCredentialsFile";

  private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());

  final String zkDigestAllUsernameVMParamName;
  final String zkDigestAllPasswordVMParamName;
  final String zkDigestReadonlyUsernameVMParamName;
  final String zkDigestReadonlyPasswordVMParamName;
  final Properties credentialsProps;

  public VMParamsZkCredentialsInjector() {
    this(
        DEFAULT_DIGEST_USERNAME_VM_PARAM_NAME,
        DEFAULT_DIGEST_PASSWORD_VM_PARAM_NAME,
        DEFAULT_DIGEST_READONLY_USERNAME_VM_PARAM_NAME,
        DEFAULT_DIGEST_READONLY_PASSWORD_VM_PARAM_NAME);
  }

  public VMParamsZkCredentialsInjector(
      String zkDigestAllUsernameVMParamName,
      String zkDigestAllPasswordVMParamName,
      String zkDigestReadonlyUsernameVMParamName,
      String zkDigestReadonlyPasswordVMParamName) {
    this.zkDigestAllUsernameVMParamName = zkDigestAllUsernameVMParamName;
    this.zkDigestAllPasswordVMParamName = zkDigestAllPasswordVMParamName;
    this.zkDigestReadonlyUsernameVMParamName = zkDigestReadonlyUsernameVMParamName;
    this.zkDigestReadonlyPasswordVMParamName = zkDigestReadonlyPasswordVMParamName;

    String pathToFile = System.getProperty(DEFAULT_DIGEST_FILE_VM_PARAM_NAME);
    credentialsProps =
        (pathToFile != null) ? readCredentialsFile(pathToFile) : System.getProperties();
  }

  public static Properties readCredentialsFile(String pathToFile) throws SolrException {
    Properties props = new Properties();
    try (Reader reader =
        new InputStreamReader(new FileInputStream(pathToFile), StandardCharsets.UTF_8)) {
      props.load(reader);
    } catch (IOException ioExc) {
      throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, ioExc);
    }
    return props;
  }

  @Override
  public List<ZkCredential> getZkCredentials() {
    final String digestAllUsername = credentialsProps.getProperty(zkDigestAllUsernameVMParamName);
    final String digestAllPassword = credentialsProps.getProperty(zkDigestAllPasswordVMParamName);
    final String digestReadonlyUsername =
        credentialsProps.getProperty(zkDigestReadonlyUsernameVMParamName);
    final String digestReadonlyPassword =
        credentialsProps.getProperty(zkDigestReadonlyPasswordVMParamName);

    List<ZkCredential> zkCredentials =
        new ArrayList<>(2) {
          {
            ZkCredential allUser =
                new ZkCredential(digestAllUsername, digestAllPassword, Perms.ALL);
            ZkCredential readUser =
                new ZkCredential(digestReadonlyUsername, digestReadonlyPassword, Perms.READ);
            add(allUser);
            add(readUser);
          }
        };
    log.info(
        "Using zkCredentials: digestAllUsername: {}, digestReadonlyUsername: {}",
        digestAllUsername,
        digestReadonlyUsername);
    return zkCredentials;
  }
}