Enable SecureStore configuration during init
Add new flag for the init program: * --secure-store-lib That enables configuration of SecureStore during init. It will automatically discover implementations of SecureStore interface inside jar file. If there is not exactly one implementation the init will fail. During init the SecureStore jar file will be added to Gerrit classpath. Then after init this file will be copied to $gerrit_site/lib directory. The discovered value of 'secureStoreImpl' will be saved in the gerrit.config file. This change also introduces a @SecureStoreClassName String binding early in the startup so that this can be injected anywhere without worrying about having the @GerritServerConfig bound (which itself requires an injection of the SecureStore). If an already initialized site with a custom secure store is init-ed again and the --secure-store-lib option is not specified then the gerrit.secureStoreClass is honored to ensure we use the same secure store implementation. If the --secure-store-lib option is specified then the gerrit.secureStoreClass is ignored during init and will be overwritten with the new secure store. Without this modification schema updates will fail because of wrong password when custom SecureStore is used. Change-Id: Iae22bbdace0d9c7e7db0690c4bf522176fc3308e Signed-off-by: Dariusz Luksza <dariusz@luksza.org>
This commit is contained in:
Dariusz Luksza
committed by
David Pursehouse
David Pursehouse
parent
f62a233cc4
commit
256ec34af2
@@ -24,14 +24,14 @@ import com.google.gerrit.lifecycle.LifecycleModule;
|
||||
import com.google.gerrit.server.config.GerritServerConfig;
|
||||
import com.google.gerrit.server.config.GerritServerConfigModule;
|
||||
import com.google.gerrit.server.config.SitePath;
|
||||
import com.google.gerrit.server.config.SitePaths;
|
||||
import com.google.gerrit.server.git.LocalDiskRepositoryManager;
|
||||
import com.google.gerrit.server.schema.DataSourceModule;
|
||||
import com.google.gerrit.server.schema.DataSourceProvider;
|
||||
import com.google.gerrit.server.schema.DataSourceType;
|
||||
import com.google.gerrit.server.schema.DatabaseModule;
|
||||
import com.google.gerrit.server.schema.SchemaModule;
|
||||
import com.google.gerrit.server.securestore.SecureStore;
|
||||
import com.google.gerrit.server.securestore.SecureStoreProvider;
|
||||
import com.google.gerrit.server.securestore.SecureStoreClassName;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.AbstractModule;
|
||||
import com.google.inject.Binding;
|
||||
@@ -41,15 +41,21 @@ import com.google.inject.Injector;
|
||||
import com.google.inject.Key;
|
||||
import com.google.inject.Module;
|
||||
import com.google.inject.Provider;
|
||||
import com.google.inject.ProvisionException;
|
||||
import com.google.inject.TypeLiteral;
|
||||
import com.google.inject.name.Named;
|
||||
import com.google.inject.name.Names;
|
||||
import com.google.inject.spi.Message;
|
||||
import com.google.inject.util.Providers;
|
||||
|
||||
import org.eclipse.jgit.errors.ConfigInvalidException;
|
||||
import org.eclipse.jgit.lib.Config;
|
||||
import org.eclipse.jgit.storage.file.FileBasedConfig;
|
||||
import org.eclipse.jgit.util.FS;
|
||||
import org.kohsuke.args4j.Option;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.lang.annotation.Annotation;
|
||||
import java.sql.Connection;
|
||||
import java.sql.SQLException;
|
||||
@@ -98,7 +104,8 @@ public abstract class SiteProgram extends AbstractProgram {
|
||||
@Override
|
||||
protected void configure() {
|
||||
bind(File.class).annotatedWith(SitePath.class).toInstance(sitePath);
|
||||
bind(SecureStore.class).toProvider(SecureStoreProvider.class);
|
||||
bind(String.class).annotatedWith(SecureStoreClassName.class)
|
||||
.toProvider(Providers.of(getConfiguredSecureStoreClass()));
|
||||
}
|
||||
};
|
||||
modules.add(sitePathModule);
|
||||
@@ -180,6 +187,29 @@ public abstract class SiteProgram extends AbstractProgram {
|
||||
}
|
||||
}
|
||||
|
||||
protected final String getConfiguredSecureStoreClass() {
|
||||
Module m = new AbstractModule() {
|
||||
@Override
|
||||
protected void configure() {
|
||||
bind(File.class).annotatedWith(SitePath.class).toInstance(sitePath);
|
||||
bind(SitePaths.class);
|
||||
}
|
||||
};
|
||||
Injector i = Guice.createInjector(m);
|
||||
SitePaths site = i.getInstance(SitePaths.class);
|
||||
FileBasedConfig cfg = new FileBasedConfig(site.gerrit_config, FS.DETECTED);
|
||||
if (!cfg.getFile().exists()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
try {
|
||||
cfg.load();
|
||||
return cfg.getString("gerrit", null, "secureStoreClass");
|
||||
} catch (IOException | ConfigInvalidException e) {
|
||||
throw new ProvisionException(e.getMessage(), e);
|
||||
}
|
||||
}
|
||||
|
||||
private String getDbType(Provider<DataSource> dsProvider) {
|
||||
String dbProductName;
|
||||
try (Connection conn = dsProvider.get().getConnection()) {
|
||||
|
||||
Reference in New Issue
Block a user