Gerrit command line utility to set/update secure.config

When using a secure store for encrypting the secure.config
values, an utility or tool is needed to edit the values
using the same encryption key used by Gerrit at runtime.

Change-Id: Iacb017b010f7efd8217255796e571c5291499c0e
This commit is contained in:
Luca Milanesio 2017-01-11 00:04:25 +00:00 committed by David Pursehouse
parent f6dd9ebe96
commit b10848ee83
5 changed files with 186 additions and 0 deletions

View File

@ -33,6 +33,9 @@ link:pgm-rulec.html[rulec]::
version::
Display the release version of Gerrit Code Review.
link:pgm-passwd.html[passwd]::
Set or reset password in secure.config.
=== Transition Utilities
link:pgm-LocalUsernamesToLowerCase.html[LocalUsernamesToLowerCase]::

View File

@ -0,0 +1,49 @@
= passwd
== NAME
passwd - Set or reset password in secure.config.
== SYNOPSIS
[verse]
--
_java_ -jar gerrit.war _passwd_
-d <SITE_PATH>
<SECTION.KEY>
[PASSWORD]
--
== DESCRIPTION
Set or reset password in an existing Gerrit server installation,
interactively prompting for a new password or using the one
provided in the command line argument.
== OPTIONS
-d::
--site-path::
Location of the `gerrit.config` file, and all other per-site
configuration data, supporting libraries and log files.
== ARGUMENTS
SECTION.KEY::
Section and key in the `secure.config` file for setting or editing the
password value.
PASSWORD::
New password to set in `secure.config` associated to the section and key.
When specified as argument, automatically implies batch mode and the command
would not ask anything interactively.
== CONTEXT
This utility is typically useful when a secure store is configured
to encrypt password values and thus editing the file manually is not an option.
GERRIT
------
Part of link:index.html[Gerrit Code Review]
SEARCHBOX
---------

View File

@ -78,6 +78,8 @@ public final class GerritLauncher {
System.err.println(" daemon Run the Gerrit network daemons");
System.err.println(" gsql Run the interactive query console");
System.err.println(" version Display the build version number");
System.err.println(" passwd Set or change password in secure.config");
System.err.println();
System.err.println(" ls List files available for cat");
System.err.println(" cat FILE Display a file from the archive");

View File

@ -0,0 +1,89 @@
// Copyright (C) 2017 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.pgm;
import com.google.gerrit.extensions.config.FactoryModule;
import com.google.gerrit.pgm.init.api.ConsoleUI;
import com.google.gerrit.pgm.init.api.InstallAllPlugins;
import com.google.gerrit.pgm.init.api.InstallPlugins;
import com.google.gerrit.pgm.init.api.Section;
import com.google.gerrit.pgm.util.SiteProgram;
import com.google.gerrit.server.config.GerritServerConfigModule;
import com.google.gerrit.server.config.SitePath;
import com.google.gerrit.server.securestore.SecureStoreClassName;
import com.google.inject.Guice;
import com.google.inject.Injector;
import com.google.inject.Module;
import com.google.inject.TypeLiteral;
import com.google.inject.util.Providers;
import org.kohsuke.args4j.Argument;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.List;
public class Passwd extends SiteProgram {
private String section;
private String key;
@Argument(metaVar = "SECTION.KEY", index = 0, required = true,
usage = "Section and key separated by a dot of the password to set")
private String sectionAndKey;
@Argument(metaVar = "PASSWORD", index = 1, required = false,
usage = "Password to set")
private String password;
private void init() {
String[] varParts = sectionAndKey.split("\\.");
if (varParts.length != 2) {
throw new IllegalArgumentException("Invalid name '" + sectionAndKey
+ "': expected section.key format");
}
section = varParts[0];
key = varParts[1];
}
@Override
public int run() throws Exception {
init();
SetPasswd setPasswd = getSysInjector().getInstance(SetPasswd.class);
setPasswd.run(section, key, password);
return 0;
}
private Injector getSysInjector() {
List<Module> modules = new ArrayList<>();
modules.add(new FactoryModule() {
@Override
protected void configure() {
bind(Path.class).annotatedWith(SitePath.class)
.toInstance(getSitePath());
bind(ConsoleUI.class).toInstance(
ConsoleUI.getInstance(password != null));
factory(Section.Factory.class);
bind(Boolean.class).annotatedWith(InstallAllPlugins.class).toInstance(
Boolean.FALSE);
bind(new TypeLiteral<List<String>>() {}).annotatedWith(
InstallPlugins.class).toInstance(new ArrayList<String>());
bind(String.class).annotatedWith(SecureStoreClassName.class)
.toProvider(Providers.of(getConfiguredSecureStoreClass()));
}
});
modules.add(new GerritServerConfigModule());
return Guice.createInjector(modules);
}
}

View File

@ -0,0 +1,43 @@
// Copyright (C) 2017 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.pgm;
import com.google.gerrit.pgm.init.api.ConsoleUI;
import com.google.gerrit.pgm.init.api.Section;
import com.google.gerrit.pgm.init.api.Section.Factory;
import com.google.inject.Inject;
public class SetPasswd {
private ConsoleUI ui;
private Factory sections;
@Inject
public SetPasswd(ConsoleUI ui, Section.Factory sections) {
this.ui = ui;
this.sections = sections;
}
public void run(String section, String key, String password) throws Exception {
Section passwordSection = sections.get(section, null);
if (ui.isBatch()) {
passwordSection.setSecure(key, password);
} else {
ui.header("Set password for [%s]", section);
passwordSection.passwordForKey("Enter password", key);
}
}
}