server k8s common module (#2632)

* server k8s common module * using new method from KeyStore with backward compatibility in default implementation * include new athenz-server-k8s-common module in maven and docker publish * allow setting keygroup name via system properties --------- Signed-off-by: Abhijeet V <31417623+abvaidya@users.noreply.github.com>
AthenZ · May 31, 2024 · 452827d · 452827d
1 parent 3ef41b7
commit 452827d
Show file tree

Hide file tree

Showing 52 changed files with 707 additions and 136 deletions.
diff --git a/clients/java/zms/src/main/java/com/yahoo/athenz/zms/ZMSClient.java b/clients/java/zms/src/main/java/com/yahoo/athenz/zms/ZMSClient.java
@@ -76,14 +76,17 @@ public class ZMSClient implements Closeable {
     public static final String ZMS_CLIENT_PROP_KEYSTORE_TYPE = "athenz.zms.client.keystore_type";
     public static final String ZMS_CLIENT_PROP_KEYSTORE_PASSWORD = "athenz.zms.client.keystore_password";
     public static final String ZMS_CLIENT_PROP_KEYSTORE_PWD_APP_NAME = "athenz.zms.client.keystore_pwd_app_name";
+    public static final String ZMS_CLIENT_PROP_KEYSTORE_PWD_KEYGROUP_NAME = "athenz.zms.client.keystore_pwd_keygroup_name";
 
     public static final String ZMS_CLIENT_PROP_KEY_MANAGER_PASSWORD = "athenz.zms.client.keymanager_password";
     public static final String ZMS_CLIENT_PROP_KEY_MANAGER_PWD_APP_NAME = "athenz.zms.client.keymanager_pwd_app_name";
+    public static final String ZMS_CLIENT_PROP_KEY_MANAGER_PWD_KEYGROUP_NAME = "athenz.zms.client.keymanager_pwd_keygroup_name";
 
     public static final String ZMS_CLIENT_PROP_TRUSTSTORE_PATH = "athenz.zms.client.truststore_path";
     public static final String ZMS_CLIENT_PROP_TRUSTSTORE_TYPE = "athenz.zms.client.truststore_type";
     public static final String ZMS_CLIENT_PROP_TRUSTSTORE_PASSWORD = "athenz.zms.client.truststore_password";
     public static final String ZMS_CLIENT_PROP_TRUSTSTORE_PWD_APP_NAME = "athenz.zms.client.truststore_pwd_app_name";
+    public static final String ZMS_CLIENT_PROP_TRUSTSTORE_PWD_KEYGROUP_NAME = "athenz.zms.client.truststore_pwd_keygroup_name";
 
     public static final String ZMS_CLIENT_PROP_PRIVATE_KEY_STORE_FACTORY_CLASS = "athenz.zms.client.private_keystore_factory_class";
     public static final String ZMS_CLIENT_PROP_CLIENT_PROTOCOL = "athenz.zms.client.client_ssl_protocol";
@@ -421,12 +424,14 @@ SSLContext createSSLContext() {
             keyStorePassword = keyStorePwd.toCharArray();
         }
         String keyStorePasswordAppName = System.getProperty(ZMS_CLIENT_PROP_KEYSTORE_PWD_APP_NAME);
+        String keyStorePasswordKeygroupName = System.getProperty(ZMS_CLIENT_PROP_KEYSTORE_PWD_KEYGROUP_NAME);
         char[] keyManagerPassword = null;
         String keyManagerPwd = System.getProperty(ZMS_CLIENT_PROP_KEY_MANAGER_PASSWORD);
         if (null != keyManagerPwd && !keyManagerPwd.isEmpty()) {
             keyManagerPassword = keyManagerPwd.toCharArray();
         }
         String keyManagerPasswordAppName = System.getProperty(ZMS_CLIENT_PROP_KEY_MANAGER_PWD_APP_NAME);
+        String keyManagerPasswordKeygroupName = System.getProperty(ZMS_CLIENT_PROP_KEY_MANAGER_PWD_KEYGROUP_NAME);
 
         // truststore
         String trustStorePath = System.getProperty(ZMS_CLIENT_PROP_TRUSTSTORE_PATH);
@@ -437,6 +442,7 @@ SSLContext createSSLContext() {
             trustStorePassword = trustStorePwd.toCharArray();
         }
         String trustStorePasswordAppName = System.getProperty(ZMS_CLIENT_PROP_TRUSTSTORE_PWD_APP_NAME);
+        String trustStorePasswordKeygroupName = System.getProperty(ZMS_CLIENT_PROP_TRUSTSTORE_PWD_KEYGROUP_NAME);
 
         // alias and protocol details
         String certAlias = System.getProperty(ZMS_CLIENT_PROP_CERT_ALIAS);
@@ -453,16 +459,19 @@ SSLContext createSSLContext() {
         }
         builder.keyStorePassword(keyStorePassword);
         builder.keyStorePasswordAppName(keyStorePasswordAppName);
-        builder.keyManagerPassword(keyManagerPassword);
+        builder.keyStorePasswordKeygroupName(keyStorePasswordKeygroupName);
 
+        builder.keyManagerPassword(keyManagerPassword);
         builder.keyManagerPasswordAppName(keyManagerPasswordAppName);
+        builder.keyManagerPasswordKeygroupName(keyManagerPasswordKeygroupName);
 
         builder.trustStorePath(trustStorePath);
         if (null != trustStoreType && !trustStoreType.isEmpty()) {
             builder.trustStoreType(trustStoreType);
         }
         builder.trustStorePassword(trustStorePassword);
         builder.trustStorePasswordAppName(trustStorePasswordAppName);
+        builder.trustStorePasswordKeygroupName(trustStorePasswordKeygroupName);
 
         return builder.build();
     }

diff --git a/clients/java/zts/src/main/java/com/yahoo/athenz/zts/ZTSClient.java b/clients/java/zts/src/main/java/com/yahoo/athenz/zts/ZTSClient.java
@@ -140,14 +140,17 @@ public class ZTSClient implements Closeable {
     public static final String ZTS_CLIENT_PROP_KEYSTORE_TYPE                    = "athenz.zts.client.keystore_type";
     public static final String ZTS_CLIENT_PROP_KEYSTORE_PASSWORD                = "athenz.zts.client.keystore_password";
     public static final String ZTS_CLIENT_PROP_KEYSTORE_PWD_APP_NAME            = "athenz.zts.client.keystore_pwd_app_name";
+    public static final String ZTS_CLIENT_PROP_KEYSTORE_PWD_KEYGROUP_NAME       = "athenz.zts.client.keystore_pwd_keygroup_name";
 
     public static final String ZTS_CLIENT_PROP_KEY_MANAGER_PASSWORD             = "athenz.zts.client.keymanager_password";
     public static final String ZTS_CLIENT_PROP_KEY_MANAGER_PWD_APP_NAME         = "athenz.zts.client.keymanager_pwd_app_name";
+    public static final String ZTS_CLIENT_PROP_KEY_MANAGER_PWD_KEYGROUP_NAME    = "athenz.zts.client.keymanager_pwd_keygroup_name";
 
     public static final String ZTS_CLIENT_PROP_TRUSTSTORE_PATH                  = "athenz.zts.client.truststore_path";
     public static final String ZTS_CLIENT_PROP_TRUSTSTORE_TYPE                  = "athenz.zts.client.truststore_type";
     public static final String ZTS_CLIENT_PROP_TRUSTSTORE_PASSWORD              = "athenz.zts.client.truststore_password";
     public static final String ZTS_CLIENT_PROP_TRUSTSTORE_PWD_APP_NAME          = "athenz.zts.client.truststore_pwd_app_name";
+    public static final String ZTS_CLIENT_PROP_TRUSTSTORE_PWD_KEYGROUP_NAME     = "athenz.zts.client.truststore_pwd_keygroup_name";
 
     public static final String ZTS_CLIENT_PROP_POOL_MAX_PER_ROUTE               = "athenz.zts.client.http_pool_max_per_route";
     public static final String ZTS_CLIENT_PROP_POOL_MAX_TOTAL                   = "athenz.zts.client.http_pool_max_total";
@@ -650,12 +653,14 @@ private SSLContext createSSLContext() {
             keyStorePassword = keyStorePwd.toCharArray();
         }
         String keyStorePasswordAppName = System.getProperty(ZTS_CLIENT_PROP_KEYSTORE_PWD_APP_NAME);
+        String keyStorePasswordKeygroupName = System.getProperty(ZTS_CLIENT_PROP_KEYSTORE_PWD_KEYGROUP_NAME);
         char[] keyManagerPassword = null;
         String keyManagerPwd = System.getProperty(ZTS_CLIENT_PROP_KEY_MANAGER_PASSWORD);
         if (!isEmpty(keyManagerPwd)) {
             keyManagerPassword = keyManagerPwd.toCharArray();
         }
         String keyManagerPasswordAppName = System.getProperty(ZTS_CLIENT_PROP_KEY_MANAGER_PWD_APP_NAME);
+        String keyManagerPasswordKeygroupName = System.getProperty(ZTS_CLIENT_PROP_KEY_MANAGER_PWD_KEYGROUP_NAME);
 
         // truststore
         String trustStorePath = System.getProperty(ZTS_CLIENT_PROP_TRUSTSTORE_PATH);
@@ -666,6 +671,7 @@ private SSLContext createSSLContext() {
             trustStorePassword = trustStorePwd.toCharArray();
         }
         String trustStorePasswordAppName = System.getProperty(ZTS_CLIENT_PROP_TRUSTSTORE_PWD_APP_NAME);
+        String trustStorePasswordKeygroupName = System.getProperty(ZTS_CLIENT_PROP_TRUSTSTORE_PWD_KEYGROUP_NAME);
 
         // alias and protocol details
         String certAlias = System.getProperty(ZTS_CLIENT_PROP_CERT_ALIAS);
@@ -687,12 +693,18 @@ private SSLContext createSSLContext() {
         if (null != keyStorePasswordAppName) {
             builder.keyStorePasswordAppName(keyStorePasswordAppName);
         }
+        if (null != keyStorePasswordKeygroupName) {
+            builder.keyStorePasswordKeygroupName(keyStorePasswordKeygroupName);
+        }
         if (null != keyManagerPassword) {
             builder.keyManagerPassword(keyManagerPassword);
         }
         if (null != keyManagerPasswordAppName) {
             builder.keyManagerPasswordAppName(keyManagerPasswordAppName);
         }
+        if (null != keyManagerPasswordKeygroupName) {
+            builder.keyManagerPasswordKeygroupName(keyManagerPasswordKeygroupName);
+        }
         if (!isEmpty(trustStorePath)) {
             builder.trustStorePath(trustStorePath);
         }
@@ -705,6 +717,9 @@ private SSLContext createSSLContext() {
         if (null != trustStorePasswordAppName) {
             builder.trustStorePasswordAppName(trustStorePasswordAppName);
         }
+        if (null != trustStorePasswordKeygroupName) {
+            builder.trustStorePasswordKeygroupName(trustStorePasswordKeygroupName);
+        }
 
         return builder.build();
     }