[#721] security crd connector missing keystoretype and trustoretype p…

…roperty

api/v1beta1/activemqartemissecurity_types.go

@@ -328,6 +328,9 @@ type ConnectorConfigType struct {
 	// Whether management connection is secured
 	//+operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Secured",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:booleanSwitch"}
 	Secured *bool `json:"secured,omitempty"`
+	// The keystore type for management connector
+	//+operator-sdk:csv:customresourcedefinitions:type=spec,displayName="KeyStore Type",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:text"}
+	KeyStoreType *string `json:"keyStoreType,omitempty"`
 	// The keystore provider for management connector
 	//+operator-sdk:csv:customresourcedefinitions:type=spec,displayName="KeyStore Provider",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:text"}
 	KeyStoreProvider *string `json:"keyStoreProvider,omitempty"`
@@ -337,6 +340,9 @@ type ConnectorConfigType struct {
 	// The keystore password for management connector
 	//+operator-sdk:csv:customresourcedefinitions:type=spec,displayName="KeyStore Password",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:text"}
 	KeyStorePassword *string `json:"keyStorePassword,omitempty"`
+	// The truststore type for management connector
+	//+operator-sdk:csv:customresourcedefinitions:type=spec,displayName="TrustStore Type",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:text"}
+	TrustStoreType *string `json:"trustStoreType,omitempty"`
 	// The truststore provider for management connector
 	//+operator-sdk:csv:customresourcedefinitions:type=spec,displayName="TrustStore Provider",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:text"}
 	TrustStoreProvider *string `json:"trustStoreProvider,omitempty"`

bundle/manifests/activemq-artemis-operator.clusterserviceversion.yaml

@@ -2490,6 +2490,11 @@ spec:
         path: securitySettings.management.connector.keyStoreProvider
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:text
+      - description: The keystore type for management connector
+        displayName: KeyStore Type
+        path: securitySettings.management.connector.keyStoreType
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
       - description: The JMX object name of management
         displayName: Object Name
         path: securitySettings.management.connector.objectName
@@ -2530,6 +2535,11 @@ spec:
         path: securitySettings.management.connector.trustStoreProvider
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:text
+      - description: The truststore type for management connector
+        displayName: TrustStore Type
+        path: securitySettings.management.connector.trustStoreType
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
       - description: The roles allowed to login hawtio
         displayName: Hawtio Roles
         path: securitySettings.management.hawtioRoles

bundle/manifests/broker.amq.io_activemqartemissecurities.yaml

@@ -888,6 +888,9 @@ spec:
                           keyStoreProvider:
                             description: The keystore provider for management connector
                             type: string
+                          keyStoreType:
+                            description: The keystore type for management connector
+                            type: string
                           objectName:
                             description: The JMX object name of management
                             type: string
@@ -914,6 +917,9 @@ spec:
                           trustStoreProvider:
                             description: The truststore provider for management connector
                             type: string
+                          trustStoreType:
+                            description: The truststore type for management connector
+                            type: string
                         type: object
                       hawtioRoles:
                         description: The roles allowed to login hawtio

config/crd/bases/broker.amq.io_activemqartemissecurities.yaml

@@ -889,6 +889,9 @@ spec:
                           keyStoreProvider:
                             description: The keystore provider for management connector
                             type: string
+                          keyStoreType:
+                            description: The keystore type for management connector
+                            type: string
                           objectName:
                             description: The JMX object name of management
                             type: string
@@ -915,6 +918,9 @@ spec:
                           trustStoreProvider:
                             description: The truststore provider for management connector
                             type: string
+                          trustStoreType:
+                            description: The truststore type for management connector
+                            type: string
                         type: object
                       hawtioRoles:
                         description: The roles allowed to login hawtio

config/manifests/bases/activemq-artemis-operator.clusterserviceversion.yaml

@@ -1742,6 +1742,11 @@ spec:
         path: securitySettings.management.connector.keyStoreProvider
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:text
+      - description: The keystore type for management connector
+        displayName: KeyStore Type
+        path: securitySettings.management.connector.keyStoreType
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
       - description: The JMX object name of management
         displayName: Object Name
         path: securitySettings.management.connector.objectName
@@ -1782,6 +1787,11 @@ spec:
         path: securitySettings.management.connector.trustStoreProvider
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:text
+      - description: The truststore type for management connector
+        displayName: TrustStore Type
+        path: securitySettings.management.connector.trustStoreType
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
       - description: The roles allowed to login hawtio
         displayName: Hawtio Roles
         path: securitySettings.management.hawtioRoles

controllers/activemqartemissecurity_controller_test.go

@@ -66,6 +66,83 @@ var _ = Describe("security controller", func() {
 
 	Context("broker with security custom resources", Label("broker-security-res"), func() {
 
+		It("management connector config", Label("mgmt-connector-config"), func() {
+
+			By("deploy a security cr")
+			_, createdSecurityCr := DeploySecurity(NextSpecResourceName(), defaultNamespace, func(candidate *brokerv1beta1.ActiveMQArtemisSecurity) {
+				candidate.Spec.SecuritySettings.Management.Connector = brokerv1beta1.ConnectorConfigType{
+					Host:               StringToPtr("0.0.0.0"),
+					Port:               common.Int32ToPtr(9091),
+					RmiRegistryPort:    common.Int32ToPtr(1234),
+					JmxRealm:           StringToPtr("activemq"),
+					ObjectName:         StringToPtr("connector:name=rmi"),
+					AuthenticatorType:  StringToPtr("password"),
+					Secured:            &boolFalse,
+					KeyStoreType:       StringToPtr("PKCS12"),
+					KeyStoreProvider:   StringToPtr("SUN"),
+					KeyStorePath:       StringToPtr("/etc/keystore/broker.ks"),
+					KeyStorePassword:   StringToPtr("kspassword"),
+					TrustStoreType:     StringToPtr("JKS"),
+					TrustStoreProvider: StringToPtr("tSUN"),
+					TrustStorePath:     StringToPtr("/etc/truststore/broker.ts"),
+					TrustStorePassword: StringToPtr("tspassword"),
+					PasswordCodec:      StringToPtr("org.apache.activemq.SomeClass"),
+				}
+			})
+
+			By("deploy a broker cr")
+			_, createdBrokerCr := DeployCustomBroker(defaultNamespace, nil)
+
+			By("checking the security gets applied")
+			requestedSs := &appsv1.StatefulSet{}
+			Eventually(func() bool {
+				key := types.NamespacedName{Name: namer.CrToSS(createdBrokerCr.Name), Namespace: defaultNamespace}
+				err := k8sClient.Get(ctx, key, requestedSs)
+				if err != nil {
+					return false
+				}
+
+				initContainer := requestedSs.Spec.Template.Spec.InitContainers[0]
+				secApplied := false
+				for _, arg := range initContainer.Args {
+					if strings.Contains(arg, "mkdir -p /init_cfg_root/security/security") {
+						secApplied = true
+						break
+					}
+				}
+				return secApplied
+			}, timeout, interval).Should(BeTrue())
+
+			expectedSecuritySecret := &corev1.Secret{}
+			expectedSecuritySecretKey := types.NamespacedName{Name: "secret-security-" + createdSecurityCr.Name, Namespace: defaultNamespace}
+
+			By("checking the security secret")
+			Eventually(k8sClient.Get(ctx, expectedSecuritySecretKey, expectedSecuritySecret), timeout, interval).Should(Succeed())
+			crData := expectedSecuritySecret.Data["Data"]
+			Expect(string(crData)).NotTo(BeEmpty())
+
+			Expect(crData).To(ContainSubstring("host: 0.0.0.0"))
+			Expect(crData).To(ContainSubstring("port: 9091"))
+			Expect(crData).To(ContainSubstring("rmiregistryport: 1234"))
+			Expect(crData).To(ContainSubstring("jmxrealm: activemq"))
+			Expect(crData).To(ContainSubstring("objectname: connector:name=rmi"))
+			Expect(crData).To(ContainSubstring("authenticatortype: password"))
+			Expect(crData).To(ContainSubstring("secured: false"))
+			Expect(crData).To(ContainSubstring("keystoretype: PKCS12"))
+			Expect(crData).To(ContainSubstring("keystoreprovider: SUN"))
+			Expect(crData).To(ContainSubstring("keystorepath: /etc/keystore/broker.ks"))
+			Expect(crData).To(ContainSubstring("keystorepassword: kspassword"))
+			Expect(crData).To(ContainSubstring("truststoretype: JKS"))
+			Expect(crData).To(ContainSubstring("truststoreprovider: tSUN"))
+			Expect(crData).To(ContainSubstring("truststorepath: /etc/truststore/broker.ts"))
+			Expect(crData).To(ContainSubstring("truststorepassword: tspassword"))
+			Expect(crData).To(ContainSubstring("passwordcodec: org.apache.activemq.SomeClass"))
+
+			By("delete the broker cr")
+			CleanResource(createdBrokerCr, createdBrokerCr.Name, defaultNamespace)
+			CleanResource(createdSecurityCr, createdSecurityCr.Name, defaultNamespace)
+		})
+
 		It("no password in security log test", func() {
 			By("deploy a security cr")
 			StartCapturingLog()

controllers/common_util_test.go

@@ -735,3 +735,7 @@ func CreateTlsSecret(secretName string, ns string, ksPassword string, nsNames []
 	}
 	return &tlsSecret, nil
 }
+
+func StringToPtr(v string) *string {
+	return &v
+}

deploy/crds/broker_activemqartemissecurity_crd.yaml

@@ -842,6 +842,9 @@ spec:
                           keyStoreProvider:
                             description: The keystore provider for management connector
                             type: string
+                          keyStoreType:
+                            description: The keystore type for management connector
+                            type: string
                           objectName:
                             description: The JMX object name of management
                             type: string
@@ -868,6 +871,9 @@ spec:
                           trustStoreProvider:
                             description: The truststore provider for management connector
                             type: string
+                          trustStoreType:
+                            description: The truststore type for management connector
+                            type: string
                         type: object
                       hawtioRoles:
                         description: The roles allowed to login hawtio