From 60cbc644727271eed0cbf7c85583a0c84973f01e Mon Sep 17 00:00:00 2001
From: Jonathan Wei <jon-wei@users.noreply.github.com>
Date: Wed, 5 Sep 2018 17:07:16 -0700
Subject: [PATCH] Use PasswordProvider, fix info on initial passwords in basic
 security extension docs (#6303)

* Fix info on initial passwords in basic security extension docs

* Use PasswordProvider

* Compile fix
---
 .../extensions-core/druid-basic-security.md        |  4 ++--
 .../druid/security/basic/BasicAuthDBConfig.java    | 14 ++++++++------
 .../authentication/BasicHTTPAuthenticator.java     |  5 +++--
 ...orBasicAuthenticatorMetadataStorageUpdater.java |  4 ++--
 .../authentication/BasicHTTPAuthenticatorTest.java |  5 +++--
 .../CoordinatorBasicAuthenticatorResourceTest.java |  9 +++++----
 6 files changed, 23 insertions(+), 18 deletions(-)

diff --git a/docs/content/development/extensions-core/druid-basic-security.md b/docs/content/development/extensions-core/druid-basic-security.md
index c0f9d054bc1..d1d044b2340 100644
--- a/docs/content/development/extensions-core/druid-basic-security.md
+++ b/docs/content/development/extensions-core/druid-basic-security.md
@@ -53,8 +53,8 @@ The configuration examples in the rest of this document will use "MyBasicAuthent
 #### Properties
 |Property|Description|Default|required|
 |--------|-----------|-------|--------|
-|`druid.auth.authenticator.MyBasicAuthenticator.initialAdminPassword`|Initial password for the automatically created default admin user. If no password is specified, the default admin user will not be created. If the default admin user already exists, setting this property will affect its password.|null|No|
-|`druid.auth.authenticator.MyBasicAuthenticator.initialInternalClientPassword`|Initial password for the default internal system user, used for internal node communication. If no password is specified, the default internal system user will not be created. If the default internal system user already exists, setting this property will affect its password.|null|No|
+|`druid.auth.authenticator.MyBasicAuthenticator.initialAdminPassword`|Initial [Password Provider](../../operations/password-provider.html) for the automatically created default admin user. If no password is specified, the default admin user will not be created. If the default admin user already exists, setting this property will not affect its password.|null|No|
+|`druid.auth.authenticator.MyBasicAuthenticator.initialInternalClientPassword`|Initial [Password Provider](../../operations/password-provider.html) for the default internal system user, used for internal node communication. If no password is specified, the default internal system user will not be created. If the default internal system user already exists, setting this property will not affect its password.|null|No|
 |`druid.auth.authenticator.MyBasicAuthenticator.enableCacheNotifications`|If true, the coordinator will notify Druid nodes whenever a configuration change to this Authenticator occurs, allowing them to immediately update their state without waiting for polling.|true|No|
 |`druid.auth.authenticator.MyBasicAuthenticator.cacheNotificationTimeout`|The timeout in milliseconds for the cache notifications.|5000|No|
 |`druid.auth.authenticator.MyBasicAuthenticator.credentialIterations`|Number of iterations to use for password hashing.|10000|No|
diff --git a/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/BasicAuthDBConfig.java b/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/BasicAuthDBConfig.java
index 22d078498e4..7e084cb63be 100644
--- a/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/BasicAuthDBConfig.java
+++ b/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/BasicAuthDBConfig.java
@@ -19,19 +19,21 @@
 
 package org.apache.druid.security.basic;
 
+import org.apache.druid.metadata.PasswordProvider;
+
 public class BasicAuthDBConfig
 {
   public static final long DEFAULT_CACHE_NOTIFY_TIMEOUT_MS = 5000;
 
-  private final String initialAdminPassword;
-  private final String initialInternalClientPassword;
+  private final PasswordProvider initialAdminPassword;
+  private final PasswordProvider initialInternalClientPassword;
   private final boolean enableCacheNotifications;
   private final long cacheNotificationTimeout;
   private final int iterations;
 
   public BasicAuthDBConfig(
-      final String initialAdminPassword,
-      final String initialInternalClientPassword,
+      final PasswordProvider initialAdminPassword,
+      final PasswordProvider initialInternalClientPassword,
       final Boolean enableCacheNotifications,
       final Long cacheNotificationTimeout,
       final int iterations
@@ -44,12 +46,12 @@ public class BasicAuthDBConfig
     this.iterations = iterations;
   }
 
-  public String getInitialAdminPassword()
+  public PasswordProvider getInitialAdminPassword()
   {
     return initialAdminPassword;
   }
 
-  public String getInitialInternalClientPassword()
+  public PasswordProvider getInitialInternalClientPassword()
   {
     return initialInternalClientPassword;
   }
diff --git a/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authentication/BasicHTTPAuthenticator.java b/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authentication/BasicHTTPAuthenticator.java
index 7e495eb03df..71d927dc773 100644
--- a/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authentication/BasicHTTPAuthenticator.java
+++ b/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authentication/BasicHTTPAuthenticator.java
@@ -25,6 +25,7 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonTypeName;
 import com.google.inject.Provider;
 import org.apache.druid.java.util.common.IAE;
+import org.apache.druid.metadata.PasswordProvider;
 import org.apache.druid.security.basic.BasicAuthDBConfig;
 import org.apache.druid.security.basic.BasicAuthUtils;
 import org.apache.druid.security.basic.authentication.db.cache.BasicAuthenticatorCacheManager;
@@ -62,8 +63,8 @@ public class BasicHTTPAuthenticator implements Authenticator
       @JacksonInject Provider<BasicAuthenticatorCacheManager> cacheManager,
       @JsonProperty("name") String name,
       @JsonProperty("authorizerName") String authorizerName,
-      @JsonProperty("initialAdminPassword") String initialAdminPassword,
-      @JsonProperty("initialInternalClientPassword") String initialInternalClientPassword,
+      @JsonProperty("initialAdminPassword") PasswordProvider initialAdminPassword,
+      @JsonProperty("initialInternalClientPassword") PasswordProvider initialInternalClientPassword,
       @JsonProperty("enableCacheNotifications") Boolean enableCacheNotifications,
       @JsonProperty("cacheNotificationTimeout") Long cacheNotificationTimeout,
       @JsonProperty("credentialIterations") Integer credentialIterations
diff --git a/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authentication/db/updater/CoordinatorBasicAuthenticatorMetadataStorageUpdater.java b/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authentication/db/updater/CoordinatorBasicAuthenticatorMetadataStorageUpdater.java
index 442c23385e1..941b4a38a0e 100644
--- a/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authentication/db/updater/CoordinatorBasicAuthenticatorMetadataStorageUpdater.java
+++ b/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authentication/db/updater/CoordinatorBasicAuthenticatorMetadataStorageUpdater.java
@@ -138,7 +138,7 @@ public class CoordinatorBasicAuthenticatorMetadataStorageUpdater implements Basi
                 authenticatorName,
                 BasicAuthUtils.ADMIN_NAME,
                 new BasicAuthenticatorCredentialUpdate(
-                    dbConfig.getInitialAdminPassword(),
+                    dbConfig.getInitialAdminPassword().getPassword(),
                     BasicAuthUtils.DEFAULT_KEY_ITERATIONS
                 )
             );
@@ -151,7 +151,7 @@ public class CoordinatorBasicAuthenticatorMetadataStorageUpdater implements Basi
                 authenticatorName,
                 BasicAuthUtils.INTERNAL_USER_NAME,
                 new BasicAuthenticatorCredentialUpdate(
-                    dbConfig.getInitialInternalClientPassword(),
+                    dbConfig.getInitialInternalClientPassword().getPassword(),
                     BasicAuthUtils.DEFAULT_KEY_ITERATIONS
                 )
             );
diff --git a/extensions-core/druid-basic-security/src/test/java/org/apache/druid/security/authentication/BasicHTTPAuthenticatorTest.java b/extensions-core/druid-basic-security/src/test/java/org/apache/druid/security/authentication/BasicHTTPAuthenticatorTest.java
index 90796b394dc..782c9dd2111 100644
--- a/extensions-core/druid-basic-security/src/test/java/org/apache/druid/security/authentication/BasicHTTPAuthenticatorTest.java
+++ b/extensions-core/druid-basic-security/src/test/java/org/apache/druid/security/authentication/BasicHTTPAuthenticatorTest.java
@@ -23,6 +23,7 @@ import com.google.common.collect.ImmutableMap;
 import com.google.inject.Provider;
 import com.google.inject.util.Providers;
 import org.apache.druid.java.util.common.StringUtils;
+import org.apache.druid.metadata.DefaultPasswordProvider;
 import org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator;
 import org.apache.druid.security.basic.authentication.db.cache.BasicAuthenticatorCacheManager;
 import org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorCredentialUpdate;
@@ -71,8 +72,8 @@ public class BasicHTTPAuthenticatorTest
       CACHE_MANAGER_PROVIDER,
       "basic",
       "basic",
-      "a",
-      "a",
+      new DefaultPasswordProvider("a"),
+      new DefaultPasswordProvider("a"),
       false,
       null,
       null
diff --git a/extensions-core/druid-basic-security/src/test/java/org/apache/druid/security/authentication/CoordinatorBasicAuthenticatorResourceTest.java b/extensions-core/druid-basic-security/src/test/java/org/apache/druid/security/authentication/CoordinatorBasicAuthenticatorResourceTest.java
index 72f1c2fba3d..dff71e376de 100644
--- a/extensions-core/druid-basic-security/src/test/java/org/apache/druid/security/authentication/CoordinatorBasicAuthenticatorResourceTest.java
+++ b/extensions-core/druid-basic-security/src/test/java/org/apache/druid/security/authentication/CoordinatorBasicAuthenticatorResourceTest.java
@@ -23,6 +23,7 @@ import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.dataformat.smile.SmileFactory;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
+import org.apache.druid.metadata.DefaultPasswordProvider;
 import org.apache.druid.metadata.MetadataStorageTablesConfig;
 import org.apache.druid.metadata.TestDerbyConnector;
 import org.apache.druid.security.basic.BasicAuthCommonCacheConfig;
@@ -83,8 +84,8 @@ public class CoordinatorBasicAuthenticatorResourceTest
                 null,
                 AUTHENTICATOR_NAME,
                 "test",
-                "druid",
-                "druid",
+                new DefaultPasswordProvider("druid"),
+                new DefaultPasswordProvider("druid"),
                 null,
                 null,
                 null
@@ -94,8 +95,8 @@ public class CoordinatorBasicAuthenticatorResourceTest
                 null,
                 AUTHENTICATOR_NAME2,
                 "test",
-                "druid",
-                "druid",
+                new DefaultPasswordProvider("druid"),
+                new DefaultPasswordProvider("druid"),
                 null,
                 null,
                 null