atlassian · mgrzaslewicz · Jan 13, 2022 · Jun 28, 2021 · Nov 16, 2021 · Nov 16, 2021
@@ -25,6 +25,13 @@ Dropping a requirement of a major version of a dependency is a new contract.
 
 ## [Unreleased]
 [Unreleased]: https://github.com/atlassian/infrastructure/compare/release-4.18.0...master
+### Added
+- `JiraUserPasswordOverridingDatabase` to support providing custom admin password during database setup [JPERF-729]
+
+[JPERF-729]: https://ecosystem.atlassian.net/browse/JPERF-729
+
+### Deprecated
+- `Database.setup(ssh: SshConnection): String` in favor of `Database.performSetup(ssh: SshConnection): DatabaseSetup`
 
 ## [4.18.0] - 2021-04-14
 [4.18.0]: https://github.com/atlassian/infrastructure/compare/release-4.17.5...release-4.18.0

@@ -7,8 +7,6 @@ import org.apache.logging.log4j.Logger
 import java.io.File
 import java.net.URI
 import java.nio.file.Files
-import java.io.FileWriter
-import java.io.BufferedWriter
 
 
 /**
@@ -26,13 +24,12 @@ class LicenseOverridingMysql private constructor(
     @Deprecated(message = "Use the Builder and pass licenses as Files to reduce accidental leakage of the license")
     constructor(
         database: Database,
-        licenses: List<String>) : this(database, LicenseCollection(licenses.map<String, File> {
+        licenses: List<String>
+    ) : this(database, LicenseCollection(licenses.map<String, File> {
         createTempLicenseFile(it)
     }))
 
-    override fun setup(
-        ssh: SshConnection
-    ): String = database.setup(ssh)
+    override fun setup(ssh: SshConnection): String = database.setup(ssh)
 
     override fun start(
         jira: URI,
@@ -89,4 +86,4 @@ internal fun createTempLicenseFile(license: String): File {
         .use { it.write(license) }
     return licenseFile
 
-}
+}
@@ -17,7 +17,9 @@ class MySqlDatabase(
     private val source: DatasetPackage,
     private val maxConnections: Int
 ) : Database {
-    private val logger: Logger = LogManager.getLogger(this::class.java)
+    companion object {
+        private val logger: Logger = LogManager.getLogger(MySqlDatabase::class.java)
+    }
 
     private val image: DockerImage = DockerImage(
         name = "mysql:5.7.32",
@@ -36,13 +38,13 @@ class MySqlDatabase(
     )
 
     override fun setup(ssh: SshConnection): String {
-        val mysqlData = source.download(ssh)
+        val mysqlDataLocation = source.download(ssh)
         image.run(
             ssh = ssh,
-            parameters = "-p 3306:3306 -v `realpath $mysqlData`:/var/lib/mysql",
+            parameters = "-p 3306:3306 -v `realpath $mysqlDataLocation`:/var/lib/mysql",
             arguments = "--skip-grant-tables --max_connections=$maxConnections"
         )
-        return mysqlData
+        return mysqlDataLocation
     }
 
     override fun start(jira: URI, ssh: SshConnection) {

diff --git a/...rformance/tools/infrastructure/api/database/passwordoverride/JiraUserPasswordEncryptor.kt b/...rformance/tools/infrastructure/api/database/passwordoverride/JiraUserPasswordEncryptor.kt
@@ -0,0 +1,43 @@
+package com.atlassian.performance.tools.infrastructure.api.database.passwordoverride
+
+import com.atlassian.performance.tools.infrastructure.database.SshSqlClient
+import com.atlassian.performance.tools.ssh.api.SshConnection
+import org.apache.logging.log4j.LogManager
+import org.apache.logging.log4j.Logger
+
+interface JiraUserPasswordEncryptor {
+    fun getEncryptedPassword(ssh: SshConnection): String
+}
+
+internal class DefaultJiraUserPasswordEncryptor(
+    private val passwordEncryptFunction: (String) -> String,
+    private val userPasswordPlainText: String,
+    private val sqlClient: SshSqlClient,
+    private val jiraDatabaseSchemaName: String
+): JiraUserPasswordEncryptor {
+    private val logger: Logger = LogManager.getLogger(this::class.java)
+
+    override fun getEncryptedPassword(ssh: SshConnection): String {
+        return if (shouldUseEncryption(ssh)) {
+            logger.debug("Using credential with encrypted password")
+            passwordEncryptFunction(userPasswordPlainText)
+        } else {
+            logger.debug("Using credential with plain text password")
+            userPasswordPlainText
+        }
+    }
+
+    private fun shouldUseEncryption(ssh: SshConnection): Boolean {
+        val sqlResult =
+            sqlClient.runSql(ssh, "select attribute_value from ${jiraDatabaseSchemaName}.cwd_directory_attribute where attribute_name = 'user_encryption_method';").output
+        return when {
+            sqlResult.contains("plaintext") -> false
+            sqlResult.contains("atlassian-security") -> true
+            else -> {
+                logger.warn("Unknown user_encryption_method. Assuming encrypted password should be used")
+                true
+            }
+        }
+    }
+
+}
@@ -0,0 +1,86 @@
+package com.atlassian.performance.tools.infrastructure.api.database
+
+import com.atlassian.performance.tools.infrastructure.api.database.passwordoverride.DefaultJiraUserPasswordEncryptor
+import com.atlassian.performance.tools.infrastructure.api.database.passwordoverride.JiraUserPasswordEncryptor
+import com.atlassian.performance.tools.infrastructure.database.SshMysqlClient
+import com.atlassian.performance.tools.infrastructure.database.SshSqlClient
+import com.atlassian.performance.tools.ssh.api.SshConnection
+import org.apache.logging.log4j.LogManager
+import org.apache.logging.log4j.Logger
+import java.net.URI
+
+/**
+ * Based on https://confluence.atlassian.com/jira/retrieving-the-jira-administrator-192836.html
+ *
+ * To encode the password use [com.atlassian.crowd.password.encoder.AtlassianSecurityPasswordEncoder](https://docs.atlassian.com/atlassian-crowd/4.2.2/com/atlassian/crowd/password/encoder/AtlassianSecurityPasswordEncoder.html)
+ * from the [com.atlassian.crowd.crowd-password-encoders](https://mvnrepository.com/artifact/com.atlassian.crowd/crowd-password-encoders/4.2.2).
+ */
+
+class JiraUserPasswordOverridingDatabase internal constructor(
+    private val databaseDelegate: Database,
+    private val sqlClient: SshSqlClient,
+    private val username: String,
+    private val jiraDatabaseSchemaName: String,
+    private val userPasswordPlainText: String,
+    private val jiraUserPasswordEncryptor: JiraUserPasswordEncryptor
+) : Database {
+    private val logger: Logger = LogManager.getLogger(this::class.java)
+
+    override fun setup(ssh: SshConnection): String = databaseDelegate.setup(ssh)
+
+    override fun start(
+        jira: URI,
+        ssh: SshConnection
+    ) {
+        databaseDelegate.start(jira, ssh)
+        val password = jiraUserPasswordEncryptor.getEncryptedPassword(ssh)
+        sqlClient.runSql(ssh, "UPDATE ${jiraDatabaseSchemaName}.cwd_user SET credential='$password' WHERE user_name='$username';")
+        logger.debug("Password for user '$username' updated to '${userPasswordPlainText}'")
+    }
+
+
+    class Builder(
+        private var databaseDelegate: Database,
+        private var userPasswordPlainText: String,
+        private var jiraUserPasswordEncryptor: JiraUserPasswordEncryptor
+    ) {
+        private var sqlClient: SshSqlClient = SshMysqlClient()
+        private var jiraDatabaseSchemaName: String = "jiradb"
+        private var username: String = "admin"
+
+        fun databaseDelegate(databaseDelegate: Database) = apply { this.databaseDelegate = databaseDelegate }
+        fun username(username: String) = apply { this.username = username }
+        fun userPasswordPlainText(userPassword: String) = apply { this.userPasswordPlainText = userPassword }
+        fun sqlClient(sqlClient: SshSqlClient) = apply { this.sqlClient = sqlClient }
+        fun jiraDatabaseSchemaName(jiraDatabaseSchemaName: String) = apply { this.jiraDatabaseSchemaName = jiraDatabaseSchemaName }
+        fun jiraUserPasswordEncryptor(jiraUserPasswordEncryptor: JiraUserPasswordEncryptor) = apply { this.jiraUserPasswordEncryptor = jiraUserPasswordEncryptor }
+
+        fun build() = JiraUserPasswordOverridingDatabase(
+            databaseDelegate = databaseDelegate,
+            sqlClient = sqlClient,
+            username = username,
+            userPasswordPlainText = userPasswordPlainText,
+            jiraDatabaseSchemaName = jiraDatabaseSchemaName,
+            jiraUserPasswordEncryptor = jiraUserPasswordEncryptor
+        )
+    }
+
+}
+
+fun Database.withAdminPassword(adminPasswordPlainText: String, passwordEncryptFunction: (String) -> String): JiraUserPasswordOverridingDatabase {
+    val jiraDatabaseSchemaName = "jiradb"
+    val sqlClient = SshMysqlClient()
+    return JiraUserPasswordOverridingDatabase.Builder(
+        databaseDelegate = this,
+        userPasswordPlainText = adminPasswordPlainText,
+        jiraUserPasswordEncryptor = DefaultJiraUserPasswordEncryptor(
+            passwordEncryptFunction = passwordEncryptFunction,
+            userPasswordPlainText = adminPasswordPlainText,
+            sqlClient = sqlClient,
+            jiraDatabaseSchemaName = jiraDatabaseSchemaName
+        )
+    )
+        .jiraDatabaseSchemaName(jiraDatabaseSchemaName)
+        .sqlClient(sqlClient)
+        .build()
+}
@@ -1,7 +1,7 @@
 package com.atlassian.performance.tools.infrastructure.api.database
 
+import com.atlassian.performance.tools.infrastructure.mock.RememberingDatabase
 import com.atlassian.performance.tools.infrastructure.mock.RememberingSshConnection
-import com.atlassian.performance.tools.ssh.api.SshConnection
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.Test
 import java.io.File
@@ -11,14 +11,16 @@ class LicenseOverridingMysqlTest {
 
     private val jira = URI("http://localhost/")
 
+    private fun Database.withLicenseString(licenses: List<String>) = LicenseOverridingMysql.Builder(this).licenseStrings(licenses).build()
+
     @Test
     fun shouldOverrideOneLicense() {
         val licenseStrings = listOf("the only license")
         val (testedDatabase, underlyingDatabase, ssh) = setUp(licenseStrings)
 
         testedDatabase.start(jira, ssh)
 
-        assertThat(underlyingDatabase.started)
+        assertThat(underlyingDatabase.isStarted)
             .`as`("underlying database started")
             .isTrue()
         assertSshCommands(ssh)
@@ -76,10 +78,7 @@ class LicenseOverridingMysqlTest {
         val underlyingDatabase = RememberingDatabase()
         @Suppress("DEPRECATION")
         return DatabaseStartTest(
-            testedDatabase = LicenseOverridingMysql(
-                database = underlyingDatabase,
-                licenses = licenses
-            ),
+            testedDatabase = underlyingDatabase.withLicenseString(licenses),
             underlyingDatabase = underlyingDatabase,
             ssh = RememberingSshConnection()
         )
@@ -105,10 +104,7 @@ class LicenseOverridingMysqlTest {
         val underlyingDatabase = RememberingDatabase()
         @Suppress("DEPRECATION")
         return DatabaseStartTest(
-            testedDatabase = LicenseOverridingMysql
-                .Builder(underlyingDatabase)
-                .licenseStrings(licenses)
-                .build(),
+            testedDatabase = underlyingDatabase.withLicenseString(licenses),
             underlyingDatabase = underlyingDatabase,
             ssh = RememberingSshConnection()
         )
@@ -161,19 +157,4 @@ class LicenseOverridingMysqlTest {
         val underlyingDatabase: RememberingDatabase,
         val ssh: RememberingSshConnection
     )
-
-    private class RememberingDatabase : Database {
-
-        var setup = false
-        var started = false
-
-        override fun setup(ssh: SshConnection): String {
-            setup = true
-            return "."
-        }
-
-        override fun start(jira: URI, ssh: SshConnection) {
-            started = true
-        }
-    }
 }
diff --git a/...ools/infrastructure/api/database/passwordoverride/DefaultJiraUserPasswordEncryptorTest.kt b/...ools/infrastructure/api/database/passwordoverride/DefaultJiraUserPasswordEncryptorTest.kt
@@ -0,0 +1,86 @@
+package com.atlassian.performance.tools.infrastructure.api.database.passwordoverride
+
+import com.atlassian.performance.tools.infrastructure.mock.MockSshSqlClient
+import com.atlassian.performance.tools.infrastructure.mock.RememberingSshConnection
+import com.atlassian.performance.tools.ssh.api.SshConnection
+import org.assertj.core.api.Assertions.assertThat
+import org.junit.Before
+import org.junit.Test
+
+class DefaultJiraUserPasswordEncryptorTest {
+    private val plainTextPassword = "plain text password"
+    private val encryptedPassword = "***** ***"
+
+    private lateinit var sqlClient: MockSshSqlClient
+    private lateinit var sshConnection: RememberingSshConnection
+    private lateinit var jiraUserPasswordEncryptor: JiraUserPasswordEncryptor
+
+    @Before
+    fun setup() {
+        sqlClient = MockSshSqlClient()
+        sshConnection = RememberingSshConnection()
+        jiraUserPasswordEncryptor = DefaultJiraUserPasswordEncryptor(
+            passwordEncryptFunction = { _ -> encryptedPassword },
+            userPasswordPlainText = plainTextPassword,
+            sqlClient = sqlClient,
+            jiraDatabaseSchemaName = "jiradb"
+        )
+    }
+
+    @Test
+    fun shouldQueryEncryptionMethod() {
+        // when
+        jiraUserPasswordEncryptor.getEncryptedPassword(sshConnection)
+        // then
+        assertThat(sqlClient.getLog())
+            .`as`("sql queries executed")
+            .containsExactly(
+                "select attribute_value from jiradb.cwd_directory_attribute where attribute_name = 'user_encryption_method';"
+            )
+    }
+
+    @Test
+    fun shouldReturnEncryptedPasswordByDefault() {
+        // when
+        val encryptedPassword = jiraUserPasswordEncryptor.getEncryptedPassword(sshConnection)
+        // then
+        assertThat(encryptedPassword).isEqualTo(encryptedPassword)
+    }
+
+    @Test
+    fun shouldUpdateEncryptedPassword() {
+        // given
+        sqlClient.queueReturnedSqlCommandResult(
+            SshConnection.SshResult(
+                exitStatus = 0,
+                output = """attribute_value
+                            atlassian-security
+""".trimMargin(),
+                errorOutput = ""
+            )
+        )
+        // when
+        val encryptedPassword = jiraUserPasswordEncryptor.getEncryptedPassword(sshConnection)
+        // then
+        assertThat(encryptedPassword).isEqualTo(encryptedPassword)
+    }
+
+    @Test
+    fun shouldUpdatePlaintextPassword() {
+        // given
+        sqlClient.queueReturnedSqlCommandResult(
+            SshConnection.SshResult(
+                exitStatus = 0,
+                output = """attribute_value
+                            plaintext
+""".trimMargin(),
+                errorOutput = ""
+            )
+        )
+        // when
+        val encryptedPassword = jiraUserPasswordEncryptor.getEncryptedPassword(sshConnection)
+        // then
+        assertThat(encryptedPassword).isEqualTo(plainTextPassword)
+    }
+
+}