JPERF-729: Create a way to configure Jira admin user password during database setup

src/main/kotlin/com/atlassian/performance/tools/infrastructure/api/database/Database.kt

@@ -8,10 +8,7 @@ import java.net.URI
  */
 interface Database {
 
-    /**
-     * @return Database data location if exists
-     */
-    fun setup(ssh: SshConnection): String
+    fun setup(ssh: SshConnection): DatabaseSetup
 
     fun start(jira: URI, ssh: SshConnection)
 }

src/main/kotlin/com/atlassian/performance/tools/infrastructure/api/database/DatabaseSetup.kt

@@ -0,0 +1,3 @@
+package com.atlassian.performance.tools.infrastructure.api.database
+
+data class DatabaseSetup(val location: String)

src/main/kotlin/com/atlassian/performance/tools/infrastructure/api/database/JiraUserPasswordOverridingDatabase.kt

@@ -0,0 +1,97 @@
+package com.atlassian.performance.tools.infrastructure.api.database
+
+import com.atlassian.performance.tools.infrastructure.database.SshMysqlClient
+import com.atlassian.performance.tools.infrastructure.database.SshSqlClient
+import com.atlassian.performance.tools.ssh.api.SshConnection
+import org.apache.logging.log4j.LogManager
+import org.apache.logging.log4j.Logger
+import java.net.URI
+
+data class JiraUserPassword(
+    val plainText: String,
+    val encrypted: String
+)
+
+/**
+ * Based on https://confluence.atlassian.com/jira/retrieving-the-jira-administrator-192836.html
+ *
+ * To encode the password use [com.atlassian.crowd.password.encoder.AtlassianSecurityPasswordEncoder](https://docs.atlassian.com/atlassian-crowd/4.2.2/com/atlassian/crowd/password/encoder/AtlassianSecurityPasswordEncoder.html)
+ * from the [com.atlassian.crowd.crowd-password-encoders](https://mvnrepository.com/artifact/com.atlassian.crowd/crowd-password-encoders/4.2.2).
+ */
+class JiraUserPasswordOverridingDatabase internal constructor(
+    private val databaseDelegate: Database,
+    private val sqlClient: SshSqlClient,
+    private val username: String,
+    private val userPassword: JiraUserPassword?,
+    private val cwdUserTableName: String
+) : Database {
+    companion object {
+        private val logger: Logger = LogManager.getLogger(JiraUserPasswordOverridingDatabase::class.java)
+    }
+
+    override fun setup(
+        ssh: SshConnection
+    ) = databaseDelegate.setup(ssh)
+
+    override fun start(
+        jira: URI,
+        ssh: SshConnection
+    ) {
+        databaseDelegate.start(jira, ssh)
+        if (userPassword == null) {
+            logger.info("Password not provided, skipping dataset update")
+        } else {
+            if (shouldUseEncryption(ssh)) {
+                logger.info("Updating credential with encrypted password")
+                sqlClient.runSql(ssh, "UPDATE $cwdUserTableName SET credential='${userPassword.encrypted}' WHERE user_name='$username';")
+            } else {
+                logger.info("Updating credential with plain text password")
+                sqlClient.runSql(ssh, "UPDATE $cwdUserTableName SET credential='${userPassword.plainText}' WHERE user_name='$username';")
+            }
+            logger.info("Password for user '$username' updated to '${userPassword.plainText}'")
+        }
+    }
+
+    private fun shouldUseEncryption(ssh: SshConnection): Boolean {
+        val dbNamePrefix = if (cwdUserTableName.contains(".")) cwdUserTableName.substringBefore(".") + "." else ""
+        val sqlResult = sqlClient.runSql(ssh, "select attribute_value from ${dbNamePrefix}cwd_directory_attribute where attribute_name = 'user_encryption_method';").output
+        return when  {
+            sqlResult.contains("plaintext") -> false
+            sqlResult.contains("atlassian-security") -> true
+            else -> {
+                logger.warn("Unknown user_encryption_method. Assuming encrypted password should be used")
+                true
+            }
+        }
+    }
+
+    class Builder(
+        private var databaseDelegate: Database,
+        private var username: String,
+        private var userPassword: JiraUserPassword?
+    ) {
+        private var sqlClient: SshSqlClient = SshMysqlClient()
+        private var cwdUserTableName: String = "jiradb.cwd_user"
+
+        fun databaseDelegate(databaseDelegate: Database) = apply { this.databaseDelegate = databaseDelegate }
+        fun username(username: String) = apply { this.username = username }
+        fun userPassword(userPassword: JiraUserPassword?) = apply { this.userPassword = userPassword }
+        fun sqlClient(sqlClient: SshSqlClient) = apply { this.sqlClient = sqlClient }
+        fun cwdUserTableName(cwdUserTableName: String) = apply { this.cwdUserTableName = cwdUserTableName }
+
+        fun build() = JiraUserPasswordOverridingDatabase(
+            databaseDelegate = databaseDelegate,
+            sqlClient = sqlClient,
+            username = username,
+            userPassword = userPassword,
+            cwdUserTableName = cwdUserTableName
+        )
+    }
+
+}
+
+fun Database.withAdminPassword(adminPassword: JiraUserPassword?) = JiraUserPasswordOverridingDatabase.Builder(
+    databaseDelegate = this,
+    username = "admin",
+    userPassword = adminPassword
+).build()

src/main/kotlin/com/atlassian/performance/tools/infrastructure/api/database/LicenseOverridingMysql.kt

@@ -7,8 +7,6 @@ import org.apache.logging.log4j.Logger
 import java.io.File
 import java.net.URI
 import java.nio.file.Files
-import java.io.FileWriter
-import java.io.BufferedWriter
 
 
 /**
@@ -21,18 +19,21 @@ class LicenseOverridingMysql private constructor(
     private val database: Database,
     private val licenseCollection: LicenseCollection
 ) : Database {
-    private val logger: Logger = LogManager.getLogger(this::class.java)
+    companion object {
+        private val logger: Logger = LogManager.getLogger(LicenseOverridingMysql::class.java)
+    }
 
     @Deprecated(message = "Use the Builder and pass licenses as Files to reduce accidental leakage of the license")
     constructor(
         database: Database,
-        licenses: List<String>) : this(database, LicenseCollection(licenses.map<String, File> {
+        licenses: List<String>
+    ) : this(database, LicenseCollection(licenses.map<String, File> {
         createTempLicenseFile(it)
     }))
 
     override fun setup(
         ssh: SshConnection
-    ): String = database.setup(ssh)
+    ): DatabaseSetup = database.setup(ssh)
 
     override fun start(
         jira: URI,
@@ -89,4 +90,6 @@ internal fun createTempLicenseFile(license: String): File {
         .use { it.write(license) }
     return licenseFile
 
-}
+}
+
+fun Database.withLicenseString(licenses: List<String>) = LicenseOverridingMysql.Builder(this).licenseStrings(licenses).build()

src/main/kotlin/com/atlassian/performance/tools/infrastructure/api/database/MySqlDatabase.kt

@@ -17,7 +17,9 @@ class MySqlDatabase(
     private val source: DatasetPackage,
     private val maxConnections: Int
 ) : Database {
-    private val logger: Logger = LogManager.getLogger(this::class.java)
+    companion object {
+        private val logger: Logger = LogManager.getLogger(MySqlDatabase::class.java)
+    }
 
     private val image: DockerImage = DockerImage(
         name = "mysql:5.7.32",
@@ -35,14 +37,14 @@ class MySqlDatabase(
         maxConnections = 151
     )
 
-    override fun setup(ssh: SshConnection): String {
+    override fun setup(ssh: SshConnection): DatabaseSetup {
         val mysqlData = source.download(ssh)
         image.run(
             ssh = ssh,
             parameters = "-p 3306:3306 -v `realpath $mysqlData`:/var/lib/mysql",
             arguments = "--skip-grant-tables --max_connections=$maxConnections"
         )
-        return mysqlData
+        return DatabaseSetup(location = mysqlData)
     }
 
     override fun start(jira: URI, ssh: SshConnection) {

src/test/kotlin/com/atlassian/performance/tools/infrastructure/api/database/JiraUserPasswordOverridingDatabaseTest.kt

@@ -0,0 +1,156 @@
+package com.atlassian.performance.tools.infrastructure.api.database
+
+import com.atlassian.performance.tools.infrastructure.mock.MockSshSqlClient
+import com.atlassian.performance.tools.infrastructure.mock.RememberingDatabase
+import com.atlassian.performance.tools.infrastructure.mock.RememberingSshConnection
+import com.atlassian.performance.tools.ssh.api.SshConnection
+import org.assertj.core.api.Assertions.assertThat
+import org.junit.Test
+import java.net.URI
+
+class JiraUserPasswordOverridingDatabaseTest {
+
+    private val jira = URI("http://localhost/")
+    private val samplePassword = JiraUserPassword(
+        plainText = "**plain text**",
+        encrypted = "**encrypted**"
+    )
+
+    @Test
+    fun shouldSetupUnderlyingDatabase() {
+        val underlyingDatabase = RememberingDatabase()
+        val database = JiraUserPasswordOverridingDatabase.Builder(
+            databaseDelegate = underlyingDatabase,
+            username = "admin",
+            userPassword = samplePassword
+        ).build()
+        val sshConnection = RememberingSshConnection()
+
+        database.setup(sshConnection)
+        database.start(jira, sshConnection)
+
+        assertThat(underlyingDatabase.isSetup)
+            .`as`("underlying database setup")
+            .isTrue()
+    }
+
+    @Test
+    fun shouldStartUnderlyingDatabase() {
+        val underlyingDatabase = RememberingDatabase()
+        val database = JiraUserPasswordOverridingDatabase.Builder(
+            databaseDelegate = underlyingDatabase,
+            username = "admin",
+            userPassword = samplePassword
+        ).build()
+        val sshConnection = RememberingSshConnection()
+
+        database.setup(sshConnection)
+        database.start(jira, sshConnection)
+
+        assertThat(underlyingDatabase.isStarted)
+            .`as`("underlying database started")
+            .isTrue()
+    }
+
+    @Test
+    fun shouldExecuteUpdateOnCwdUserTableWithEncryptedPassword_whenUnknownUserEncryptionMethod() {
+        // given
+        val cwdUserTableName = "jiradb.cwd_user"
+        val underlyingDatabase = RememberingDatabase()
+        val sqlClient = MockSshSqlClient()
+        val database = JiraUserPasswordOverridingDatabase(
+            databaseDelegate = underlyingDatabase,
+            sqlClient = sqlClient,
+            username = "admin",
+            userPassword = samplePassword,
+            cwdUserTableName = cwdUserTableName
+        )
+        val sshConnection = RememberingSshConnection()
+
+        // when
+        database.setup(sshConnection)
+        database.start(jira, sshConnection)
+
+        // then
+        assertThat(sqlClient.getLog())
+            .`as`("sql queries executed")
+            .containsExactly(
+                "select attribute_value from jiradb.cwd_directory_attribute where attribute_name = 'user_encryption_method';",
+                "UPDATE $cwdUserTableName SET credential='${samplePassword.encrypted}' WHERE user_name='admin';"
+            )
+    }
+
+    @Test
+    fun shouldExecuteUpdateOnCwdUserTableWithEncryptedPassword_whenAtlassianSecurityUserEncryptionMethod() {
+        // given
+        val cwdUserTableName = "cwd_user"
+        val underlyingDatabase = RememberingDatabase()
+        val sqlClient = MockSshSqlClient()
+        val database = JiraUserPasswordOverridingDatabase(
+            databaseDelegate = underlyingDatabase,
+            sqlClient = sqlClient,
+            username = "admin",
+            userPassword = samplePassword,
+            cwdUserTableName = cwdUserTableName
+        )
+        val sshConnection = RememberingSshConnection()
+        sqlClient.queueReturnedSqlCommandResult(
+            SshConnection.SshResult(
+                exitStatus = 0,
+                output = """attribute_value
+                            atlassian-security
+""".trimMargin(),
+                errorOutput = ""
+            )
+        )
+
+        // when
+        database.setup(sshConnection)
+        database.start(jira, sshConnection)
+
+        // then
+        assertThat(sqlClient.getLog())
+            .`as`("sql queries executed")
+            .containsExactly(
+                "select attribute_value from cwd_directory_attribute where attribute_name = 'user_encryption_method';",
+                "UPDATE $cwdUserTableName SET credential='${samplePassword.encrypted}' WHERE user_name='admin';"
+            )
+    }
+
+    @Test
+    fun shouldExecuteUpdateOnCwdUserTableWithEncryptedPassword_whenPlainTextSecurityUserEncryptionMethod() {
+        // given
+        val cwdUserTableName = "cwd_user"
+        val underlyingDatabase = RememberingDatabase()
+        val sqlClient = MockSshSqlClient()
+        val database = JiraUserPasswordOverridingDatabase(
+            databaseDelegate = underlyingDatabase,
+            sqlClient = sqlClient,
+            username = "admin",
+            userPassword = samplePassword,
+            cwdUserTableName = cwdUserTableName
+        )
+        val sshConnection = RememberingSshConnection()
+        sqlClient.queueReturnedSqlCommandResult(
+            SshConnection.SshResult(
+                exitStatus = 0,
+                output = """attribute_value
+                            plaintext
+""".trimMargin(),
+                errorOutput = ""
+            )
+        )
+
+        // when
+        database.setup(sshConnection)
+        database.start(jira, sshConnection)
+
+        // then
+        assertThat(sqlClient.getLog())
+            .`as`("sql queries executed")
+            .containsExactly(
+                "select attribute_value from cwd_directory_attribute where attribute_name = 'user_encryption_method';",
+                "UPDATE $cwdUserTableName SET credential='${samplePassword.plainText}' WHERE user_name='admin';"
+            )
+    }
+}