DATAGO-116001 code complete

Author: rudraneel-chakraborty

service/application/src/main/java/com/solace/maas/ep/event/management/agent/command/CommandManager.java

@@ -9,6 +9,7 @@
 import com.solace.maas.ep.event.management.agent.plugin.command.model.CommandRequest;
 import com.solace.maas.ep.event.management.agent.plugin.command.model.CommandResult;
 import com.solace.maas.ep.event.management.agent.plugin.command.model.JobStatus;
+import com.solace.maas.ep.event.management.agent.plugin.common.util.EnvironmentUtil;
 import com.solace.maas.ep.event.management.agent.plugin.service.MessagingServiceDelegateService;
 import com.solace.maas.ep.event.management.agent.plugin.solace.processor.semp.SempClient;
 import com.solace.maas.ep.event.management.agent.plugin.solace.processor.semp.SolaceHttpSemp;
@@ -53,6 +54,7 @@
 @Slf4j
 @Service
 @ConditionalOnProperty(name = "event-portal.gateway.messaging.standalone", havingValue = "false")
+@SuppressWarnings({"PMD.GodClass"})
 public class CommandManager {
     public static final String ERROR_EXECUTING_COMMAND = "Error executing command";
     private final TerraformManager terraformManager;
@@ -66,6 +68,7 @@ public class CommandManager {
     private final SempPatchCommandManager sempPatchCommandManager;
     private final SempGetCommandManager sempGetCommandManager;
     private final TerraformLogProcessingService terraformLoggingService;
+    private final EnvironmentUtil environmentUtil;
 
     public CommandManager(TerraformManager terraformManager,
                           CommandMapper commandMapper,
@@ -77,7 +80,8 @@ public CommandManager(TerraformManager terraformManager,
                           final SempDeleteCommandManager sempDeleteCommandManager,
                           TerraformLogProcessingService terraformLoggingService,
                           SempPatchCommandManager sempPatchCommandManager,
-                          SempGetCommandManager sempGetCommandManager) {
+                          SempGetCommandManager sempGetCommandManager,
+                          EnvironmentUtil environmentUtil) {
         this.terraformManager = terraformManager;
         this.commandMapper = commandMapper;
         this.commandPublisher = commandPublisher;
@@ -90,6 +94,7 @@ public CommandManager(TerraformManager terraformManager,
         this.terraformLoggingService = terraformLoggingService;
         this.sempPatchCommandManager = sempPatchCommandManager;
         this.sempGetCommandManager = sempGetCommandManager;
+        this.environmentUtil = environmentUtil;
     }
 
     public void execute(CommandMessage request) {
@@ -116,6 +121,10 @@ public void handleError(Exception e, CommandMessage message) {
 
     @SuppressWarnings("PMD")
     private void configPush(CommandRequest request) {
+
+        if (environmentUtil.isCustomCACertPresent()) {
+            log.info("Custom CA certificates present. Using combined truststore with default and custom CA certificates for configPush operation.");
+        }
         List<Path> executionLogFilesToClean = new ArrayList<>();
         boolean attachErrorToTerraformCommand = false;
         try {
@@ -136,6 +145,7 @@ private void configPush(CommandRequest request) {
                 log.info("Skipping TLS verification for config push to serviceId {}.", request.getServiceId());
             }
 
+
             for (CommandBundle bundle : request.getCommandBundles()) {
                 boolean exitEarlyOnFailedCommand = bundle.getExitOnFailure();
 

service/application/src/main/java/com/solace/maas/ep/event/management/agent/scanManager/ScanManager.java

@@ -4,6 +4,7 @@
 import com.solace.maas.ep.common.messages.ScanStatusMessage;
 import com.solace.maas.ep.common.model.ScanType;
 import com.solace.maas.ep.event.management.agent.config.eventPortal.EventPortalProperties;
+import com.solace.maas.ep.event.management.agent.plugin.common.util.EnvironmentUtil;
 import com.solace.maas.ep.event.management.agent.plugin.constants.RouteConstants;
 import com.solace.maas.ep.event.management.agent.plugin.constants.ScanStatus;
 import com.solace.maas.ep.event.management.agent.plugin.manager.loader.PluginLoader;
@@ -46,19 +47,25 @@ public class ScanManager {
     // This is an optional dependency since it is not available in standalone mode.
     // If the bean is not present, the publisher will not be used.
     private final Optional<ScanStatusPublisher> scanStatusPublisherOpt;
+    private final EnvironmentUtil environmentUtil;
 
     @Autowired
     public ScanManager(MessagingServiceDelegateServiceImpl messagingServiceDelegateService,
                        ScanService scanService,
                        EventPortalProperties eventPortalProperties,
-                       Optional<ScanStatusPublisher> scanStatusPublisher) {
+                       Optional<ScanStatusPublisher> scanStatusPublisher,
+                       EnvironmentUtil environmentUtil) {
         this.messagingServiceDelegateService = messagingServiceDelegateService;
         this.scanService = scanService;
         this.scanStatusPublisherOpt = scanStatusPublisher;
         runtimeAgentId = eventPortalProperties.getRuntimeAgentId();
+        this.environmentUtil = environmentUtil;
     }
 
     public String scan(ScanRequestBO scanRequestBO) {
+        if (environmentUtil.isCustomCACertPresent()) {
+            log.info("Custom CA certificates present. Using combined truststore with default and custom CA certificates for scan operation.");
+        }
         Validate.notBlank(scanRequestBO.getOrgId(), " Organization ID cannot be null or empty");
         String messagingServiceId = scanRequestBO.getMessagingServiceId();
         String scanId = scanRequestBO.getScanId();

service/application/src/test/java/com/solace/maas/ep/event/management/agent/TestConfig.java

@@ -19,6 +19,7 @@
 import com.solace.maas.ep.event.management.agent.plugin.service.MessagingServiceDelegateService;
 import com.solace.maas.ep.event.management.agent.plugin.terraform.manager.TerraformLogProcessingService;
 import com.solace.maas.ep.event.management.agent.plugin.terraform.manager.TerraformManager;
+import com.solace.maas.ep.event.management.agent.plugin.common.util.EnvironmentUtil;
 import com.solace.maas.ep.event.management.agent.plugin.vmr.VmrProcessor;
 import com.solace.maas.ep.event.management.agent.processor.CommandLogStreamingProcessor;
 import com.solace.maas.ep.event.management.agent.publisher.CommandLogsPublisher;
@@ -70,8 +71,15 @@ public SolaceConfiguration solaceConfiguration() {
 
     @Bean
     @Primary
-    public VMRProperties vmrProperties(EventPortalPluginProperties eventPortalPluginProperties) {
-        return new VMRProperties(eventPortalPluginProperties);
+    public EnvironmentUtil environmentUtil() {
+        return mock(EnvironmentUtil.class);
+    }
+
+    @Bean
+    @Primary
+    public VMRProperties vmrProperties(EventPortalPluginProperties eventPortalPluginProperties,
+                                       EnvironmentUtil environmentUtil) {
+        return new VMRProperties(eventPortalPluginProperties,  environmentUtil);
     }
 
     @Bean
@@ -177,7 +185,8 @@ public CommandManager getCommandManager(TerraformManager terraformManager,
                                             SempDeleteCommandManager sempDeleteCommandManager,
                                             TerraformLogProcessingService terraformLogProcessingService,
                                             SempPatchCommandManager sempPatchCommandManager,
-                                            SempGetCommandManager sempGetCommandManager) {
+                                            SempGetCommandManager sempGetCommandManager,
+                                            EnvironmentUtil environmentUtil) {
         return new CommandManager(
                 terraformManager,
                 commandMapper,
@@ -189,7 +198,8 @@ public CommandManager getCommandManager(TerraformManager terraformManager,
                 sempDeleteCommandManager,
                 terraformLogProcessingService,
                 sempPatchCommandManager,
-                sempGetCommandManager
+                sempGetCommandManager,
+                environmentUtil
         );
     }
 

service/application/src/test/java/com/solace/maas/ep/event/management/agent/plugin/config/VMRPropertiesTests.java

@@ -5,6 +5,8 @@
 import com.solace.maas.ep.event.management.agent.plugin.config.eventPortal.GatewayProperties;
 import com.solace.maas.ep.event.management.agent.plugin.messagingService.MessagingServiceConnectionProperties;
 import com.solace.maas.ep.event.management.agent.plugin.messagingService.MessagingServiceUsersProperties;
+import com.solace.maas.ep.event.management.agent.plugin.common.util.EnvironmentUtil;
+import com.solace.messaging.config.SolaceProperties;
 import lombok.SneakyThrows;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
@@ -21,11 +23,6 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.doNothing;
-import static org.mockito.Mockito.never;
-import static org.mockito.Mockito.spy;
-import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
 @ActiveProfiles("TEST")
@@ -41,6 +38,9 @@ class VMRPropertiesTests {
     @Mock
     private GatewayMessagingProperties gatewayMessagingProperties;
 
+    @Mock
+    private EnvironmentUtil environmentUtil;
+
     // Class under test
     private VMRProperties vmrProperties;
 
@@ -51,7 +51,8 @@ void setUp() {
         // MockitoExtension handles mock initialization
         when(eventPortalPluginProperties.getGateway()).thenReturn(gatewayProperties);
         when(gatewayProperties.getMessaging()).thenReturn(gatewayMessagingProperties);
-        vmrProperties = new VMRProperties(eventPortalPluginProperties);
+
+        vmrProperties = new VMRProperties(eventPortalPluginProperties, environmentUtil);
 
         // Backup system properties
         systemPropertiesBackup = new Properties();
@@ -263,35 +264,35 @@ void testNoGatewayConnectionProperties() {
 
     @Test
     @SneakyThrows
-    void testSetDefaultTrustStoreCalledWhenCustomCaCertsPresent() {
-        // Spy on vmrProperties to mock getCustomCaCertsPresentEnv and verify setDefaultTrustStore is called
-        VMRProperties spyVmrProperties = spy(vmrProperties);
-        when(spyVmrProperties.isCustomCACertConfigured()).thenReturn(true);
-        doNothing().when(spyVmrProperties).setDefaultTrustStore(any(Properties.class));
+    void testConfigureDefaultTrustStoreWhenCustomCaCertsPresent() {
+        // Mock environmentUtil to return true (custom CA certs are configured)
+        when(environmentUtil.isCustomCACertPresent()).thenReturn(true);
 
         MessagingServiceConnectionProperties connectionProps = createConnectionProperties(false, null, null, null, null, null);
         when(gatewayMessagingProperties.getConnections()).thenReturn(Collections.singletonList(connectionProps));
 
-        spyVmrProperties.getVmrProperties();
+        Properties properties = vmrProperties.getVmrProperties();
 
-        // Verify setDefaultTrustStore was called
-        verify(spyVmrProperties).setDefaultTrustStore(any(Properties.class));
+        // Verify that truststore path is set when custom CA certs are present
+        assertThat(properties.getProperty(SolaceProperties.TransportLayerSecurityProperties.TRUST_STORE_PATH))
+                .isNotNull()
+                .endsWith("cacerts");
     }
 
     @Test
     @SneakyThrows
-    void testSetDefaultTrustStoreNotCalledWhenCustomCaCertsNotPresent() {
-        // Spy on vmrProperties to mock getCustomCaCertsPresentEnv and verify setDefaultTrustStore is NOT called
-        VMRProperties spyVmrProperties = spy(vmrProperties);
-        when(spyVmrProperties.isCustomCACertConfigured()).thenReturn(false);
+    void testConfigureDefaultTrustStoreWhenCustomCaCertsNotPresent() {
+        // Mock environmentUtil to return false (custom CA certs NOT configured)
+        when(environmentUtil.isCustomCACertPresent()).thenReturn(false);
 
         MessagingServiceConnectionProperties connectionProps = createConnectionProperties(false, null, null, null, null, null);
         when(gatewayMessagingProperties.getConnections()).thenReturn(Collections.singletonList(connectionProps));
 
-        spyVmrProperties.getVmrProperties();
+        Properties properties = vmrProperties.getVmrProperties();
 
-        // Verify setDefaultTrustStore was NOT called
-        verify(spyVmrProperties, never()).setDefaultTrustStore(any(Properties.class));
+        // Verify that truststore path is NOT set when custom CA certs are not present
+        assertThat(properties.getProperty(SolaceProperties.TransportLayerSecurityProperties.TRUST_STORE_PATH))
+                .isNull();
     }
 
 }

service/application/src/test/java/com/solace/maas/ep/event/management/agent/scanManager/ScanManagerHandleErrorTest.java

@@ -5,6 +5,7 @@
 import com.solace.maas.ep.common.model.ScanType;
 import com.solace.maas.ep.event.management.agent.TestConfig;
 import com.solace.maas.ep.event.management.agent.config.eventPortal.EventPortalProperties;
+import com.solace.maas.ep.event.management.agent.plugin.common.util.EnvironmentUtil;
 import com.solace.maas.ep.event.management.agent.publisher.ScanStatusPublisher;
 import com.solace.maas.ep.event.management.agent.service.MessagingServiceDelegateServiceImpl;
 import com.solace.maas.ep.event.management.agent.service.ScanService;
@@ -38,6 +39,9 @@ class ScanManagerHandleErrorTest {
     @Mock
     private ScanStatusPublisher scanStatusPublisher;
 
+    @Mock
+    private EnvironmentUtil environmentUtil;
+
     @Test
     void testScanManagerConnectedHandleError(){
         when(eventPortalProperties.getOrganizationId()).thenReturn("orgId");
@@ -49,7 +53,8 @@ void testScanManagerConnectedHandleError(){
                 messagingServiceDelegateService,
                 scanService,
                 eventPortalProperties,
-                Optional.of(scanStatusPublisher)
+                Optional.of(scanStatusPublisher),
+                environmentUtil
         );
         scanManagerUnderTest.handleError(mockEx,createScanCommandMessage());
         verify(scanStatusPublisher, times(1)).sendOverallScanStatus(any(),any());
@@ -66,7 +71,8 @@ void testScanManagerStandaloneHandleError(){
                 messagingServiceDelegateService,
                 scanService,
                 eventPortalProperties,
-                Optional.empty()
+                Optional.empty(),
+                environmentUtil
         );
         // should just do "nothing" and not throw an exception when scanStatusPublisher is not present
         assertDoesNotThrow(() ->

service/plugin/src/main/java/com/solace/maas/ep/event/management/agent/plugin/common/util/EnvironmentUtil.java

@@ -0,0 +1,18 @@
+package com.solace.maas.ep.event.management.agent.plugin.common.util;
+
+import org.springframework.stereotype.Component;
+
+@Component
+public class EnvironmentUtil {
+
+    /**
+     * Checks if custom CA certificates are present via the CUSTOM_CA_CERTS_PRESENT environment variable.
+     * Currently, Only Private CEMAs are capable of importing and using custom ca certs for operating ep runtime operations
+     * on brokers that may be setup with certs signed by custom ca
+     * @return true if CUSTOM_CA_CERTS_PRESENT is set to "1", false otherwise
+     */
+    public boolean isCustomCACertPresent() {
+        String customCaCertsPresent = System.getenv("CUSTOM_CA_CERTS_PRESENT");
+        return "1".equals(customCaCertsPresent);
+    }
+}

service/plugin/src/main/java/com/solace/maas/ep/event/management/agent/plugin/config/VMRProperties.java

@@ -4,6 +4,7 @@
 import com.solace.maas.ep.event.management.agent.plugin.jacoco.ExcludeFromJacocoGeneratedReport;
 import com.solace.maas.ep.event.management.agent.plugin.messagingService.MessagingServiceConnectionProperties;
 import com.solace.maas.ep.event.management.agent.plugin.messagingService.MessagingServiceUsersProperties;
+import com.solace.maas.ep.event.management.agent.plugin.common.util.EnvironmentUtil;
 import com.solace.messaging.config.SolaceConstants;
 import com.solace.messaging.config.SolaceProperties;
 import com.solacesystems.solclientj.core.handle.SessionHandle;
@@ -41,6 +42,7 @@ public class VMRProperties {
     private static final String SOLACE_PROXY_PASSWORD = "solace.proxy.password";
 
     private final EventPortalPluginProperties eventPortalPluginProperties;
+    private final EnvironmentUtil environmentUtil;
 
     /**
      * The host used to connect to the VMR
@@ -77,8 +79,9 @@ public class VMRProperties {
      */
 
     @Autowired
-    public VMRProperties(EventPortalPluginProperties eventPortalPluginProperties) {
+    public VMRProperties(EventPortalPluginProperties eventPortalPluginProperties, EnvironmentUtil environmentUtil) {
         this.eventPortalPluginProperties = eventPortalPluginProperties;
+        this.environmentUtil = environmentUtil;
     }
 
     public void parseVmrProperties() {
@@ -137,21 +140,14 @@ private void configureDefaultTrustStore(Properties properties) {
             return;
         }
 
-        if (!isCustomCACertConfigured()) {
+        if (!environmentUtil.isCustomCACertPresent()) {
             log.debug("Custom CA certificates not present. Skipping explicit default truststore configuration.");
             return;
         }
 
         setDefaultTrustStore(properties);
     }
 
-
-    boolean isCustomCACertConfigured() {
-        String customCaCertsPresent = System.getenv("CUSTOM_CA_CERTS_PRESENT");
-
-        return ("1".equals(customCaCertsPresent));
-    }
-
     void setDefaultTrustStore(Properties properties) {
         String javaHome = System.getProperty("java.home");
         if (StringUtils.isBlank(javaHome)) {