Merge pull request #2846 from ControlSystemStudio/alarm-config-service

Alarm config service
ControlSystemStudio · Nov 7, 2023 · cd2088e · cd2088e
2 parents 5d07c7d + 145f555
commit cd2088e
Show file tree

Hide file tree

Showing 4 changed files with 87 additions and 17 deletions.
diff --git a/dependencies/phoebus-target/pom.xml b/dependencies/phoebus-target/pom.xml
@@ -501,7 +501,22 @@
     <dependency>
       <groupId>org.eclipse.jgit</groupId>
       <artifactId>org.eclipse.jgit</artifactId>
-      <version>5.0.3.201809091024-r</version>
+      <version>6.6.0.202305301015-r</version>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.jgit</groupId>
+      <artifactId>org.eclipse.jgit.archive</artifactId>
+      <version>6.6.0.202305301015-r</version>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.jgit</groupId>
+      <artifactId>org.eclipse.jgit.ssh.jsch</artifactId>
+      <version>6.6.0.202305301015-r</version>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.jgit</groupId>
+      <artifactId>org.eclipse.jgit.ssh.apache</artifactId>
+      <version>6.6.0.202305301015-r</version>
     </dependency>
     <!-- Spring Boot -->
     <dependency>

diff --git a/services/alarm-config-logger/pom.xml b/services/alarm-config-logger/pom.xml
@@ -59,7 +59,22 @@
     <dependency>
       <groupId>org.eclipse.jgit</groupId>
       <artifactId>org.eclipse.jgit</artifactId>
-      <version>5.0.3.201809091024-r</version>
+      <version>6.6.0.202305301015-r</version>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.jgit</groupId>
+      <artifactId>org.eclipse.jgit.archive</artifactId>
+      <version>6.6.0.202305301015-r</version>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.jgit</groupId>
+      <artifactId>org.eclipse.jgit.ssh.jsch</artifactId>
+      <version>6.6.0.202305301015-r</version>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.jgit</groupId>
+      <artifactId>org.eclipse.jgit.ssh.apache</artifactId>
+      <version>6.6.0.202305301015-r</version>
     </dependency>
     <!--JUL bindings for sfl4j-->
     <dependency> 

diff --git a/services/alarm-config-logger/src/main/java/org/phoebus/alarm/logging/AlarmConfigLogger.java b/services/alarm-config-logger/src/main/java/org/phoebus/alarm/logging/AlarmConfigLogger.java
@@ -39,9 +39,14 @@
 import org.eclipse.jgit.api.PushCommand;
 import org.eclipse.jgit.api.RemoteRemoveCommand;
 import org.eclipse.jgit.api.errors.GitAPIException;
+import org.eclipse.jgit.internal.transport.sshd.CachingKeyPairProvider;
 import org.eclipse.jgit.lib.RepositoryCache;
+import org.eclipse.jgit.transport.SshTransport;
 import org.eclipse.jgit.transport.URIish;
 import org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider;
+import org.eclipse.jgit.transport.sshd.JGitKeyCache;
+import org.eclipse.jgit.transport.sshd.SshdSessionFactory;
+import org.eclipse.jgit.transport.sshd.SshdSessionFactoryBuilder;
 import org.eclipse.jgit.util.FS;
 import org.phoebus.applications.alarm.client.AlarmClient;
 import org.phoebus.applications.alarm.model.xml.XmlModelWriter;
@@ -67,6 +72,9 @@ public class AlarmConfigLogger implements Runnable {
     // The alarm tree model which holds the current state of the alarm server
     private final AlarmClient model;
 
+    private SshdSessionFactory sshdSessionFactory;
+    private UsernamePasswordCredentialsProvider usernamePasswordCredentialsProvider;
+
     public AlarmConfigLogger(String topic, String location, String remoteLocation) {
         super();
         this.topic = topic;
@@ -106,6 +114,25 @@ private void initialize() {
                 logger.log(Level.WARNING, "Failed to initiate the git repo", e);
             }
         }
+        // Set up the ssh keys if used
+        if(Boolean.parseBoolean(props.getProperty("use_ssh", "false"))) {
+            File sshDir = new File(FS.DETECTED.userHome(), ".ssh");
+            JGitKeyCache cache = new JGitKeyCache();
+            SshdSessionFactoryBuilder builder = new SshdSessionFactoryBuilder();
+            if(props.containsKey("private_key")) {
+                File key = new File(props.getProperty("private_key"));
+                builder.setDefaultKeysProvider(file -> new CachingKeyPairProvider(List.of(key.getAbsoluteFile().toPath()), cache));
+            }
+            builder.setHomeDirectory(FS.DETECTED.userHome());
+            builder.setSshDirectory(sshDir);
+            sshdSessionFactory = builder.build(cache);
+        }
+        // Setup basic username/password auth
+        if (props.contains("username") && props.contains("password")) {
+            usernamePasswordCredentialsProvider = new UsernamePasswordCredentialsProvider(
+                    props.getProperty("username"),
+                    props.getProperty("password"));
+        }
         // Check if it is configured with the appropriate remotes
         if (remoteLocation != null && !remoteLocation.isEmpty()) {
             try {
@@ -199,14 +226,14 @@ public void run() {
     /**
      * Process a single alarm configuration event
      *
-     * @param path
+     * @param rawPath
      * @param alarm_config
      * @param commit
      */
     private synchronized void processAlarmConfigMessages(String rawPath, String alarm_config, boolean commit) {
         try {
-	    if (rawPath.contains("config:/")) {
-		String path = (rawPath.split("config:/"))[1];
+            if (rawPath.contains("config:/")) {
+                String path = (rawPath.split("config:/"))[1];
                 logger.log(Level.INFO, "processing message:" + path + ":" + alarm_config);
                 if (alarm_config != null) {
                     path = path.replaceAll("[:|?*]", "_");
@@ -223,35 +250,38 @@ private synchronized void processAlarmConfigMessages(String rawPath, String alar
                 } else {
                     path = path.replaceAll("[:|?*]", "_");
                     Path directory = Paths.get(root.getParent(), path);
-                    if(directory.toFile().exists()) {
+                    if (directory.toFile().exists()) {
                         Files.walk(directory).map(Path::toFile).forEach(File::delete);
                         directory.toFile().delete();
                     }
                 }
                 writeAlarmModel();
-                if(commit) {
-                // Commit the initialized git repo
+                if (commit) {
+                    // Commit the initialized git repo
                     try (Git git = Git.open(root)) {
                         git.add().addFilepattern(".").call();
-                        git.commit().setAll(true).setMessage("Alarm config update "+path).call();
+                        git.commit().setAll(true).setMessage("Alarm config update " + path).call();
 
                         // Check if it is configured with the appropriate remotes
                         if (remoteLocation != null && !remoteLocation.isEmpty()) {
                             // If remote defined push to remote
                             PushCommand pushCommand = git.push();
                             pushCommand.setRemote(REMOTE_NAME);
                             pushCommand.setForce(true);
-                            pushCommand.setCredentialsProvider(
-                                new UsernamePasswordCredentialsProvider(
-                                        props.getProperty("username"),
-                                        props.getProperty("password"))
-                                );
+                            if (Boolean.parseBoolean(props.getProperty("use_ssh", "false"))) {
+                                pushCommand.setTransportConfigCallback(transport -> {
+                                    SshTransport sshTransport = (SshTransport) transport;
+                                    sshTransport.setSshSessionFactory(sshdSessionFactory);
+                                });
+                            } else if (usernamePasswordCredentialsProvider != null) {
+                                pushCommand.setCredentialsProvider(usernamePasswordCredentialsProvider);
+                            }
                             pushCommand.call();
                         }
                     } catch (GitAPIException | IOException e) {
                         logger.log(Level.WARNING, "Failed to commit the configuration changes", e);
                     }
-		}
+                }
             }
         } catch (final Exception ex) {
             logger.log(Level.WARNING, "Alarm state check error for path " + rawPath + ", config " + alarm_config, ex);

diff --git a/services/alarm-config-logger/src/main/resources/alarm_config_logger.properties b/services/alarm-config-logger/src/main/resources/alarm_config_logger.properties
@@ -8,7 +8,17 @@ local.location=/tmp/alarm_repo
 
 # location of the remote git repo, 
 # The complete URI of the remote is created using the remote.location
-# it is recomended that your remote url end in the alarm topic assigned to this config service alarm_topic
-remote.location=https://remote.git/repo
+# it is recommended that your remote url end in the alarm topic assigned to this config service alarm_topic
+# e.g. remote URL
+# ssh://shroffk@localhost:2001/home/shroffk/git/alarm-config
+# [email protected]:shroffk/alarm-config.git
+remote.location=[email protected]:site-org/alarm-config.git
+
+# use ssh keys to push to remote repo
+use_ssh=false
+
+# complete path to the ssh key to be used, if not set then the server will use the private keys from ~/.ssh/
+#private_key=
+
 username=username
 password=password