Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[GWC-1363] Support Environment Parametrization for WMSLayer Credentials #1364

Merged
merged 1 commit into from
Feb 24, 2025
Merged

[GWC-1363] Support Environment Parametrization for WMSLayer Credentials #1364

merged 1 commit into from
Feb 24, 2025

Conversation

groldan
Copy link
Member

@groldan groldan commented Feb 9, 2025
edited
Loading

This commit enhances security and configurability by enabling dynamic runtime resolution of HTTP Basic Authentication credentials for WMS layers. Credentials can now be injected from environment variables, reducing the need to hardcode sensitive values. This improves code maintainability, supports secure multi- environment deployments, and simplifies testing through dynamic configuration.

  1. Dynamic Environment Parametrization:

    • Introduced GeoWebCacheEnvironment#isAllowEnvParametrization() to replace the static ALLOW_ENV_PARAMETRIZATION field, allowing runtime toggling.

  2. Environment Variable Resolution Refactor:

    • Replaced direct static field checks with method calls.
    • Updated resolveValue() and related methods to use environment variables dynamically.

  3. WMS Credentials Management Update:

    • Added getResolvedHttpUsername() and getResolvedHttpPassword() in WMSHttpHelper.
    • Created setGeoWebCacheEnvironment() for dependency injection.

  4. Testing Enhancements:

    • Integrated the system-rules library for environment variable manipulation.
    • Added tests to cover default, custom, and parameterized credentials.

  5. Code Improvements:

    • Replaced unsafe casts in resolveValue().
    • Improved exception handling by switching from Throwable to RuntimeException.
    • Added better logging and documentation for credential handling.

Fixes #1363

@groldan groldan force-pushed the wmslayer_http_credentials_env_variables branch from d28c710 to 8871694 Compare February 9, 2025 20:53
@groldan groldan force-pushed the wmslayer_http_credentials_env_variables branch from 8871694 to e3c9c90 Compare February 12, 2025 19:57
jodygarnett
jodygarnett requested changes Feb 17, 2025
View reviewed changes
Copy link
Contributor

@jodygarnett jodygarnett left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did not get a chance to try locally, minor feedback on version dependency management use

@groldan
[GWC-1363] Support Environment Parametrization for WMSLayer Credentials
6634b03 
This commit enhances security and configurability by enabling dynamic runtime
resolution of HTTP Basic Authentication credentials for WMS layers. Credentials
can now be injected from environment variables, reducing the need to hardcode
sensitive values. This improves code maintainability, supports secure multi-
environment deployments, and simplifies testing through dynamic configuration.

1. **Dynamic Environment Parametrization**:
   - Introduced `GeoWebCacheEnvironment#isAllowEnvParametrization()` to replace
     the static `ALLOW_ENV_PARAMETRIZATION` field, allowing runtime toggling.

2. **Environment Variable Resolution Refactor**:
   - Replaced direct static field checks with method calls.
   - Updated `resolveValue()` and related methods to use environment variables
     dynamically.

3. **WMS Credentials Management Update**:
   - Added `getResolvedHttpUsername()` and `getResolvedHttpPassword()` in
     `WMSHttpHelper`.
   - Created `setGeoWebCacheEnvironment()` for dependency injection.

4. **Testing Enhancements**:
   - Integrated the `system-rules` library for environment variable manipulation.
   - Added tests to cover default, custom, and parameterized credentials.

5. **Code Improvements**:
   - Replaced unsafe casts in `resolveValue()`.
   - Improved exception handling by switching from `Throwable` to
     `RuntimeException`.
   - Added better logging and documentation for credential handling.
@groldan groldan force-pushed the wmslayer_http_credentials_env_variables branch from e3c9c90 to 6634b03 Compare February 17, 2025 14:51
@groldan groldan requested review from aaime and jodygarnett February 17, 2025 16:11
@aaime
Copy link
Member

aaime commented Feb 24, 2025

Looks good, merging

@aaime aaime merged commit 0f1e23c into GeoWebCache:main Feb 24, 2025
12 checks passed
@geoserver-bot geoserver-bot mentioned this pull request Feb 24, 2025
Merged
@groldan groldan deleted the wmslayer_http_credentials_env_variables branch February 24, 2025 16:28
@pmauduit pmauduit mentioned this pull request Feb 24, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pmauduit pmauduit pmauduit approved these changes

@aaime aaime Awaiting requested review from aaime

@jodygarnett jodygarnett Awaiting requested review from jodygarnett

Assignees
No one assigned
Labels
backport 1.26.x
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support Environment Parametrization for WMSLayer Credentials
4 participants
@groldan @aaime @pmauduit @jodygarnett