diff --git a/os-amq-launch/added/configure.sh b/os-amq-launch/added/configure.sh
index 8c94d844..6be0ffe9 100644
--- a/os-amq-launch/added/configure.sh
+++ b/os-amq-launch/added/configure.sh
@@ -115,9 +115,13 @@ function configureSSL() {
keyStorePath="$sslDir/$keyStoreFile"
trustStorePath="$sslDir/$trustStoreFile"
+ if [ -n "$AMQ_KEY_PASSWORD" ]; then
+ keyPassword="keyStoreKeyPassword=\"$AMQ_KEY_PASSWORD\""
+ fi
+
sslElement="\n\
\n\
"
diff --git a/os-datavirt/added/launch/teiid.sh b/os-datavirt/added/launch/teiid.sh
index c8b5a66b..38f48883 100755
--- a/os-datavirt/added/launch/teiid.sh
+++ b/os-datavirt/added/launch/teiid.sh
@@ -11,8 +11,15 @@ function prepareEnv() {
unset DATAVIRT_TRANSPORT_KEY_ALIAS
unset DATAVIRT_TRANSPORT_KEYSTORE
unset DATAVIRT_TRANSPORT_KEYSTORE_PASSWORD
+ unset DATAVIRT_TRANSPORT_KEY_PASSWORD
unset DATAVIRT_TRANSPORT_KEYSTORE_TYPE
unset DATAVIRT_TRANSPORT_KEYSTORE_DIR
+ unset HTTPS_NAME
+ unset HTTPS_PASSWORD
+ unset HTTPS_KEY_PASSWORD
+ unset HTTPS_KEYSTORE_DIR
+ unset HTTPS_KEYSTORE
+ unset HTTPS_KEYSTORE_TYPE
unset DATAVIRT_USERS
unset DATAVIRT_USER_PASSWORDS
unset DATAVIRT_USER_GROUPS
@@ -69,6 +76,7 @@ function add_secure_transport(){
local key_alias=${DATAVIRT_TRANSPORT_KEY_ALIAS}
local keystore=${DATAVIRT_TRANSPORT_KEYSTORE-$HTTPS_KEYSTORE}
local keystore_pwd=${DATAVIRT_TRANSPORT_KEYSTORE_PASSWORD-$HTTPS_PASSWORD}
+ local key_pwd=${DATAVIRT_TRANSPORT_KEY_PASSWORD-$HTTPS_KEY_PASSWORD}
local keystore_type=${DATAVIRT_TRANSPORT_KEYSTORE_TYPE-$HTTPS_KEYSTORE_TYPE}
local keystore_dir=${DATAVIRT_TRANSPORT_KEYSTORE_DIR-$HTTPS_KEYSTORE_DIR}
local auth_mode=${DATAVIRT_TRANSPORT_AUTHENTICATION_MODE}
@@ -91,11 +99,15 @@ function add_secure_transport(){
fi
fi
+ if [ -n "$key_pwd" ]; then
+ key_password="key-password=\"${key_pwd}\""
+ fi
+
# JDBC
transport=""
if [ "$auth_mode" != "anonymous" ]; then
- transport="$transport "
+ transport="$transport "
fi
transport="$transport "
@@ -104,7 +116,7 @@ function add_secure_transport(){
transport="$transport "
if [ "$auth_mode" != "anonymous" ]; then
- transport="$transport "
+ transport="$transport "
fi
transport="$transport "
diff --git a/os-eap64-launch/added/launch/https.sh b/os-eap64-launch/added/launch/https.sh
index 159673e8..23629b3d 100644
--- a/os-eap64-launch/added/launch/https.sh
+++ b/os-eap64-launch/added/launch/https.sh
@@ -25,7 +25,7 @@ function configure_https() {
fi
https=" \
- \
+ \
"
elif [ -n "${HTTPS_NAME}" -o -n "${HTTPS_PASSWORD}" -o -n "${HTTPS_KEYSTORE_DIR}" -o -n "${HTTPS_KEYSTORE}" ] ; then
echo "WARNING! Partial HTTPS configuration, the https connector WILL NOT be configured."
diff --git a/os-eap7-launch/added/launch/https.sh b/os-eap7-launch/added/launch/https.sh
index b3e5935b..80f4f0ca 100644
--- a/os-eap7-launch/added/launch/https.sh
+++ b/os-eap7-launch/added/launch/https.sh
@@ -3,6 +3,7 @@
function prepareEnv() {
unset HTTPS_NAME
unset HTTPS_PASSWORD
+ unset HTTPS_KEY_PASSWORD
unset HTTPS_KEYSTORE_DIR
unset HTTPS_KEYSTORE
unset HTTPS_KEYSTORE_TYPE
@@ -25,9 +26,16 @@ function configure_https() {
if [ -n "$HTTPS_KEYSTORE_TYPE" ]; then
keystore_provider="provider=\"${HTTPS_KEYSTORE_TYPE}\""
fi
+ if [ -n "$HTTPS_NAME" ]; then
+ keystore_alias="alias=\"${HTTPS_NAME}\""
+ fi
+ if [ -n "$HTTPS_KEY_PASSWORD" ]; then
+ key_password="key-password=\"${HTTPS_KEY_PASSWORD}\""
+ fi
+
ssl="\n\
\n\
- \n\
+ \n\
\n\
"
diff --git a/os-jdg7-launch/added/launch/authentication-config.sh b/os-jdg7-launch/added/launch/authentication-config.sh
index 9bfcd4e6..17bf96f2 100755
--- a/os-jdg7-launch/added/launch/authentication-config.sh
+++ b/os-jdg7-launch/added/launch/authentication-config.sh
@@ -9,6 +9,12 @@ function prepareEnv() {
unset SECDOMAIN_LOGIN_MODULE
unset SECDOMAIN_REALM
unset REST_SECURITY_DOMAIN
+ unset HTTPS_NAME
+ unset HTTPS_PASSWORD
+ unset HTTPS_KEY_PASSWORD
+ unset HTTPS_KEYSTORE_DIR
+ unset HTTPS_KEYSTORE
+ unset HTTPS_KEYSTORE_TYPE
}
function configure() {
@@ -79,9 +85,16 @@ function add_realm_domain_mapping() {
if [ -n "$HTTPS_KEYSTORE_TYPE" ]; then
keystore_provider="provider=\"${HTTPS_KEYSTORE_TYPE}\""
fi
+ if [ -n "$HTTPS_NAME" ]; then
+ keystore_alias="alias=\"${HTTPS_NAME}\""
+ fi
+ if [ -n "$HTTPS_KEY_PASSWORD" ]; then
+ key_password="key-password=\"${HTTPS_KEY_PASSWORD}\""
+ fi
+
ssl="\n\
\n\
- \n\
+ \n\
\n\
"
fi
diff --git a/os-jdg7-launch/added/launch/infinispan-config.sh b/os-jdg7-launch/added/launch/infinispan-config.sh
index 7716e1ca..a667dee2 100644
--- a/os-jdg7-launch/added/launch/infinispan-config.sh
+++ b/os-jdg7-launch/added/launch/infinispan-config.sh
@@ -139,10 +139,15 @@ function configure_server_identities() {
fi
if [ -n "$SSL_KEYSTORE_ALIAS" ]; then
keystore_alias="alias=\"$SSL_KEYSTORE_ALIAS\""
+ elif [ -n "$HTTPS_NAME" ]; then
+ keystore_alias="alias=\"$HTTPS_NAME\""
fi
if [ -n "$SSL_KEY_PASSWORD" ]; then
key_password="key-password=\"$SSL_KEY_PASSWORD\""
+ elif [ -n "$HTTPS_KEY_PASSWORD" ]; then
+ key_password="key-password=\"$HTTPS_KEY_PASSWORD\""
fi
+
ssl="\
\
\
diff --git a/tests/features/amq/amq-common.feature b/tests/features/amq/amq-common.feature
index aa2370e4..7fb65ce9 100644
--- a/tests/features/amq/amq-common.feature
+++ b/tests/features/amq/amq-common.feature
@@ -81,10 +81,12 @@ Feature: Openshift AMQ tests
| AMQ_KEYSTORE_TRUSTSTORE_DIR | /opt/amq/conf |
| AMQ_KEYSTORE | broker.ks |
| AMQ_KEYSTORE_PASSWORD | password |
+ | AMQ_KEY_PASSWORD | keypass |
| AMQ_TRUSTSTORE | broker.ts |
| AMQ_TRUSTSTORE_PASSWORD | password |
Then XML file /opt/amq/conf/activemq.xml should contain value file:/opt/amq/conf/broker.ks on XPath //amq:sslContext/@keyStore
And XML file /opt/amq/conf/activemq.xml should contain value password on XPath //amq:sslContext/@keyStorePassword
+ And XML file /opt/amq/conf/activemq.xml should contain value keypass on XPath //amq:sslContext/@keyStoreKeyPassword
And XML file /opt/amq/conf/activemq.xml should contain value file:/opt/amq/conf/broker.ts on XPath //amq:sslContext/@trustStore
And XML file /opt/amq/conf/activemq.xml should contain value password on XPath //amq:sslContext/@trustStorePassword
diff --git a/tests/features/datagrid/7.1/datagrid_variable_expansion.feature b/tests/features/datagrid/7.1/datagrid_variable_expansion.feature
new file mode 100644
index 00000000..b755a974
--- /dev/null
+++ b/tests/features/datagrid/7.1/datagrid_variable_expansion.feature
@@ -0,0 +1,21 @@
+@jboss-datagrid-7
+Feature: Check correct JDG variable expansion used
+ Scenario: Check HTTPS basic config
+ When container is started with env
+ | variable | value |
+ | USERNAME | tombrady |
+ | PASSWORD | ringsix6! |
+ | HTTPS_NAME | jboss |
+ | HTTPS_PASSWORD | mykeystorepass |
+ | HTTPS_KEY_PASSWORD | mykeypass |
+ | HTTPS_KEYSTORE_DIR | /etc/eap-secret-volume |
+ | HTTPS_KEYSTORE | keystore.jks |
+ Then XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml should contain value /etc/eap-secret-volume/keystore.jks on XPath //*[local-name()='security-realm'][@name='ApplicationRealm']/*[local-name()='server-identities']/*[local-name()='ssl']/*[local-name()='keystore']/@path
+ And XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml should contain value mykeystorepass on XPath //*[local-name()='security-realm'][@name='ApplicationRealm']/*[local-name()='server-identities']/*[local-name()='ssl']/*[local-name()='keystore']/@keystore-password
+ And XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml should contain value mykeypass on XPath //*[local-name()='security-realm'][@name='ApplicationRealm']/*[local-name()='server-identities']/*[local-name()='ssl']/*[local-name()='keystore']/@key-password
+ And XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml should contain value jboss on XPath //*[local-name()='security-realm'][@name='ApplicationRealm']/*[local-name()='server-identities']/*[local-name()='ssl']/*[local-name()='keystore']/@alias
+ Then XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml should contain value /etc/eap-secret-volume/keystore.jks on XPath //*[local-name()='security-realm'][@name='jdg-openshift']/*[local-name()='server-identities']/*[local-name()='ssl']/*[local-name()='keystore']/@path
+ And XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml should contain value mykeystorepass on XPath //*[local-name()='security-realm'][@name='jdg-openshift']/*[local-name()='server-identities']/*[local-name()='ssl']/*[local-name()='keystore']/@keystore-password
+ And XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml should contain value mykeypass on XPath //*[local-name()='security-realm'][@name='jdg-openshift']/*[local-name()='server-identities']/*[local-name()='ssl']/*[local-name()='keystore']/@key-password
+ And XML file /opt/datagrid/standalone/configuration/clustered-openshift.xml should contain value jboss on XPath //*[local-name()='security-realm'][@name='jdg-openshift']/*[local-name()='server-identities']/*[local-name()='ssl']/*[local-name()='keystore']/@alias
+
diff --git a/tests/features/datavirt/datavirt_variable_expansion.feature b/tests/features/datavirt/datavirt_variable_expansion.feature
new file mode 100644
index 00000000..21721cd4
--- /dev/null
+++ b/tests/features/datavirt/datavirt_variable_expansion.feature
@@ -0,0 +1,26 @@
+@jboss-datavirt-6
+Feature: Check correct JDV variable expansion used
+ Scenario: Check HTTPS basic config
+ When container is started with env
+ | variable | value |
+ | DATAVIRT_TRANSPORT_KEY_ALIAS | jboss |
+ | HTTPS_PASSWORD | mykeystorepass |
+ | HTTPS_KEY_PASSWORD | mykeypass |
+ | HTTPS_KEYSTORE_DIR | /etc/eap-secret-volume |
+ | HTTPS_KEYSTORE | keystore.jks |
+ | HTTPS_KEYSTORE_TYPE | JKS |
+ Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value /etc/eap-secret-volume/keystore.jks on XPath //*[local-name()='transport'][@name='secure-jdbc']/*[local-name()='ssl']/*[local-name()='keystore']/@name
+ And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value mykeystorepass on XPath //*[local-name()='transport'][@name='secure-jdbc']/*[local-name()='ssl']/*[local-name()='keystore']/@password
+ And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value JKS on XPath //*[local-name()='transport'][@name='secure-jdbc']/*[local-name()='ssl']/*[local-name()='keystore']/@type
+ And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value mykeypass on XPath //*[local-name()='transport'][@name='secure-jdbc']/*[local-name()='ssl']/*[local-name()='keystore']/@key-password
+ And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value jboss on XPath //*[local-name()='transport'][@name='secure-jdbc']/*[local-name()='ssl']/*[local-name()='keystore']/@key-alias
+ And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value /etc/eap-secret-volume/keystore.jks on XPath //*[local-name()='transport'][@name='secure-jdbc']/*[local-name()='ssl']/*[local-name()='truststore']/@name
+ And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value mykeystorepass on XPath //*[local-name()='transport'][@name='secure-jdbc']/*[local-name()='ssl']/*[local-name()='truststore']/@password
+ Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value /etc/eap-secret-volume/keystore.jks on XPath //*[local-name()='transport'][@name='secure-odbc']/*[local-name()='ssl']/*[local-name()='keystore']/@name
+ And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value mykeystorepass on XPath //*[local-name()='transport'][@name='secure-odbc']/*[local-name()='ssl']/*[local-name()='keystore']/@password
+ And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value JKS on XPath //*[local-name()='transport'][@name='secure-odbc']/*[local-name()='ssl']/*[local-name()='keystore']/@type
+ And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value mykeypass on XPath //*[local-name()='transport'][@name='secure-odbc']/*[local-name()='ssl']/*[local-name()='keystore']/@key-password
+ And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value jboss on XPath //*[local-name()='transport'][@name='secure-odbc']/*[local-name()='ssl']/*[local-name()='keystore']/@key-alias
+ And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value /etc/eap-secret-volume/keystore.jks on XPath //*[local-name()='transport'][@name='secure-odbc']/*[local-name()='ssl']/*[local-name()='truststore']/@name
+ And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value mykeystorepass on XPath //*[local-name()='transport'][@name='secure-odbc']/*[local-name()='ssl']/*[local-name()='truststore']/@password
+
diff --git a/tests/features/eap/6.4/eap_variable_expansion.feature b/tests/features/eap/6.4/eap_variable_expansion.feature
index 0fdaae42..c1da56f8 100644
--- a/tests/features/eap/6.4/eap_variable_expansion.feature
+++ b/tests/features/eap/6.4/eap_variable_expansion.feature
@@ -113,3 +113,16 @@ Feature: Check correct variable expansion used
| ns | urn:jboss:domain:security:1.2 |
Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should have 1 elements on XPath //ns:security-domain[@name='eap-secdomain-name']/ns:authentication/ns:login-module/ns:module-option[@name='password-stacking']
+ Scenario: Check HTTPS basic config
+ When container is started with env
+ | variable | value |
+ | HTTPS_NAME | jboss |
+ | HTTPS_PASSWORD | mykeystorepass |
+ | HTTPS_KEYSTORE_DIR | /etc/eap-secret-volume |
+ | HTTPS_KEYSTORE | keystore.jks |
+ | HTTPS_KEYSTORE_TYPE | JKS |
+ Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value /etc/eap-secret-volume/keystore.jks on XPath //*[local-name()='connector']/*[local-name()='ssl']/@certificate-key-file
+ And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value mykeystorepass on XPath //*[local-name()='connector']/*[local-name()='ssl']/@password
+ And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value jboss on XPath //*[local-name()='connector']/*[local-name()='ssl']/@key-alias
+ And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value JKS on XPath //*[local-name()='connector']/*[local-name()='ssl']/@keystore-type
+
diff --git a/tests/features/eap/7/eap_variable_expansion.feature b/tests/features/eap/7/eap_variable_expansion.feature
new file mode 100644
index 00000000..f881d2f9
--- /dev/null
+++ b/tests/features/eap/7/eap_variable_expansion.feature
@@ -0,0 +1,17 @@
+@jboss-eap-7
+Feature: Check correct variable expansion used
+ Scenario: Check HTTPS basic config
+ When container is started with env
+ | variable | value |
+ | HTTPS_NAME | jboss |
+ | HTTPS_PASSWORD | mykeystorepass |
+ | HTTPS_KEY_PASSWORD | mykeypass |
+ | HTTPS_KEYSTORE_DIR | /etc/eap-secret-volume |
+ | HTTPS_KEYSTORE | keystore.jks |
+ | HTTPS_KEYSTORE_TYPE | JKS |
+ Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value /etc/eap-secret-volume/keystore.jks on XPath //*[local-name()='server-identities']/*[local-name()='ssl']/*[local-name()='keystore']/@path
+ And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value mykeystorepass on XPath //*[local-name()='server-identities']/*[local-name()='ssl']/*[local-name()='keystore']/@keystore-password
+ And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value jboss on XPath //*[local-name()='server-identities']/*[local-name()='ssl']/*[local-name()='keystore']/@alias
+ And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value mykeypass on XPath //*[local-name()='server-identities']/*[local-name()='ssl']/*[local-name()='keystore']/@key-password
+ And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value JKS on XPath //*[local-name()='server-identities']/*[local-name()='ssl']/*[local-name()='keystore']/@provider
+