brooklyn-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From henev...@apache.org
Subject [25/50] brooklyn-library git commit: nginx preinstalled key/certificate: added validation for when destination/source in proxysslconfig is null. Added an integration tests where the https functionality with pre-existing key/certificate is tested
Date Mon, 01 Feb 2016 17:46:28 GMT
nginx preinstalled key/certificate: added validation for when destination/source in proxysslconfig
is null. Added an integration tests where the https functionality with pre-existing key/certificate
is tested


Project: http://git-wip-us.apache.org/repos/asf/brooklyn-library/repo
Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-library/commit/2ff614f1
Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-library/tree/2ff614f1
Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-library/diff/2ff614f1

Branch: refs/heads/0.4.0
Commit: 2ff614f1c0c2f1d34355f2b5bcf0bef70855626d
Parents: af388f5
Author: Peter Veentjer <peter.veentjer@cloudsoft.com>
Authored: Mon Oct 8 16:04:34 2012 +0300
Committer: Peter Veentjer <peter.veentjer@cloudsoft.com>
Committed: Mon Oct 8 16:04:34 2012 +0300

----------------------------------------------------------------------
 .../brooklyn/entity/proxy/ProxySslConfig.groovy | 20 ++++---
 .../entity/proxy/nginx/NginxController.groovy   | 19 ++++++-
 .../nginx/NginxHttpsSslIntegrationTest.groovy   | 56 +++++++++++++++++++-
 3 files changed, 84 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/brooklyn-library/blob/2ff614f1/software/webapp/src/main/java/brooklyn/entity/proxy/ProxySslConfig.groovy
----------------------------------------------------------------------
diff --git a/software/webapp/src/main/java/brooklyn/entity/proxy/ProxySslConfig.groovy b/software/webapp/src/main/java/brooklyn/entity/proxy/ProxySslConfig.groovy
index 3ed4149..e7f75f3 100644
--- a/software/webapp/src/main/java/brooklyn/entity/proxy/ProxySslConfig.groovy
+++ b/software/webapp/src/main/java/brooklyn/entity/proxy/ProxySslConfig.groovy
@@ -27,17 +27,23 @@ public class ProxySslConfig implements Serializable {
     String sourceKeyUrl;
 
     /**
-     * Sets the ssl_certificate path to be used. If set to null, Brooklyn will take control.
If explicitly set
-     * this value will be placed in the ssl_certificate. Setting this field is useful if
there is a certificate on the
-     * nginx machine you want to make use of.
+     * Sets the ssl_certificate path to be used within the generated LoadBalancer configuration.
If set to null,
+     * Brooklyn will use an auto generated path.
+     *
+     * If sourceCertificateUrl, then Brooklyn will copy the certificate the certificateDestination.
+     *
+     * Setting this field is useful if there is a certificate on the nginx machine you want
to make use of.
      */
     String certificateDestination;
 
     /**
-      * Sets the ssl_certificate_key path to be used. If set to null, Brooklyn will take
control. If explicitly set
-      * this value will be placed in the ssl_certificate_key. Setting this field is useful
if there is a certificate_key
-     * on the nginx machine you want to make use of.
-      */
+     * Sets the ssl_certificate_key path to be used within the generated LoadBalancer configuration.
If set to null,
+     * Brooklyn will use an auto generated path.
+     *
+     * If sourceKeyUrl, then Brooklyn will copy the certificate the keyDestination.
+     *
+     * Setting this field is useful if there is a certificate_key on the nginx machine you
want to make use of.
+     */
     String keyDestination;
 
     /** whether the downstream server (if mapping) also expects https; default false */

http://git-wip-us.apache.org/repos/asf/brooklyn-library/blob/2ff614f1/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxController.groovy
----------------------------------------------------------------------
diff --git a/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxController.groovy
b/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxController.groovy
index 8646a5e..63c0319 100644
--- a/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxController.groovy
+++ b/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxController.groovy
@@ -50,7 +50,7 @@ public class NginxController extends AbstractController {
        
     @SetFromFlag("version")
     public static final BasicConfigKey<String> SUGGESTED_VERSION =
-        new BasicConfigKey<String>(SoftwareProcessEntity.SUGGESTED_VERSION, "1.3.0");
+        new BasicConfigKey<String>(SoftwareProcessEntity.SUGGESTED_VERSION, "1.3.7");
 
     @SetFromFlag("sticky")
     public static final BasicConfigKey<Boolean> STICKY =
@@ -210,7 +210,11 @@ public class NginxController extends AbstractController {
         
         ProxySslConfig globalSslConfig = getConfig(SSL_CONFIG);
         boolean ssl = globalSslConfig != null;
-        if (ssl) appendSslConfig("global", config, "    ", globalSslConfig, true, true);
+
+        if (ssl) {
+            verifyConfig(globalSslConfig)
+            appendSslConfig("global", config, "    ", globalSslConfig, true, true)
+        };
         
         // If no servers, then defaults to returning 404
         // TODO Give nicer page back 
@@ -277,6 +281,7 @@ public class NginxController extends AbstractController {
             for (UrlMapping mappingInDomain : mappingsByDomain.get(domain)) {
                 ProxySslConfig sslConfig = mappingInDomain.getConfig(UrlMapping.SSL_CONFIG);
                 if (sslConfig!=null) {
+                    verifyConfig(sslConfig)
                     if (localSslConfig!=null) {
                         if (localSslConfig.equals(sslConfig)) {
                             //ignore identical config specified on multiple mappings
@@ -341,6 +346,16 @@ public class NginxController extends AbstractController {
         return config.toString();
     }
 
+    void verifyConfig(ProxySslConfig proxySslConfig) {
+        if (proxySslConfig.keyDestination == null &&  proxySslConfig.sourceKeyUrl
== null){
+            throw new IllegalStateException("ProxySslConfig can't have a null keyDestination
and null sourceKeyUrl. One or both need to be set")
+        }
+
+        if(proxySslConfig.certificateDestination == null && proxySslConfig.sourceCertificateUrl
== null){
+            throw new IllegalStateException("ProxySslConfig can't have a null certificateDestination
and null sourceCertificateUrl. One or both need to be set")
+        }
+    }
+
     public boolean appendSslConfig(String id, StringBuilder out, String prefix, ProxySslConfig
ssl,
                                    boolean sslBlock, boolean certificateBlock) {
         if (ssl == null) return false;

http://git-wip-us.apache.org/repos/asf/brooklyn-library/blob/2ff614f1/software/webapp/src/test/java/brooklyn/entity/proxy/nginx/NginxHttpsSslIntegrationTest.groovy
----------------------------------------------------------------------
diff --git a/software/webapp/src/test/java/brooklyn/entity/proxy/nginx/NginxHttpsSslIntegrationTest.groovy
b/software/webapp/src/test/java/brooklyn/entity/proxy/nginx/NginxHttpsSslIntegrationTest.groovy
index 8ab3413..7b38635 100644
--- a/software/webapp/src/test/java/brooklyn/entity/proxy/nginx/NginxHttpsSslIntegrationTest.groovy
+++ b/software/webapp/src/test/java/brooklyn/entity/proxy/nginx/NginxHttpsSslIntegrationTest.groovy
@@ -50,17 +50,18 @@ public class NginxHttpsSslIntegrationTest {
      * Test that the Nginx proxy starts up and sets SERVICE_UP correctly.
      */
     @Test(groups = "Integration")
-    public void testStartsWithGlobalSsl() {
+    public void testStartsWithGlobalSsl_withCertificateAndKeyCopy() {
         def template = { Map properties -> new JBoss7Server(properties) }
         cluster = new DynamicCluster(owner:app, factory:template, initialSize:1)
         cluster.setConfig(JavaWebAppService.ROOT_WAR, WAR_URL)
         
         ProxySslConfig ssl = new ProxySslConfig(sourceCertificateUrl:CERTIFICATE_URL, sourceKeyUrl:KEY_URL);
         nginx = new NginxController(app,
+                sticky: false,
                 cluster: cluster,
                 domain : "localhost",
                 port: "8443+",
-                ssl: ssl 
+                ssl: ssl
             );
         
         app.start([ new LocalhostMachineProvisioningLocation() ])
@@ -91,4 +92,55 @@ public class NginxHttpsSslIntegrationTest {
         assertFalse cluster.getAttribute(SoftwareProcessEntity.SERVICE_UP)
         cluster.members.each { assertFalse it.getAttribute(SoftwareProcessEntity.SERVICE_UP)
}
     }
+
+    private String getFile(String file) {
+           return new File(getClass().getResource("/" + file).getFile()).getAbsolutePath();
+       }
+
+    @Test(groups = "Integration")
+    public void testStartsWithGlobalSsl_withPreinstalledCertificateAndKey() {
+           def template = { Map properties -> new JBoss7Server(properties) }
+           cluster = new DynamicCluster(owner:app, factory:template, initialSize:1)
+           cluster.setConfig(JavaWebAppService.ROOT_WAR, WAR_URL)
+
+           ProxySslConfig ssl = new ProxySslConfig(
+                   certificateDestination: getFile("ssl/certs/localhost/server.crt"),
+                   keyDestination: getFile("ssl/certs/localhost/server.key"));
+
+           nginx = new NginxController(app,
+                   sticky: false,
+                   cluster: cluster,
+                   domain : "localhost",
+                   port: "8443+",
+                   ssl: ssl
+               );
+
+           app.start([ new LocalhostMachineProvisioningLocation() ])
+
+           String url = nginx.getAttribute(WebAppService.ROOT_URL);
+           if (!url.startsWith("https://")) Assert.fail("URL should be https: "+url);
+
+           executeUntilSucceeds() {
+               // Services are running
+               assertTrue cluster.getAttribute(SoftwareProcessEntity.SERVICE_UP)
+               cluster.members.each { assertTrue it.getAttribute(SoftwareProcessEntity.SERVICE_UP)
}
+
+               assertTrue nginx.getAttribute(SoftwareProcessEntity.SERVICE_UP)
+
+               // Nginx URL is available
+               assertTrue urlRespondsWithStatusCode200(url)
+
+               // Web-server URL is available
+               cluster.members.each {
+                   assertTrue urlRespondsWithStatusCode200(it.getAttribute(WebAppService.ROOT_URL))
+               }
+           }
+
+           app.stop()
+
+           // Services have stopped
+           assertFalse nginx.getAttribute(SoftwareProcessEntity.SERVICE_UP)
+           assertFalse cluster.getAttribute(SoftwareProcessEntity.SERVICE_UP)
+           cluster.members.each { assertFalse it.getAttribute(SoftwareProcessEntity.SERVICE_UP)
}
+       }
 }


Mime
View raw message