This is an automated email from the ASF dual-hosted git repository. heneveld pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git
commit 21d1dba9bfdcb0abd83c15df34d3bbae051d85ec Author: Alex Heneveld <[email protected]> AuthorDate: Mon Jan 20 20:19:25 2025 +0000 Fix issue where vault token is not refreshed Now refreshes (a) if an access fails, or (b) if brooklyn.cfg is modified --- .../vault/VaultExternalConfigSupplier.java | 23 +++++++++++----------- .../mgmt/internal/AbstractManagementContext.java | 10 +++++----- .../BasicExternalConfigSupplierRegistry.java | 1 + .../core/mgmt/internal/LocalManagementContext.java | 3 ++- 4 files changed, 19 insertions(+), 18 deletions(-) diff --git a/core/src/main/java/org/apache/brooklyn/core/config/external/vault/VaultExternalConfigSupplier.java b/core/src/main/java/org/apache/brooklyn/core/config/external/vault/VaultExternalConfigSupplier.java index 28f9c84362..fd15768ad7 100644 --- a/core/src/main/java/org/apache/brooklyn/core/config/external/vault/VaultExternalConfigSupplier.java +++ b/core/src/main/java/org/apache/brooklyn/core/config/external/vault/VaultExternalConfigSupplier.java @@ -64,7 +64,7 @@ public abstract class VaultExternalConfigSupplier extends AbstractExternalConfig protected final int version; protected final int recoverTryCount; protected final String token; - protected final ImmutableMap<String, String> headersWithToken; + protected Map<String, String> headersWithToken; public VaultExternalConfigSupplier(ManagementContext managementContext, String name, Map<String, String> config) { super(managementContext, name); @@ -115,7 +115,7 @@ public abstract class VaultExternalConfigSupplier extends AbstractExternalConfig String urlPath = (version == 1) ? Urls.mergePaths("v1", path) : Urls.mergePaths("v1", mountPoint, "data", path); - JsonObject response = apiGetRetryable(urlPath, headersWithToken, recoverTryCount); + JsonObject response = apiGetRetryable(urlPath, recoverTryCount); JsonElement jsonElement = (version == 1) ? response.getAsJsonObject("data").get(key) : response.getAsJsonObject("data").getAsJsonObject("data").get(key); @@ -127,30 +127,29 @@ public abstract class VaultExternalConfigSupplier extends AbstractExternalConfig * Obtains data stored in <code>path</code>. */ public Map<String, String> getDataAsStringMap() { - JsonObject response = apiGetRetryable(Urls.mergePaths("v1", path), headersWithToken, recoverTryCount); + JsonObject response = apiGetRetryable(Urls.mergePaths("v1", path), recoverTryCount); Map<String, JsonElement> dataMap = response.getAsJsonObject("data").entrySet().stream() .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue)); return Maps.transformValues(dataMap, jsonElement -> jsonElement.getAsString()); } - protected JsonObject apiGetRetryable(String path, Map<String, String> headers, int recoverTryCount) { + protected JsonObject apiGetRetryable(String path, int recoverTryCount) { try { - if (Strings.isBlank(headers.get("X-Vault-Token"))) { + if (Strings.isBlank(headersWithToken.get("X-Vault-Token"))) { String currentToken = initAndLogIn(config); if (Strings.isBlank(currentToken)) { - throw new IllegalStateException("Vault sealed or unavailable."); + throw new IllegalStateException("Vault sealed or token otherwise unavailable."); } - headers = MutableMap.copyOf(headers).add("X-Vault-Token", currentToken); + headersWithToken = MutableMap.copyOf(headersWithToken).add("X-Vault-Token", currentToken).asUnmodifiable(); } - return apiGet(path, headers); + return apiGet(path, headersWithToken); } catch (Exception e) { Exceptions.propagateIfFatal(e); + LOG.warn("Error accessing vault (" + recoverTryCount+" retries remaining): "+e); + headersWithToken = MutableMap.<String,String>builder().putAll(headersWithToken).remove("X-Vault-Token").build().asUnmodifiable(); if (recoverTryCount > 0) { - LOG.warn("Vault sealed or unavailable. Retries remaining: " + recoverTryCount); Time.sleep(Duration.ONE_SECOND); - String currentToken = initAndLogIn(config); - headers = MutableMap.copyOf(headers).add("X-Vault-Token", currentToken); - return apiGetRetryable(path, headers, --recoverTryCount); + return apiGetRetryable(path, --recoverTryCount); } throw Exceptions.propagate(e); } diff --git a/core/src/main/java/org/apache/brooklyn/core/mgmt/internal/AbstractManagementContext.java b/core/src/main/java/org/apache/brooklyn/core/mgmt/internal/AbstractManagementContext.java index 8450b6e425..4bbc6a7a67 100644 --- a/core/src/main/java/org/apache/brooklyn/core/mgmt/internal/AbstractManagementContext.java +++ b/core/src/main/java/org/apache/brooklyn/core/mgmt/internal/AbstractManagementContext.java @@ -177,7 +177,7 @@ public abstract class AbstractManagementContext implements ManagementContextInte private final BrooklynStorage storage; - protected final ExternalConfigSupplierRegistry configSupplierRegistry; + protected ExternalConfigSupplierRegistry configSupplierRegistry; private volatile boolean running = true; protected boolean startupComplete = false; @@ -198,12 +198,12 @@ public abstract class AbstractManagementContext implements ManagementContextInte this.typeRegistry = new BasicBrooklynTypeRegistry(this); this.storage = new BrooklynStorageImpl(); - this.rebindManager = new RebindManagerImpl(this); // TODO leaking "this" reference; yuck - this.managementNodeStateListenerManager = new ManagementNodeStateListenerManager(this); // TODO leaking "this" reference; yuck - this.highAvailabilityManager = new HighAvailabilityManagerImpl(this, managementNodeStateListenerManager); // TODO leaking "this" reference; yuck + this.rebindManager = new RebindManagerImpl(this); + this.managementNodeStateListenerManager = new ManagementNodeStateListenerManager(this); + this.highAvailabilityManager = new HighAvailabilityManagerImpl(this, managementNodeStateListenerManager); this.entitlementManager = Entitlements.newManager(this, brooklynProperties); - this.configSupplierRegistry = new BasicExternalConfigSupplierRegistry(this); // TODO leaking "this" reference; yuck + this.configSupplierRegistry = new BasicExternalConfigSupplierRegistry(this); } @Override diff --git a/core/src/main/java/org/apache/brooklyn/core/mgmt/internal/BasicExternalConfigSupplierRegistry.java b/core/src/main/java/org/apache/brooklyn/core/mgmt/internal/BasicExternalConfigSupplierRegistry.java index b55081336e..308d65ebcd 100644 --- a/core/src/main/java/org/apache/brooklyn/core/mgmt/internal/BasicExternalConfigSupplierRegistry.java +++ b/core/src/main/java/org/apache/brooklyn/core/mgmt/internal/BasicExternalConfigSupplierRegistry.java @@ -112,6 +112,7 @@ public class BasicExternalConfigSupplierRegistry implements ExternalConfigSuppli String name = strippedKey; String providerClassname = (String) externalProviderProperties.get(key); BrooklynProperties config = ConfigUtils.filterForPrefixAndStrip(externalProviderProperties, key + "."); + LOG.debug("Registering external config supplier "+name+": "+providerClassname); try { Class<ExternalConfigSupplier> supplierClass = (Class<ExternalConfigSupplier>)new ClassLoaderUtils(this, mgmt).loadClass(providerClassname); diff --git a/core/src/main/java/org/apache/brooklyn/core/mgmt/internal/LocalManagementContext.java b/core/src/main/java/org/apache/brooklyn/core/mgmt/internal/LocalManagementContext.java index 4fb32e5230..cab6eec4e9 100644 --- a/core/src/main/java/org/apache/brooklyn/core/mgmt/internal/LocalManagementContext.java +++ b/core/src/main/java/org/apache/brooklyn/core/mgmt/internal/LocalManagementContext.java @@ -409,7 +409,8 @@ public class LocalManagementContext extends AbstractManagementContext { } this.downloadsManager = BasicDownloadsManager.newDefault(configMap); this.entitlementManager = Entitlements.newManager(this, configMap); - + this.configSupplierRegistry = new BasicExternalConfigSupplierRegistry(this); + clearLocationRegistry(); BrooklynFeatureEnablement.init(configMap);
