This is an automated email from the ASF dual-hosted git repository.
nvazquez pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/main by this push:
new 77fb93c core: use the URL scheme same as iframe for non-SSL enabled
consoles (#5624)
77fb93c is described below
commit 77fb93c5136df722b4efcd7baededad20449494c
Author: Rohit Yadav <[email protected]>
AuthorDate: Fri Oct 29 22:12:44 2021 +0530
core: use the URL scheme same as iframe for non-SSL enabled consoles (#5624)
* core: use the URL scheme same as iframe for non-SSL enabled consoles
For environments where SSL is not enabled for console, this forces the
URL scheme (http/https) in iframe to match the iframe URL scheme.
Signed-off-by: Rohit Yadav <[email protected]>
* consoleproxy: enable SSL on CPVM when both console proxy url/domain and
ssl setting are configured
Signed-off-by: Rohit Yadav <[email protected]>
* fix unit test
Signed-off-by: Rohit Yadav <[email protected]>
* address code review comments
Signed-off-by: Rohit Yadav <[email protected]>
---
.../main/java/com/cloud/info/ConsoleProxyInfo.java | 2 +-
.../java/com/cloud/info/ConsoleProxyInfoTest.java | 10 +++++-----
.../java/com/cloud/consoleproxy/AgentHookBase.java | 20 +++++++++++---------
3 files changed, 17 insertions(+), 15 deletions(-)
diff --git a/core/src/main/java/com/cloud/info/ConsoleProxyInfo.java
b/core/src/main/java/com/cloud/info/ConsoleProxyInfo.java
index 7e1be6a..f92b93a 100644
--- a/core/src/main/java/com/cloud/info/ConsoleProxyInfo.java
+++ b/core/src/main/java/com/cloud/info/ConsoleProxyInfo.java
@@ -46,7 +46,7 @@ public class ConsoleProxyInfo {
}
} else {
- proxyImageUrl = "http://"; + proxyAddress;
+ proxyImageUrl = "//" + proxyAddress;
if (proxyUrlPort != 80) {
proxyImageUrl += ":" + proxyUrlPort;
}
diff --git a/core/src/test/java/com/cloud/info/ConsoleProxyInfoTest.java
b/core/src/test/java/com/cloud/info/ConsoleProxyInfoTest.java
index 62a4b76..e1b264c 100644
--- a/core/src/test/java/com/cloud/info/ConsoleProxyInfoTest.java
+++ b/core/src/test/java/com/cloud/info/ConsoleProxyInfoTest.java
@@ -19,10 +19,10 @@
package com.cloud.info;
-import org.junit.Test;
-
import static org.junit.Assert.assertEquals;
+import org.junit.Test;
+
public class ConsoleProxyInfoTest {
@Test
@@ -35,7 +35,7 @@ public class ConsoleProxyInfoTest {
public void testGetProxyImageUrlHttp() {
ConsoleProxyInfo cpi = new ConsoleProxyInfo(false, "10.10.10.10", 80,
80 , "console.example.com");
String url = cpi.getProxyImageUrl();
- assertEquals("http://console.example.com";, url);
+ assertEquals("//console.example.com", url);
}
@Test
public void testGetProxyImageUrlWildcardHttps() {
@@ -47,13 +47,13 @@ public class ConsoleProxyInfoTest {
public void testGetProxyImageUrlWildcardHttp() {
ConsoleProxyInfo cpi = new ConsoleProxyInfo(false, "1.2.3.4", 80, 8888
, "*.example.com");
String url = cpi.getProxyImageUrl();
- assertEquals("http://1-2-3-4.example.com:8888";, url);
+ assertEquals("//1-2-3-4.example.com:8888", url);
}
@Test
public void testGetProxyImageUrlIpHttp() {
ConsoleProxyInfo cpi = new ConsoleProxyInfo(false, "1.2.3.4", 80,
8888, "");
String url = cpi.getProxyImageUrl();
- assertEquals("http://1.2.3.4:8888";, url);
+ assertEquals("//1.2.3.4:8888", url);
}
@Test
public void testGetProxyImageUrlIpHttps() {
diff --git a/server/src/main/java/com/cloud/consoleproxy/AgentHookBase.java
b/server/src/main/java/com/cloud/consoleproxy/AgentHookBase.java
index 6a06774..2bc092e 100644
--- a/server/src/main/java/com/cloud/consoleproxy/AgentHookBase.java
+++ b/server/src/main/java/com/cloud/consoleproxy/AgentHookBase.java
@@ -21,15 +21,12 @@ import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Date;
-import org.apache.commons.codec.binary.Base64;
-import org.apache.log4j.Logger;
-
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
-
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
import org.apache.cloudstack.framework.security.keys.KeysManager;
import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.log4j.Logger;
import com.cloud.agent.AgentManager;
import com.cloud.agent.api.AgentControlAnswer;
@@ -54,6 +51,8 @@ import com.cloud.servlet.ConsoleProxyServlet;
import com.cloud.utils.Ternary;
import com.cloud.vm.VirtualMachine;
import com.cloud.vm.dao.VMInstanceDao;
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
/**
* Utility class to manage interactions with agent-based console access
@@ -198,12 +197,15 @@ public abstract class AgentHookBase implements AgentHook {
String storePassword = Base64.encodeBase64String(randomBytes);
byte[] ksBits = null;
+
String consoleProxyUrlDomain =
_configDao.getValue(Config.ConsoleProxyUrlDomain.key());
- if (consoleProxyUrlDomain == null ||
consoleProxyUrlDomain.isEmpty()) {
- s_logger.debug("SSL is disabled for console proxy based on
global config, skip loading certificates");
- } else {
+ String consoleProxySslEnabled =
_configDao.getValue("consoleproxy.sslEnabled");
+ if (!StringUtils.isEmpty(consoleProxyUrlDomain) &&
!StringUtils.isEmpty(consoleProxySslEnabled)
+ && consoleProxySslEnabled.equalsIgnoreCase("true")) {
ksBits =
_ksMgr.getKeystoreBits(ConsoleProxyManager.CERTIFICATE_NAME,
ConsoleProxyManager.CERTIFICATE_NAME, storePassword);
//ks manager raises exception if ksBits are null, hence no
need to explicltly handle the condition
+ } else {
+ s_logger.debug("SSL is disabled for console proxy. To enable
SSL, please configure consoleproxy.sslEnabled and consoleproxy.url.domain
global settings.");
}
cmd = new StartConsoleProxyAgentHttpHandlerCommand(ksBits,
storePassword);
