Repository: knox Updated Branches: refs/heads/master e1ba9d96a -> 2caee34ee
KNOX-1261 - Fix issue where listener is not decrypting the value before updating, fix annoying error messages Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/2caee34e Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/2caee34e Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/2caee34e Branch: refs/heads/master Commit: 2caee34ee9e93406a8b54f2d282e1e42eb892474 Parents: e1ba9d9 Author: Sandeep More <[email protected]> Authored: Thu Apr 19 21:49:42 2018 -0400 Committer: Sandeep More <[email protected]> Committed: Thu Apr 19 21:49:42 2018 -0400 ---------------------------------------------------------------------- .../apache/knox/gateway/GatewayMessages.java | 7 +++ .../gateway/config/impl/GatewayConfigImpl.java | 20 +++++++ .../security/impl/RemoteAliasService.java | 61 +++++++++++++------- .../security/impl/RemoteAliasMonitorTest.java | 5 +- .../security/impl/RemoteAliasServiceTest.java | 3 + .../knox/gateway/config/GatewayConfig.java | 9 +++ .../apache/knox/gateway/GatewayTestConfig.java | 13 +++++ 7 files changed, 97 insertions(+), 21 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/2caee34e/gateway-server/src/main/java/org/apache/knox/gateway/GatewayMessages.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/GatewayMessages.java b/gateway-server/src/main/java/org/apache/knox/gateway/GatewayMessages.java index ab21c23..78a390a 100644 --- a/gateway-server/src/main/java/org/apache/knox/gateway/GatewayMessages.java +++ b/gateway-server/src/main/java/org/apache/knox/gateway/GatewayMessages.java @@ -643,5 +643,12 @@ public interface GatewayMessages { text = "Error removing remote listener for path {0}, cause: {1} ") void errorRemovingRemoteListener(final String path, final String cause); + @Message(level = MessageLevel.INFO, + text = "Remote Alias Service disabled") + void remoteAliasServiceDisabled(); + + @Message(level = MessageLevel.INFO, + text = "Remote Alias Service enabled") + void remoteAliasServiceEnabled(); } http://git-wip-us.apache.org/repos/asf/knox/blob/2caee34e/gateway-server/src/main/java/org/apache/knox/gateway/config/impl/GatewayConfigImpl.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/config/impl/GatewayConfigImpl.java b/gateway-server/src/main/java/org/apache/knox/gateway/config/impl/GatewayConfigImpl.java index bc4fc31..3684ed2 100644 --- a/gateway-server/src/main/java/org/apache/knox/gateway/config/impl/GatewayConfigImpl.java +++ b/gateway-server/src/main/java/org/apache/knox/gateway/config/impl/GatewayConfigImpl.java @@ -193,6 +193,8 @@ public class GatewayConfigImpl extends Configuration implements GatewayConfig { private static final String PROVIDERCONFIG_DIR_NAME = "shared-providers"; private static final String DESCRIPTORS_DIR_NAME = "descriptors"; + public static final String REMOTE_ALIAS_SERVICE_ENABLED = GATEWAY_CONFIG_FILE_PREFIX + ".remote.alias.service.enabled"; + /* Websocket defaults */ public static final boolean DEFAULT_WEBSOCKET_FEATURE_ENABLED = false; public static final int DEFAULT_WEBSOCKET_MAX_TEXT_MESSAGE_SIZE = Integer.MAX_VALUE;; @@ -205,6 +207,10 @@ public class GatewayConfigImpl extends Configuration implements GatewayConfig { public static final boolean DEFAULT_GATEWAY_PORT_MAPPING_ENABLED = true; + public static final boolean DEFAULT_REMOTE_ALIAS_SERVICE_ENABLED = true; + + + /** * Default list of MIME Type to be compressed. * @since 0.12 @@ -984,4 +990,18 @@ public class GatewayConfigImpl extends Configuration implements GatewayConfig { return get(REMOTE_CONFIG_MONITOR_CLIENT_NAME); } + /** + * Returns whether the Remote Alias Service is enabled or not. + * This value also depends on whether remote registry is enabled or not. + * if it is enabled then this option takes effect else this option has no + * effect. + * + * @return + */ + @Override + public boolean isRemoteAliasServiceEnabled() { + final String result = get( REMOTE_ALIAS_SERVICE_ENABLED, Boolean.toString(DEFAULT_REMOTE_ALIAS_SERVICE_ENABLED)); + return Boolean.parseBoolean(result); + } + } http://git-wip-us.apache.org/repos/asf/knox/blob/2caee34e/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/RemoteAliasService.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/RemoteAliasService.java b/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/RemoteAliasService.java index b0a47f0..f270ad1 100644 --- a/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/RemoteAliasService.java +++ b/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/RemoteAliasService.java @@ -235,7 +235,7 @@ public class RemoteAliasService implements AliasService { List<String> remoteAliases = new ArrayList<>(); /* If we have remote registry configured, query it */ - if (remoteClient != null) { + if (remoteClient != null && config.isRemoteAliasServiceEnabled()) { remoteAliases = remoteClient .listChildEntries(buildClusterEntryName(clusterName)); } @@ -264,7 +264,7 @@ public class RemoteAliasService implements AliasService { /* first add the alias to the local keystore */ localAliasService.addAliasForCluster(clusterName, alias, value); - if (remoteClient != null) { + if (remoteClient != null && config.isRemoteAliasServiceEnabled()) { final String aliasEntryPath = buildAliasEntryName(clusterName, alias); @@ -299,16 +299,19 @@ public class RemoteAliasService implements AliasService { localAliasService.removeAliasForCluster(clusterName, alias); /* If we have remote registry configured, query it */ - if (remoteClient != null) { + if (remoteClient != null && config.isRemoteAliasServiceEnabled()) { final String aliasEntryPath = buildAliasEntryName(clusterName, alias); - remoteClient.deleteEntry(aliasEntryPath); - if (remoteClient.entryExists(aliasEntryPath)) { - throw new IllegalStateException(String.format( - "Failed to delete alias %s for cluster %s in remote registry", - alias, clusterName)); + remoteClient.deleteEntry(aliasEntryPath); + + if (remoteClient.entryExists(aliasEntryPath)) { + throw new IllegalStateException(String.format( + "Failed to delete alias %s for cluster %s in remote registry", + alias, clusterName)); + } + } } else { @@ -333,11 +336,15 @@ public class RemoteAliasService implements AliasService { char[] password = null; /* try to get it from remote registry */ - if (remoteClient != null) { + if (remoteClient != null && config.isRemoteAliasServiceEnabled()) { checkPathsExist(remoteClient); - final String encrypted = remoteClient - .getEntryData(buildAliasEntryName(clusterName, alias)); + String encrypted = null; + + if(remoteClient.entryExists(buildAliasEntryName(clusterName, alias))) { + encrypted = remoteClient + .getEntryData(buildAliasEntryName(clusterName, alias)); + } /* Generate a new password */ if (encrypted == null) { @@ -446,7 +453,7 @@ public class RemoteAliasService implements AliasService { @Override public void start() throws ServiceLifecycleException { - if (remoteClient != null) { + if (remoteClient != null && config.isRemoteAliasServiceEnabled()) { /* ensure that nodes are properly setup */ ensureEntries(remoteClient); @@ -463,7 +470,7 @@ public class RemoteAliasService implements AliasService { /* Register a listener for aliases entry additions/removals */ try { remoteClient.addChildEntryListener(PATH_KNOX_ALIAS_STORE_TOPOLOGY, - new RemoteAliasChildListener()); + new RemoteAliasChildListener(this)); } catch (final Exception e) { throw new IllegalStateException( "Unable to add listener for path " + PATH_KNOX_ALIAS_STORE_TOPOLOGY, @@ -472,11 +479,17 @@ public class RemoteAliasService implements AliasService { } + if(!config.isRemoteAliasServiceEnabled()) { + LOG.remoteAliasServiceDisabled(); + } else { + LOG.remoteAliasServiceEnabled(); + } + } @Override public void stop() throws ServiceLifecycleException { - if(remoteClient != null) { + if(remoteClient != null && config.isRemoteAliasServiceEnabled()) { try { remoteClient.removeEntryListener(PATH_KNOX_ALIAS_STORE_TOPOLOGY); } catch (final Exception e) { @@ -564,9 +577,15 @@ public class RemoteAliasService implements AliasService { /** * A listener that listens for changes to the child nodes. */ - private static class RemoteAliasChildListener + private class RemoteAliasChildListener implements RemoteConfigurationRegistryClient.ChildEntryListener { + final RemoteAliasService remoteAliasService; + + public RemoteAliasChildListener (final RemoteAliasService remoteAliasService ) { + this.remoteAliasService = remoteAliasService; + } + @Override public void childEvent(final RemoteConfigurationRegistryClient client, final Type type, final String path) { @@ -603,7 +622,7 @@ public class RemoteAliasService implements AliasService { LOG.addAliasLocally(paths[0], paths[1]); try { client.addEntryListener(path, - new RemoteAliasEntryListener(paths[0], paths[1])); + new RemoteAliasEntryListener(paths[0], paths[1], remoteAliasService)); } catch (final Exception e) { LOG.errorRemovingAliasLocally(paths[0], paths[1], e.toString()); } @@ -612,7 +631,7 @@ public class RemoteAliasService implements AliasService { /* Add a child listener for the cluster */ LOG.addRemoteListener(path); try { - client.addChildEntryListener(path, new RemoteAliasChildListener()); + client.addChildEntryListener(path, new RemoteAliasChildListener(remoteAliasService)); } catch (Exception e) { LOG.errorAddingRemoteListener(path, e.toString()); } @@ -633,6 +652,7 @@ public class RemoteAliasService implements AliasService { final String cluster; final String alias; + final RemoteAliasService remoteAliasService; /** * Create an instance @@ -640,10 +660,11 @@ public class RemoteAliasService implements AliasService { * @param cluster * @param alias */ - public RemoteAliasEntryListener(final String cluster, final String alias) { + public RemoteAliasEntryListener(final String cluster, final String alias, final RemoteAliasService remoteAliasService) { super(); this.cluster = cluster; this.alias = alias; + this.remoteAliasService = remoteAliasService; } @Override @@ -658,8 +679,8 @@ public class RemoteAliasService implements AliasService { && aliasService instanceof RemoteAliasService) { try { ((RemoteAliasService) aliasService) - .addAliasForClusterLocally(cluster, alias, new String(data)); - } catch (final AliasServiceException e) { + .addAliasForClusterLocally(cluster, alias, remoteAliasService.decrypt(new String(data))); + } catch (final Exception e) { /* log and move on */ LOG.errorAddingAliasLocally(cluster, alias, e.toString()); } http://git-wip-us.apache.org/repos/asf/knox/blob/2caee34e/gateway-server/src/test/java/org/apache/knox/gateway/security/impl/RemoteAliasMonitorTest.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/test/java/org/apache/knox/gateway/security/impl/RemoteAliasMonitorTest.java b/gateway-server/src/test/java/org/apache/knox/gateway/security/impl/RemoteAliasMonitorTest.java index 2558bbe..4f2a853 100644 --- a/gateway-server/src/test/java/org/apache/knox/gateway/security/impl/RemoteAliasMonitorTest.java +++ b/gateway-server/src/test/java/org/apache/knox/gateway/security/impl/RemoteAliasMonitorTest.java @@ -176,6 +176,9 @@ public class RemoteAliasMonitorTest { EasyMock.expect(gc.getRemoteConfigurationMonitorClientName()) .andReturn(configMonitorName).anyTimes(); + + EasyMock.expect(gc.isRemoteAliasServiceEnabled()) + .andReturn(true).anyTimes(); EasyMock.replay(gc); // Mock Alias Service @@ -227,7 +230,7 @@ public class RemoteAliasMonitorTest { List<String> aliasesDev = zkAlias .getAliasesForCluster(expectedClusterNameDev); - /* no alias added so ist should be empty */ + /* no alias added so ist should be empty, except the one in ZK */ Assert.assertEquals(aliases.size(), 1); Assert.assertEquals(aliasesDev.size(), 0); http://git-wip-us.apache.org/repos/asf/knox/blob/2caee34e/gateway-server/src/test/java/org/apache/knox/gateway/security/impl/RemoteAliasServiceTest.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/test/java/org/apache/knox/gateway/security/impl/RemoteAliasServiceTest.java b/gateway-server/src/test/java/org/apache/knox/gateway/security/impl/RemoteAliasServiceTest.java index a3c9a81..4f3b3af 100644 --- a/gateway-server/src/test/java/org/apache/knox/gateway/security/impl/RemoteAliasServiceTest.java +++ b/gateway-server/src/test/java/org/apache/knox/gateway/security/impl/RemoteAliasServiceTest.java @@ -84,6 +84,9 @@ public class RemoteAliasServiceTest { EasyMock.expect(gc.getAlgorithm()).andReturn("AES").anyTimes(); + EasyMock.expect(gc.isRemoteAliasServiceEnabled()) + .andReturn(true).anyTimes(); + EasyMock.replay(gc); } http://git-wip-us.apache.org/repos/asf/knox/blob/2caee34e/gateway-spi/src/main/java/org/apache/knox/gateway/config/GatewayConfig.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/main/java/org/apache/knox/gateway/config/GatewayConfig.java b/gateway-spi/src/main/java/org/apache/knox/gateway/config/GatewayConfig.java index 882bc71..f4e8521 100644 --- a/gateway-spi/src/main/java/org/apache/knox/gateway/config/GatewayConfig.java +++ b/gateway-spi/src/main/java/org/apache/knox/gateway/config/GatewayConfig.java @@ -349,4 +349,13 @@ public interface GatewayConfig { */ String getRemoteConfigurationMonitorClientName(); + /** + * Returns whether the Remote Alias Service is enabled or not. + * This value also depends on whether remote registry is enabled or not. + * if it is enabled then this option takes effect else this option has no + * effect. + * @return + */ + boolean isRemoteAliasServiceEnabled(); + } http://git-wip-us.apache.org/repos/asf/knox/blob/2caee34e/gateway-test-release-utils/src/main/java/org/apache/knox/gateway/GatewayTestConfig.java ---------------------------------------------------------------------- diff --git a/gateway-test-release-utils/src/main/java/org/apache/knox/gateway/GatewayTestConfig.java b/gateway-test-release-utils/src/main/java/org/apache/knox/gateway/GatewayTestConfig.java index 79a9292..8ce7e9e 100644 --- a/gateway-test-release-utils/src/main/java/org/apache/knox/gateway/GatewayTestConfig.java +++ b/gateway-test-release-utils/src/main/java/org/apache/knox/gateway/GatewayTestConfig.java @@ -641,6 +641,19 @@ public class GatewayTestConfig extends Configuration implements GatewayConfig { return null; } + /** + * Returns whether the Remote Alias Service is enabled or not. + * This value also depends on whether remote registry is enabled or not. + * if it is enabled then this option takes effect else this option has no + * effect. + * + * @return + */ + @Override + public boolean isRemoteAliasServiceEnabled() { + return true; + } + @Override public int getClusterMonitorPollingInterval(String type) { return 600;
