This is an automated email from the ASF dual-hosted git repository.
krisden pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new 984b0e9 KNOX-1814 - Moving conf/data folder checking to Java layer
from bash (#68)
984b0e9 is described below
commit 984b0e950da0fcf56610f03edaf05dc7e31c6f30
Author: Sandor Molnar <[email protected]>
AuthorDate: Tue Mar 12 14:30:09 2019 +0100
KNOX-1814 - Moving conf/data folder checking to Java layer from bash (#68)
---
gateway-release/home/bin/gateway.sh | 3 +-
.../org/apache/knox/gateway/GatewayServer.java | 49 ++++++++++++++++++----
2 files changed, 41 insertions(+), 11 deletions(-)
diff --git a/gateway-release/home/bin/gateway.sh
b/gateway-release/home/bin/gateway.sh
index 8f0ba34..bbefe46 100755
--- a/gateway-release/home/bin/gateway.sh
+++ b/gateway-release/home/bin/gateway.sh
@@ -294,8 +294,7 @@ function checkEnv {
echo "This command $0 must not be run as root."
exit 1
fi
- checkReadDir $APP_CONF_DIR
- checkWriteDir $APP_DATA_DIR
+
checkWriteDir $APP_LOG_DIR
checkWriteDir $APP_PID_DIR
}
diff --git
a/gateway-server/src/main/java/org/apache/knox/gateway/GatewayServer.java
b/gateway-server/src/main/java/org/apache/knox/gateway/GatewayServer.java
index e13c14c..1578d50 100644
--- a/gateway-server/src/main/java/org/apache/knox/gateway/GatewayServer.java
+++ b/gateway-server/src/main/java/org/apache/knox/gateway/GatewayServer.java
@@ -98,6 +98,7 @@ import java.net.URL;
import java.net.URLClassLoader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
+import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
@@ -155,7 +156,8 @@ public class GatewayServer {
if (services == null) {
log.failedToInstantiateGatewayServices();
}
- GatewayConfig config = new GatewayConfigImpl();
+ final GatewayConfig config = new GatewayConfigImpl();
+ validateConfigurableGatewayDirectories(config);
if (config.isHadoopKerberosSecured()) {
validateKerberosConfig(config);
configureKerberosSecurity( config );
@@ -250,17 +252,25 @@ public class GatewayServer {
setSystemProperty(GatewayConfig.KRB5_USE_SUBJECT_CREDS_ONLY, "false");
}
+ private static void validateConfigurableGatewayDirectories(GatewayConfig
config) throws GatewayConfigurationException {
+ final Set<String> errors = new HashSet<>();
+ checkIfDirectoryExistsAndCanBeRead(Paths.get(config.getGatewayConfDir()),
GatewayConfig.GATEWAY_CONF_HOME_VAR, errors);
+
checkIfDirectoryExistsAndCanBeWritten(Paths.get(config.getGatewayDataDir()),
GatewayConfig.GATEWAY_DATA_HOME_VAR, errors);
+
+ if (!errors.isEmpty()) {
+ throw new GatewayConfigurationException(errors);
+ }
+ }
+
private static void validateKerberosConfig(GatewayConfig config) throws
GatewayConfigurationException {
final Set<String> errors = new HashSet<>();
if (config.isHadoopKerberosSecured()) {
if (config.getKerberosConfig() != null) {
- final File krb5ConfFile =
Paths.get(config.getKerberosConfig()).toFile();
- checkIfFileExistsAndCanBeRead(krb5ConfFile, GatewayConfig.KRB5_CONFIG,
errors);
+ checkIfFileExistsAndCanBeRead(Paths.get(config.getKerberosConfig()),
GatewayConfig.KRB5_CONFIG, errors);
}
if (config.getKerberosLoginConfig() != null) {
- final File loginConfigFile =
Paths.get(config.getKerberosLoginConfig()).toFile();
- checkIfFileExistsAndCanBeRead(loginConfigFile,
GatewayConfig.KRB5_LOGIN_CONFIG, errors);
+
checkIfFileExistsAndCanBeRead(Paths.get(config.getKerberosLoginConfig()),
GatewayConfig.KRB5_LOGIN_CONFIG, errors);
}
}
if (!errors.isEmpty()) {
@@ -268,11 +278,32 @@ public class GatewayServer {
}
}
- private static void checkIfFileExistsAndCanBeRead(File fileToBeChecked,
String propertyName, Set<String> errors) {
+ private static void checkIfFileExistsAndCanBeRead(Path toBeChecked, String
propertyName, Set<String> errors) {
+ checkIfFileExistsAndCanBeReadOrWrite(toBeChecked, propertyName, errors,
false, false);
+ }
+
+ private static void checkIfDirectoryExistsAndCanBeRead(Path toBeChecked,
String propertyName, Set<String> errors) {
+ checkIfFileExistsAndCanBeReadOrWrite(toBeChecked, propertyName, errors,
false, true);
+ }
+
+ private static void checkIfDirectoryExistsAndCanBeWritten(Path toBeChecked,
String propertyName, Set<String> errors) {
+ checkIfFileExistsAndCanBeReadOrWrite(toBeChecked, propertyName, errors,
true, true);
+ }
+
+ private static void checkIfFileExistsAndCanBeReadOrWrite(Path toBeChecked,
String propertyName, Set<String> errors, boolean checkForWritePermission,
boolean directory) {
+ final File fileToBeChecked = toBeChecked.toFile();
if (!fileToBeChecked.exists()) {
- errors.add(propertyName + " is set to a non-existing file: " +
fileToBeChecked);
- } else if (!fileToBeChecked.canRead()) {
- errors.add(propertyName + " is set to a non-readable file: " +
fileToBeChecked);
+ errors.add(propertyName + " is set to a non-existing " + (directory ?
"directory: " : "file: ") + fileToBeChecked);
+ } else {
+ if (!fileToBeChecked.canRead()) {
+ errors.add(propertyName + " is set to a non-readable " + (directory ?
"directory: " : "file: ") + fileToBeChecked);
+ }
+ if (checkForWritePermission && !fileToBeChecked.canWrite()) {
+ errors.add(propertyName + " is set to a non-writeable " + (directory ?
"directory: " : "file: ") + fileToBeChecked);
+ }
+ if (directory && !fileToBeChecked.isDirectory()) {
+ errors.add(propertyName + " is not a directory: " + fileToBeChecked);
+ }
}
}
