This is an automated email from the ASF dual-hosted git repository.
jensdeppe pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode.git
The following commit(s) were added to refs/heads/develop by this push:
new 39afc33 GEODE-4628: Gfsh connect should infer more about the
conenction type (#1445)
39afc33 is described below
commit 39afc33b90a7d3661a498d6844697673e34cdf37
Author: Jens Deppe <jde...@pivotal.io>
AuthorDate: Wed Feb 14 14:59:24 2018 -0800
GEODE-4628: Gfsh connect should infer more about the conenction type (#1445)
- 'use-ssl' is not required for https URLs to enable SSL
- 'use-http' is deprecated
- there is no default for 'url' anymore
---
.../geode/management/internal/ManagementAgent.java | 4 +-
.../internal/cli/commands/ConnectCommand.java | 9 ++--
.../management/internal/cli/i18n/CliStrings.java | 4 +-
.../geode/test/junit/rules/GfshCommandRule.java | 8 ++--
geode-core/src/test/resources/ssl/trusted.keystore | Bin 2241 -> 536 bytes
.../cli/commands/ConnectCommandWithSSLTest.java | 53 ++++++++++++++++-----
6 files changed, 52 insertions(+), 26 deletions(-)
diff --git
a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
index d52ee85..55df263 100755
---
a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
+++
b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
@@ -245,8 +245,8 @@ public class ManagementAgent {
boolean isRestWebAppAdded = false;
- this.httpServer = JettyHelper.initJetty(bindAddress, port,
-
SSLConfigurationFactory.getSSLConfigForComponent(SecurableCommunicationChannel.WEB));
+ this.httpServer = JettyHelper.initJetty(bindAddress, port,
SSLConfigurationFactory
+ .getSSLConfigForComponent(config,
SecurableCommunicationChannel.WEB));
if (agentUtil.isWebApplicationAvailable(gemfireWar)) {
this.httpServer =
diff --git
a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ConnectCommand.java
b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ConnectCommand.java
index ee8f93b..9f7a0dc 100644
---
a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ConnectCommand.java
+++
b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ConnectCommand.java
@@ -94,9 +94,7 @@ public class ConnectCommand implements GfshCommand {
@CliOption(key = {CliStrings.CONNECT__USE_HTTP}, specifiedDefaultValue =
"true",
unspecifiedDefaultValue = "false",
help = CliStrings.CONNECT__USE_HTTP__HELP) boolean useHttp,
- @CliOption(key = {CliStrings.CONNECT__URL},
- unspecifiedDefaultValue = CliStrings.CONNECT__DEFAULT_BASE_URL,
- help = CliStrings.CONNECT__URL__HELP) String url,
+ @CliOption(key = {CliStrings.CONNECT__URL}, help =
CliStrings.CONNECT__URL__HELP) String url,
@CliOption(key = {CliStrings.CONNECT__USERNAME},
help = CliStrings.CONNECT__USERNAME__HELP) String userName,
@CliOption(key = {CliStrings.CONNECT__PASSWORD},
@@ -137,7 +135,8 @@ public class ConnectCommand implements GfshCommand {
keystore, keystorePassword, null, truststore, truststorePassword,
null, sslCiphers,
sslProtocols, null);
- if (containsSSLConfig(gfProperties) ||
containsLegacySSLConfig(gfProperties)) {
+ if (containsSSLConfig(gfProperties) ||
containsLegacySSLConfig(gfProperties)
+ || StringUtils.startsWith(url, "https")) {
useSsl = true;
}
@@ -152,7 +151,7 @@ public class ConnectCommand implements GfshCommand {
gfProperties.setProperty(UserInputProperty.PASSWORD.getKey(), password);
}
- if (useHttp) {
+ if (StringUtils.isNotEmpty(url)) {
result = httpConnect(gfProperties, url, skipSslValidation);
} else {
result = jmxConnect(gfProperties, useSsl, jmxManagerEndPoint,
locatorEndPoint, false);
diff --git
a/geode-core/src/main/java/org/apache/geode/management/internal/cli/i18n/CliStrings.java
b/geode-core/src/main/java/org/apache/geode/management/internal/cli/i18n/CliStrings.java
index fe82874..6335b84 100644
---
a/geode-core/src/main/java/org/apache/geode/management/internal/cli/i18n/CliStrings.java
+++
b/geode-core/src/main/java/org/apache/geode/management/internal/cli/i18n/CliStrings.java
@@ -558,7 +558,7 @@ public class CliStrings {
+ CONNECT__DEFAULT_BASE_URL + "'";
public static final String CONNECT__USE_HTTP = "use-http";
public static final String CONNECT__USE_HTTP__HELP =
- "Connects to Manager by sending HTTP requests to HTTP service hosting
the Management REST API. You must first 'disconnect' in order to reconnect to
the Manager via locator or jmx-manager using JMX.";
+ "[Deprecated: inferred by the presence of --url]. Connects to Manager by
sending HTTP requests to HTTP service hosting the Management REST API. You must
first 'disconnect' in order to reconnect to the Manager via locator or
jmx-manager using JMX.";
public static final String CONNECT__USERNAME = "user";
public static final String CONNECT__USERNAME__HELP =
"User name to securely connect to the jmx-manager. If the --password
parameter is not specified then it will be prompted for.";
@@ -590,7 +590,7 @@ public class CliStrings {
"The gfsecurity.properties file for configuring gfsh to connect to the
Locator/Manager. The file's path can be absolute or relative to gfsh
directory.";
public static final String CONNECT__USE_SSL = "use-ssl";
public static final String CONNECT__USE_SSL__HELP =
- "Whether to use SSL for communication with Locator and/or JMX Manager.
If set to \"true\", \"gfsecurity.properties\" will also be read. SSL Options
take precedence over the properties file. If none are specified, defaults will
be used. The default value for this options is \"false\".";
+ "Whether to use SSL for communication with Locator and/or JMX Manager.
If set to \"true\", \"gfsecurity.properties\" will also be read. SSL Options
take precedence over the properties file. If none are specified, defaults will
be used. The default value for this options is \"false\". This option is only
required if JMX is to be used over SSL. For http, the protocol is inferred from
the URL.";
public static final String CONNECT__MSG__CONNECTING_TO_MANAGER_AT_0 =
"Connecting to Manager at {0} ..";
public static final String
CONNECT__MSG__CONNECTING_TO_MANAGER_HTTP_SERVICE_AT_0 =
diff --git
a/geode-core/src/test/java/org/apache/geode/test/junit/rules/GfshCommandRule.java
b/geode-core/src/test/java/org/apache/geode/test/junit/rules/GfshCommandRule.java
index bc12c14..e8e55a7 100644
---
a/geode-core/src/test/java/org/apache/geode/test/junit/rules/GfshCommandRule.java
+++
b/geode-core/src/test/java/org/apache/geode/test/junit/rules/GfshCommandRule.java
@@ -166,9 +166,9 @@ public class GfshCommandRule extends
DescribedExternalResource {
// port is the locator port
endpoint = "localhost[" + port + "]";
connectCommand.addOption(CliStrings.CONNECT__LOCATOR, endpoint);
- } else if (type == PortType.http) {
- endpoint = "http://localhost:"; + port + "/geode-mgmt/v1";
- connectCommand.addOption(CliStrings.CONNECT__USE_HTTP,
Boolean.TRUE.toString());
+ } else if (type == PortType.http || type == PortType.https) {
+ endpoint = type.name() + "://localhost:" + port + "/geode-mgmt/v1";
+ // connectCommand.addOption(CliStrings.CONNECT__USE_HTTP,
Boolean.TRUE.toString());
connectCommand.addOption(CliStrings.CONNECT__URL, endpoint);
} else {
endpoint = "localhost[" + port + "]";
@@ -275,7 +275,7 @@ public class GfshCommandRule extends
DescribedExternalResource {
}
public enum PortType {
- locator, jmxManager, http
+ locator, jmxManager, http, https
}
public CommandResult getCommandResult() {
diff --git a/geode-core/src/test/resources/ssl/trusted.keystore
b/geode-core/src/test/resources/ssl/trusted.keystore
index bd75039..4647e4e 100644
Binary files a/geode-core/src/test/resources/ssl/trusted.keystore and
b/geode-core/src/test/resources/ssl/trusted.keystore differ
diff --git
a/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectCommandWithSSLTest.java
b/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectCommandWithSSLTest.java
index ff778cf..0a33cfe 100644
---
a/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectCommandWithSSLTest.java
+++
b/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectCommandWithSSLTest.java
@@ -81,6 +81,12 @@ public class ConnectCommandWithSSLTest {
static {
try {
+ /*
+ * This file was generated with the following command:
+ * keytool -genkey -dname "CN=localhost" -alias self -validity 3650
-keyalg EC \
+ * -keystore trusted.keystore -keypass password -storepass password \
+ * -ext san=ip:127.0.0.1 -storetype jks
+ */
jks = new File(ConnectCommandWithSSLTest.class.getClassLoader()
.getResource("ssl/trusted.keystore").toURI());
} catch (URISyntaxException e) {
@@ -203,8 +209,8 @@ public class ConnectCommandWithSSLTest {
assertThat(gfsh.isConnected()).isTrue();
gfsh.disconnect();
- gfsh.connect(locator.getHttpPort(), GfshCommandRule.PortType.http,
"security-properties-file",
- sslConfigFile.getAbsolutePath(), "skip-ssl-validation", "true");
+ gfsh.connect(locator.getHttpPort(), GfshCommandRule.PortType.https,
"security-properties-file",
+ sslConfigFile.getAbsolutePath());
assertThat(gfsh.isConnected()).isTrue();
}
@@ -225,10 +231,10 @@ public class ConnectCommandWithSSLTest {
assertThat(gfsh.isConnected()).isTrue();
gfsh.disconnect();
- // cannot connect to http
- gfsh.connect(locator.getHttpPort(), GfshCommandRule.PortType.http,
"security-properties-file",
+ // can connect to https
+ gfsh.connect(locator.getHttpPort(), GfshCommandRule.PortType.https,
"security-properties-file",
sslConfigFile.getAbsolutePath());
- assertThat(gfsh.isConnected()).isFalse();
+ assertThat(gfsh.isConnected()).isTrue();
}
@Test
@@ -252,9 +258,9 @@ public class ConnectCommandWithSSLTest {
assertThat(gfsh.isConnected()).isTrue();
gfsh.disconnect();
- // can connect to http
- gfsh.connect(locator.getHttpPort(), GfshCommandRule.PortType.http,
"security-properties-file",
- sslConfigFile.getAbsolutePath(), "skip-ssl-validation", "true");
+ // can connect to https
+ gfsh.connect(locator.getHttpPort(), GfshCommandRule.PortType.https,
"security-properties-file",
+ sslConfigFile.getAbsolutePath());
assertThat(gfsh.isConnected()).isTrue();
}
@@ -271,9 +277,23 @@ public class ConnectCommandWithSSLTest {
"security-properties-file", sslConfigFile.getAbsolutePath());
assertThat(gfsh.isConnected()).isFalse();
- // can connect to http
- gfsh.connect(locator.getHttpPort(), GfshCommandRule.PortType.http,
"security-properties-file",
- sslConfigFile.getAbsolutePath(), "skip-ssl-validation", "true");
+ // can connect to https
+ gfsh.connect(locator.getHttpPort(), GfshCommandRule.PortType.https,
"security-properties-file",
+ sslConfigFile.getAbsolutePath());
+ assertThat(gfsh.isConnected()).isTrue();
+ }
+
+ @Test
+ public void connectWithHttpSSLAndDeprecatedUseHttp() throws Exception {
+ httpSslProperties.store(out, null);
+ // can connect to locator and jmx
+ gfsh.connect(locator.getPort(), GfshCommandRule.PortType.locator,
"security-properties-file",
+ sslConfigFile.getAbsolutePath());
+ assertThat(gfsh.isConnected()).isFalse();
+
+ // can connect to https
+ gfsh.connect(locator.getHttpPort(), GfshCommandRule.PortType.https,
"security-properties-file",
+ sslConfigFile.getAbsolutePath(), "use-http", "true");
assertThat(gfsh.isConnected()).isTrue();
}
@@ -290,8 +310,15 @@ public class ConnectCommandWithSSLTest {
"security-properties-file", sslConfigFile.getAbsolutePath());
assertThat(gfsh.isConnected()).isFalse();
- // can connect to http
- gfsh.connect(locator.getHttpPort(), GfshCommandRule.PortType.http,
"security-properties-file",
+ // cannot connect to https without skip-ssl-validation
+ gfsh.connect(locator.getHttpPort(), GfshCommandRule.PortType.https,
"security-properties-file",
+ sslConfigFile.getAbsolutePath(), "skip-ssl-validation", "false");
+ assertThat(gfsh.isConnected()).isFalse();
+ assertThat(gfsh.getGfshOutput())
+ .contains("unable to find valid certification path to requested
target");
+
+ // can connect to https
+ gfsh.connect(locator.getHttpPort(), GfshCommandRule.PortType.https,
"security-properties-file",
sslConfigFile.getAbsolutePath(), "skip-ssl-validation", "true");
assertThat(gfsh.isConnected()).isTrue();
}
--
To stop receiving notification emails like this one, please contact
jensde...@apache.org.
