This is an automated email from the ASF dual-hosted git repository. jensdeppe pushed a commit to branch develop in repository https://gitbox.apache.org/repos/asf/geode.git
The following commit(s) were added to refs/heads/develop by this push: new 39afc33 GEODE-4628: Gfsh connect should infer more about the conenction type (#1445) 39afc33 is described below commit 39afc33b90a7d3661a498d6844697673e34cdf37 Author: Jens Deppe <jde...@pivotal.io> AuthorDate: Wed Feb 14 14:59:24 2018 -0800 GEODE-4628: Gfsh connect should infer more about the conenction type (#1445) - 'use-ssl' is not required for https URLs to enable SSL - 'use-http' is deprecated - there is no default for 'url' anymore --- .../geode/management/internal/ManagementAgent.java | 4 +- .../internal/cli/commands/ConnectCommand.java | 9 ++-- .../management/internal/cli/i18n/CliStrings.java | 4 +- .../geode/test/junit/rules/GfshCommandRule.java | 8 ++-- geode-core/src/test/resources/ssl/trusted.keystore | Bin 2241 -> 536 bytes .../cli/commands/ConnectCommandWithSSLTest.java | 53 ++++++++++++++++----- 6 files changed, 52 insertions(+), 26 deletions(-) diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java index d52ee85..55df263 100755 --- a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java @@ -245,8 +245,8 @@ public class ManagementAgent { boolean isRestWebAppAdded = false; - this.httpServer = JettyHelper.initJetty(bindAddress, port, - SSLConfigurationFactory.getSSLConfigForComponent(SecurableCommunicationChannel.WEB)); + this.httpServer = JettyHelper.initJetty(bindAddress, port, SSLConfigurationFactory + .getSSLConfigForComponent(config, SecurableCommunicationChannel.WEB)); if (agentUtil.isWebApplicationAvailable(gemfireWar)) { this.httpServer = diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ConnectCommand.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ConnectCommand.java index ee8f93b..9f7a0dc 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ConnectCommand.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ConnectCommand.java @@ -94,9 +94,7 @@ public class ConnectCommand implements GfshCommand { @CliOption(key = {CliStrings.CONNECT__USE_HTTP}, specifiedDefaultValue = "true", unspecifiedDefaultValue = "false", help = CliStrings.CONNECT__USE_HTTP__HELP) boolean useHttp, - @CliOption(key = {CliStrings.CONNECT__URL}, - unspecifiedDefaultValue = CliStrings.CONNECT__DEFAULT_BASE_URL, - help = CliStrings.CONNECT__URL__HELP) String url, + @CliOption(key = {CliStrings.CONNECT__URL}, help = CliStrings.CONNECT__URL__HELP) String url, @CliOption(key = {CliStrings.CONNECT__USERNAME}, help = CliStrings.CONNECT__USERNAME__HELP) String userName, @CliOption(key = {CliStrings.CONNECT__PASSWORD}, @@ -137,7 +135,8 @@ public class ConnectCommand implements GfshCommand { keystore, keystorePassword, null, truststore, truststorePassword, null, sslCiphers, sslProtocols, null); - if (containsSSLConfig(gfProperties) || containsLegacySSLConfig(gfProperties)) { + if (containsSSLConfig(gfProperties) || containsLegacySSLConfig(gfProperties) + || StringUtils.startsWith(url, "https")) { useSsl = true; } @@ -152,7 +151,7 @@ public class ConnectCommand implements GfshCommand { gfProperties.setProperty(UserInputProperty.PASSWORD.getKey(), password); } - if (useHttp) { + if (StringUtils.isNotEmpty(url)) { result = httpConnect(gfProperties, url, skipSslValidation); } else { result = jmxConnect(gfProperties, useSsl, jmxManagerEndPoint, locatorEndPoint, false); diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/i18n/CliStrings.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/i18n/CliStrings.java index fe82874..6335b84 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/i18n/CliStrings.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/i18n/CliStrings.java @@ -558,7 +558,7 @@ public class CliStrings { + CONNECT__DEFAULT_BASE_URL + "'"; public static final String CONNECT__USE_HTTP = "use-http"; public static final String CONNECT__USE_HTTP__HELP = - "Connects to Manager by sending HTTP requests to HTTP service hosting the Management REST API. You must first 'disconnect' in order to reconnect to the Manager via locator or jmx-manager using JMX."; + "[Deprecated: inferred by the presence of --url]. Connects to Manager by sending HTTP requests to HTTP service hosting the Management REST API. You must first 'disconnect' in order to reconnect to the Manager via locator or jmx-manager using JMX."; public static final String CONNECT__USERNAME = "user"; public static final String CONNECT__USERNAME__HELP = "User name to securely connect to the jmx-manager. If the --password parameter is not specified then it will be prompted for."; @@ -590,7 +590,7 @@ public class CliStrings { "The gfsecurity.properties file for configuring gfsh to connect to the Locator/Manager. The file's path can be absolute or relative to gfsh directory."; public static final String CONNECT__USE_SSL = "use-ssl"; public static final String CONNECT__USE_SSL__HELP = - "Whether to use SSL for communication with Locator and/or JMX Manager. If set to \"true\", \"gfsecurity.properties\" will also be read. SSL Options take precedence over the properties file. If none are specified, defaults will be used. The default value for this options is \"false\"."; + "Whether to use SSL for communication with Locator and/or JMX Manager. If set to \"true\", \"gfsecurity.properties\" will also be read. SSL Options take precedence over the properties file. If none are specified, defaults will be used. The default value for this options is \"false\". This option is only required if JMX is to be used over SSL. For http, the protocol is inferred from the URL."; public static final String CONNECT__MSG__CONNECTING_TO_MANAGER_AT_0 = "Connecting to Manager at {0} .."; public static final String CONNECT__MSG__CONNECTING_TO_MANAGER_HTTP_SERVICE_AT_0 = diff --git a/geode-core/src/test/java/org/apache/geode/test/junit/rules/GfshCommandRule.java b/geode-core/src/test/java/org/apache/geode/test/junit/rules/GfshCommandRule.java index bc12c14..e8e55a7 100644 --- a/geode-core/src/test/java/org/apache/geode/test/junit/rules/GfshCommandRule.java +++ b/geode-core/src/test/java/org/apache/geode/test/junit/rules/GfshCommandRule.java @@ -166,9 +166,9 @@ public class GfshCommandRule extends DescribedExternalResource { // port is the locator port endpoint = "localhost[" + port + "]"; connectCommand.addOption(CliStrings.CONNECT__LOCATOR, endpoint); - } else if (type == PortType.http) { - endpoint = "http://localhost:" + port + "/geode-mgmt/v1"; - connectCommand.addOption(CliStrings.CONNECT__USE_HTTP, Boolean.TRUE.toString()); + } else if (type == PortType.http || type == PortType.https) { + endpoint = type.name() + "://localhost:" + port + "/geode-mgmt/v1"; + // connectCommand.addOption(CliStrings.CONNECT__USE_HTTP, Boolean.TRUE.toString()); connectCommand.addOption(CliStrings.CONNECT__URL, endpoint); } else { endpoint = "localhost[" + port + "]"; @@ -275,7 +275,7 @@ public class GfshCommandRule extends DescribedExternalResource { } public enum PortType { - locator, jmxManager, http + locator, jmxManager, http, https } public CommandResult getCommandResult() { diff --git a/geode-core/src/test/resources/ssl/trusted.keystore b/geode-core/src/test/resources/ssl/trusted.keystore index bd75039..4647e4e 100644 Binary files a/geode-core/src/test/resources/ssl/trusted.keystore and b/geode-core/src/test/resources/ssl/trusted.keystore differ diff --git a/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectCommandWithSSLTest.java b/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectCommandWithSSLTest.java index ff778cf..0a33cfe 100644 --- a/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectCommandWithSSLTest.java +++ b/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectCommandWithSSLTest.java @@ -81,6 +81,12 @@ public class ConnectCommandWithSSLTest { static { try { + /* + * This file was generated with the following command: + * keytool -genkey -dname "CN=localhost" -alias self -validity 3650 -keyalg EC \ + * -keystore trusted.keystore -keypass password -storepass password \ + * -ext san=ip:127.0.0.1 -storetype jks + */ jks = new File(ConnectCommandWithSSLTest.class.getClassLoader() .getResource("ssl/trusted.keystore").toURI()); } catch (URISyntaxException e) { @@ -203,8 +209,8 @@ public class ConnectCommandWithSSLTest { assertThat(gfsh.isConnected()).isTrue(); gfsh.disconnect(); - gfsh.connect(locator.getHttpPort(), GfshCommandRule.PortType.http, "security-properties-file", - sslConfigFile.getAbsolutePath(), "skip-ssl-validation", "true"); + gfsh.connect(locator.getHttpPort(), GfshCommandRule.PortType.https, "security-properties-file", + sslConfigFile.getAbsolutePath()); assertThat(gfsh.isConnected()).isTrue(); } @@ -225,10 +231,10 @@ public class ConnectCommandWithSSLTest { assertThat(gfsh.isConnected()).isTrue(); gfsh.disconnect(); - // cannot connect to http - gfsh.connect(locator.getHttpPort(), GfshCommandRule.PortType.http, "security-properties-file", + // can connect to https + gfsh.connect(locator.getHttpPort(), GfshCommandRule.PortType.https, "security-properties-file", sslConfigFile.getAbsolutePath()); - assertThat(gfsh.isConnected()).isFalse(); + assertThat(gfsh.isConnected()).isTrue(); } @Test @@ -252,9 +258,9 @@ public class ConnectCommandWithSSLTest { assertThat(gfsh.isConnected()).isTrue(); gfsh.disconnect(); - // can connect to http - gfsh.connect(locator.getHttpPort(), GfshCommandRule.PortType.http, "security-properties-file", - sslConfigFile.getAbsolutePath(), "skip-ssl-validation", "true"); + // can connect to https + gfsh.connect(locator.getHttpPort(), GfshCommandRule.PortType.https, "security-properties-file", + sslConfigFile.getAbsolutePath()); assertThat(gfsh.isConnected()).isTrue(); } @@ -271,9 +277,23 @@ public class ConnectCommandWithSSLTest { "security-properties-file", sslConfigFile.getAbsolutePath()); assertThat(gfsh.isConnected()).isFalse(); - // can connect to http - gfsh.connect(locator.getHttpPort(), GfshCommandRule.PortType.http, "security-properties-file", - sslConfigFile.getAbsolutePath(), "skip-ssl-validation", "true"); + // can connect to https + gfsh.connect(locator.getHttpPort(), GfshCommandRule.PortType.https, "security-properties-file", + sslConfigFile.getAbsolutePath()); + assertThat(gfsh.isConnected()).isTrue(); + } + + @Test + public void connectWithHttpSSLAndDeprecatedUseHttp() throws Exception { + httpSslProperties.store(out, null); + // can connect to locator and jmx + gfsh.connect(locator.getPort(), GfshCommandRule.PortType.locator, "security-properties-file", + sslConfigFile.getAbsolutePath()); + assertThat(gfsh.isConnected()).isFalse(); + + // can connect to https + gfsh.connect(locator.getHttpPort(), GfshCommandRule.PortType.https, "security-properties-file", + sslConfigFile.getAbsolutePath(), "use-http", "true"); assertThat(gfsh.isConnected()).isTrue(); } @@ -290,8 +310,15 @@ public class ConnectCommandWithSSLTest { "security-properties-file", sslConfigFile.getAbsolutePath()); assertThat(gfsh.isConnected()).isFalse(); - // can connect to http - gfsh.connect(locator.getHttpPort(), GfshCommandRule.PortType.http, "security-properties-file", + // cannot connect to https without skip-ssl-validation + gfsh.connect(locator.getHttpPort(), GfshCommandRule.PortType.https, "security-properties-file", + sslConfigFile.getAbsolutePath(), "skip-ssl-validation", "false"); + assertThat(gfsh.isConnected()).isFalse(); + assertThat(gfsh.getGfshOutput()) + .contains("unable to find valid certification path to requested target"); + + // can connect to https + gfsh.connect(locator.getHttpPort(), GfshCommandRule.PortType.https, "security-properties-file", sslConfigFile.getAbsolutePath(), "skip-ssl-validation", "true"); assertThat(gfsh.isConnected()).isTrue(); } -- To stop receiving notification emails like this one, please contact jensde...@apache.org.