Search in sources :

Example 46 with GatewayConfig

use of org.apache.knox.gateway.config.GatewayConfig in project knox by apache.

the class DefaultRemoteConfigurationRegistriesTest method doTestPropertiesRemoteConfigurationRegistries.

/**
 * Perform the actual test.
 *
 * @param testProperties The test properties
 */
private void doTestPropertiesRemoteConfigurationRegistries(Map<String, Properties> testProperties) throws Exception {
    // Mock gateway config
    GatewayConfig gc = mockGatewayConfig(testProperties);
    // Create the RemoteConfigurationRegistries object to be tested from the GatewayConfig
    RemoteConfigurationRegistries registries = new DefaultRemoteConfigurationRegistries(gc);
    // Basic validation
    assertNotNull(registries);
    List<RemoteConfigurationRegistry> registryConfigs = registries.getRegistryConfigurations();
    assertNotNull(registryConfigs);
    assertEquals(testProperties.size(), registryConfigs.size());
    // Validate the contents of the created object
    for (RemoteConfigurationRegistry regConfig : registryConfigs) {
        validateRemoteRegistryConfig(regConfig.getName(), testProperties.get(regConfig.getName()), regConfig);
    }
}
Also used : GatewayConfig(org.apache.knox.gateway.config.GatewayConfig)

Example 47 with GatewayConfig

use of org.apache.knox.gateway.config.GatewayConfig in project knox by apache.

the class RemoteConfigurationRegistryClientServiceTest method testZooKeeperWithSingleExternalRegistryConfig.

/**
 * Test the remote registry configuration external to, and referenced from, the gateway configuration, for a secure
 * client.
 */
@Test
public void testZooKeeperWithSingleExternalRegistryConfig() throws Exception {
    final String AUTH_TYPE = "digest";
    final String REGISTRY_CLIENT_NAME = "my-zookeeper_registryNAME";
    final String PRINCIPAL = "knox";
    final String PWD = "knoxtest";
    final String CRED_ALIAS = "zkCredential";
    // Configure and start a secure ZK cluster
    TestingCluster zkCluster = setupAndStartSecureTestZooKeeper(PRINCIPAL, PWD);
    File tmpRegConfigFile = null;
    try {
        // Create the setup client for the test cluster, and initialize the test znodes
        CuratorFramework setupClient = initializeTestClientAndZNodes(zkCluster, PRINCIPAL);
        // Mock configuration
        Map<String, String> registryConfigProps = new HashMap<>();
        registryConfigProps.put("type", ZooKeeperClientService.TYPE);
        registryConfigProps.put("name", REGISTRY_CLIENT_NAME);
        registryConfigProps.put("address", zkCluster.getConnectString());
        registryConfigProps.put("secure", "true");
        registryConfigProps.put("authType", AUTH_TYPE);
        registryConfigProps.put("principal", PRINCIPAL);
        registryConfigProps.put("credentialAlias", CRED_ALIAS);
        String registryConfigXML = RemoteRegistryConfigTestUtils.createRemoteConfigRegistriesXML(Collections.singleton(registryConfigProps));
        tmpRegConfigFile = File.createTempFile("myRemoteRegistryConfig", "xml");
        FileUtils.writeStringToFile(tmpRegConfigFile, registryConfigXML);
        System.setProperty("org.apache.knox.gateway.remote.registry.config.file", tmpRegConfigFile.getAbsolutePath());
        GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class);
        EasyMock.replay(config);
        doTestZooKeeperClient(setupClient, REGISTRY_CLIENT_NAME, config, CRED_ALIAS, PWD);
    } finally {
        zkCluster.stop();
        if (tmpRegConfigFile != null && tmpRegConfigFile.exists()) {
            tmpRegConfigFile.delete();
        }
        System.clearProperty("org.apache.knox.gateway.remote.registry.config.file");
    }
}
Also used : CuratorFramework(org.apache.curator.framework.CuratorFramework) TestingCluster(org.apache.curator.test.TestingCluster) HashMap(java.util.HashMap) File(java.io.File) GatewayConfig(org.apache.knox.gateway.config.GatewayConfig) Test(org.junit.Test)

Example 48 with GatewayConfig

use of org.apache.knox.gateway.config.GatewayConfig in project knox by apache.

the class RemoteConfigurationRegistryClientServiceTest method testUnsecuredZooKeeperWithSimpleRegistryConfig.

/**
 * Test a configuration for an unsecured remote registry, included in the gateway configuration.
 */
@Test
public void testUnsecuredZooKeeperWithSimpleRegistryConfig() throws Exception {
    final String REGISTRY_CLIENT_NAME = "unsecured-zk-registry-name";
    final String PRINCIPAL = null;
    final String PWD = null;
    final String CRED_ALIAS = null;
    // Configure and start a secure ZK cluster
    TestingCluster zkCluster = setupAndStartSecureTestZooKeeper(PRINCIPAL, PWD);
    try {
        // Create the setup client for the test cluster, and initialize the test znodes
        CuratorFramework setupClient = initializeTestClientAndZNodes(zkCluster, PRINCIPAL);
        // Mock configuration
        GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class);
        final String registryConfigValue = GatewayConfig.REMOTE_CONFIG_REGISTRY_TYPE + "=" + ZooKeeperClientService.TYPE + ";" + GatewayConfig.REMOTE_CONFIG_REGISTRY_ADDRESS + "=" + zkCluster.getConnectString();
        EasyMock.expect(config.getRemoteRegistryConfiguration(REGISTRY_CLIENT_NAME)).andReturn(registryConfigValue).anyTimes();
        EasyMock.expect(config.getRemoteRegistryConfigurationNames()).andReturn(Collections.singletonList(REGISTRY_CLIENT_NAME)).anyTimes();
        EasyMock.replay(config);
        doTestZooKeeperClient(setupClient, REGISTRY_CLIENT_NAME, config, CRED_ALIAS, PWD);
    } finally {
        zkCluster.stop();
    }
}
Also used : CuratorFramework(org.apache.curator.framework.CuratorFramework) TestingCluster(org.apache.curator.test.TestingCluster) GatewayConfig(org.apache.knox.gateway.config.GatewayConfig) Test(org.junit.Test)

Example 49 with GatewayConfig

use of org.apache.knox.gateway.config.GatewayConfig in project knox by apache.

the class DefaultHttpClientFactory method getConnectionTimeout.

private static int getConnectionTimeout(FilterConfig filterConfig) {
    int timeout = -1;
    GatewayConfig globalConfig = (GatewayConfig) filterConfig.getServletContext().getAttribute(GatewayConfig.GATEWAY_CONFIG_ATTRIBUTE);
    if (globalConfig != null) {
        timeout = globalConfig.getHttpClientConnectionTimeout();
    }
    String str = filterConfig.getInitParameter("httpclient.connectionTimeout");
    if (str != null) {
        try {
            timeout = (int) parseTimeout(str);
        } catch (Exception e) {
        // Ignore it and use the default.
        }
    }
    return timeout;
}
Also used : ProtocolException(org.apache.http.ProtocolException) IOException(java.io.IOException) AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException) GatewayConfig(org.apache.knox.gateway.config.GatewayConfig)

Example 50 with GatewayConfig

use of org.apache.knox.gateway.config.GatewayConfig in project knox by apache.

the class DefaultHttpClientFactory method createHttpClient.

@Override
public HttpClient createHttpClient(FilterConfig filterConfig) {
    HttpClientBuilder builder = null;
    GatewayConfig gatewayConfig = (GatewayConfig) filterConfig.getServletContext().getAttribute(GatewayConfig.GATEWAY_CONFIG_ATTRIBUTE);
    GatewayServices services = (GatewayServices) filterConfig.getServletContext().getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
    if (gatewayConfig != null && gatewayConfig.isMetricsEnabled()) {
        MetricsService metricsService = services.getService(GatewayServices.METRICS_SERVICE);
        builder = metricsService.getInstrumented(HttpClientBuilder.class);
    } else {
        builder = HttpClients.custom();
    }
    if (Boolean.parseBoolean(filterConfig.getInitParameter("useTwoWaySsl"))) {
        char[] keypass = null;
        MasterService ms = services.getService("MasterService");
        AliasService as = services.getService(GatewayServices.ALIAS_SERVICE);
        try {
            keypass = as.getGatewayIdentityPassphrase();
        } catch (AliasServiceException e) {
        // nop - default passphrase will be used
        }
        if (keypass == null) {
            // there has been no alias created for the key - let's assume it is the same as the keystore password
            keypass = ms.getMasterSecret();
        }
        KeystoreService ks = services.getService(GatewayServices.KEYSTORE_SERVICE);
        final SSLContext sslcontext;
        try {
            KeyStore keystoreForGateway = ks.getKeystoreForGateway();
            sslcontext = SSLContexts.custom().loadTrustMaterial(keystoreForGateway, new TrustSelfSignedStrategy()).loadKeyMaterial(keystoreForGateway, keypass).build();
        } catch (Exception e) {
            throw new IllegalArgumentException("Unable to create SSLContext", e);
        }
        builder.setSSLSocketFactory(new SSLConnectionSocketFactory(sslcontext));
    }
    if ("true".equals(System.getProperty(GatewayConfig.HADOOP_KERBEROS_SECURED))) {
        CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
        credentialsProvider.setCredentials(AuthScope.ANY, new UseJaasCredentials());
        Registry<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new KnoxSpnegoAuthSchemeFactory(true)).build();
        builder = builder.setDefaultAuthSchemeRegistry(authSchemeRegistry).setDefaultCookieStore(new HadoopAuthCookieStore()).setDefaultCredentialsProvider(credentialsProvider);
    } else {
        builder = builder.setDefaultCookieStore(new NoCookieStore());
    }
    builder.setKeepAliveStrategy(DefaultConnectionKeepAliveStrategy.INSTANCE);
    builder.setConnectionReuseStrategy(DefaultConnectionReuseStrategy.INSTANCE);
    builder.setRedirectStrategy(new NeverRedirectStrategy());
    builder.setRetryHandler(new NeverRetryHandler());
    int maxConnections = getMaxConnections(filterConfig);
    builder.setMaxConnTotal(maxConnections);
    builder.setMaxConnPerRoute(maxConnections);
    builder.setDefaultRequestConfig(getRequestConfig(filterConfig));
    HttpClient client = builder.build();
    return client;
}
Also used : GatewayServices(org.apache.knox.gateway.services.GatewayServices) BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider) AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException) HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) KeystoreService(org.apache.knox.gateway.services.security.KeystoreService) TrustSelfSignedStrategy(org.apache.http.conn.ssl.TrustSelfSignedStrategy) GatewayConfig(org.apache.knox.gateway.config.GatewayConfig) AliasService(org.apache.knox.gateway.services.security.AliasService) MetricsService(org.apache.knox.gateway.services.metrics.MetricsService) SSLContext(javax.net.ssl.SSLContext) BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider) CredentialsProvider(org.apache.http.client.CredentialsProvider) MasterService(org.apache.knox.gateway.services.security.MasterService) KeyStore(java.security.KeyStore) ProtocolException(org.apache.http.ProtocolException) IOException(java.io.IOException) AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException) HttpClient(org.apache.http.client.HttpClient) AuthSchemeProvider(org.apache.http.auth.AuthSchemeProvider)

Aggregations

GatewayConfig (org.apache.knox.gateway.config.GatewayConfig)90 Test (org.junit.Test)67 File (java.io.File)31 HashMap (java.util.HashMap)24 GatewayConfigImpl (org.apache.knox.gateway.config.impl.GatewayConfigImpl)19 Topology (org.apache.knox.gateway.topology.Topology)17 ServiceLifecycleException (org.apache.knox.gateway.services.ServiceLifecycleException)13 HttpServletRequest (javax.servlet.http.HttpServletRequest)12 AliasService (org.apache.knox.gateway.services.security.AliasService)12 DefaultGatewayServices (org.apache.knox.gateway.services.DefaultGatewayServices)11 IOException (java.io.IOException)9 Service (org.apache.knox.gateway.topology.Service)9 Document (org.w3c.dom.Document)9 ArrayList (java.util.ArrayList)8 GatewayTestConfig (org.apache.knox.gateway.GatewayTestConfig)8 MasterService (org.apache.knox.gateway.services.security.MasterService)8 TopologyService (org.apache.knox.gateway.services.topology.TopologyService)8 KeystoreService (org.apache.knox.gateway.services.security.KeystoreService)7 EnterpriseArchive (org.jboss.shrinkwrap.api.spec.EnterpriseArchive)7 List (java.util.List)6