Examples with RemoteConfigurationRegistryClientService org.apache.knox.gateway.services.config.client.RemoteConfigurationRegistryClientService used on opensource projects

Example 6 with RemoteConfigurationRegistryClientService

use of org.apache.knox.gateway.services.config.client.RemoteConfigurationRegistryClientService in project knox by apache.

the class RemoteConfigurationRegistryClientServiceTest method doTestZooKeeperClient.

private void doTestZooKeeperClient(final CuratorFramework setupClient, final String testClientName, final GatewayConfig config, final String credentialAlias, final String digestPassword) throws Exception {
    boolean isSecureTest = (credentialAlias != null && digestPassword != null);
    // Mock alias service
    AliasService aliasService = EasyMock.createNiceMock(AliasService.class);
    EasyMock.expect(aliasService.getPasswordFromAliasForGateway(credentialAlias)).andReturn(isSecureTest ? digestPassword.toCharArray() : null).anyTimes();
    EasyMock.replay(aliasService);
    // Create the client service instance
    RemoteConfigurationRegistryClientService clientService = RemoteConfigurationRegistryClientServiceFactory.newInstance(config);
    assertEquals("Wrong registry client service type.", clientService.getClass(), CuratorClientService.class);
    clientService.setAliasService(aliasService);
    clientService.init(config, null);
    clientService.start();
    doTestZooKeeperClient(setupClient, testClientName, clientService, isSecureTest);
}

Example 7 with RemoteConfigurationRegistryClientService

use of org.apache.knox.gateway.services.config.client.RemoteConfigurationRegistryClientService in project knox by apache.

the class RemoteConfigurationMonitorTest method testZooKeeperConfigMonitorSASLNodesExistWithUnacceptableACL.

@Test
public void testZooKeeperConfigMonitorSASLNodesExistWithUnacceptableACL() throws Exception {
    final String configMonitorName = "zkConfigClient";
    final String alias = "zkPass";
    // Setup the base GatewayConfig mock
    GatewayConfig gc = EasyMock.createNiceMock(GatewayConfig.class);
    EasyMock.expect(gc.getGatewayProvidersConfigDir()).andReturn(providersDir.getAbsolutePath()).anyTimes();
    EasyMock.expect(gc.getGatewayDescriptorsDir()).andReturn(descriptorsDir.getAbsolutePath()).anyTimes();
    EasyMock.expect(gc.getRemoteRegistryConfigurationNames()).andReturn(Collections.singletonList(configMonitorName)).anyTimes();
    final String registryConfig = GatewayConfig.REMOTE_CONFIG_REGISTRY_TYPE + "=" + ZooKeeperClientService.TYPE + ";" + GatewayConfig.REMOTE_CONFIG_REGISTRY_ADDRESS + "=" + zkCluster.getConnectString() + ";" + GatewayConfig.REMOTE_CONFIG_REGISTRY_PRINCIPAL + "=" + ZK_USERNAME + ";" + GatewayConfig.REMOTE_CONFIG_REGISTRY_AUTH_TYPE + "=Digest;" + GatewayConfig.REMOTE_CONFIG_REGISTRY_CREDENTIAL_ALIAS + "=" + alias;
    EasyMock.expect(gc.getRemoteRegistryConfiguration(configMonitorName)).andReturn(registryConfig).anyTimes();
    EasyMock.expect(gc.getRemoteConfigurationMonitorClientName()).andReturn(configMonitorName).anyTimes();
    EasyMock.replay(gc);
    AliasService aliasService = EasyMock.createNiceMock(AliasService.class);
    EasyMock.expect(aliasService.getPasswordFromAliasForGateway(alias)).andReturn(ZK_PASSWORD.toCharArray()).anyTimes();
    EasyMock.replay(aliasService);
    RemoteConfigurationRegistryClientService clientService = (new ZooKeeperClientServiceProvider()).newInstance();
    clientService.setAliasService(aliasService);
    clientService.init(gc, Collections.emptyMap());
    clientService.start();
    RemoteConfigurationMonitorFactory.setClientService(clientService);
    RemoteConfigurationMonitor cm = RemoteConfigurationMonitorFactory.get(gc);
    assertNotNull("Failed to load RemoteConfigurationMonitor", cm);
    final ACL ANY_AUTHENTICATED_USER_ALL = new ACL(ZooDefs.Perms.ALL, new Id("auth", ""));
    List<ACL> acls = Arrays.asList(ANY_AUTHENTICATED_USER_ALL, new ACL(ZooDefs.Perms.WRITE, ZooDefs.Ids.ANYONE_ID_UNSAFE));
    client.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT).withACL(acls).forPath(PATH_KNOX);
    client.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT).withACL(acls).forPath(PATH_KNOX_CONFIG);
    client.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT).withACL(acls).forPath(PATH_KNOX_PROVIDERS);
    client.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT).withACL(acls).forPath(PATH_KNOX_DESCRIPTORS);
    // Make sure both ACLs were applied
    List<ACL> preACLs = client.getACL().forPath(PATH_KNOX);
    assertEquals(2, preACLs.size());
    // Check that the config nodes really do exist (the monitor will NOT create them if they're present)
    assertNotNull(client.checkExists().forPath(PATH_KNOX));
    assertNotNull(client.checkExists().forPath(PATH_KNOX_CONFIG));
    assertNotNull(client.checkExists().forPath(PATH_KNOX_PROVIDERS));
    assertNotNull(client.checkExists().forPath(PATH_KNOX_DESCRIPTORS));
    try {
        cm.start();
    } catch (Exception e) {
        fail("Failed to start monitor: " + e.getMessage());
    }
    // Validate the expected ACLs on the Knox config znodes (make sure the monitor removed the world:anyone ACL)
    List<ACL> expectedACLs = Collections.singletonList(SASL_TESTUSER_ALL);
    validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX));
    validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX_CONFIG));
    validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX_PROVIDERS));
    validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX_DESCRIPTORS));
}

Example 8 with RemoteConfigurationRegistryClientService

use of org.apache.knox.gateway.services.config.client.RemoteConfigurationRegistryClientService in project knox by apache.

the class RemoteConfigurationMonitorTest method testZooKeeperConfigMonitorSASLCreateNodes.

@Test
public void testZooKeeperConfigMonitorSASLCreateNodes() throws Exception {
    final String configMonitorName = "zkConfigClient";
    final String alias = "zkPass";
    // Setup the base GatewayConfig mock
    GatewayConfig gc = EasyMock.createNiceMock(GatewayConfig.class);
    EasyMock.expect(gc.getGatewayProvidersConfigDir()).andReturn(providersDir.getAbsolutePath()).anyTimes();
    EasyMock.expect(gc.getGatewayDescriptorsDir()).andReturn(descriptorsDir.getAbsolutePath()).anyTimes();
    EasyMock.expect(gc.getRemoteRegistryConfigurationNames()).andReturn(Collections.singletonList(configMonitorName)).anyTimes();
    final String registryConfig = GatewayConfig.REMOTE_CONFIG_REGISTRY_TYPE + "=" + ZooKeeperClientService.TYPE + ";" + GatewayConfig.REMOTE_CONFIG_REGISTRY_ADDRESS + "=" + zkCluster.getConnectString() + ";" + GatewayConfig.REMOTE_CONFIG_REGISTRY_PRINCIPAL + "=" + ZK_USERNAME + ";" + GatewayConfig.REMOTE_CONFIG_REGISTRY_AUTH_TYPE + "=Digest;" + GatewayConfig.REMOTE_CONFIG_REGISTRY_CREDENTIAL_ALIAS + "=" + alias;
    EasyMock.expect(gc.getRemoteRegistryConfiguration(configMonitorName)).andReturn(registryConfig).anyTimes();
    EasyMock.expect(gc.getRemoteConfigurationMonitorClientName()).andReturn(configMonitorName).anyTimes();
    EasyMock.replay(gc);
    AliasService aliasService = EasyMock.createNiceMock(AliasService.class);
    EasyMock.expect(aliasService.getPasswordFromAliasForGateway(alias)).andReturn(ZK_PASSWORD.toCharArray()).anyTimes();
    EasyMock.replay(aliasService);
    RemoteConfigurationRegistryClientService clientService = (new ZooKeeperClientServiceProvider()).newInstance();
    clientService.setAliasService(aliasService);
    clientService.init(gc, Collections.emptyMap());
    clientService.start();
    RemoteConfigurationMonitorFactory.setClientService(clientService);
    RemoteConfigurationMonitor cm = RemoteConfigurationMonitorFactory.get(gc);
    assertNotNull("Failed to load RemoteConfigurationMonitor", cm);
    // Check that the config nodes really don't yet exist (the monitor will create them if they're not present)
    assertNull(client.checkExists().forPath(PATH_KNOX));
    assertNull(client.checkExists().forPath(PATH_KNOX_CONFIG));
    assertNull(client.checkExists().forPath(PATH_KNOX_PROVIDERS));
    assertNull(client.checkExists().forPath(PATH_KNOX_DESCRIPTORS));
    try {
        cm.start();
    } catch (Exception e) {
        fail("Failed to start monitor: " + e.getMessage());
    }
    // Test auth violation
    clientService.get(configMonitorName).createEntry("/auth_test/child_node/test1");
    assertNull("Creation should have been prevented since write access is not granted to the test client.", client.checkExists().forPath("/auth_test/child_node/test1"));
    assertTrue("Creation should have been prevented since write access is not granted to the test client.", client.getChildren().forPath("/auth_test/child_node").isEmpty());
    // Validate the expected ACLs on the Knox config znodes (make sure the monitor created them correctly)
    List<ACL> expectedACLs = Collections.singletonList(SASL_TESTUSER_ALL);
    validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX));
    validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX_CONFIG));
    validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX_PROVIDERS));
    validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX_DESCRIPTORS));
    // Test the Knox config nodes, for which authentication should be sufficient for access
    try {
        final String pc_one_znode = getProviderPath("providers-config1.xml");
        final File pc_one = new File(providersDir, "providers-config1.xml");
        final String pc_two_znode = getProviderPath("providers-config2.xml");
        final File pc_two = new File(providersDir, "providers-config2.xml");
        client.create().withMode(CreateMode.PERSISTENT).forPath(pc_one_znode, TEST_PROVIDERS_CONFIG_1.getBytes());
        Thread.sleep(100);
        assertTrue(pc_one.exists());
        assertEquals(TEST_PROVIDERS_CONFIG_1, FileUtils.readFileToString(pc_one));
        client.create().withMode(CreateMode.PERSISTENT).forPath(getProviderPath("providers-config2.xml"), TEST_PROVIDERS_CONFIG_2.getBytes());
        Thread.sleep(100);
        assertTrue(pc_two.exists());
        assertEquals(TEST_PROVIDERS_CONFIG_2, FileUtils.readFileToString(pc_two));
        client.setData().forPath(pc_two_znode, TEST_PROVIDERS_CONFIG_1.getBytes());
        Thread.sleep(100);
        assertTrue(pc_two.exists());
        assertEquals(TEST_PROVIDERS_CONFIG_1, FileUtils.readFileToString(pc_two));
        client.delete().forPath(pc_two_znode);
        Thread.sleep(100);
        assertFalse(pc_two.exists());
        client.delete().forPath(pc_one_znode);
        Thread.sleep(100);
        assertFalse(pc_one.exists());
        final String desc_one_znode = getDescriptorPath("test1.json");
        final String desc_two_znode = getDescriptorPath("test2.json");
        final String desc_three_znode = getDescriptorPath("test3.json");
        final File desc_one = new File(descriptorsDir, "test1.json");
        final File desc_two = new File(descriptorsDir, "test2.json");
        final File desc_three = new File(descriptorsDir, "test3.json");
        client.create().withMode(CreateMode.PERSISTENT).forPath(desc_one_znode, TEST_DESCRIPTOR_1.getBytes());
        Thread.sleep(100);
        assertTrue(desc_one.exists());
        assertEquals(TEST_DESCRIPTOR_1, FileUtils.readFileToString(desc_one));
        client.create().withMode(CreateMode.PERSISTENT).forPath(desc_two_znode, TEST_DESCRIPTOR_1.getBytes());
        Thread.sleep(100);
        assertTrue(desc_two.exists());
        assertEquals(TEST_DESCRIPTOR_1, FileUtils.readFileToString(desc_two));
        client.setData().forPath(desc_two_znode, TEST_DESCRIPTOR_2.getBytes());
        Thread.sleep(100);
        assertTrue(desc_two.exists());
        assertEquals(TEST_DESCRIPTOR_2, FileUtils.readFileToString(desc_two));
        client.create().withMode(CreateMode.PERSISTENT).forPath(desc_three_znode, TEST_DESCRIPTOR_1.getBytes());
        Thread.sleep(100);
        assertTrue(desc_three.exists());
        assertEquals(TEST_DESCRIPTOR_1, FileUtils.readFileToString(desc_three));
        client.delete().forPath(desc_two_znode);
        Thread.sleep(100);
        assertFalse("Expected test2.json to have been deleted.", desc_two.exists());
        client.delete().forPath(desc_three_znode);
        Thread.sleep(100);
        assertFalse(desc_three.exists());
        client.delete().forPath(desc_one_znode);
        Thread.sleep(100);
        assertFalse(desc_one.exists());
    } finally {
        cm.stop();
    }
}

Example 9 with RemoteConfigurationRegistryClientService

use of org.apache.knox.gateway.services.config.client.RemoteConfigurationRegistryClientService in project knox by apache.

the class RemoteConfigurationRegistryClientServiceFactory method newInstance.

public static RemoteConfigurationRegistryClientService newInstance(GatewayConfig config) {
    RemoteConfigurationRegistryClientService rcs = null;
    ServiceLoader<RemoteConfigurationRegistryClientServiceProvider> providers = ServiceLoader.load(RemoteConfigurationRegistryClientServiceProvider.class);
    for (RemoteConfigurationRegistryClientServiceProvider provider : providers) {
        rcs = provider.newInstance();
        if (rcs != null) {
            break;
        }
    }
    return rcs;
}

Example 10 with RemoteConfigurationRegistryClientService

use of org.apache.knox.gateway.services.config.client.RemoteConfigurationRegistryClientService in project knox by apache.

the class DefaultGatewayServices method init.

public void init(GatewayConfig config, Map<String, String> options) throws ServiceLifecycleException {
    ms = new DefaultMasterService();
    ms.init(config, options);
    services.put("MasterService", ms);
    ks = new DefaultKeystoreService();
    ks.setMasterService(ms);
    ks.init(config, options);
    services.put(KEYSTORE_SERVICE, ks);
    DefaultAliasService alias = new DefaultAliasService();
    alias.setKeystoreService(ks);
    alias.setMasterService(ms);
    alias.init(config, options);
    services.put(ALIAS_SERVICE, alias);
    DefaultCryptoService crypto = new DefaultCryptoService();
    crypto.setKeystoreService(ks);
    crypto.setAliasService(alias);
    crypto.init(config, options);
    services.put(CRYPTO_SERVICE, crypto);
    DefaultTokenAuthorityService ts = new DefaultTokenAuthorityService();
    ts.setAliasService(alias);
    ts.setKeystoreService(ks);
    ts.init(config, options);
    // prolly should not allow the token service to be looked up?
    services.put(TOKEN_SERVICE, ts);
    JettySSLService ssl = new JettySSLService();
    ssl.setAliasService(alias);
    ssl.setKeystoreService(ks);
    ssl.setMasterService(ms);
    ssl.init(config, options);
    services.put(SSL_SERVICE, ssl);
    DefaultServiceRegistryService sr = new DefaultServiceRegistryService();
    sr.setCryptoService(crypto);
    sr.init(config, options);
    services.put(SERVICE_REGISTRY_SERVICE, sr);
    DefaultHostMapperService hm = new DefaultHostMapperService();
    hm.init(config, options);
    services.put(HOST_MAPPING_SERVICE, hm);
    DefaultServerInfoService sis = new DefaultServerInfoService();
    sis.init(config, options);
    services.put(SERVER_INFO_SERVICE, sis);
    RemoteConfigurationRegistryClientService registryClientService = RemoteConfigurationRegistryClientServiceFactory.newInstance(config);
    registryClientService.setAliasService(alias);
    registryClientService.init(config, options);
    services.put(REMOTE_REGISTRY_CLIENT_SERVICE, registryClientService);
    DefaultClusterConfigurationMonitorService ccs = new DefaultClusterConfigurationMonitorService();
    ccs.setAliasService(alias);
    ccs.init(config, options);
    services.put(CLUSTER_CONFIGURATION_MONITOR_SERVICE, ccs);
    DefaultTopologyService tops = new DefaultTopologyService();
    tops.setAliasService(alias);
    tops.init(config, options);
    services.put(TOPOLOGY_SERVICE, tops);
    DefaultServiceDefinitionRegistry sdr = new DefaultServiceDefinitionRegistry();
    sdr.init(config, options);
    services.put(SERVICE_DEFINITION_REGISTRY, sdr);
    DefaultMetricsService metricsService = new DefaultMetricsService();
    metricsService.init(config, options);
    services.put(METRICS_SERVICE, metricsService);
}