use of org.eclipse.che.api.workspace.server.spi.InfrastructureException in project devspaces-images by redhat-developer.
the class KubernetesServerExposer method exposeSecureServers.
private void exposeSecureServers(Map<String, ServerConfig> securedServers, Map<String, ServicePort> securedPorts) throws InfrastructureException {
if (securedPorts.isEmpty()) {
return;
}
Optional<Service> secureService = secureServerExposer.createService(securedPorts.values(), pod, machineName, securedServers);
String secureServiceName = secureService.map(s -> {
String n = s.getMetadata().getName();
k8sEnv.getServices().put(n, s);
return n;
}).orElse(null);
for (ServicePort servicePort : securedPorts.values()) {
// expose service port related secure servers if exist
Map<String, ServerConfig> matchedSecureServers = match(securedServers, servicePort);
if (!matchedSecureServers.isEmpty()) {
onEachExposableServerSet(matchedSecureServers, (serverId, srvrs) -> {
secureServerExposer.expose(k8sEnv, pod, machineName, secureServiceName, serverId, servicePort, srvrs);
});
}
}
}
use of org.eclipse.che.api.workspace.server.spi.InfrastructureException in project devspaces-images by redhat-developer.
the class AbstractJwtProxyProvisioner method expose.
/**
* Modifies Kubernetes environment to expose the specified service port via JWTProxy.
*
* @param k8sEnv Kubernetes environment to modify
* @param pod the pod that runs the server being exposed
* @param backendServiceName service name that will be exposed
* @param backendServicePort service port that will be exposed
* @param protocol protocol that will be used for exposed port
* @param secureServers secure servers to expose
* @return JWTProxy service port that expose the specified one
* @throws InfrastructureException if any exception occurs during port exposing
*/
@Override
public ServicePort expose(KubernetesEnvironment k8sEnv, PodData pod, String machineName, String backendServiceName, ServicePort backendServicePort, String protocol, boolean requireSubdomain, Map<String, ServerConfig> secureServers) throws InfrastructureException {
Preconditions.checkArgument(secureServers != null && !secureServers.isEmpty(), "Secure servers are missing");
ensureJwtProxyInjected(k8sEnv, machineName, pod);
Set<String> excludes = new HashSet<>();
Boolean cookiesAuthEnabled = null;
for (ServerConfig serverConfig : secureServers.values()) {
ExposureConfiguration config = getExposureConfiguration(serverConfig);
// accumulate unsecured paths
if (config.excludedPaths != null) {
excludes.addAll(config.excludedPaths);
}
// calculate `cookiesAuthEnabled` attributes
if (detectCookieAuth) {
if (cookiesAuthEnabled == null) {
cookiesAuthEnabled = config.cookiesAuthEnabled;
} else {
if (!cookiesAuthEnabled.equals(config.cookiesAuthEnabled)) {
throw new InfrastructureException("Secure servers which expose the same port should have the same `cookiesAuthEnabled` value.");
}
}
}
}
int listenPort = availablePort++;
ServicePort exposedPort = new ServicePortBuilder().withName("server-" + listenPort).withPort(listenPort).withProtocol(protocol).withNewTargetPort(listenPort).build();
k8sEnv.getServices().get(serviceName).getSpec().getPorts().add(exposedPort);
CookiePathStrategy actualCookiePathStrategy = requireSubdomain ? multihostCookiePathStrategy : cookiePathStrategy;
ExternalServiceExposureStrategy actualExposureStrategy = requireSubdomain ? multiHostExternalServiceExposureStrategy : externalServiceExposureStrategy;
// JwtProxySecureServerExposer creates no service for the exposed secure servers and
// assumes everything will be proxied from localhost, because JWT proxy is collocated
// with the workspace pod (because it is added to the environment as an injectable pod).
// This method historically supported proxying secure servers exposed through a service
// (which is not secure in absence of a appropriate network policy). The support for
// accessing the backend server through a service was kept here because it doesn't add
// any additional complexity to this method and keeps the door open for the
// JwtProxySecureServerExposer to be enhanced in the future with support for service-handled
// secure servers.
backendServiceName = backendServiceName == null ? "127.0.0.1" : backendServiceName;
proxyConfigBuilder.addVerifierProxy(listenPort, "http://" + backendServiceName + ":" + backendServicePort.getTargetPort().getIntVal(), excludes, cookiesAuthEnabled == null ? false : cookiesAuthEnabled, actualCookiePathStrategy.get(serviceName, exposedPort), actualExposureStrategy.getExternalPath(serviceName, exposedPort.getName()));
k8sEnv.getConfigMaps().get(getConfigMapName()).getData().put(JWT_PROXY_CONFIG_FILE, proxyConfigBuilder.build());
return exposedPort;
}
use of org.eclipse.che.api.workspace.server.spi.InfrastructureException in project devspaces-images by redhat-developer.
the class TraefikGatewayRouteConfigGenerator method generate.
/**
* Generates Traefik specific configuration for single service.
*
* @param name name of the service
* @param serviceUrl url of service we want to route to
* @param path path to route and strip
* @return traefik service route config
*/
private String generate(String name, String serviceUrl, String path) throws InfrastructureException {
StringWriter sw = new StringWriter();
try {
YAMLGenerator generator = YAMLFactory.builder().disable(WRITE_DOC_START_MARKER).build().createGenerator(sw);
generator.writeStartObject();
generator.writeFieldName("http");
generator.writeStartObject();
generator.writeFieldName("routers");
generateRouters(generator, name, path);
generator.writeFieldName("services");
generateServices(generator, name, serviceUrl);
generator.writeFieldName("middlewares");
generateMiddlewares(generator, name, path);
generator.writeEndObject();
generator.writeEndObject();
generator.flush();
return sw.toString();
} catch (IOException e) {
throw new InfrastructureException(e);
}
}
use of org.eclipse.che.api.workspace.server.spi.InfrastructureException in project devspaces-images by redhat-developer.
the class PVCSubPathHelperTest method testLogErrorWhenKubernetesProjectCreationFailed.
@Test
public void testLogErrorWhenKubernetesProjectCreationFailed() throws Exception {
when(osDeployments.create(any())).thenThrow(new InfrastructureException("Kubernetes namespace creation failed"));
pvcSubPathHelper.execute(WORKSPACE_ID, NAMESPACE, PVC_NAME, MKDIR_COMMAND_BASE, WORKSPACE_ID + PROJECTS_PATH);
verify(k8sNamespaceFactory).access(WORKSPACE_ID, NAMESPACE);
verify(osDeployments).create(any());
verify(osDeployments, never()).waitAsync(anyString(), any());
}
use of org.eclipse.che.api.workspace.server.spi.InfrastructureException in project devspaces-images by redhat-developer.
the class KeycloakProviderConfigFactoryTest method testRethrowOnInvalidTokenBadRequestException.
@Test
public void testRethrowOnInvalidTokenBadRequestException() throws Exception {
doThrow(new BadRequestException(DtoFactory.newDto(ServiceError.class).withMessage("Invalid token."))).when(keycloakServiceClient).getIdentityProviderToken(anyString());
try {
configBuilder.buildConfig(defaultConfig, A_WORKSPACE_ID);
} catch (InfrastructureException e) {
assertEquals(e.getMessage(), SESSION_EXPIRED_MESSAGE, "The exception message is wrong");
return;
}
fail("Should have thrown an exception with the following message: " + SESSION_EXPIRED_MESSAGE);
}
Aggregations