WIP: Integration test for api - scheduler cf http server endpoint

cloudfoundry · Dec 29, 2024 · 3c81691 · 3c81691
1 parent 1f586b4
commit 3c81691
Show file tree

Hide file tree

Showing 6 changed files with 119 additions and 84 deletions.
diff --git a/src/autoscaler/integration/integration_golangapi_scheduler_test.go b/src/autoscaler/integration/integration_golangapi_scheduler_test.go
@@ -1,11 +1,15 @@
 package integration_test
 
 import (
+	"crypto/rand"
+	"crypto/rsa"
 	"encoding/base64"
 	"fmt"
 	"io"
 	"net/http"
+	"os"
 
+	"code.cloudfoundry.org/app-autoscaler/src/autoscaler/configutil"
 	"code.cloudfoundry.org/app-autoscaler/src/autoscaler/testhelpers"
 	"github.com/google/uuid"
 	. "github.com/onsi/ginkgo/v2"
@@ -51,7 +55,7 @@ var _ = Describe("Integration_GolangApi_Scheduler", func() {
 		stopScheduler()
 	})
 
-	Describe("When offered as a service", func() {
+	When("offered as a service", func() {
 
 		BeforeEach(func() {
 			golangApiServerConfPath := components.PrepareGolangApiServerConfig(
@@ -483,6 +487,94 @@ var _ = Describe("Integration_GolangApi_Scheduler", func() {
 
 		})
 	})
+
+	When("scheduler responding on cf server via http", func() {
+		BeforeEach(func() {
+			golangApiServerConfPath := components.PrepareGolangApiServerConfig(
+				dbUrl,
+				components.Ports[GolangAPIServer],
+				components.Ports[GolangServiceBroker],
+				fakeCCNOAAUAA.URL(),
+				fmt.Sprintf("https://127.0.0.1:%d", components.Ports[Scheduler]),
+				fmt.Sprintf("https://127.0.0.1:%d", components.Ports[ScalingEngine]),
+				fmt.Sprintf("https://127.0.0.1:%d", components.Ports[EventGenerator]),
+				"https://127.0.0.1:8888",
+				tmpDir)
+
+			startGolangApiServer(golangApiServerConfPath)
+
+		})
+		When("binding to it", func() {
+			var (
+				defaultPolicy []byte
+				err           error
+				resp          *http.Response
+			)
+
+			BeforeEach(func() {
+				defaultPolicy = setPolicyRecurringDate(readPolicyFromFile("fakePolicyWithSchedule.json"))
+
+			})
+
+			JustBeforeEach(func() {
+				resp, err = bindService(bindingId, appId, serviceInstanceId, nil, components.Ports[GolangServiceBroker], httpClientForPublicApi)
+				Expect(err).NotTo(HaveOccurred(), "Error: %s", err)
+				Expect(resp.StatusCode).To(Equal(http.StatusCreated), ResponseMessage(resp))
+				defer func() { _ = resp.Body.Close() }()
+
+			})
+
+			AfterEach(func() {
+				os.Unsetenv("CF_INSTANCE_KEY")
+				os.Unsetenv("CF_INSTANCE_CERT")
+
+				unbindAndDeProvision(bindingId, appId, serviceInstanceId, components.Ports[GolangServiceBroker], httpClientForPublicApi)
+			})
+
+			When("instance certs are available", func() {
+				BeforeEach(func() {
+					certTmpDir := os.TempDir()
+					privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
+					Expect(err).ToNot(HaveOccurred())
+
+					cfInstanceKeyContent := testhelpers.GenerateClientKeyWithPrivateKey(privateKey)
+
+					cfInstanceCertFileToRotateContent, err := testhelpers.GenerateClientCertWithPrivateKey("org", "space", privateKey)
+					Expect(err).ToNot(HaveOccurred())
+
+					certFile, err := configutil.MaterializeContentInFile(certTmpDir, "cf.crt", string(cfInstanceCertFileToRotateContent))
+					Expect(err).NotTo(HaveOccurred())
+
+					keyFile, err := configutil.MaterializeContentInFile(certTmpDir, "cf.key", string(cfInstanceKeyContent))
+					Expect(err).NotTo(HaveOccurred())
+
+					os.Setenv("CF_INSTANCE_KEY", keyFile)
+					os.Setenv("CF_INSTANCE_CERT", certFile)
+				})
+
+				FIt("creates a policy and associated schedules", func() {
+					By("setting the default policy on apps without an explicit one")
+					checkApiServerContent(appId, defaultPolicy, http.StatusOK, components.Ports[GolangAPIServer], httpClientForPublicApi)
+					assertScheduleContents(appId, http.StatusOK, map[string]int{"recurring_schedule": 4, "specific_date": 2})
+				})
+			})
+
+			When("instance certs are not available", func() {
+				BeforeEach(func() {
+					os.Unsetenv("CF_INSTANCE_KEY")
+					os.Unsetenv("CF_INSTANCE_CERT")
+				})
+
+				FIt("creates a policy and associated schedules", func() {
+					By("setting the default policy on apps without an explicit one")
+					checkApiServerContent(appId, defaultPolicy, http.StatusOK, components.Ports[GolangAPIServer], httpClientForPublicApi)
+					assertScheduleContents(appId, http.StatusOK, map[string]int{"recurring_schedule": 4, "specific_date": 2})
+				})
+
+			})
+
+		})
+	})
 })
 
 func ResponseMessage(resp *http.Response) string {

diff --git a/...heduler/src/main/java/org/cloudfoundry/autoscaler/scheduler/conf/CFHTTPConfiguration.java b/...heduler/src/main/java/org/cloudfoundry/autoscaler/scheduler/conf/CFHTTPConfiguration.java
@@ -2,12 +2,17 @@
 
 import org.apache.catalina.connector.Connector;
 import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
+import org.cloudfoundry.autoscaler.scheduler.filter.XfccFilter;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.boot.web.server.WebServerFactoryCustomizer;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
 @Configuration
 public class CFHTTPConfiguration {
+    private Logger logger = LoggerFactory.getLogger(this.getClass());
 
     @Bean
     public WebServerFactoryCustomizer<TomcatServletWebServerFactory> httpConnectorCustomizer() {
@@ -18,4 +23,15 @@ public WebServerFactoryCustomizer<TomcatServletWebServerFactory> httpConnectorCu
             factory.addAdditionalTomcatConnectors(connector);
         };
     }
+
+    @Bean
+    public FilterRegistrationBean<XfccFilter> xfccFilterRegistration(XfccFilter xfccFilter) {
+        FilterRegistrationBean<XfccFilter> registrationBean = new FilterRegistrationBean<>();
+        registrationBean.setFilter(xfccFilter);
+        registrationBean.addUrlPatterns("/*"); // Apply filter to all incoming requests
+        registrationBean.setOrder(1); // Set filter precedence
+
+        logger.info("Registering XFCC Filter for CF Server");
+        return registrationBean;
+    }
 }
diff --git a/src/scheduler/src/main/java/org/cloudfoundry/autoscaler/scheduler/conf/CFServerConfig.java b/src/scheduler/src/main/java/org/cloudfoundry/autoscaler/scheduler/conf/CFServerConfig.java
diff --git a/...duler/src/main/java/org/cloudfoundry/autoscaler/scheduler/conf/CFServerConfiguration.java b/...duler/src/main/java/org/cloudfoundry/autoscaler/scheduler/conf/CFServerConfiguration.java
diff --git a/src/scheduler/src/main/java/org/cloudfoundry/autoscaler/scheduler/filter/XfccFilter.java b/src/scheduler/src/main/java/org/cloudfoundry/autoscaler/scheduler/filter/XfccFilter.java
@@ -16,18 +16,23 @@
 
 @Component
 public class XfccFilter extends OncePerRequestFilter {
-
-    @Value("${approved.space.guid}")
+    @Value("${cfserver.validSpaceGuid}")
     private String validSpaceGuid;
 
-    @Value("${approved.org.guid}")
+    @Value("${cfserver.validOrgGuid}")
     private String validOrgGuid;
 
-
     @Override
     protected void doFilterInternal(HttpServletRequest request,
         HttpServletResponse response, FilterChain filterChain)
         throws jakarta.servlet.ServletException, IOException {
+
+
+            // Skip filter if the request is HTTPS
+    if (request.isSecure()) {
+      filterChain.doFilter(request, response);
+      return;
+  }
         // Get the XFCC header
         String xfccHeader = request.getHeader("X-Forwarded-Client-Cert");
         if (xfccHeader == null || xfccHeader.isEmpty()) {

diff --git a/src/scheduler/src/main/resources/application.yml b/src/scheduler/src/main/resources/application.yml
@@ -138,6 +138,6 @@ server:
 #    Unified cf Server - XFCC
 ############################################################
 
-cf-server:
+cfserver:
   validOrgGuid: "some-org-guid"
   validSpaceGuid: "some-space-guid"