diff --git a/src/autoscaler/integration/integration_golangapi_scheduler_test.go b/src/autoscaler/integration/integration_golangapi_scheduler_test.go index c8856638f2..6cc282299b 100644 --- a/src/autoscaler/integration/integration_golangapi_scheduler_test.go +++ b/src/autoscaler/integration/integration_golangapi_scheduler_test.go @@ -1,11 +1,15 @@ package integration_test import ( + "crypto/rand" + "crypto/rsa" "encoding/base64" "fmt" "io" "net/http" + "os" + "code.cloudfoundry.org/app-autoscaler/src/autoscaler/configutil" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/testhelpers" "github.com/google/uuid" . "github.com/onsi/ginkgo/v2" @@ -51,7 +55,7 @@ var _ = Describe("Integration_GolangApi_Scheduler", func() { stopScheduler() }) - Describe("When offered as a service", func() { + When("offered as a service", func() { BeforeEach(func() { golangApiServerConfPath := components.PrepareGolangApiServerConfig( @@ -483,6 +487,94 @@ var _ = Describe("Integration_GolangApi_Scheduler", func() { }) }) + + When("scheduler responding on cf server via http", func() { + BeforeEach(func() { + golangApiServerConfPath := components.PrepareGolangApiServerConfig( + dbUrl, + components.Ports[GolangAPIServer], + components.Ports[GolangServiceBroker], + fakeCCNOAAUAA.URL(), + fmt.Sprintf("https://127.0.0.1:%d", components.Ports[Scheduler]), + fmt.Sprintf("https://127.0.0.1:%d", components.Ports[ScalingEngine]), + fmt.Sprintf("https://127.0.0.1:%d", components.Ports[EventGenerator]), + "https://127.0.0.1:8888", + tmpDir) + + startGolangApiServer(golangApiServerConfPath) + + }) + When("binding to it", func() { + var ( + defaultPolicy []byte + err error + resp *http.Response + ) + + BeforeEach(func() { + defaultPolicy = setPolicyRecurringDate(readPolicyFromFile("fakePolicyWithSchedule.json")) + + }) + + JustBeforeEach(func() { + resp, err = bindService(bindingId, appId, serviceInstanceId, nil, components.Ports[GolangServiceBroker], httpClientForPublicApi) + Expect(err).NotTo(HaveOccurred(), "Error: %s", err) + Expect(resp.StatusCode).To(Equal(http.StatusCreated), ResponseMessage(resp)) + defer func() { _ = resp.Body.Close() }() + + }) + + AfterEach(func() { + os.Unsetenv("CF_INSTANCE_KEY") + os.Unsetenv("CF_INSTANCE_CERT") + + unbindAndDeProvision(bindingId, appId, serviceInstanceId, components.Ports[GolangServiceBroker], httpClientForPublicApi) + }) + + When("instance certs are available", func() { + BeforeEach(func() { + certTmpDir := os.TempDir() + privateKey, err := rsa.GenerateKey(rand.Reader, 2048) + Expect(err).ToNot(HaveOccurred()) + + cfInstanceKeyContent := testhelpers.GenerateClientKeyWithPrivateKey(privateKey) + + cfInstanceCertFileToRotateContent, err := testhelpers.GenerateClientCertWithPrivateKey("org", "space", privateKey) + Expect(err).ToNot(HaveOccurred()) + + certFile, err := configutil.MaterializeContentInFile(certTmpDir, "cf.crt", string(cfInstanceCertFileToRotateContent)) + Expect(err).NotTo(HaveOccurred()) + + keyFile, err := configutil.MaterializeContentInFile(certTmpDir, "cf.key", string(cfInstanceKeyContent)) + Expect(err).NotTo(HaveOccurred()) + + os.Setenv("CF_INSTANCE_KEY", keyFile) + os.Setenv("CF_INSTANCE_CERT", certFile) + }) + + FIt("creates a policy and associated schedules", func() { + By("setting the default policy on apps without an explicit one") + checkApiServerContent(appId, defaultPolicy, http.StatusOK, components.Ports[GolangAPIServer], httpClientForPublicApi) + assertScheduleContents(appId, http.StatusOK, map[string]int{"recurring_schedule": 4, "specific_date": 2}) + }) + }) + + When("instance certs are not available", func() { + BeforeEach(func() { + os.Unsetenv("CF_INSTANCE_KEY") + os.Unsetenv("CF_INSTANCE_CERT") + }) + + FIt("creates a policy and associated schedules", func() { + By("setting the default policy on apps without an explicit one") + checkApiServerContent(appId, defaultPolicy, http.StatusOK, components.Ports[GolangAPIServer], httpClientForPublicApi) + assertScheduleContents(appId, http.StatusOK, map[string]int{"recurring_schedule": 4, "specific_date": 2}) + }) + + }) + + }) + }) }) func ResponseMessage(resp *http.Response) string { diff --git a/src/scheduler/src/main/java/org/cloudfoundry/autoscaler/scheduler/conf/CFHTTPConfiguration.java b/src/scheduler/src/main/java/org/cloudfoundry/autoscaler/scheduler/conf/CFHTTPConfiguration.java index db6bff3142..a688dd71a2 100644 --- a/src/scheduler/src/main/java/org/cloudfoundry/autoscaler/scheduler/conf/CFHTTPConfiguration.java +++ b/src/scheduler/src/main/java/org/cloudfoundry/autoscaler/scheduler/conf/CFHTTPConfiguration.java @@ -2,12 +2,17 @@ import org.apache.catalina.connector.Connector; import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory; +import org.cloudfoundry.autoscaler.scheduler.filter.XfccFilter; +import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.boot.web.server.WebServerFactoryCustomizer; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @Configuration public class CFHTTPConfiguration { + private Logger logger = LoggerFactory.getLogger(this.getClass()); @Bean public WebServerFactoryCustomizer httpConnectorCustomizer() { @@ -18,4 +23,15 @@ public WebServerFactoryCustomizer httpConnectorCu factory.addAdditionalTomcatConnectors(connector); }; } + + @Bean + public FilterRegistrationBean xfccFilterRegistration(XfccFilter xfccFilter) { + FilterRegistrationBean registrationBean = new FilterRegistrationBean<>(); + registrationBean.setFilter(xfccFilter); + registrationBean.addUrlPatterns("/*"); // Apply filter to all incoming requests + registrationBean.setOrder(1); // Set filter precedence + + logger.info("Registering XFCC Filter for CF Server"); + return registrationBean; + } } diff --git a/src/scheduler/src/main/java/org/cloudfoundry/autoscaler/scheduler/conf/CFServerConfig.java b/src/scheduler/src/main/java/org/cloudfoundry/autoscaler/scheduler/conf/CFServerConfig.java deleted file mode 100644 index e10901847b..0000000000 --- a/src/scheduler/src/main/java/org/cloudfoundry/autoscaler/scheduler/conf/CFServerConfig.java +++ /dev/null @@ -1,48 +0,0 @@ -package org.cloudfoundry.autoscaler.scheduler.conf; - -import java.io.IOException; -import java.util.logging.Logger; -import org.apache.http.impl.bootstrap.HttpServer; -import org.apache.http.impl.bootstrap.ServerBootstrap; -import org.apache.http.protocol.HttpRequestHandler; -import org.cloudfoundry.autoscaler.scheduler.filter.XfccFilter; -import org.springframework.boot.web.servlet.FilterRegistrationBean; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.apache.http.entity.StringEntity; - -@Configuration -public class CFServerConfig { - private Logger logger = Logger.getLogger(this.getClass().getName()); - - @Bean - HttpServer cfServer(CFServerConfiguration config) throws IOException { - // Define a simple request handler (example only) - HttpRequestHandler requestHandler = - (request, response, context) -> { - response.setStatusCode(200); - response.setEntity(new StringEntity("Hello from CFServer!")); - }; - - // Build the HTTP server - HttpServer server = ServerBootstrap.bootstrap() - .setListenerPort(config.getPort()) - .registerHandler("*", requestHandler) // Register a default handler - .create(); - - logger.info("Configured HttpServer on port: " + config.getPort()); - return server; - } - - @Bean - public FilterRegistrationBean xfccFilterRegistration(XfccFilter xfccFilter) { - FilterRegistrationBean registrationBean = new FilterRegistrationBean<>(); - registrationBean.setFilter(xfccFilter); - registrationBean.addUrlPatterns("/*"); // Apply filter to all incoming requests - registrationBean.setOrder(1); // Set filter precedence - - logger.info("Registering XFCC Filter for CF Server"); - return registrationBean; - } -} - diff --git a/src/scheduler/src/main/java/org/cloudfoundry/autoscaler/scheduler/conf/CFServerConfiguration.java b/src/scheduler/src/main/java/org/cloudfoundry/autoscaler/scheduler/conf/CFServerConfiguration.java deleted file mode 100644 index d83ce2724b..0000000000 --- a/src/scheduler/src/main/java/org/cloudfoundry/autoscaler/scheduler/conf/CFServerConfiguration.java +++ /dev/null @@ -1,30 +0,0 @@ -package org.cloudfoundry.autoscaler.scheduler.conf; - -import jakarta.annotation.PostConstruct; -import lombok.AllArgsConstructor; -import lombok.Data; -import lombok.NoArgsConstructor; -import org.springframework.boot.context.properties.ConfigurationProperties; -import org.springframework.stereotype.Component; - -@ConfigurationProperties(prefix = "cf-server") -@Data -@Component -@AllArgsConstructor -@NoArgsConstructor -public class CFServerConfiguration{ - private int port; - private String validOrgGuid; - private String validSpaceGuid; - - @PostConstruct - public void init() { - if (this.port <= 0) { - throw new IllegalStateException("CF Server Port is not set"); - } - } - - public long getSocketTimeout() { - return 10; - } -} diff --git a/src/scheduler/src/main/java/org/cloudfoundry/autoscaler/scheduler/filter/XfccFilter.java b/src/scheduler/src/main/java/org/cloudfoundry/autoscaler/scheduler/filter/XfccFilter.java index b2cc665983..4fc3d5559a 100644 --- a/src/scheduler/src/main/java/org/cloudfoundry/autoscaler/scheduler/filter/XfccFilter.java +++ b/src/scheduler/src/main/java/org/cloudfoundry/autoscaler/scheduler/filter/XfccFilter.java @@ -16,18 +16,23 @@ @Component public class XfccFilter extends OncePerRequestFilter { - - @Value("${approved.space.guid}") + @Value("${cfserver.validSpaceGuid}") private String validSpaceGuid; - @Value("${approved.org.guid}") + @Value("${cfserver.validOrgGuid}") private String validOrgGuid; - @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws jakarta.servlet.ServletException, IOException { + + + // Skip filter if the request is HTTPS + if (request.isSecure()) { + filterChain.doFilter(request, response); + return; + } // Get the XFCC header String xfccHeader = request.getHeader("X-Forwarded-Client-Cert"); if (xfccHeader == null || xfccHeader.isEmpty()) { diff --git a/src/scheduler/src/main/resources/application.yml b/src/scheduler/src/main/resources/application.yml index 77edef09e4..c674b3b03a 100644 --- a/src/scheduler/src/main/resources/application.yml +++ b/src/scheduler/src/main/resources/application.yml @@ -138,6 +138,6 @@ server: # Unified cf Server - XFCC ############################################################ -cf-server: +cfserver: validOrgGuid: "some-org-guid" validSpaceGuid: "some-space-guid"