Skip to content

Commit

Permalink
WIP: Uses basic auth instead of mtls for components
Browse files Browse the repository at this point in the history
  • Loading branch information
@bonzofenix
bonzofenix committed Jul 4, 2024
1 parent 3305ba9 commit f13d062
Show file tree
Hide file tree
Showing 40 changed files with 698 additions and 305 deletions.
232 changes: 232 additions & 0 deletions \
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,232 @@
package server_test

import (
"strconv"

"code.cloudfoundry.org/app-autoscaler/src/autoscaler/fakes"
"code.cloudfoundry.org/app-autoscaler/src/autoscaler/helpers"
"code.cloudfoundry.org/app-autoscaler/src/autoscaler/models"
"code.cloudfoundry.org/app-autoscaler/src/autoscaler/routes"
"code.cloudfoundry.org/app-autoscaler/src/autoscaler/scalingengine/config"
. "code.cloudfoundry.org/app-autoscaler/src/autoscaler/scalingengine/server"
"code.cloudfoundry.org/lager/v3"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
"github.com/tedsuo/ifrit"
"github.com/tedsuo/ifrit/ginkgomon_v2"

"bytes"
"encoding/json"
"io"
"net/http"
"net/url"
)

var (
serverUrl *url.URL
server ifrit.Process
scalingEngineDB *fakes.FakeScalingEngineDB
sychronizer *fakes.FakeActiveScheduleSychronizer
)

var _ = Describe("Server", func() {
var (
rsp *http.Response
req *http.Request
body []byte
err error
method string
bodyReader io.Reader
route = routes.ScalingEngineRoutes()
)

BeforeEach(func() {
port := 2222 + GinkgoParallelProcess()
conf := &config.Config{
Server: helpers.ServerConfig{
Port: port,
BasicAuth: models.BasicAuth{
Username: "scalingengine",
Password: "some-password",
},
},
}
scalingEngineDB = &fakes.FakeScalingEngineDB{}
scalingEngine := &fakes.FakeScalingEngine{}
policyDb := &fakes.FakePolicyDB{}
schedulerDB := &fakes.FakeSchedulerDB{}
sychronizer = &fakes.FakeActiveScheduleSychronizer{}

httpServer, err := NewServer(lager.NewLogger("test"), conf, policyDb, scalingEngineDB, schedulerDB, scalingEngine, sychronizer)
Expect(err).NotTo(HaveOccurred())
server = ginkgomon_v2.Invoke(httpServer)
serverUrl, err = url.Parse("http://127.0.0.1:" + strconv.Itoa(port))
Expect(err).ToNot(HaveOccurred())
})

AfterEach(func() {
ginkgomon_v2.Interrupt(server)
})

Context("when triggering scaling action", func() {
BeforeEach(func() {
body, err = json.Marshal(models.Trigger{Adjustment: "+1"})
Expect(err).NotTo(HaveOccurred())

uPath, err := route.Get(routes.ScaleRouteName).URLPath("appid", "test-app-id")
Expect(err).NotTo(HaveOccurred())
serverUrl.Path = uPath.Path
})

Context("when requesting correctly", func() {
JustBeforeEach(func() {
rsp, err = http.Post(serverUrl.String(), "application/json", bytes.NewReader(body))
})

It("should return 200", func() {
Expect(err).ToNot(HaveOccurred())
Expect(rsp.StatusCode).To(Equal(http.StatusOK))
rsp.Body.Close()
})
})
})

Context("when getting scaling histories", func() {
BeforeEach(func() {
uPath, err := route.Get(routes.GetScalingHistoriesRouteName).URLPath("guid", "8ea70e4e-e0bc-4e15-9d32-cd69daaf012a")
Expect(err).NotTo(HaveOccurred())
serverUrl.Path = uPath.Path
})

Context("when requesting correctly", func() {
JustBeforeEach(func() {
req, err = http.NewRequest(http.MethodGet, serverUrl.String(), nil)
req.Header.Set("Authorization", "Bearer ignore")
Expect(err).NotTo(HaveOccurred())
rsp, err = (&http.Client{}).Do(req)
})

It("should return 200", func() {
Expect(err).ToNot(HaveOccurred())
Expect(rsp.StatusCode).To(Equal(http.StatusOK))
rsp.Body.Close()
})
})
})

Context("when requesting active shedule", func() {

JustBeforeEach(func() {
req, err = http.NewRequest(method, serverUrl.String(), bodyReader)
Expect(err).NotTo(HaveOccurred())
rsp, err = http.DefaultClient.Do(req)
})

Context("when setting active schedule", func() {
BeforeEach(func() {
uPath, err := route.Get(routes.SetActiveScheduleRouteName).URLPath("appid", "test-app-id", "scheduleid", "test-schedule-id")
Expect(err).NotTo(HaveOccurred())
serverUrl.Path = urlPath
bodyReader = bytes.NewReader([]byte(`{"instance_min_count":1, "instance_max_count":5, "initial_min_instance_count":3}`))
})

Context("when requesting correctly", func() {
BeforeEach(func() {
method = http.MethodPut
})

It("should return 200", func() {
Expect(err).ToNot(HaveOccurred())
Expect(rsp.StatusCode).To(Equal(http.StatusOK))
rsp.Body.Close()
})
})
})

Context("when deleting active schedule", func() {
BeforeEach(func() {
uPath, err := route.Get(routes.DeleteActiveScheduleRouteName).URLPath("appid", "test-app-id", "scheduleid", "test-schedule-id")
Expect(err).NotTo(HaveOccurred())
serverUrl.Path = uPath.Path
bodyReader = nil
method = http.MethodDelete
})
Context("when requesting correctly", func() {
It("should return 200", func() {
Expect(err).ToNot(HaveOccurred())
Expect(rsp.StatusCode).To(Equal(http.StatusOK))
rsp.Body.Close()
})
})
})

Context("when getting active schedule", func() {
BeforeEach(func() {
uPath, err := route.Get(routes.GetActiveSchedulesRouteName).URLPath("appid", "test-app-id")
Expect(err).NotTo(HaveOccurred())
serverUrl.Path = uPath.Path
bodyReader = nil
method = http.MethodGet
})

Context("when requesting correctly", func() {
BeforeEach(func() {
activeSchedule := &models.ActiveSchedule{
ScheduleId: "a-schedule-id",
InstanceMin: 1,
InstanceMax: 5,
InstanceMinInitial: 3,
}

scalingEngineDB.GetActiveScheduleReturns(activeSchedule, nil)
})

It("should return 200", func() {
Expect(err).ToNot(HaveOccurred())
Expect(rsp.StatusCode).To(Equal(http.StatusOK))
rsp.Body.Close()
})
})
})
})

Context("when requesting sync shedule", func() {
JustBeforeEach(func() {
uPath, err := route.Get(routes.SyncActiveSchedulesRouteName).URLPath()
Expect(err).NotTo(HaveOccurred())
serverUrl.Path = uPath.Path
bodyReader = nil

req, err = http.NewRequest(method, serverUrl, bodyReader)
Expect(err).NotTo(HaveOccurred())
rsp, err = http.DefaultClient.Do(req)
Expect(err).NotTo(HaveOccurred())
})

Context("when requesting correctly", func() {
BeforeEach(func() {
method = http.MethodPut
})

It("should return 200", func() {
Eventually(sychronizer.SyncCallCount).Should(Equal(1))
Expect(err).ToNot(HaveOccurred())
Expect(rsp.StatusCode).To(Equal(http.StatusOK))
rsp.Body.Close()
})
})

Context("when requesting with incorrect http method", func() {
BeforeEach(func() {
method = http.MethodGet
})

It("should return 405", func() {
Expect(err).ToNot(HaveOccurred())
Expect(rsp.StatusCode).To(Equal(http.StatusMethodNotAllowed))
rsp.Body.Close()
})
})

})
})
28 changes: 12 additions & 16 deletions jobs/eventgenerator/spec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,18 +5,9 @@ templates:
bpm-pre-start.erb: bin/bpm-pre-start
liquibase.properties: bin/liquibase.properties
eventgenerator.yml.erb: config/eventgenerator.yml
eventgenerator_ca.crt.erb: config/certs/eventgenerator/ca.crt
eventgenerator_server.crt.erb: config/certs/eventgenerator/server.crt
eventgenerator_server.key.erb: config/certs/eventgenerator/server.key
healthendpoint_ca.crt.erb: config/certs/healthendpoint/ca.crt
healthendpoint.crt.erb: config/certs/healthendpoint/server.crt
healthendpoint.key.erb: config/certs/healthendpoint/server.key
metricscollector_ca.crt.erb: config/certs/metricscollector/ca.crt
metricscollector_client.crt.erb: config/certs/metricscollector/client.crt
metricscollector_client.key.erb: config/certs/metricscollector/client.key
scalingengine_ca.crt.erb: config/certs/scalingengine/ca.crt
scalingengine_client.crt.erb: config/certs/scalingengine/client.crt
scalingengine_client.key.erb: config/certs/scalingengine/client.key
policy_db_ca.crt.erb: config/certs/policy_db/ca.crt
policy_db.crt.erb: config/certs/policy_db/crt
policy_db.key.erb: config/certs/policy_db/key
Expand Down Expand Up @@ -113,6 +104,12 @@ properties:
autoscaler.eventgenerator.server.port:
description: "the listening port of server"
default: 6105
autoscaler.eventgenerator.server.username:
description: "the basic auth username for server endpoint"
default: ''
autoscaler.eventgenerator.server.password:
description: "the basic auth password for server endpoint"
default: ''
autoscaler.eventgenerator.http_client_timeout:
description: "Http client imeout for eventgenerator to communicate with other autoscaler components"
default: 60s
Expand Down Expand Up @@ -164,14 +161,13 @@ properties:
description: "Port where the scaling engine will listen"
default: 6104

autoscaler.eventgenerator.scaling_engine.ca_cert:
description: "PEM-encoded CA certificate"

autoscaler.eventgenerator.scaling_engine.client_cert:
description: "PEM-encoded client certificate"
autoscaler.eventgenerator.scaling_engine.username:
description: "Scaling engine basic auth username"
default: ""

autoscaler.eventgenerator.scaling_engine.client_key:
description: "PEM-encoded client key"
autoscaler.eventgenerator.scaling_engine.password:
description: "Scaling engine basic auth password"
default: ""

autoscaler.eventgenerator.metricscollector.host:
description: "Host where the metrics collector is running"
Expand Down
15 changes: 9 additions & 6 deletions jobs/eventgenerator/templates/eventgenerator.yml.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,9 @@ end


server:
basic_auth:
username: <%= p("autoscaler.eventgenerator.server.username") %>
password: <%= p("autoscaler.eventgenerator.server.password") %>
port: <%= p("autoscaler.eventgenerator.server.port") %>
tls:
key_file: /var/vcap/jobs/eventgenerator/config/certs/eventgenerator/server.key
Expand All @@ -69,8 +72,9 @@ logging:
level: <%= p("autoscaler.eventgenerator.logging.level") %>
http_client_timeout: <%= p("autoscaler.eventgenerator.http_client_timeout") %>
health:
username: <%= p("autoscaler.eventgenerator.health.username") %>
password: <%= p("autoscaler.eventgenerator.health.password") %>
basic_auth:
username: <%= p("autoscaler.eventgenerator.health.username") %>
password: <%= p("autoscaler.eventgenerator.health.password") %>

db:
policy_db:
Expand Down Expand Up @@ -100,10 +104,9 @@ evaluator:

scalingEngine:
scaling_engine_url: https://<%= p("autoscaler.eventgenerator.scaling_engine.host") %>:<%= p("autoscaler.eventgenerator.scaling_engine.port") %>
tls:
key_file: /var/vcap/jobs/eventgenerator/config/certs/scalingengine/client.key
cert_file: /var/vcap/jobs/eventgenerator/config/certs/scalingengine/client.crt
ca_file: /var/vcap/jobs/eventgenerator/config/certs/scalingengine/ca.crt
basic_auth:
username: <%= p("autoscaler.eventgenerator.scaling_engine.username") %>
password: <%= p("autoscaler.eventgenerator.scaling_engine.password") %>

metricCollector:
metric_collector_url: <%= metric_collector_url %>
Expand Down
5 changes: 3 additions & 2 deletions jobs/metricsforwarder/templates/metricsforwarder.yml.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,8 +91,9 @@ cache_ttl: <%= p("autoscaler.metricsforwarder.cache_ttl") %>
cache_cleanup_interval: <%= p("autoscaler.metricsforwarder.cache_cleanup_interval") %>
policy_poller_interval: <%= p("autoscaler.metricsforwarder.policy_poller_interval") %>
health:
username: <%= p("autoscaler.metricsforwarder.health.username") %>
password: <%= p("autoscaler.metricsforwarder.health.password") %>
basic_auth:
username: <%= p("autoscaler.metricsforwarder.health.username") %>
password: <%= p("autoscaler.metricsforwarder.health.password") %>

rate_limit:
valid_duration: <%= p("autoscaler.metricsforwarder.rate_limit.valid_duration") %>
Expand Down
5 changes: 3 additions & 2 deletions jobs/operator/templates/operator.yml.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,8 +60,9 @@ server:
logging:
level: <%= p("autoscaler.operator.logging.level") %>
health:
username: <%= p("autoscaler.operator.health.username") %>
password: <%= p("autoscaler.operator.health.password") %>
basic_auth:
username: <%= p("autoscaler.operator.health.username") %>
password: <%= p("autoscaler.operator.health.password") %>

http_client_timeout: <%= p("autoscaler.operator.http_client_timeout") %>

Expand Down
4 changes: 0 additions & 4 deletions jobs/scalingengine/spec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,6 @@ templates:
scalingengine_db.crt.erb: config/certs/scalingengine_db/crt
scalingengine_db.key.erb: config/certs/scalingengine_db/key

scalingengine_ca.crt.erb: config/certs/scalingengine/ca.crt
scalingengine_server.crt.erb: config/certs/scalingengine/server.crt
scalingengine_server.key.erb: config/certs/scalingengine/server.key

scheduler_db.crt.erb: config/certs/scheduler_db/crt
scheduler_db.key.erb: config/certs/scheduler_db/key
scheduler_db_ca.crt.erb: config/certs/scheduler_db/ca.crt
Expand Down
9 changes: 3 additions & 6 deletions jobs/scalingengine/templates/scalingengine.yml.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,17 +54,14 @@ cf:

server:
port: <%= p("autoscaler.scalingengine.server.port") %>
tls:
key_file: /var/vcap/jobs/scalingengine/config/certs/scalingengine/server.key
cert_file: /var/vcap/jobs/scalingengine/config/certs/scalingengine/server.crt
ca_file: /var/vcap/jobs/scalingengine/config/certs/scalingengine/ca.crt

logging:
level: <%= p("autoscaler.scalingengine.logging.level") %>
http_client_timeout: <%= p("autoscaler.scalingengine.http_client_timeout") %>
health:
username: <%= p("autoscaler.scalingengine.health.username") %>
password: <%= p("autoscaler.scalingengine.health.password") %>
basic_auth:
username: <%= p("autoscaler.scalingengine.health.username") %>
password: <%= p("autoscaler.scalingengine.health.password") %>

db:
policy_db:
Expand Down
3 changes: 0 additions & 3 deletions jobs/scalingengine/templates/scalingengine_ca.crt.erb
View file

This file was deleted.

3 changes: 0 additions & 3 deletions jobs/scalingengine/templates/scalingengine_server.crt.erb
View file

This file was deleted.

3 changes: 0 additions & 3 deletions jobs/scalingengine/templates/scalingengine_server.key.erb
View file

This file was deleted.

Loading

0 comments on commit f13d062

Please sign in to comment.