From 95586e806e2da2ea5fe64ffa090a5aa699be59a5 Mon Sep 17 00:00:00 2001 From: Silvestre Zabala Date: Fri, 3 Nov 2023 17:37:52 +0100 Subject: [PATCH 1/4] Unify HTTP server creation All HTTP servers can be configured with mTLS and the creation is unified in one helper function --- jobs/eventgenerator/spec | 10 ++++ .../templates/eventgenerator.yml.erb | 7 +++ .../templates/healthendpoint.crt.erb | 3 + .../templates/healthendpoint.key.erb | 3 + .../templates/healthendpoint_ca.crt.erb | 3 + jobs/golangapiserver/spec | 9 +++ .../templates/apiserver.yml.erb | 6 ++ .../templates/healthendpoint.crt.erb | 3 + .../templates/healthendpoint.key.erb | 3 + .../templates/healthendpoint_ca.crt.erb | 3 + jobs/metricsforwarder/spec | 14 +++++ .../templates/healthendpoint.crt.erb | 3 + .../templates/healthendpoint.key.erb | 3 + .../templates/healthendpoint_ca.crt.erb | 3 + .../templates/metricsforwarder.yml.erb | 6 ++ jobs/metricsgateway/spec | 10 ++++ .../templates/healthendpoint.crt.erb | 3 + .../templates/healthendpoint.key.erb | 3 + .../templates/healthendpoint_ca.crt.erb | 3 + .../templates/metricsgateway.yml.erb | 6 ++ jobs/metricsserver/spec | 10 ++++ .../templates/healthendpoint.crt.erb | 3 + .../templates/healthendpoint.key.erb | 3 + .../templates/healthendpoint_ca.crt.erb | 3 + .../templates/metricsserver.yml.erb | 6 ++ jobs/operator/spec | 10 ++++ .../operator/templates/healthendpoint.crt.erb | 3 + .../operator/templates/healthendpoint.key.erb | 3 + .../templates/healthendpoint_ca.crt.erb | 3 + jobs/operator/templates/operator.yml.erb | 7 +++ jobs/scalingengine/spec | 14 ++++- .../templates/healthendpoint.crt.erb | 3 + .../templates/healthendpoint.key.erb | 3 + .../templates/healthendpoint_ca.crt.erb | 3 + .../templates/scalingengine.yml.erb | 7 +++ spec/jobs/{cf => common}/cf_spec.rb | 0 spec/jobs/common/health_endpoint_spec.rb | 57 +++++++++++++++++++ .../api/brokerserver/broker_server.go | 34 ++--------- .../brokerserver/broker_server_suite_test.go | 3 +- src/autoscaler/api/cmd/api/api_suite_test.go | 11 ++-- src/autoscaler/api/cmd/api/api_test.go | 8 +-- src/autoscaler/api/config/config.go | 15 ++--- .../api/publicapiserver/public_api_server.go | 27 +-------- .../publicapiserver_suite_test.go | 2 +- .../eventgenerator_suite_test.go | 18 +++--- .../eventgenerator/config/config.go | 19 ++++--- .../eventgenerator/config/config_test.go | 30 ++++++---- .../eventgenerator/server/server.go | 27 ++------- .../server/server_suite_test.go | 5 +- .../healthendpoint/health_readiness_test.go | 5 +- src/autoscaler/healthendpoint/server.go | 24 +++----- src/autoscaler/{models => helpers}/health.go | 4 +- .../{models => helpers}/health_test.go | 22 ++++--- src/autoscaler/helpers/http_server.go | 39 +++++++++++++ src/autoscaler/integration/components_test.go | 20 ++++--- .../metricsforwarder/config/config.go | 16 +++--- .../forwarder/forwarder_test.go | 2 +- .../server/auth/auth_suite_test.go | 2 +- .../metricsforwarder/server/server.go | 14 +---- .../server/server_suite_test.go | 2 +- .../metricsgateway_suite_test.go | 6 +- .../metricsgateway/config/config.go | 2 +- .../metricsgateway/config/config_test.go | 6 +- .../collector/collector_suite_test.go | 5 +- .../metricsserver/collector/config.go | 15 ++--- .../metricsserver/collector/server.go | 27 ++------- .../metricsserver/collector/ws_server.go | 27 ++------- src/autoscaler/metricsserver/config/config.go | 17 +++--- src/autoscaler/operator/config/config.go | 8 ++- .../cmd/scalingengine/scalingengine_test.go | 2 +- src/autoscaler/scalingengine/config/config.go | 18 +++--- src/autoscaler/scalingengine/server/server.go | 24 +------- .../scalingengine/server/server_test.go | 3 +- 73 files changed, 459 insertions(+), 292 deletions(-) create mode 100644 jobs/eventgenerator/templates/healthendpoint.crt.erb create mode 100644 jobs/eventgenerator/templates/healthendpoint.key.erb create mode 100644 jobs/eventgenerator/templates/healthendpoint_ca.crt.erb create mode 100644 jobs/golangapiserver/templates/healthendpoint.crt.erb create mode 100644 jobs/golangapiserver/templates/healthendpoint.key.erb create mode 100644 jobs/golangapiserver/templates/healthendpoint_ca.crt.erb create mode 100644 jobs/metricsforwarder/templates/healthendpoint.crt.erb create mode 100644 jobs/metricsforwarder/templates/healthendpoint.key.erb create mode 100644 jobs/metricsforwarder/templates/healthendpoint_ca.crt.erb create mode 100644 jobs/metricsgateway/templates/healthendpoint.crt.erb create mode 100644 jobs/metricsgateway/templates/healthendpoint.key.erb create mode 100644 jobs/metricsgateway/templates/healthendpoint_ca.crt.erb create mode 100644 jobs/metricsserver/templates/healthendpoint.crt.erb create mode 100644 jobs/metricsserver/templates/healthendpoint.key.erb create mode 100644 jobs/metricsserver/templates/healthendpoint_ca.crt.erb create mode 100644 jobs/operator/templates/healthendpoint.crt.erb create mode 100644 jobs/operator/templates/healthendpoint.key.erb create mode 100644 jobs/operator/templates/healthendpoint_ca.crt.erb create mode 100644 jobs/scalingengine/templates/healthendpoint.crt.erb create mode 100644 jobs/scalingengine/templates/healthendpoint.key.erb create mode 100644 jobs/scalingengine/templates/healthendpoint_ca.crt.erb rename spec/jobs/{cf => common}/cf_spec.rb (100%) create mode 100644 spec/jobs/common/health_endpoint_spec.rb rename src/autoscaler/{models => helpers}/health.go (96%) rename src/autoscaler/{models => helpers}/health_test.go (81%) create mode 100644 src/autoscaler/helpers/http_server.go diff --git a/jobs/eventgenerator/spec b/jobs/eventgenerator/spec index 74b63e36ea..1a8363b1eb 100644 --- a/jobs/eventgenerator/spec +++ b/jobs/eventgenerator/spec @@ -8,6 +8,9 @@ templates: eventgenerator_ca.crt.erb: config/certs/eventgenerator/ca.crt eventgenerator_server.crt.erb: config/certs/eventgenerator/server.crt eventgenerator_server.key.erb: config/certs/eventgenerator/server.key + healthendpoint_ca.crt.erb: config/certs/healthendpoint/ca.crt + healthendpoint.crt.erb: config/certs/healthendpoint/server.crt + healthendpoint.key.erb: config/certs/healthendpoint/server.key metricscollector_ca.crt.erb: config/certs/metricscollector/ca.crt metricscollector_client.crt.erb: config/certs/metricscollector/client.crt metricscollector_client.key.erb: config/certs/metricscollector/client.key @@ -227,6 +230,13 @@ properties: autoscaler.eventgenerator.health.port: description: "the listening port of health endpoint" default: 6204 + autoscaler.eventgenerator.health.ca_cert: + description: "PEM-encoded CA certificate for the health endpoint" + autoscaler.eventgenerator.health.server_cert: + description: "PEM-encoded server certificate for the health endpoint" + autoscaler.eventgenerator.health.server_key: + description: "PEM-encoded server key for the health endpoint" + autoscaler.eventgenerator.health.username: description: "the username for the health endpoint" default: '' diff --git a/jobs/eventgenerator/templates/eventgenerator.yml.erb b/jobs/eventgenerator/templates/eventgenerator.yml.erb index 441038960e..570d5809b1 100644 --- a/jobs/eventgenerator/templates/eventgenerator.yml.erb +++ b/jobs/eventgenerator/templates/eventgenerator.yml.erb @@ -76,6 +76,13 @@ health: port: <%= p("autoscaler.eventgenerator.health.port") %> username: <%= p("autoscaler.eventgenerator.health.username") %> password: <%= p("autoscaler.eventgenerator.health.password") %> + <% if_p("autoscaler.eventgenerator.health.ca_cert", "autoscaler.eventgenerator.health.server_cert", "autoscaler.eventgenerator.health.server_key") do %> + tls: + ca_file: /var/vcap/jobs/eventgenerator/config/certs/healthendpoint/ca.crt + cert_file: /var/vcap/jobs/eventgenerator/config/certs/healthendpoint/server.crt + key_file: /var/vcap/jobs/eventgenerator/config/certs/healthendpoint/server.key + <% end %> + db: policy_db: url: <%= policy_db_url %> diff --git a/jobs/eventgenerator/templates/healthendpoint.crt.erb b/jobs/eventgenerator/templates/healthendpoint.crt.erb new file mode 100644 index 0000000000..587e7147fc --- /dev/null +++ b/jobs/eventgenerator/templates/healthendpoint.crt.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.eventgenerator.health.server_cert") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/eventgenerator/templates/healthendpoint.key.erb b/jobs/eventgenerator/templates/healthendpoint.key.erb new file mode 100644 index 0000000000..0a6ae38281 --- /dev/null +++ b/jobs/eventgenerator/templates/healthendpoint.key.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.eventgenerator.health.server_key") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/eventgenerator/templates/healthendpoint_ca.crt.erb b/jobs/eventgenerator/templates/healthendpoint_ca.crt.erb new file mode 100644 index 0000000000..1164360610 --- /dev/null +++ b/jobs/eventgenerator/templates/healthendpoint_ca.crt.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.eventgenerator.health.ca_cert") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/golangapiserver/spec b/jobs/golangapiserver/spec index a35c0906fe..78512a9cfb 100644 --- a/jobs/golangapiserver/spec +++ b/jobs/golangapiserver/spec @@ -12,6 +12,9 @@ templates: brokerserver_ca.crt.erb: config/certs/brokerserver/ca.crt brokerserver.crt.erb: config/certs/brokerserver/server.crt brokerserver.key.erb: config/certs/brokerserver/server.key + healthendpoint_ca.crt.erb: config/certs/healthendpoint/ca.crt + healthendpoint.crt.erb: config/certs/healthendpoint/server.crt + healthendpoint.key.erb: config/certs/healthendpoint/server.key scalingengine_ca.crt.erb: config/certs/scalingengine/ca.crt scalingengine_client.crt.erb: config/certs/scalingengine/client.crt scalingengine_client.key.erb: config/certs/scalingengine/client.key @@ -78,6 +81,12 @@ properties: description: "PEM-encoded server key" autoscaler.apiserver.health.port: default: 1080 + autoscaler.apiserver.health.ca_cert: + description: "PEM-encoded CA certificate for the health endpoint" + autoscaler.apiserver.health.server_cert: + description: "PEM-encoded server certificate for the health endpoint" + autoscaler.apiserver.health.server_key: + description: "PEM-encoded server key for the health endpoint" autoscaler.apiserver.use_buildin_mode: default: true description: "" diff --git a/jobs/golangapiserver/templates/apiserver.yml.erb b/jobs/golangapiserver/templates/apiserver.yml.erb index 87a02f4671..5acaeff718 100644 --- a/jobs/golangapiserver/templates/apiserver.yml.erb +++ b/jobs/golangapiserver/templates/apiserver.yml.erb @@ -96,6 +96,12 @@ use_buildin_mode: <%= p("autoscaler.apiserver.use_buildin_mode") %> health: port: <%= p("autoscaler.apiserver.health.port") %> + <% if_p("autoscaler.apiserver.health.ca_cert", "autoscaler.apiserver.health.server_cert", "autoscaler.apiserver.health.server_key") do %> + tls: + ca_file: /var/vcap/jobs/golangapiserver/config/certs/healthendpoint/ca.crt + cert_file: /var/vcap/jobs/golangapiserver/config/certs/healthendpoint/server.crt + key_file: /var/vcap/jobs/golangapiserver/config/certs/healthendpoint/server.key + <% end %> db: policy_db: diff --git a/jobs/golangapiserver/templates/healthendpoint.crt.erb b/jobs/golangapiserver/templates/healthendpoint.crt.erb new file mode 100644 index 0000000000..a474a980a2 --- /dev/null +++ b/jobs/golangapiserver/templates/healthendpoint.crt.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.apiserver.health.server_cert") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/golangapiserver/templates/healthendpoint.key.erb b/jobs/golangapiserver/templates/healthendpoint.key.erb new file mode 100644 index 0000000000..57de031a0a --- /dev/null +++ b/jobs/golangapiserver/templates/healthendpoint.key.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.apiserver.health.server_key") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/golangapiserver/templates/healthendpoint_ca.crt.erb b/jobs/golangapiserver/templates/healthendpoint_ca.crt.erb new file mode 100644 index 0000000000..022d2a67fa --- /dev/null +++ b/jobs/golangapiserver/templates/healthendpoint_ca.crt.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.apiserver.health.ca_cert") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/metricsforwarder/spec b/jobs/metricsforwarder/spec index c8623fc0d5..6759adc521 100644 --- a/jobs/metricsforwarder/spec +++ b/jobs/metricsforwarder/spec @@ -4,6 +4,14 @@ templates: bpm.yml.erb: config/bpm.yml metricsforwarder.yml.erb: config/metricsforwarder.yml + metricsforwarder_ca.crt.erb: config/certs/metricsforwarder/ca.crt + metricsforwarder_server.crt.erb: config/certs/metricsforwarder/server.crt + metricsforwarder_server.key.erb: config/certs/metricsforwarder/server.key + + healthendpoint_ca.crt.erb: config/certs/healthendpoint/ca.crt + healthendpoint.crt.erb: config/certs/healthendpoint/server.crt + healthendpoint.key.erb: config/certs/healthendpoint/server.key + metron_client_ca.crt.erb: config/certs/metron_client/ca.crt metron_client.crt.erb: config/certs/metron_client/client.crt metron_client.key.erb: config/certs/metron_client/client.key @@ -137,6 +145,12 @@ properties: autoscaler.metricsforwarder.health.port: description: "The listening port of health endpoint" default: 6403 + autoscaler.metricsforwarder.health.ca_cert: + description: "PEM-encoded CA certificate for the health endpoint" + autoscaler.metricsforwarder.health.server_cert: + description: "PEM-encoded server certificate for the health endpoint" + autoscaler.metricsforwarder.health.server_key: + description: "PEM-encoded server key for the health endpoint" autoscaler.metricsforwarder.health.username: description: "the username of health endpoint" default: '' diff --git a/jobs/metricsforwarder/templates/healthendpoint.crt.erb b/jobs/metricsforwarder/templates/healthendpoint.crt.erb new file mode 100644 index 0000000000..661720b8ea --- /dev/null +++ b/jobs/metricsforwarder/templates/healthendpoint.crt.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.metricsforwarder.health.server_cert") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/metricsforwarder/templates/healthendpoint.key.erb b/jobs/metricsforwarder/templates/healthendpoint.key.erb new file mode 100644 index 0000000000..6b295aeee4 --- /dev/null +++ b/jobs/metricsforwarder/templates/healthendpoint.key.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.metricsforwarder.health.server_key") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/metricsforwarder/templates/healthendpoint_ca.crt.erb b/jobs/metricsforwarder/templates/healthendpoint_ca.crt.erb new file mode 100644 index 0000000000..258983f9bc --- /dev/null +++ b/jobs/metricsforwarder/templates/healthendpoint_ca.crt.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.metricsforwarder.health.ca_cert") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/metricsforwarder/templates/metricsforwarder.yml.erb b/jobs/metricsforwarder/templates/metricsforwarder.yml.erb index 33c04fac6b..3e590e9c1b 100644 --- a/jobs/metricsforwarder/templates/metricsforwarder.yml.erb +++ b/jobs/metricsforwarder/templates/metricsforwarder.yml.erb @@ -74,6 +74,12 @@ health: port: <%= p("autoscaler.metricsforwarder.health.port") %> username: <%= p("autoscaler.metricsforwarder.health.username") %> password: <%= p("autoscaler.metricsforwarder.health.password") %> + <% if_p("autoscaler.metricsforwarder.health.ca_cert", "autoscaler.metricsforwarder.health.server_cert", "autoscaler.metricsforwarder.health.server_key") do %> + tls: + ca_file: /var/vcap/jobs/metricsforwarder/config/certs/healthendpoint/ca.crt + cert_file: /var/vcap/jobs/metricsforwarder/config/certs/healthendpoint/server.crt + key_file: /var/vcap/jobs/metricsforwarder/config/certs/healthendpoint/server.key + <% end %> rate_limit: valid_duration: <%= p("autoscaler.metricsforwarder.rate_limit.valid_duration") %> diff --git a/jobs/metricsgateway/spec b/jobs/metricsgateway/spec index 69ee2302f7..cd9a204ec9 100644 --- a/jobs/metricsgateway/spec +++ b/jobs/metricsgateway/spec @@ -5,6 +5,10 @@ templates: bpm.yml.erb: config/bpm.yml metricsgateway.yml.erb: config/metricsgateway.yml + healthendpoint_ca.crt.erb: config/certs/healthendpoint/ca.crt + healthendpoint.crt.erb: config/certs/healthendpoint/server.crt + healthendpoint.key.erb: config/certs/healthendpoint/server.key + metricsserver_client_ca.crt.erb: config/certs/metricsserver_client/ca.crt metricsserver_client.crt.erb: config/certs/metricsserver_client/server.crt metricsserver_client.key.erb: config/certs/metricsserver_client/server.key @@ -111,6 +115,12 @@ properties: autoscaler.metricsgateway.health.port: description: "The listening port of health endpoint" default: 6503 + autoscaler.metricsgateway.health.ca_cert: + description: "PEM-encoded CA certificate for the health endpoint" + autoscaler.metricsgateway.health.server_cert: + description: "PEM-encoded server certificate for the health endpoint" + autoscaler.metricsgateway.health.server_key: + description: "PEM-encoded server key for the health endpoint" autoscaler.metricsgateway.health.username: description: "the username of health endpoint" default: '' diff --git a/jobs/metricsgateway/templates/healthendpoint.crt.erb b/jobs/metricsgateway/templates/healthendpoint.crt.erb new file mode 100644 index 0000000000..c2d7a747bc --- /dev/null +++ b/jobs/metricsgateway/templates/healthendpoint.crt.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.metricsgateway.health.server_cert") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/metricsgateway/templates/healthendpoint.key.erb b/jobs/metricsgateway/templates/healthendpoint.key.erb new file mode 100644 index 0000000000..4209051e45 --- /dev/null +++ b/jobs/metricsgateway/templates/healthendpoint.key.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.metricsgateway.health.server_key") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/metricsgateway/templates/healthendpoint_ca.crt.erb b/jobs/metricsgateway/templates/healthendpoint_ca.crt.erb new file mode 100644 index 0000000000..6b4ac56d20 --- /dev/null +++ b/jobs/metricsgateway/templates/healthendpoint_ca.crt.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.metricsgateway.health.ca_cert") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/metricsgateway/templates/metricsgateway.yml.erb b/jobs/metricsgateway/templates/metricsgateway.yml.erb index 87611139b0..7ada15e5dc 100644 --- a/jobs/metricsgateway/templates/metricsgateway.yml.erb +++ b/jobs/metricsgateway/templates/metricsgateway.yml.erb @@ -80,3 +80,9 @@ health: port: <%= p("autoscaler.metricsgateway.health.port") %> username: <%= p("autoscaler.metricsgateway.health.username") %> password: <%= p("autoscaler.metricsgateway.health.password") %> + <% if_p("autoscaler.metricsgateway.health.ca_cert", "autoscaler.metricsgateway.health.server_cert", "autoscaler.metricsgateway.health.server_key") do %> + tls: + ca_file: /var/vcap/jobs/metricsgateway/config/certs/healthendpoint/ca.crt + cert_file: /var/vcap/jobs/metricsgateway/config/certs/healthendpoint/server.crt + key_file: /var/vcap/jobs/metricsgateway/config/certs/healthendpoint/server.key + <% end %> diff --git a/jobs/metricsserver/spec b/jobs/metricsserver/spec index 52a15be819..a0dc33d4e0 100644 --- a/jobs/metricsserver/spec +++ b/jobs/metricsserver/spec @@ -10,6 +10,10 @@ templates: metricsserver_server.crt.erb: config/certs/metricsserver/server.crt metricsserver_server.key.erb: config/certs/metricsserver/server.key + healthendpoint_ca.crt.erb: config/certs/healthendpoint/ca.crt + healthendpoint.crt.erb: config/certs/healthendpoint/server.crt + healthendpoint.key.erb: config/certs/healthendpoint/server.key + policy_db_ca.crt.erb: config/certs/policy_db/ca.crt policy_db.crt.erb: config/certs/policy_db/crt policy_db.key.erb: config/certs/policy_db/key @@ -150,6 +154,12 @@ properties: autoscaler.metricsserver.health.port: description: "The listening port of health endpoint" default: 6303 + autoscaler.metricsserver.health.ca_cert: + description: "PEM-encoded CA certificate for the health endpoint" + autoscaler.metricsserver.health.server_cert: + description: "PEM-encoded server certificate for the health endpoint" + autoscaler.metricsserver.health.server_key: + description: "PEM-encoded server key for the health endpoint" autoscaler.metricsserver.health.username: description: "the username of health endpoint" default: '' diff --git a/jobs/metricsserver/templates/healthendpoint.crt.erb b/jobs/metricsserver/templates/healthendpoint.crt.erb new file mode 100644 index 0000000000..5ae94caaef --- /dev/null +++ b/jobs/metricsserver/templates/healthendpoint.crt.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.metricsserver.health.server_cert") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/metricsserver/templates/healthendpoint.key.erb b/jobs/metricsserver/templates/healthendpoint.key.erb new file mode 100644 index 0000000000..693519b384 --- /dev/null +++ b/jobs/metricsserver/templates/healthendpoint.key.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.metricsserver.health.server_key") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/metricsserver/templates/healthendpoint_ca.crt.erb b/jobs/metricsserver/templates/healthendpoint_ca.crt.erb new file mode 100644 index 0000000000..d4c40e255e --- /dev/null +++ b/jobs/metricsserver/templates/healthendpoint_ca.crt.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.metricsserver.health.ca_cert") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/metricsserver/templates/metricsserver.yml.erb b/jobs/metricsserver/templates/metricsserver.yml.erb index c149de2377..3d79c62f23 100644 --- a/jobs/metricsserver/templates/metricsserver.yml.erb +++ b/jobs/metricsserver/templates/metricsserver.yml.erb @@ -89,6 +89,12 @@ health: port: <%= p("autoscaler.metricsserver.health.port") %> username: <%= p("autoscaler.metricsserver.health.username") %> password: <%= p("autoscaler.metricsserver.health.password") %> + <% if_p("autoscaler.metricsserver.health.ca_cert", "autoscaler.metricsserver.health.server_cert", "autoscaler.metricsserver.health.server_key") do %> + tls: + ca_file: /var/vcap/jobs/metricsserver/config/certs/healthendpoint/ca.crt + cert_file: /var/vcap/jobs/metricsserver/config/certs/healthendpoint/server.crt + key_file: /var/vcap/jobs/metricsserver/config/certs/healthendpoint/server.key + <% end %> diff --git a/jobs/operator/spec b/jobs/operator/spec index d093fb08bb..9da22934f4 100644 --- a/jobs/operator/spec +++ b/jobs/operator/spec @@ -6,6 +6,10 @@ templates: operator.yml.erb: config/operator.yml liquibase.properties: bin/liquibase.properties + healthendpoint_ca.crt.erb: config/certs/healthendpoint/ca.crt + healthendpoint.crt.erb: config/certs/healthendpoint/server.crt + healthendpoint.key.erb: config/certs/healthendpoint/server.key + scalingengine_ca.crt.erb: config/certs/scalingengine/ca.crt scalingengine_client.crt.erb: config/certs/scalingengine/client.crt scalingengine_client.key.erb: config/certs/scalingengine/client.key @@ -311,6 +315,12 @@ properties: autoscaler.operator.health.port: description: "the listening port of health endpoint" default: 6208 + autoscaler.operator.health.ca_cert: + description: "PEM-encoded CA certificate for the health endpoint" + autoscaler.operator.health.server_cert: + description: "PEM-encoded server certificate for the health endpoint" + autoscaler.operator.health.server_key: + description: "PEM-encoded server key for the health endpoint" autoscaler.operator.health.username: description: "the username of health endpoint" default: '' diff --git a/jobs/operator/templates/healthendpoint.crt.erb b/jobs/operator/templates/healthendpoint.crt.erb new file mode 100644 index 0000000000..d405886cf2 --- /dev/null +++ b/jobs/operator/templates/healthendpoint.crt.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.operator.health.server_cert") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/operator/templates/healthendpoint.key.erb b/jobs/operator/templates/healthendpoint.key.erb new file mode 100644 index 0000000000..fa8fa1a20a --- /dev/null +++ b/jobs/operator/templates/healthendpoint.key.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.operator.health.server_key") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/operator/templates/healthendpoint_ca.crt.erb b/jobs/operator/templates/healthendpoint_ca.crt.erb new file mode 100644 index 0000000000..79340ebd94 --- /dev/null +++ b/jobs/operator/templates/healthendpoint_ca.crt.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.operator.health.ca_cert") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/operator/templates/operator.yml.erb b/jobs/operator/templates/operator.yml.erb index 20119d01ad..599a407074 100644 --- a/jobs/operator/templates/operator.yml.erb +++ b/jobs/operator/templates/operator.yml.erb @@ -62,6 +62,13 @@ health: port: <%= p("autoscaler.operator.health.port") %> username: <%= p("autoscaler.operator.health.username") %> password: <%= p("autoscaler.operator.health.password") %> + <% if_p("autoscaler.operator.health.ca_cert", "autoscaler.operator.health.server_cert", "autoscaler.operator.health.server_key") do %> + tls: + ca_file: /var/vcap/jobs/operator/config/certs/healthendpoint/ca.crt + cert_file: /var/vcap/jobs/operator/config/certs/healthendpoint/server.crt + key_file: /var/vcap/jobs/operator/config/certs/healthendpoint/server.key + <% end %> + http_client_timeout: <%= p("autoscaler.operator.http_client_timeout") %> instance_metrics_db: db: diff --git a/jobs/scalingengine/spec b/jobs/scalingengine/spec index 878c830ae2..93e06c340c 100644 --- a/jobs/scalingengine/spec +++ b/jobs/scalingengine/spec @@ -10,14 +10,18 @@ templates: policy_db.key.erb: config/certs/policy_db/key policy_db_ca.crt.erb: config/certs/policy_db/ca.crt - scalingengine_ca.crt.erb: config/certs/scalingengine/ca.crt + scalingengine_db_ca.crt.erb: config/certs/scalingengine_db/ca.crt scalingengine_db.crt.erb: config/certs/scalingengine_db/crt scalingengine_db.key.erb: config/certs/scalingengine_db/key - scalingengine_db_ca.crt.erb: config/certs/scalingengine_db/ca.crt + scalingengine_ca.crt.erb: config/certs/scalingengine/ca.crt scalingengine_server.crt.erb: config/certs/scalingengine/server.crt scalingengine_server.key.erb: config/certs/scalingengine/server.key + healthendpoint_ca.crt.erb: config/certs/healthendpoint/ca.crt + healthendpoint.crt.erb: config/certs/healthendpoint/server.crt + healthendpoint.key.erb: config/certs/healthendpoint/server.key + scheduler_db.crt.erb: config/certs/scheduler_db/crt scheduler_db.key.erb: config/certs/scheduler_db/key scheduler_db_ca.crt.erb: config/certs/scheduler_db/ca.crt @@ -169,6 +173,12 @@ properties: autoscaler.scalingengine.health.port: description: "the listening port of health endpoint" default: 6204 + autoscaler.scalingengine.health.ca_cert: + description: "PEM-encoded CA certificate for the health endpoint" + autoscaler.scalingengine.health.server_cert: + description: "PEM-encoded server certificate for the health endpoint" + autoscaler.scalingengine.health.server_key: + description: "PEM-encoded server key for the health endpoint" autoscaler.scalingengine.health.username: description: "the username of health endpoint" default: '' diff --git a/jobs/scalingengine/templates/healthendpoint.crt.erb b/jobs/scalingengine/templates/healthendpoint.crt.erb new file mode 100644 index 0000000000..806dccca08 --- /dev/null +++ b/jobs/scalingengine/templates/healthendpoint.crt.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.scalingengine.health.server_cert") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/scalingengine/templates/healthendpoint.key.erb b/jobs/scalingengine/templates/healthendpoint.key.erb new file mode 100644 index 0000000000..9175a797bf --- /dev/null +++ b/jobs/scalingengine/templates/healthendpoint.key.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.scalingengine.health.server_key") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/scalingengine/templates/healthendpoint_ca.crt.erb b/jobs/scalingengine/templates/healthendpoint_ca.crt.erb new file mode 100644 index 0000000000..565a1334bc --- /dev/null +++ b/jobs/scalingengine/templates/healthendpoint_ca.crt.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.scalingengine.health.ca_cert") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/scalingengine/templates/scalingengine.yml.erb b/jobs/scalingengine/templates/scalingengine.yml.erb index ff559b6267..38c913d67a 100644 --- a/jobs/scalingengine/templates/scalingengine.yml.erb +++ b/jobs/scalingengine/templates/scalingengine.yml.erb @@ -66,6 +66,13 @@ health: port: <%= p("autoscaler.scalingengine.health.port") %> username: <%= p("autoscaler.scalingengine.health.username") %> password: <%= p("autoscaler.scalingengine.health.password") %> + <% if_p("autoscaler.scalingengine.health.ca_cert", "autoscaler.scalingengine.health.server_cert", "autoscaler.scalingengine.health.server_key") do %> + tls: + ca_file: /var/vcap/jobs/scalingengine/config/certs/healthendpoint/ca.crt + cert_file: /var/vcap/jobs/scalingengine/config/certs/healthendpoint/server.crt + key_file: /var/vcap/jobs/scalingengine/config/certs/healthendpoint/server.key + <% end %> + db: policy_db: diff --git a/spec/jobs/cf/cf_spec.rb b/spec/jobs/common/cf_spec.rb similarity index 100% rename from spec/jobs/cf/cf_spec.rb rename to spec/jobs/common/cf_spec.rb diff --git a/spec/jobs/common/health_endpoint_spec.rb b/spec/jobs/common/health_endpoint_spec.rb new file mode 100644 index 0000000000..73da8be068 --- /dev/null +++ b/spec/jobs/common/health_endpoint_spec.rb @@ -0,0 +1,57 @@ +require "rspec" +require "json" +require "bosh/template/test" +require "rspec/file_fixtures" +require "yaml" + +describe "health endpoint sections relevant specs" do + let(:release) { Bosh::Template::Test::ReleaseDir.new(File.join(File.dirname(__FILE__), "../../..")) } + [ + %w[apiserver golangapiserver config/apiserver.yml apiserver.yml], + %w[eventgenerator eventgenerator config/eventgenerator.yml eventgenerator.yml], + %w[metricsforwarder metricsforwarder config/metricsforwarder.yml metricsforwarder.yml], + %w[metricsgateway metricsgateway config/metricsgateway.yml metricsgateway.yml], + %w[metricsserver metricsserver config/metricsserver.yml metricsserver.yml], + %w[operator operator config/operator.yml operator.yml], + %w[scalingengine scalingengine config/scalingengine.yml scalingengine.yml] + ].each do |service, release_job, config_file, properties_file| + context service do + context "health endpoint" do + before(:each) do + @properties = YAML.safe_load(fixture(properties_file).read) + @template = release.job(release_job).template(config_file) + @links = case service + when "eventgenerator" + [ Bosh::Template::Test::Link.new(name: "eventgenerator") ] + when "metricsgateway", "metricsserver" + [ Bosh::Template::Test::Link.new(name: "metricsserver") ] + else + [] + end + @rendered_template = YAML.safe_load(@template.render(@properties, consumes: @links)) + end + it "by default TLS is not configured" do + expect(@rendered_template["health"]["tls"]).to be_nil + end + + it "TLS can be enabled" do + service_config = (@properties["autoscaler"][service] ||= {}) + service_config["health"] = { + "ca_cert" => "SOME_CA", + "server_cert" => "SOME_CERT", + "server_key" => "SOME_KEY" + } + + rendered_template = YAML.safe_load(@template.render(@properties, consumes: @links)) + + expect(rendered_template["health"]["tls"]).not_to be_nil + expect(rendered_template["health"]["tls"]).to include({ + "key_file" => "/var/vcap/jobs/#{release_job}/config/certs/healthendpoint/server.key", + "ca_file" => "/var/vcap/jobs/#{release_job}/config/certs/healthendpoint/ca.crt", + "cert_file" => "/var/vcap/jobs/#{release_job}/config/certs/healthendpoint/server.crt" + }) + end + end + end + end +end diff --git a/src/autoscaler/api/brokerserver/broker_server.go b/src/autoscaler/api/brokerserver/broker_server.go index 148e98d595..bdd41c0773 100644 --- a/src/autoscaler/api/brokerserver/broker_server.go +++ b/src/autoscaler/api/brokerserver/broker_server.go @@ -2,28 +2,24 @@ package brokerserver import ( "encoding/json" - "fmt" "net/http" "os" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/api/broker" - - "code.cloudfoundry.org/app-autoscaler/src/autoscaler/helpers/handlers" - "code.cloudfoundry.org/app-autoscaler/src/autoscaler/routes" - + "code.cloudfoundry.org/app-autoscaler/src/autoscaler/api/config" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/cf" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/cred_helper" - - "code.cloudfoundry.org/app-autoscaler/src/autoscaler/api/config" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/db" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/healthendpoint" + "code.cloudfoundry.org/app-autoscaler/src/autoscaler/helpers" + "code.cloudfoundry.org/app-autoscaler/src/autoscaler/helpers/handlers" + "code.cloudfoundry.org/app-autoscaler/src/autoscaler/routes" "github.com/pivotal-cf/brokerapi/v10" "github.com/pivotal-cf/brokerapi/v10/domain" "code.cloudfoundry.org/lager/v3" "github.com/go-chi/chi/v5" "github.com/tedsuo/ifrit" - "github.com/tedsuo/ifrit/http_server" "golang.org/x/crypto/bcrypt" ) @@ -124,27 +120,7 @@ func NewBrokerServer(logger lager.Logger, conf *config.Config, bindingdb db.Bind r.HandleFunc(routes.BrokerHealthPath, GetHealth) - var addr string - if os.Getenv("APP_AUTOSCALER_TEST_RUN") == "true" { - addr = fmt.Sprintf("localhost:%d", conf.BrokerServer.Port) - } else { - addr = fmt.Sprintf("0.0.0.0:%d", conf.BrokerServer.Port) - } - - var runner ifrit.Runner - if (conf.BrokerServer.TLS.KeyFile == "") || (conf.BrokerServer.TLS.CertFile == "") { - runner = http_server.New(addr, r) - } else { - tlsConfig, err := conf.BrokerServer.TLS.CreateServerConfig() - if err != nil { - logger.Error("failed-new-server-new-tls-config", err, lager.Data{"tls": conf.BrokerServer.TLS}) - return nil, fmt.Errorf("broker server tls error: %w", err) - } - runner = http_server.NewTLSServer(addr, r, tlsConfig) - } - - logger.Info("broker-http-server-created", lager.Data{"serverConfig": conf.BrokerServer}) - return runner, nil + return helpers.NewHTTPServer(logger, conf.BrokerServer, r) } func restrictToMaxBcryptLength(logger lager.Logger, brokerCredential config.BrokerCredentialsConfig) config.BrokerCredentialsConfig { diff --git a/src/autoscaler/api/brokerserver/broker_server_suite_test.go b/src/autoscaler/api/brokerserver/broker_server_suite_test.go index 445f56a144..9101b44928 100644 --- a/src/autoscaler/api/brokerserver/broker_server_suite_test.go +++ b/src/autoscaler/api/brokerserver/broker_server_suite_test.go @@ -7,6 +7,7 @@ import ( "os" "strconv" + "code.cloudfoundry.org/app-autoscaler/src/autoscaler/helpers" "github.com/pivotal-cf/brokerapi/v10/domain" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/api/brokerserver" @@ -107,7 +108,7 @@ var _ = BeforeSuite(func() { brokerCreds = append(brokerCreds, brokerCred1, brokerCred2) conf = &config.Config{ - BrokerServer: config.ServerConfig{ + BrokerServer: helpers.ServerConfig{ Port: port, }, BrokerCredentials: brokerCreds, diff --git a/src/autoscaler/api/cmd/api/api_suite_test.go b/src/autoscaler/api/cmd/api/api_suite_test.go index c428510c63..9ff19646c3 100644 --- a/src/autoscaler/api/cmd/api/api_suite_test.go +++ b/src/autoscaler/api/cmd/api/api_suite_test.go @@ -10,6 +10,7 @@ import ( "time" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/cf/mocks" + "code.cloudfoundry.org/app-autoscaler/src/autoscaler/helpers" . "code.cloudfoundry.org/app-autoscaler/src/autoscaler/testhelpers" @@ -116,7 +117,7 @@ var _ = SynchronizedBeforeSuite(func() []byte { publicApiPort = 9000 + GinkgoParallelProcess() healthport = 7000 + GinkgoParallelProcess() - cfg.BrokerServer = config.ServerConfig{ + cfg.BrokerServer = helpers.ServerConfig{ Port: brokerPort, TLS: models.TLSCerts{ KeyFile: filepath.Join(testCertDir, "servicebroker.key"), @@ -124,7 +125,7 @@ var _ = SynchronizedBeforeSuite(func() []byte { CACertFile: filepath.Join(testCertDir, "autoscaler-ca.crt"), }, } - cfg.PublicApiServer = config.ServerConfig{ + cfg.PublicApiServer = helpers.ServerConfig{ Port: publicApiPort, TLS: models.TLSCerts{ KeyFile: filepath.Join(testCertDir, "api.key"), @@ -198,8 +199,10 @@ var _ = SynchronizedBeforeSuite(func() []byte { cfg.CF.ClientID = "client-id" cfg.CF.Secret = "client-secret" cfg.CF.SkipSSLValidation = true - cfg.Health = models.HealthConfig{ - Port: healthport, + cfg.Health = helpers.HealthConfig{ + ServerConfig: helpers.ServerConfig{ + Port: healthport, + }, HealthCheckUsername: "healthcheckuser", HealthCheckPassword: "healthcheckpassword", } diff --git a/src/autoscaler/api/cmd/api/api_test.go b/src/autoscaler/api/cmd/api/api_test.go index 65a18001d6..4dca136b86 100644 --- a/src/autoscaler/api/cmd/api/api_test.go +++ b/src/autoscaler/api/cmd/api/api_test.go @@ -122,8 +122,8 @@ var _ = Describe("Api", func() { runner.Start() }) It("should start both broker and public-api", func() { - Eventually(runner.Session.Buffer, 2*time.Second).Should(Say("api.broker_http_server.broker-http-server-created")) - Eventually(runner.Session.Buffer, 2*time.Second).Should(Say("api.public_api_http_server.public-api-http-server-created")) + Eventually(runner.Session.Buffer, 2*time.Second).Should(Say("api.broker_http_server.new-http-server")) + Eventually(runner.Session.Buffer, 2*time.Second).Should(Say("api.public_api_http_server.new-http-server")) Eventually(runner.Session.Buffer, 2*time.Second).Should(Say("api.started")) }) }) @@ -136,8 +136,8 @@ var _ = Describe("Api", func() { runner.Start() }) It("should start not start broker ", func() { - Eventually(runner.Session.Buffer, 2*time.Second).ShouldNot(Say("api.broker_http_server.broker-http-server-created")) - Eventually(runner.Session.Buffer, 2*time.Second).Should(Say("api.public_api_http_server.public-api-http-server-created")) + Eventually(runner.Session.Buffer, 2*time.Second).ShouldNot(Say("api.broker_http_server.new-http-server")) + Eventually(runner.Session.Buffer, 2*time.Second).Should(Say("api.public_api_http_server.new-http-server")) Eventually(runner.Session.Buffer, 2*time.Second).Should(Say("api.started")) }) }) diff --git a/src/autoscaler/api/config/config.go b/src/autoscaler/api/config/config.go index 06ddc09a59..c3b75f2321 100644 --- a/src/autoscaler/api/config/config.go +++ b/src/autoscaler/api/config/config.go @@ -26,16 +26,11 @@ const ( DefaultCPUUpperThreshold = 100 ) -type ServerConfig struct { - Port int `yaml:"port"` - TLS models.TLSCerts `yaml:"tls"` -} - -var defaultBrokerServerConfig = ServerConfig{ +var defaultBrokerServerConfig = helpers.ServerConfig{ Port: 8080, } -var defaultPublicApiServerConfig = ServerConfig{ +var defaultPublicApiServerConfig = helpers.ServerConfig{ Port: 8081, } @@ -86,8 +81,8 @@ type CPUConfig struct { type Config struct { Logging helpers.LoggingConfig `yaml:"logging"` - BrokerServer ServerConfig `yaml:"broker_server"` - PublicApiServer ServerConfig `yaml:"public_api_server"` + BrokerServer helpers.ServerConfig `yaml:"broker_server"` + PublicApiServer helpers.ServerConfig `yaml:"public_api_server"` DB map[string]db.DatabaseConfig `yaml:"db"` BrokerCredentials []BrokerCredentialsConfig `yaml:"broker_credentials"` APIClientId string `yaml:"api_client_id"` @@ -103,7 +98,7 @@ type Config struct { UseBuildInMode bool `yaml:"use_buildin_mode"` InfoFilePath string `yaml:"info_file_path"` MetricsForwarder MetricsForwarderConfig `yaml:"metrics_forwarder"` - Health models.HealthConfig `yaml:"health"` + Health helpers.HealthConfig `yaml:"health"` RateLimit models.RateLimitConfig `yaml:"rate_limit"` CredHelperImpl string `yaml:"cred_helper_impl"` StoredProcedureConfig *models.StoredProcedureConfig `yaml:"stored_procedure_binding_credential_config"` diff --git a/src/autoscaler/api/publicapiserver/public_api_server.go b/src/autoscaler/api/publicapiserver/public_api_server.go index a64454fed8..bd070f2f90 100644 --- a/src/autoscaler/api/publicapiserver/public_api_server.go +++ b/src/autoscaler/api/publicapiserver/public_api_server.go @@ -3,9 +3,9 @@ package publicapiserver import ( "fmt" "net/http" - "os" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/cred_helper" + "code.cloudfoundry.org/app-autoscaler/src/autoscaler/helpers" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/helpers/apis/scalinghistory" "go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux" @@ -20,7 +20,6 @@ import ( "code.cloudfoundry.org/lager/v3" "github.com/gorilla/mux" "github.com/tedsuo/ifrit" - "github.com/tedsuo/ifrit/http_server" ) type VarsFunc func(w http.ResponseWriter, r *http.Request, vars map[string]string) @@ -81,29 +80,7 @@ func NewPublicApiServer(logger lager.Logger, conf *config.Config, policydb db.Po rcredential.Get(routes.PublicApiCreateCredentialRouteName).Handler(VarsFunc(pah.CreateCredential)) rcredential.Get(routes.PublicApiDeleteCredentialRouteName).Handler(VarsFunc(pah.DeleteCredential)) - var addr string - if os.Getenv("APP_AUTOSCALER_TEST_RUN") == "true" { - addr = fmt.Sprintf("localhost:%d", conf.PublicApiServer.Port) - } else { - addr = fmt.Sprintf("0.0.0.0:%d", conf.PublicApiServer.Port) - } - - var runner ifrit.Runner - if (conf.PublicApiServer.TLS.KeyFile == "") || (conf.PublicApiServer.TLS.CertFile == "") { - logger.Info("creating-public-api-http-server") - runner = http_server.New(addr, r) - } else { - logger.Info("creating-public-api-https-server") - tlsConfig, err := conf.PublicApiServer.TLS.CreateServerConfig() - if err != nil { - logger.Error("failed-new-server-new-tls-config", err, lager.Data{"tls": conf.PublicApiServer.TLS}) - return nil, err - } - runner = http_server.NewTLSServer(addr, r, tlsConfig) - } - - logger.Info("public-api-http-server-created", lager.Data{"serverConfig": conf.PublicApiServer}) - return runner, nil + return helpers.NewHTTPServer(logger, conf.PublicApiServer, r) } func newScalingHistoryHandler(logger lager.Logger, conf *config.Config) (http.Handler, error) { diff --git a/src/autoscaler/api/publicapiserver/publicapiserver_suite_test.go b/src/autoscaler/api/publicapiserver/publicapiserver_suite_test.go index 2dd2e8c5bc..361b6412ba 100644 --- a/src/autoscaler/api/publicapiserver/publicapiserver_suite_test.go +++ b/src/autoscaler/api/publicapiserver/publicapiserver_suite_test.go @@ -181,7 +181,7 @@ func CreateConfig(useBuildInMode bool, apiServerPort int) *config.Config { Logging: helpers.LoggingConfig{ Level: "debug", }, - PublicApiServer: config.ServerConfig{ + PublicApiServer: helpers.ServerConfig{ Port: apiServerPort, }, PolicySchemaPath: "../policyvalidator/policy_json.schema.json", diff --git a/src/autoscaler/eventgenerator/cmd/eventgenerator/eventgenerator_suite_test.go b/src/autoscaler/eventgenerator/cmd/eventgenerator/eventgenerator_suite_test.go index 3da000bf6d..9f30510557 100644 --- a/src/autoscaler/eventgenerator/cmd/eventgenerator/eventgenerator_suite_test.go +++ b/src/autoscaler/eventgenerator/cmd/eventgenerator/eventgenerator_suite_test.go @@ -182,11 +182,13 @@ func initConfig() { Level: "debug", }, Server: config.ServerConfig{ - Port: egPort, - TLS: models.TLSCerts{ - KeyFile: filepath.Join(testCertDir, "eventgenerator.key"), - CertFile: filepath.Join(testCertDir, "eventgenerator.crt"), - CACertFile: filepath.Join(testCertDir, "autoscaler-ca.crt"), + ServerConfig: helpers.ServerConfig{ + Port: egPort, + TLS: models.TLSCerts{ + KeyFile: filepath.Join(testCertDir, "eventgenerator.key"), + CertFile: filepath.Join(testCertDir, "eventgenerator.crt"), + CACertFile: filepath.Join(testCertDir, "autoscaler-ca.crt"), + }, }, NodeAddrs: []string{"localhost"}, NodeIndex: 0, @@ -243,8 +245,10 @@ func initConfig() { DefaultBreachDurationSecs: 600, DefaultStatWindowSecs: 300, HttpClientTimeout: 10 * time.Second, - Health: models.HealthConfig{ - Port: healthport, + Health: helpers.HealthConfig{ + ServerConfig: helpers.ServerConfig{ + Port: healthport, + }, HealthCheckUsername: "healthcheckuser", HealthCheckPassword: "healthcheckpassword", }, diff --git a/src/autoscaler/eventgenerator/config/config.go b/src/autoscaler/eventgenerator/config/config.go index 4f04a19fe6..2374263ae6 100644 --- a/src/autoscaler/eventgenerator/config/config.go +++ b/src/autoscaler/eventgenerator/config/config.go @@ -34,10 +34,9 @@ const ( ) type ServerConfig struct { - Port int `yaml:"port"` - TLS models.TLSCerts `yaml:"tls"` - NodeAddrs []string `yaml:"node_addrs"` - NodeIndex int `yaml:"node_index"` + helpers.ServerConfig `yaml:",inline"` + NodeAddrs []string `yaml:"node_addrs"` + NodeIndex int `yaml:"node_index"` } type DBConfig struct { PolicyDB db.DatabaseConfig `yaml:"policy_db"` @@ -80,7 +79,7 @@ type CircuitBreakerConfig struct { type Config struct { Logging helpers.LoggingConfig `yaml:"logging"` Server ServerConfig `yaml:"server"` - Health models.HealthConfig `yaml:"health"` + Health helpers.HealthConfig `yaml:"health"` DB DBConfig `yaml:"db"` Aggregator AggregatorConfig `yaml:"aggregator"` Evaluator EvaluatorConfig `yaml:"evaluator"` @@ -98,10 +97,14 @@ func LoadConfig(config []byte) (*Config, error) { Level: DefaultLoggingLevel, }, Server: ServerConfig{ - Port: DefaultServerPort, + ServerConfig: helpers.ServerConfig{ + Port: DefaultServerPort, + }, }, - Health: models.HealthConfig{ - Port: DefaultHealthServerPort, + Health: helpers.HealthConfig{ + ServerConfig: helpers.ServerConfig{ + Port: DefaultHealthServerPort, + }, }, Aggregator: AggregatorConfig{ AggregatorExecuteInterval: DefaultAggregatorExecuteInterval, diff --git a/src/autoscaler/eventgenerator/config/config_test.go b/src/autoscaler/eventgenerator/config/config_test.go index 463f1651d4..9396f53254 100644 --- a/src/autoscaler/eventgenerator/config/config_test.go +++ b/src/autoscaler/eventgenerator/config/config_test.go @@ -94,17 +94,21 @@ circuitBreaker: Logging: helpers.LoggingConfig{Level: "info"}, HttpClientTimeout: 10 * time.Second, Server: ServerConfig{ - Port: 9080, - TLS: models.TLSCerts{ - KeyFile: "/var/vcap/jobs/autoscaler/config/certs/server.key", - CertFile: "/var/vcap/jobs/autoscaler/config/certs/server.crt", - CACertFile: "/var/vcap/jobs/autoscaler/config/certs/ca.crt", + ServerConfig: helpers.ServerConfig{ + Port: 9080, + TLS: models.TLSCerts{ + KeyFile: "/var/vcap/jobs/autoscaler/config/certs/server.key", + CertFile: "/var/vcap/jobs/autoscaler/config/certs/server.crt", + CACertFile: "/var/vcap/jobs/autoscaler/config/certs/ca.crt", + }, }, NodeAddrs: []string{"address1", "address2"}, NodeIndex: 1, }, - Health: models.HealthConfig{ - Port: 9999, + Health: helpers.HealthConfig{ + ServerConfig: helpers.ServerConfig{ + Port: 9999, + }, }, DB: DBConfig{ PolicyDB: db.DatabaseConfig{ @@ -225,11 +229,15 @@ defaultBreachDurationSecs: 600 Logging: helpers.LoggingConfig{Level: "info"}, HttpClientTimeout: 5 * time.Second, Server: ServerConfig{ - Port: 8080, - TLS: models.TLSCerts{}, + ServerConfig: helpers.ServerConfig{ + Port: 8080, + TLS: models.TLSCerts{}, + }, }, - Health: models.HealthConfig{ - Port: 8081, + Health: helpers.HealthConfig{ + ServerConfig: helpers.ServerConfig{ + Port: 8081, + }, }, DB: DBConfig{ PolicyDB: db.DatabaseConfig{ diff --git a/src/autoscaler/eventgenerator/server/server.go b/src/autoscaler/eventgenerator/server/server.go index 5ad5f5279e..440c688920 100644 --- a/src/autoscaler/eventgenerator/server/server.go +++ b/src/autoscaler/eventgenerator/server/server.go @@ -1,11 +1,10 @@ package server import ( - "fmt" "net/http" - "os" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/eventgenerator/aggregator" + "code.cloudfoundry.org/app-autoscaler/src/autoscaler/helpers" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/eventgenerator/config" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/healthendpoint" @@ -14,7 +13,6 @@ import ( "code.cloudfoundry.org/lager/v3" "github.com/gorilla/mux" "github.com/tedsuo/ifrit" - "github.com/tedsuo/ifrit/http_server" ) type VarsFunc func(w http.ResponseWriter, r *http.Request, vars map[string]string) @@ -31,25 +29,10 @@ func NewServer(logger lager.Logger, conf *config.Config, queryAppMetric aggregat r.Use(httpStatusCollectMiddleware.Collect) r.Get(routes.GetAggregatedMetricHistoriesRouteName).Handler(VarsFunc(eh.GetAggregatedMetricHistories)) - var addr string - if os.Getenv("APP_AUTOSCALER_TEST_RUN") == "true" { - addr = fmt.Sprintf("localhost:%d", conf.Server.Port) - } else { - addr = fmt.Sprintf("0.0.0.0:%d", conf.Server.Port) + httpServerConfig := helpers.ServerConfig{ + Port: conf.Server.Port, + TLS: conf.Server.TLS, } - var runner ifrit.Runner - if (conf.Server.TLS.KeyFile == "") || (conf.Server.TLS.CertFile == "") { - runner = http_server.New(addr, r) - } else { - tlsConfig, err := conf.Server.TLS.CreateServerConfig() - if err != nil { - logger.Error("failed-new-server-new-tls-config", err, lager.Data{"tls": conf.Server.TLS}) - return nil, fmt.Errorf("eventGenerator tls config error: %w", err) - } - runner = http_server.NewTLSServer(addr, r, tlsConfig) - } - - logger.Info("http-server-created", lager.Data{"serverConfig": conf.Server}) - return runner, nil + return helpers.NewHTTPServer(logger, httpServerConfig, r) } diff --git a/src/autoscaler/eventgenerator/server/server_suite_test.go b/src/autoscaler/eventgenerator/server/server_suite_test.go index 4269ca08e5..0868c4d8c4 100644 --- a/src/autoscaler/eventgenerator/server/server_suite_test.go +++ b/src/autoscaler/eventgenerator/server/server_suite_test.go @@ -5,6 +5,7 @@ import ( "code.cloudfoundry.org/app-autoscaler/src/autoscaler/eventgenerator/config" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/eventgenerator/server" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/fakes" + "code.cloudfoundry.org/app-autoscaler/src/autoscaler/helpers" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/models" "net/url" @@ -32,7 +33,9 @@ var _ = BeforeSuite(func() { port := 1111 + GinkgoParallelProcess() conf := &config.Config{ Server: config.ServerConfig{ - Port: port, + ServerConfig: helpers.ServerConfig{ + Port: port, + }, }, } queryAppMetrics := func(appID string, metricType string, start int64, end int64, orderType db.OrderType) ([]*models.AppMetric, error) { diff --git a/src/autoscaler/healthendpoint/health_readiness_test.go b/src/autoscaler/healthendpoint/health_readiness_test.go index d552880454..bc8ba15c6f 100644 --- a/src/autoscaler/healthendpoint/health_readiness_test.go +++ b/src/autoscaler/healthendpoint/health_readiness_test.go @@ -8,8 +8,7 @@ import ( "sync/atomic" "time" - "code.cloudfoundry.org/app-autoscaler/src/autoscaler/models" - + "code.cloudfoundry.org/app-autoscaler/src/autoscaler/helpers" "github.com/pkg/errors" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/healthendpoint" @@ -40,7 +39,7 @@ var _ = Describe("Health Readiness", func() { healthRoute *mux.Router logger lager.Logger checkers []healthendpoint.Checker - config models.HealthConfig + config helpers.HealthConfig timesetter *time.Time ) diff --git a/src/autoscaler/healthendpoint/server.go b/src/autoscaler/healthendpoint/server.go index 6ab165237d..81d4d3186f 100644 --- a/src/autoscaler/healthendpoint/server.go +++ b/src/autoscaler/healthendpoint/server.go @@ -1,14 +1,11 @@ package healthendpoint import ( - "fmt" "net/http" "net/http/pprof" - "os" "time" - "code.cloudfoundry.org/app-autoscaler/src/autoscaler/models" - + "code.cloudfoundry.org/app-autoscaler/src/autoscaler/helpers" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/metricsforwarder/server/common" "code.cloudfoundry.org/lager/v3" @@ -16,7 +13,6 @@ import ( "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/promhttp" "github.com/tedsuo/ifrit" - "github.com/tedsuo/ifrit/http_server" "golang.org/x/crypto/bcrypt" ) @@ -41,23 +37,19 @@ func (bam *basicAuthenticationMiddleware) middleware(next http.Handler) http.Han // NewServerWithBasicAuth open the healthcheck port with basic authentication. // Make sure that username and password is not empty -func NewServerWithBasicAuth(conf models.HealthConfig, healthCheckers []Checker, logger lager.Logger, gatherer prometheus.Gatherer, time func() time.Time) (ifrit.Runner, error) { +func NewServerWithBasicAuth(conf helpers.HealthConfig, healthCheckers []Checker, logger lager.Logger, gatherer prometheus.Gatherer, time func() time.Time) (ifrit.Runner, error) { healthRouter, err := NewHealthRouter(conf, healthCheckers, logger, gatherer, time) if err != nil { return nil, err } - var addr string - if os.Getenv("APP_AUTOSCALER_TEST_RUN") == "true" { - addr = fmt.Sprintf("localhost:%d", conf.Port) - } else { - addr = fmt.Sprintf("0.0.0.0:%d", conf.Port) + httpServerConfig := helpers.ServerConfig{ + Port: conf.Port, + TLS: conf.TLS, } - - logger.Info("new-health-server-basic-auth", lager.Data{"addr": addr}) - return http_server.New(addr, healthRouter), nil + return helpers.NewHTTPServer(logger, httpServerConfig, healthRouter) } -func NewHealthRouter(conf models.HealthConfig, healthCheckers []Checker, logger lager.Logger, gatherer prometheus.Gatherer, time func() time.Time) (*mux.Router, error) { +func NewHealthRouter(conf helpers.HealthConfig, healthCheckers []Checker, logger lager.Logger, gatherer prometheus.Gatherer, time func() time.Time) (*mux.Router, error) { var healthRouter *mux.Router var err error username := conf.HealthCheckUsername @@ -80,7 +72,7 @@ func NewHealthRouter(conf models.HealthConfig, healthCheckers []Checker, logger return healthRouter, nil } -func healthBasicAuthRouter(conf models.HealthConfig, healthCheckers []Checker, logger lager.Logger, gatherer prometheus.Gatherer, time func() time.Time) (*mux.Router, error) { +func healthBasicAuthRouter(conf helpers.HealthConfig, healthCheckers []Checker, logger lager.Logger, gatherer prometheus.Gatherer, time func() time.Time) (*mux.Router, error) { basicAuthentication, err := createBasicAuthMiddleware(logger, conf.HealthCheckUsernameHash, conf.HealthCheckUsername, conf.HealthCheckPasswordHash, conf.HealthCheckPassword) if err != nil { return nil, err diff --git a/src/autoscaler/models/health.go b/src/autoscaler/helpers/health.go similarity index 96% rename from src/autoscaler/models/health.go rename to src/autoscaler/helpers/health.go index 30d073e7ce..6631359ba7 100644 --- a/src/autoscaler/models/health.go +++ b/src/autoscaler/helpers/health.go @@ -1,4 +1,4 @@ -package models +package helpers import ( "fmt" @@ -7,7 +7,7 @@ import ( ) type HealthConfig struct { - Port int `yaml:"port"` + ServerConfig `yaml:",inline"` HealthCheckUsername string `yaml:"username"` HealthCheckUsernameHash string `yaml:"username_hash"` HealthCheckPassword string `yaml:"password"` diff --git a/src/autoscaler/models/health_test.go b/src/autoscaler/helpers/health_test.go similarity index 81% rename from src/autoscaler/models/health_test.go rename to src/autoscaler/helpers/health_test.go index eb2c9799ff..5a3a411b88 100644 --- a/src/autoscaler/models/health_test.go +++ b/src/autoscaler/helpers/health_test.go @@ -1,11 +1,11 @@ -package models_test +package helpers_test import ( "errors" + "code.cloudfoundry.org/app-autoscaler/src/autoscaler/helpers" . "code.cloudfoundry.org/app-autoscaler/src/autoscaler/testhelpers" - "code.cloudfoundry.org/app-autoscaler/src/autoscaler/models" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "gopkg.in/yaml.v3" @@ -13,13 +13,13 @@ import ( var ( healthConfigBytes []byte - healthConfig models.HealthConfig + healthConfig helpers.HealthConfig ) var _ = Describe("Health Config", func() { BeforeEach(func() { healthConfigBytes = []byte{} - healthConfig = models.HealthConfig{} + healthConfig = helpers.HealthConfig{} }) When("Readiness is not supplied", func() { @@ -37,8 +37,10 @@ readiness_enabled: false err = healthConfig.Validate() Expect(err).ToNot(HaveOccurred()) - Expect(healthConfig).To(Equal(models.HealthConfig{ - Port: 9999, + Expect(healthConfig).To(Equal(helpers.HealthConfig{ + ServerConfig: helpers.ServerConfig{ + Port: 9999, + }, HealthCheckUsername: "test-username", HealthCheckPassword: "password", ReadinessCheckEnabled: false, @@ -60,8 +62,10 @@ readiness_enabled: true err = healthConfig.Validate() Expect(err).ToNot(HaveOccurred()) - Expect(healthConfig).To(Equal(models.HealthConfig{ - Port: 9999, + Expect(healthConfig).To(Equal(helpers.HealthConfig{ + ServerConfig: helpers.ServerConfig{ + Port: 9999, + }, HealthCheckUsername: "test-username", HealthCheckPassword: "password", ReadinessCheckEnabled: true, @@ -83,7 +87,7 @@ password_hash: password_hash FailOnError("unable to unmarshal to health config", err) err = healthConfig.Validate() Expect(err).To(HaveOccurred()) - Expect(errors.Is(err, models.ErrConfiguration)).To(BeTrue()) + Expect(errors.Is(err, helpers.ErrConfiguration)).To(BeTrue()) Expect(err.Error()).To(Equal("configuration error: both healthcheck password and healthcheck password_hash are provided, please provide only one of them")) }) }) diff --git a/src/autoscaler/helpers/http_server.go b/src/autoscaler/helpers/http_server.go new file mode 100644 index 0000000000..20651246ca --- /dev/null +++ b/src/autoscaler/helpers/http_server.go @@ -0,0 +1,39 @@ +package helpers + +import ( + "fmt" + "net/http" + "os" + + "code.cloudfoundry.org/app-autoscaler/src/autoscaler/models" + "code.cloudfoundry.org/lager/v3" + "github.com/tedsuo/ifrit" + "github.com/tedsuo/ifrit/http_server" +) + +type ServerConfig struct { + Port int `yaml:"port"` + TLS models.TLSCerts `yaml:"tls"` +} + +func NewHTTPServer(logger lager.Logger, conf ServerConfig, handler http.Handler) (ifrit.Runner, error) { + var addr string + if os.Getenv("APP_AUTOSCALER_TEST_RUN") == "true" { + addr = fmt.Sprintf("localhost:%d", conf.Port) + } else { + addr = fmt.Sprintf("0.0.0.0:%d", conf.Port) + } + + logger.Info("new-http-server", lager.Data{"serverConfig": conf}) + + if (conf.TLS.KeyFile != "") && (conf.TLS.CertFile != "") { + tlsConfig, err := conf.TLS.CreateServerConfig() + if err != nil { + logger.Error("failed-new-server-new-tls-config", err, lager.Data{"tls": conf.TLS}) + return nil, fmt.Errorf("server tls config error: %w", err) + } + return http_server.NewTLSServer(addr, handler, tlsConfig), nil + } + + return http_server.New(addr, handler), nil +} diff --git a/src/autoscaler/integration/components_test.go b/src/autoscaler/integration/components_test.go index 79419cb79b..6031ed1587 100644 --- a/src/autoscaler/integration/components_test.go +++ b/src/autoscaler/integration/components_test.go @@ -213,7 +213,7 @@ func (components *Components) PrepareGolangApiServerConfig(dbURI string, publicA Logging: helpers.LoggingConfig{ Level: LOGLEVEL, }, - PublicApiServer: apiConfig.ServerConfig{ + PublicApiServer: helpers.ServerConfig{ Port: publicApiPort, TLS: models.TLSCerts{ KeyFile: filepath.Join(testCertDir, "api.key"), @@ -221,7 +221,7 @@ func (components *Components) PrepareGolangApiServerConfig(dbURI string, publicA CACertFile: filepath.Join(testCertDir, "autoscaler-ca.crt"), }, }, - BrokerServer: apiConfig.ServerConfig{ + BrokerServer: helpers.ServerConfig{ Port: brokerPort, TLS: models.TLSCerts{ KeyFile: filepath.Join(testCertDir, "servicebroker.key"), @@ -392,11 +392,13 @@ func (components *Components) PrepareEventGeneratorConfig(dbUri string, port int Level: LOGLEVEL, }, Server: egConfig.ServerConfig{ - Port: port, - TLS: models.TLSCerts{ - KeyFile: filepath.Join(testCertDir, "eventgenerator.key"), - CertFile: filepath.Join(testCertDir, "eventgenerator.crt"), - CACertFile: filepath.Join(testCertDir, "autoscaler-ca.crt"), + ServerConfig: helpers.ServerConfig{ + Port: port, + TLS: models.TLSCerts{ + KeyFile: filepath.Join(testCertDir, "eventgenerator.key"), + CertFile: filepath.Join(testCertDir, "eventgenerator.crt"), + CACertFile: filepath.Join(testCertDir, "autoscaler-ca.crt"), + }, }, NodeAddrs: []string{"localhost"}, NodeIndex: 0, @@ -453,7 +455,7 @@ func (components *Components) PrepareScalingEngineConfig(dbURI string, port int, ClientID: "admin", Secret: "admin", }, - Server: seConfig.ServerConfig{ + Server: helpers.ServerConfig{ Port: port, TLS: models.TLSCerts{ KeyFile: filepath.Join(testCertDir, "scalingengine.key"), @@ -632,7 +634,7 @@ func (components *Components) PrepareMetricsServerConfig(dbURI string, httpClien EnvelopeChannelSize: 100, MetricChannelSize: 100, }, - Server: msConfig.ServerConfig{ + Server: helpers.ServerConfig{ Port: httpServerPort, TLS: models.TLSCerts{ KeyFile: filepath.Join(testCertDir, "metricserver.key"), diff --git a/src/autoscaler/metricsforwarder/config/config.go b/src/autoscaler/metricsforwarder/config/config.go index d6e6f3b9d0..60c6e6d164 100644 --- a/src/autoscaler/metricsforwarder/config/config.go +++ b/src/autoscaler/metricsforwarder/config/config.go @@ -23,28 +23,26 @@ const ( type Config struct { Logging helpers.LoggingConfig `yaml:"logging"` - Server ServerConfig `yaml:"server"` + Server helpers.ServerConfig `yaml:"server"` LoggregatorConfig LoggregatorConfig `yaml:"loggregator"` Db map[string]db.DatabaseConfig `yaml:"db"` CacheTTL time.Duration `yaml:"cache_ttl"` CacheCleanupInterval time.Duration `yaml:"cache_cleanup_interval"` PolicyPollerInterval time.Duration `yaml:"policy_poller_interval"` - Health models.HealthConfig `yaml:"health"` + Health helpers.HealthConfig `yaml:"health"` RateLimit models.RateLimitConfig `yaml:"rate_limit"` CredHelperImpl string `yaml:"cred_helper_impl"` StoredProcedureConfig *models.StoredProcedureConfig `yaml:"stored_procedure_binding_credential_config"` } -type ServerConfig struct { - Port int `yaml:"port"` -} - -var defaultServerConfig = ServerConfig{ +var defaultServerConfig = helpers.ServerConfig{ Port: 6110, } -var defaultHealthConfig = models.HealthConfig{ - Port: 8081, +var defaultHealthConfig = helpers.HealthConfig{ + ServerConfig: helpers.ServerConfig{ + Port: 8081, + }, } var defaultLoggingConfig = helpers.LoggingConfig{ diff --git a/src/autoscaler/metricsforwarder/forwarder/forwarder_test.go b/src/autoscaler/metricsforwarder/forwarder/forwarder_test.go index 5891d1f335..2f967a4d99 100644 --- a/src/autoscaler/metricsforwarder/forwarder/forwarder_test.go +++ b/src/autoscaler/metricsforwarder/forwarder/forwarder_test.go @@ -50,7 +50,7 @@ var _ = Describe("MetricForwarder", func() { CACertFile: filepath.Join(testCertDir, "loggregator-ca.crt"), }, } - serverConfig := config.ServerConfig{ + serverConfig := helpers.ServerConfig{ Port: 10000 + GinkgoParallelProcess(), } diff --git a/src/autoscaler/metricsforwarder/server/auth/auth_suite_test.go b/src/autoscaler/metricsforwarder/server/auth/auth_suite_test.go index a5c756d8d4..e6c49bbbc5 100644 --- a/src/autoscaler/metricsforwarder/server/auth/auth_suite_test.go +++ b/src/autoscaler/metricsforwarder/server/auth/auth_suite_test.go @@ -61,7 +61,7 @@ var _ = SynchronizedBeforeSuite(func() []byte { }, MetronAddress: "invalid-host-name-blah:12345", } - serverConfig := config.ServerConfig{ + serverConfig := helpers.ServerConfig{ Port: 2222 + GinkgoParallelProcess(), } diff --git a/src/autoscaler/metricsforwarder/server/server.go b/src/autoscaler/metricsforwarder/server/server.go index 7dedf47a1b..36b531d234 100644 --- a/src/autoscaler/metricsforwarder/server/server.go +++ b/src/autoscaler/metricsforwarder/server/server.go @@ -7,6 +7,7 @@ import ( "code.cloudfoundry.org/app-autoscaler/src/autoscaler/cred_helper" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/db" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/healthendpoint" + "code.cloudfoundry.org/app-autoscaler/src/autoscaler/helpers" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/metricsforwarder/config" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/metricsforwarder/forwarder" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/metricsforwarder/server/auth" @@ -17,7 +18,6 @@ import ( "code.cloudfoundry.org/lager/v3" "github.com/patrickmn/go-cache" "github.com/tedsuo/ifrit" - "github.com/tedsuo/ifrit/http_server" ) func NewServer(logger lager.Logger, conf *config.Config, policyDB db.PolicyDB, credentials cred_helper.Credentials, allowedMetricCache cache.Cache, httpStatusCollector healthendpoint.HTTPStatusCollector, rateLimiter ratelimiter.Limiter) (ifrit.Runner, error) { @@ -41,15 +41,5 @@ func NewServer(logger lager.Logger, conf *config.Config, policyDB db.PolicyDB, c r.Use(authenticator.Authenticate) r.Get(routes.PostCustomMetricsRouteName).Handler(common.VarsFunc(mh.VerifyCredentialsAndPublishMetrics)) - var addr string - if os.Getenv("APP_AUTOSCALER_TEST_RUN") == "true" { - addr = fmt.Sprintf("localhost:%d", conf.Server.Port) - } else { - addr = fmt.Sprintf("0.0.0.0:%d", conf.Server.Port) - } - - runner := http_server.New(addr, r) - - logger.Info("metrics-forwarder-http-server-created", lager.Data{"config": conf}) - return runner, nil + return helpers.NewHTTPServer(logger, conf.Server, r) } diff --git a/src/autoscaler/metricsforwarder/server/server_suite_test.go b/src/autoscaler/metricsforwarder/server/server_suite_test.go index 87320ddbe5..827209fd79 100644 --- a/src/autoscaler/metricsforwarder/server/server_suite_test.go +++ b/src/autoscaler/metricsforwarder/server/server_suite_test.go @@ -60,7 +60,7 @@ var _ = SynchronizedBeforeSuite(func() []byte { }, MetronAddress: "invalid-host-name-blah:12345", } - serverConfig := config.ServerConfig{ + serverConfig := helpers.ServerConfig{ Port: 2222 + GinkgoParallelProcess(), } diff --git a/src/autoscaler/metricsgateway/cmd/metricsgateway/metricsgateway_suite_test.go b/src/autoscaler/metricsgateway/cmd/metricsgateway/metricsgateway_suite_test.go index d8b7977cf5..de8c8607b7 100644 --- a/src/autoscaler/metricsgateway/cmd/metricsgateway/metricsgateway_suite_test.go +++ b/src/autoscaler/metricsgateway/cmd/metricsgateway/metricsgateway_suite_test.go @@ -176,8 +176,10 @@ func initConfig() { CACertFile: caPath, }, }, - Health: models.HealthConfig{ - Port: healthport, + Health: helpers.HealthConfig{ + ServerConfig: helpers.ServerConfig{ + Port: healthport, + }, HealthCheckUsername: "metricsgatewayhealthcheckuser", HealthCheckPassword: "metricsgatewayhealthcheckpassword", }, diff --git a/src/autoscaler/metricsgateway/config/config.go b/src/autoscaler/metricsgateway/config/config.go index 300b3a2e8e..232f1a8b9c 100644 --- a/src/autoscaler/metricsgateway/config/config.go +++ b/src/autoscaler/metricsgateway/config/config.go @@ -58,7 +58,7 @@ type Config struct { AppManager AppManagerConfig `yaml:"app_manager"` Emitter EmitterConfig `yaml:"emitter"` Nozzle NozzleConfig `yaml:"nozzle"` - Health models.HealthConfig `yaml:"health"` + Health helpers.HealthConfig `yaml:"health"` } func LoadConfig(config []byte) (*Config, error) { diff --git a/src/autoscaler/metricsgateway/config/config_test.go b/src/autoscaler/metricsgateway/config/config_test.go index 4218d9b3bf..20e3c7fd87 100644 --- a/src/autoscaler/metricsgateway/config/config_test.go +++ b/src/autoscaler/metricsgateway/config/config_test.go @@ -842,8 +842,10 @@ health: CACertFile: "autoscaler_ca.cert", }, }, - Health: models.HealthConfig{ - Port: 8081, + Health: helpers.HealthConfig{ + ServerConfig: helpers.ServerConfig{ + Port: 8081, + }, }, } }) diff --git a/src/autoscaler/metricsserver/collector/collector_suite_test.go b/src/autoscaler/metricsserver/collector/collector_suite_test.go index 029dc194a2..b6fbb059e5 100644 --- a/src/autoscaler/metricsserver/collector/collector_suite_test.go +++ b/src/autoscaler/metricsserver/collector/collector_suite_test.go @@ -6,6 +6,7 @@ import ( "strconv" "time" + "code.cloudfoundry.org/app-autoscaler/src/autoscaler/helpers" "github.com/tedsuo/ifrit/ginkgomon_v2" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/db" @@ -41,7 +42,9 @@ var _ = BeforeSuite(func() { port := 1111 + GinkgoParallelProcess() serverConf := &collector.ServerConfig{ - Port: port, + ServerConfig: helpers.ServerConfig{ + Port: port, + }, NodeAddrs: []string{fmt.Sprintf("%s:%d", "localhost", port)}, NodeIndex: 0, } diff --git a/src/autoscaler/metricsserver/collector/config.go b/src/autoscaler/metricsserver/collector/config.go index 74c0a8f0a7..aa30608133 100644 --- a/src/autoscaler/metricsserver/collector/config.go +++ b/src/autoscaler/metricsserver/collector/config.go @@ -3,22 +3,23 @@ package collector import ( "fmt" + "code.cloudfoundry.org/app-autoscaler/src/autoscaler/helpers" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/metricsserver/config" - "code.cloudfoundry.org/app-autoscaler/src/autoscaler/models" ) // ServerConfig a type to wrap both the config.ServerConfig and config.Config data. type ServerConfig struct { - Port int `yaml:"port"` - TLS models.TLSCerts `yaml:"tls"` - NodeAddrs []string `yaml:"node_addrs"` - NodeIndex int `yaml:"node_index"` + helpers.ServerConfig `yaml:",inline"` + NodeAddrs []string `yaml:"node_addrs"` + NodeIndex int `yaml:"node_index"` } func FromConfig(config *config.Config) ServerConfig { return ServerConfig{ - Port: config.Server.Port, - TLS: config.Server.TLS, + ServerConfig: helpers.ServerConfig{ + Port: config.Server.Port, + TLS: config.Server.TLS, + }, NodeAddrs: withPort(config.NodeAddrs, config.Server.Port), NodeIndex: config.NodeIndex, } diff --git a/src/autoscaler/metricsserver/collector/server.go b/src/autoscaler/metricsserver/collector/server.go index 5236d41fca..802ab74345 100644 --- a/src/autoscaler/metricsserver/collector/server.go +++ b/src/autoscaler/metricsserver/collector/server.go @@ -1,17 +1,15 @@ package collector import ( - "fmt" "net/http" - "os" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/healthendpoint" + "code.cloudfoundry.org/app-autoscaler/src/autoscaler/helpers" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/routes" "code.cloudfoundry.org/lager/v3" "github.com/gorilla/mux" "github.com/tedsuo/ifrit" - "github.com/tedsuo/ifrit/http_server" ) type VarsFunc func(w http.ResponseWriter, r *http.Request, vars map[string]string) @@ -29,25 +27,10 @@ func NewServer(logger lager.Logger, serverConfig *ServerConfig, query MetricQuer r.Use(httpStatusCollectMiddleware.Collect) r.Get(routes.GetMetricHistoriesRouteName).Handler(VarsFunc(mh.GetMetricHistories)) - var addr string - if os.Getenv("APP_AUTOSCALER_TEST_RUN") == "true" { - addr = fmt.Sprintf("localhost:%d", serverConfig.Port) - } else { - addr = fmt.Sprintf("0.0.0.0:%d", serverConfig.Port) + httpServerConfig := helpers.ServerConfig{ + Port: serverConfig.Port, + TLS: serverConfig.TLS, } - var runner ifrit.Runner - if (serverConfig.TLS.KeyFile == "") || (serverConfig.TLS.CertFile == "") { - runner = http_server.New(addr, r) - } else { - tlsConfig, err := serverConfig.TLS.CreateServerConfig() - if err != nil { - logger.Error("failed-new-server-new-tls-config", err, lager.Data{"tls": serverConfig.TLS}) - return nil, fmt.Errorf("metrics collector tls error: %w", err) - } - runner = http_server.NewTLSServer(addr, r, tlsConfig) - } - - logger.Info("http-server-created", lager.Data{"serverConfig": serverConfig}) - return runner, nil + return helpers.NewHTTPServer(logger, httpServerConfig, r) } diff --git a/src/autoscaler/metricsserver/collector/ws_server.go b/src/autoscaler/metricsserver/collector/ws_server.go index fc88aacbdf..b788575750 100644 --- a/src/autoscaler/metricsserver/collector/ws_server.go +++ b/src/autoscaler/metricsserver/collector/ws_server.go @@ -1,39 +1,24 @@ package collector import ( - "fmt" - "os" "time" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/healthendpoint" + "code.cloudfoundry.org/app-autoscaler/src/autoscaler/helpers" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/models" "code.cloudfoundry.org/go-loggregator/v9/rpc/loggregator_v2" "code.cloudfoundry.org/lager/v3" "github.com/tedsuo/ifrit" - "github.com/tedsuo/ifrit/http_server" ) func NewWSServer(logger lager.Logger, tls models.TLSCerts, port int, keepAlive time.Duration, envelopeChannels []chan *loggregator_v2.Envelope, httpStatusCollector healthendpoint.HTTPStatusCollector) (ifrit.Runner, error) { wsHandler := NewWSMessageHandler(logger.Session("ws_handler"), envelopeChannels, keepAlive) - var addr string - if os.Getenv("APP_AUTOSCALER_TEST_RUN") == "true" { - addr = fmt.Sprintf("localhost:%d", port) - } else { - addr = fmt.Sprintf("0.0.0.0:%d", port) - } - var runner ifrit.Runner - if (tls.KeyFile == "") || (tls.CertFile == "") { - runner = http_server.New(addr, wsHandler) - } else { - tlsConfig, err := tls.CreateServerConfig() - if err != nil { - logger.Error("failed-new-websocket-server-new-tls-config", err) - return nil, fmt.Errorf("ws server tls config error:%w", err) - } - runner = http_server.NewTLSServer(addr, wsHandler, tlsConfig) + httpServerConfig := helpers.ServerConfig{ + Port: port, + TLS: tls, } - logger.Info("websocket-server-created", lager.Data{"port": port}) - return runner, nil + + return helpers.NewHTTPServer(logger, httpServerConfig, wsHandler) } diff --git a/src/autoscaler/metricsserver/config/config.go b/src/autoscaler/metricsserver/config/config.go index 5c86669062..85a5b671f3 100644 --- a/src/autoscaler/metricsserver/config/config.go +++ b/src/autoscaler/metricsserver/config/config.go @@ -49,11 +49,6 @@ type CollectorConfig struct { MetricChannelSize int `yaml:"metric_channel_size"` } -type ServerConfig struct { - Port int `yaml:"port"` - TLS models.TLSCerts `yaml:"tls"` -} - type Config struct { Logging helpers.LoggingConfig `yaml:"logging"` HttpClientTimeout time.Duration `yaml:"http_client_timeout"` @@ -61,8 +56,8 @@ type Config struct { NodeIndex int `yaml:"node_index"` DB DBConfig `yaml:"db"` Collector CollectorConfig `yaml:"collector"` - Server ServerConfig `yaml:"server"` - Health models.HealthConfig `yaml:"health"` + Server helpers.ServerConfig `yaml:"server"` + Health helpers.HealthConfig `yaml:"health"` } func LoadConfig(reader io.Reader) (*Config, error) { @@ -71,8 +66,10 @@ func LoadConfig(reader io.Reader) (*Config, error) { Level: DefaultLoggingLevel, }, HttpClientTimeout: DefaultHttpClientTimeout, - Health: models.HealthConfig{ - Port: DefaultHealthPort, + Health: helpers.HealthConfig{ + ServerConfig: helpers.ServerConfig{ + Port: DefaultHealthPort, + }, }, Collector: CollectorConfig{ WSPort: DefaultWSPort, @@ -86,7 +83,7 @@ func LoadConfig(reader io.Reader) (*Config, error) { EnvelopeChannelSize: DefaultEnvelopeChannelSize, MetricChannelSize: DefaultMetricChannelSize, }, - Server: ServerConfig{ + Server: helpers.ServerConfig{ Port: DefaultHTTPServerPort, }, } diff --git a/src/autoscaler/operator/config/config.go b/src/autoscaler/operator/config/config.go index d7220cd775..b1b25d025e 100644 --- a/src/autoscaler/operator/config/config.go +++ b/src/autoscaler/operator/config/config.go @@ -58,13 +58,15 @@ type AppSyncerConfig struct { SyncInterval time.Duration `yaml:"sync_interval"` } -var defaultHealthConfig = models.HealthConfig{ - Port: 8081, +var defaultHealthConfig = helpers.HealthConfig{ + ServerConfig: helpers.ServerConfig{ + Port: 8081, + }, } type Config struct { CF cf.Config `yaml:"cf"` - Health models.HealthConfig `yaml:"health"` + Health helpers.HealthConfig `yaml:"health"` Logging helpers.LoggingConfig `yaml:"logging"` InstanceMetricsDB DbPrunerConfig `yaml:"instance_metrics_db"` AppMetricsDB DbPrunerConfig `yaml:"app_metrics_db"` diff --git a/src/autoscaler/scalingengine/cmd/scalingengine/scalingengine_test.go b/src/autoscaler/scalingengine/cmd/scalingengine/scalingengine_test.go index 7ecab4a3d8..2da28f1adc 100644 --- a/src/autoscaler/scalingengine/cmd/scalingengine/scalingengine_test.go +++ b/src/autoscaler/scalingengine/cmd/scalingengine/scalingengine_test.go @@ -51,7 +51,7 @@ var _ = Describe("Main", func() { }) It("health server starts directly", func() { - Eventually(runner.Session.Buffer, 2*time.Second).Should(gbytes.Say("scalingengine.health-server.new-health-server")) + Eventually(runner.Session.Buffer, 2*time.Second).Should(gbytes.Say("scalingengine.health-server.new-http-server")) }) }) diff --git a/src/autoscaler/scalingengine/config/config.go b/src/autoscaler/scalingengine/config/config.go index d7c31b5598..15ee855b6e 100644 --- a/src/autoscaler/scalingengine/config/config.go +++ b/src/autoscaler/scalingengine/config/config.go @@ -11,7 +11,6 @@ import ( "code.cloudfoundry.org/app-autoscaler/src/autoscaler/cf" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/db" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/helpers" - "code.cloudfoundry.org/app-autoscaler/src/autoscaler/models" ) const ( @@ -22,17 +21,14 @@ var defaultCFConfig = cf.Config{ ClientConfig: cf.ClientConfig{SkipSSLValidation: false}, } -type ServerConfig struct { - Port int `yaml:"port"` - TLS models.TLSCerts `yaml:"tls"` -} - -var defaultServerConfig = ServerConfig{ +var defaultServerConfig = helpers.ServerConfig{ Port: 8080, } -var defaultHealthConfig = models.HealthConfig{ - Port: 8081, +var defaultHealthConfig = helpers.HealthConfig{ + ServerConfig: helpers.ServerConfig{ + Port: 8081, + }, } var defaultLoggingConfig = helpers.LoggingConfig{ @@ -52,8 +48,8 @@ type SynchronizerConfig struct { type Config struct { CF cf.Config `yaml:"cf"` Logging helpers.LoggingConfig `yaml:"logging"` - Server ServerConfig `yaml:"server"` - Health models.HealthConfig `yaml:"health"` + Server helpers.ServerConfig `yaml:"server"` + Health helpers.HealthConfig `yaml:"health"` DB DBConfig `yaml:"db"` DefaultCoolDownSecs int `yaml:"defaultCoolDownSecs"` LockSize int `yaml:"lockSize"` diff --git a/src/autoscaler/scalingengine/server/server.go b/src/autoscaler/scalingengine/server/server.go index e424c36063..b9133179d1 100644 --- a/src/autoscaler/scalingengine/server/server.go +++ b/src/autoscaler/scalingengine/server/server.go @@ -1,10 +1,9 @@ package server import ( - "os" - "code.cloudfoundry.org/app-autoscaler/src/autoscaler/db" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/healthendpoint" + "code.cloudfoundry.org/app-autoscaler/src/autoscaler/helpers" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/helpers/apis/scalinghistory" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/routes" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/scalingengine" @@ -14,7 +13,6 @@ import ( "code.cloudfoundry.org/lager/v3" "github.com/gorilla/mux" "github.com/tedsuo/ifrit" - "github.com/tedsuo/ifrit/http_server" "go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux" "fmt" @@ -50,25 +48,7 @@ func NewServer(logger lager.Logger, conf *config.Config, scalingEngineDB db.Scal r.Get(routes.SyncActiveSchedulesRouteName).Handler(VarsFunc(syncHandler.Sync)) - var addr string - if os.Getenv("APP_AUTOSCALER_TEST_RUN") == "true" { - addr = fmt.Sprintf("localhost:%d", conf.Server.Port) - } else { - addr = fmt.Sprintf("0.0.0.0:%d", conf.Server.Port) - } - - logger.Info("new-http-server", lager.Data{"serverConfig": conf.Server}) - - if (conf.Server.TLS.KeyFile != "") && (conf.Server.TLS.CertFile != "") { - tlsConfig, err := conf.Server.TLS.CreateServerConfig() - if err != nil { - logger.Error("failed-new-server-new-tls-config", err, lager.Data{"tls": conf.Server.TLS}) - return nil, fmt.Errorf("scalingengine tls config error: %w", err) - } - return http_server.NewTLSServer(addr, r, tlsConfig), nil - } - - return http_server.New(addr, r), nil + return helpers.NewHTTPServer(logger, conf.Server, r) } func newScalingHistoryHandler(logger lager.Logger, scalingEngineDB db.ScalingEngineDB) (http.Handler, error) { diff --git a/src/autoscaler/scalingengine/server/server_test.go b/src/autoscaler/scalingengine/server/server_test.go index 4f0b17e309..d3fbff3192 100644 --- a/src/autoscaler/scalingengine/server/server_test.go +++ b/src/autoscaler/scalingengine/server/server_test.go @@ -2,6 +2,7 @@ package server_test import ( "code.cloudfoundry.org/app-autoscaler/src/autoscaler/fakes" + "code.cloudfoundry.org/app-autoscaler/src/autoscaler/helpers" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/models" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/routes" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/scalingengine/config" @@ -32,7 +33,7 @@ var _ = SynchronizedBeforeSuite(func() []byte { }, func(_ []byte) { port := 2222 + GinkgoParallelProcess() conf := &config.Config{ - Server: config.ServerConfig{ + Server: helpers.ServerConfig{ Port: port, }, } From 810666378b0859a26be019d8a3fe8364de9d620e Mon Sep 17 00:00:00 2001 From: Silvestre Zabala Date: Mon, 6 Nov 2023 18:03:22 +0100 Subject: [PATCH 2/4] WIP - adapt scheduler --- jobs/metricsforwarder/spec | 7 ++ .../templates/metricsforwarder.crt.erb | 3 + .../templates/metricsforwarder.key.erb | 3 + .../templates/metricsforwarder.yml.erb | 7 ++ .../templates/metricsforwarder_ca.crt.erb | 3 + jobs/scheduler/spec | 10 ++ .../templates/healthendpoint.crt.erb | 3 + .../templates/healthendpoint.key.erb | 3 + .../templates/healthendpoint_ca.crt.erb | 3 + jobs/scheduler/templates/scheduler.yml.erb | 40 ++++++-- spec/jobs/common/health_endpoint_spec.rb | 22 ++--- src/autoscaler/integration/components_test.go | 98 +++++++------------ .../scheduler_application.template.yml | 87 ++++++++++++++++ .../scheduler/conf/MetricsConfig.java | 16 ++- .../src/main/resources/application.yml | 32 ++++-- 15 files changed, 243 insertions(+), 94 deletions(-) create mode 100644 jobs/metricsforwarder/templates/metricsforwarder.crt.erb create mode 100644 jobs/metricsforwarder/templates/metricsforwarder.key.erb create mode 100644 jobs/metricsforwarder/templates/metricsforwarder_ca.crt.erb create mode 100644 jobs/scheduler/templates/healthendpoint.crt.erb create mode 100644 jobs/scheduler/templates/healthendpoint.key.erb create mode 100644 jobs/scheduler/templates/healthendpoint_ca.crt.erb create mode 100644 src/autoscaler/integration/scheduler_application.template.yml diff --git a/jobs/metricsforwarder/spec b/jobs/metricsforwarder/spec index 6759adc521..716824f0a9 100644 --- a/jobs/metricsforwarder/spec +++ b/jobs/metricsforwarder/spec @@ -36,6 +36,13 @@ properties: autoscaler.metricsforwarder.server.port: description: "Port on which the metricsforwarder server will listen" default: 6201 + autoscaler.metricsforwarder.server.ca_cert: + description: "PEM-encoded CA certificate for the metricsforwarder server" + autoscaler.metricsforwarder.server.server_cert: + description: "PEM-encoded server certificate for the metricsforwarder server" + autoscaler.metricsforwarder.server.server_key: + description: "PEM-encoded server key for the metricsforwarder server" + autoscaler.metricsforwarder.loggregator.metron_address: description: "IP address and port where the metron agent is running" default: "127.0.0.1:3458" diff --git a/jobs/metricsforwarder/templates/metricsforwarder.crt.erb b/jobs/metricsforwarder/templates/metricsforwarder.crt.erb new file mode 100644 index 0000000000..661720b8ea --- /dev/null +++ b/jobs/metricsforwarder/templates/metricsforwarder.crt.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.metricsforwarder.health.server_cert") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/metricsforwarder/templates/metricsforwarder.key.erb b/jobs/metricsforwarder/templates/metricsforwarder.key.erb new file mode 100644 index 0000000000..6b295aeee4 --- /dev/null +++ b/jobs/metricsforwarder/templates/metricsforwarder.key.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.metricsforwarder.health.server_key") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/metricsforwarder/templates/metricsforwarder.yml.erb b/jobs/metricsforwarder/templates/metricsforwarder.yml.erb index 3e590e9c1b..945dbd76ca 100644 --- a/jobs/metricsforwarder/templates/metricsforwarder.yml.erb +++ b/jobs/metricsforwarder/templates/metricsforwarder.yml.erb @@ -46,6 +46,13 @@ end server: port: <%= p("autoscaler.metricsforwarder.server.port") %> + <% if_p("autoscaler.metricsforwarder.server.ca_cert", "autoscaler.metricsforwarder.server.server_cert", "autoscaler.metricsforwarder.server.server_key") do %> + tls: + ca_file: /var/vcap/jobs/metricsforwarder/config/certs/metricsforwarder/ca.crt + cert_file: /var/vcap/jobs/metricsforwarder/config/certs/metricsforwarder/server.crt + key_file: /var/vcap/jobs/metricsforwarder/config/certs/metricsforwarder/server.key + <% end %> + logging: level: <%= p("autoscaler.metricsforwarder.logging.level") %> loggregator: diff --git a/jobs/metricsforwarder/templates/metricsforwarder_ca.crt.erb b/jobs/metricsforwarder/templates/metricsforwarder_ca.crt.erb new file mode 100644 index 0000000000..258983f9bc --- /dev/null +++ b/jobs/metricsforwarder/templates/metricsforwarder_ca.crt.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.metricsforwarder.health.ca_cert") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/scheduler/spec b/jobs/scheduler/spec index 01cf63ccf4..34114c368d 100644 --- a/jobs/scheduler/spec +++ b/jobs/scheduler/spec @@ -12,6 +12,10 @@ templates: scheduler_server.crt.erb: config/certs/server.crt scheduler_server.key.erb: config/certs/server.key + healthendpoint_ca.crt.erb: config/certs/healthendpoint/ca.crt + healthendpoint.crt.erb: config/certs/healthendpoint/server.crt + healthendpoint.key.erb: config/certs/healthendpoint/server.key + scalingengine_ca.crt.erb: config/certs/scalingengine/ca.crt scalingengine_client.crt.erb: config/certs/scalingengine/client.crt scalingengine_client.key.erb: config/certs/scalingengine/client.key @@ -119,6 +123,12 @@ properties: autoscaler.scheduler.health.port: description: "the listening port of health endpoint" default: 6204 + autoscaler.scheduler.health.ca_cert: + description: "PEM-encoded CA certificate for the health endpoint" + autoscaler.scheduler.health.server_cert: + description: "PEM-encoded server certificate for the health endpoint" + autoscaler.scheduler.health.server_key: + description: "PEM-encoded server key for the health endpoint" autoscaler.scheduler.health.basicAuthEnabled: description: "if true, basic auth is enabled on the endpoint" default: false diff --git a/jobs/scheduler/templates/healthendpoint.crt.erb b/jobs/scheduler/templates/healthendpoint.crt.erb new file mode 100644 index 0000000000..7e0be61444 --- /dev/null +++ b/jobs/scheduler/templates/healthendpoint.crt.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.scheduler.health.server_cert") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/scheduler/templates/healthendpoint.key.erb b/jobs/scheduler/templates/healthendpoint.key.erb new file mode 100644 index 0000000000..7fa73ced5b --- /dev/null +++ b/jobs/scheduler/templates/healthendpoint.key.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.scheduler.health.server_key") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/scheduler/templates/healthendpoint_ca.crt.erb b/jobs/scheduler/templates/healthendpoint_ca.crt.erb new file mode 100644 index 0000000000..a438614136 --- /dev/null +++ b/jobs/scheduler/templates/healthendpoint_ca.crt.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.scheduler.health.ca_cert") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/scheduler/templates/scheduler.yml.erb b/jobs/scheduler/templates/scheduler.yml.erb index 5b9d16c786..bea4285588 100644 --- a/jobs/scheduler/templates/scheduler.yml.erb +++ b/jobs/scheduler/templates/scheduler.yml.erb @@ -99,6 +99,31 @@ spring: instanceName: app-autoscaler threadPool: threadCount: 10 + ############################################################ + # SSL Bundles + ############################################################ + ssl: + bundle: + jks: + server: + key: + alias: "scheduler" + keystore: + location: "/var/vcap/jobs/scheduler/config/certs/server.p12" + password: "123456" + truststore: + location: "/var/vcap/jobs/scheduler/config/certs/cacerts" + password: "123456" + <% if_p("autoscaler.scheduler.health.ca_cert", "autoscaler.scheduler.health.server_cert", "autoscaler.scheduler.health.server_key") do %> + pem: + healthendpoint: + keystore: + certificate: "/var/vcap/jobs/scheduler/config/certs/healthendpoint/server.crt" + private-key: "/var/vcap/jobs/scheduler/config/certs/healthendpoint/server.key" + truststore: + certificate: "/var/vcap/jobs/scheduler/config/certs/healthendpoint/ca.crt" + <% end %> + ############################################################ # Client SSL keys ############################################################ @@ -108,7 +133,7 @@ client: key-store: /var/vcap/jobs/scheduler/config/certs/scalingengine/client.p12 key-store-password: 123456 key-store-type: PKCS12 - protocol: TLSv1.2 + protocol: TLSv1.3 trust-store: /var/vcap/jobs/scheduler/config/certs/scalingengine/cacerts trust-store-password: 123456 ############################################################ @@ -142,15 +167,10 @@ scheduler: server: port: <%=p('autoscaler.scheduler.port') %> ssl: - ciphers: TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA - enabled-protocols: TLSv1.2 - key-alias: scheduler - key-store: /var/vcap/jobs/scheduler/config/certs/server.p12 - key-store-password: 123456 - key-store-type: PKCS12 - trust-store: /var/vcap/jobs/scheduler/config/certs/cacerts - trust-store-password: 123456 - + ciphers: TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256 + enabled-protocols: TLSv1.3 + bundle: "server" + client-auth: NEED #User added properties <%=p('autoscaler.scheduler.application.props')%> \ No newline at end of file diff --git a/spec/jobs/common/health_endpoint_spec.rb b/spec/jobs/common/health_endpoint_spec.rb index 73da8be068..0a47a9c150 100644 --- a/spec/jobs/common/health_endpoint_spec.rb +++ b/spec/jobs/common/health_endpoint_spec.rb @@ -21,13 +21,13 @@ @properties = YAML.safe_load(fixture(properties_file).read) @template = release.job(release_job).template(config_file) @links = case service - when "eventgenerator" - [ Bosh::Template::Test::Link.new(name: "eventgenerator") ] - when "metricsgateway", "metricsserver" - [ Bosh::Template::Test::Link.new(name: "metricsserver") ] - else - [] - end + when "eventgenerator" + [Bosh::Template::Test::Link.new(name: "eventgenerator")] + when "metricsgateway", "metricsserver" + [Bosh::Template::Test::Link.new(name: "metricsserver")] + else + [] + end @rendered_template = YAML.safe_load(@template.render(@properties, consumes: @links)) end it "by default TLS is not configured" do @@ -46,10 +46,10 @@ expect(rendered_template["health"]["tls"]).not_to be_nil expect(rendered_template["health"]["tls"]).to include({ - "key_file" => "/var/vcap/jobs/#{release_job}/config/certs/healthendpoint/server.key", - "ca_file" => "/var/vcap/jobs/#{release_job}/config/certs/healthendpoint/ca.crt", - "cert_file" => "/var/vcap/jobs/#{release_job}/config/certs/healthendpoint/server.crt" - }) + "key_file" => "/var/vcap/jobs/#{release_job}/config/certs/healthendpoint/server.key", + "ca_file" => "/var/vcap/jobs/#{release_job}/config/certs/healthendpoint/ca.crt", + "cert_file" => "/var/vcap/jobs/#{release_job}/config/certs/healthendpoint/server.crt" + }) end end end diff --git a/src/autoscaler/integration/components_test.go b/src/autoscaler/integration/components_test.go index 6031ed1587..10d5ca6a30 100644 --- a/src/autoscaler/integration/components_test.go +++ b/src/autoscaler/integration/components_test.go @@ -1,6 +1,9 @@ package integration_test import ( + _ "embed" + "text/template" + apiConfig "code.cloudfoundry.org/app-autoscaler/src/autoscaler/api/config" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/cf" "code.cloudfoundry.org/app-autoscaler/src/autoscaler/db" @@ -44,6 +47,9 @@ var golangSchemaValidationPath = "../api/schemas/catalog.schema.json" var golangApiServerPolicySchemaPath = "../api/policyvalidator/policy_json.schema.json" var golangServiceCatalogPath = "../servicebroker/config/catalog.json" +//go:embed scheduler_application.template.yml +var schedulerApplicationConfigTemplate string + type Executables map[string]string type Ports map[string]int @@ -316,70 +322,36 @@ func (components *Components) PrepareSchedulerConfig(dbUri string, scalingEngine jdbcDBUri = fmt.Sprintf("jdbc:%s://%s/%s", scheme, host, path) driverClassName = "com.mysql.cj.jdbc.Driver" } - settingStrTemplate := ` -#datasource for application and quartz -spring.datasource.driverClassName=%s -spring.datasource.url=%s -spring.datasource.username=%s -spring.datasource.password=%s -#policy db -spring.policy-db-datasource.driverClassName=%s -spring.policy-db-datasource.url=%s -spring.policy-db-datasource.username=%s -spring.policy-db-datasource.password=%s -#quartz job -scalingenginejob.reschedule.interval.millisecond=10000 -scalingenginejob.reschedule.maxcount=3 -scalingengine.notification.reschedule.maxcount=3 -# scaling engine url -autoscaler.scalingengine.url=%s -#ssl -server.ssl.key-store=%s/scheduler.p12 -server.ssl.key-alias=scheduler -server.ssl.key-store-password=123456 -server.ssl.key-store-type=PKCS12 -server.ssl.trust-store=%s/autoscaler.truststore -server.ssl.trust-store-password=123456 -client.ssl.key-store=%s/scheduler.p12 -client.ssl.key-store-password=123456 -client.ssl.key-store-type=PKCS12 -client.ssl.trust-store=%s/autoscaler.truststore -client.ssl.trust-store-password=123456 -client.ssl.protocol=TLSv1.2 -server.ssl.enabled-protocols=TLSv1,TLSv1.1,TLSv1.2 -server.ssl.ciphers=TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA - -server.port=%d -scheduler.healthserver.port=0 -client.httpClientTimeout=%d -#Quartz -org.quartz.scheduler.instanceName=app-autoscaler -org.quartz.scheduler.instanceId=0 -spring.quartz.properties.org.quartz.scheduler.instanceName=app-autoscaler -spring.quartz.properties.org.quartz.scheduler.instanceId=scheduler-12345 -#The the number of milliseconds the scheduler will ‘tolerate’ a trigger to pass its next-fire-time by, -# before being considered “misfired”. The default value (if not specified in configuration) is 60000 (60 seconds) -spring.quartz.properties.org.quartz.jobStore.misfireThreshold=120000 -spring.quartz.properties.org.quartz.jobStore.driverDelegateClass=org.quartz.impl.jdbcjobstore.PostgreSQLDelegate -spring.quartz.properties.org.quartz.jobStore.isClustered=true -spring.quartz.properties.org.quartz.threadPool.threadCount=10 -spring.application.name=scheduler -spring.mvc.servlet.load-on-startup=1 -spring.aop.auto=false -endpoints.enabled=false -spring.data.jpa.repositories.enabled=false -spring.main.allow-bean-definition-overriding=true -` - settingJsonStr := fmt.Sprintf(settingStrTemplate, - driverClassName, jdbcDBUri, userName, password, - driverClassName, jdbcDBUri, userName, password, - scalingEngineUri, - testCertDir, testCertDir, testCertDir, testCertDir, - components.Ports[Scheduler], - int(httpClientTimeout/time.Second)) - cfgFile, err := os.Create(filepath.Join(tmpDir, "application.properties")) + + type TemplateParameters struct { + ScalingEngineUri string + HttpClientTimeout int + TestCertDir string + Port int + DriverClassName string + DBUser string + DBPassword string + JDBCURI string + } + + templateParameters := TemplateParameters{ + ScalingEngineUri: scalingEngineUri, + HttpClientTimeout: int(httpClientTimeout / time.Second), + TestCertDir: testCertDir, + Port: components.Ports[Scheduler], + DriverClassName: driverClassName, + DBUser: userName, + DBPassword: password, + JDBCURI: jdbcDBUri, + } + + ut, err := template.New("application.yaml").Parse(schedulerApplicationConfigTemplate) Expect(err).NotTo(HaveOccurred()) - err = os.WriteFile(cfgFile.Name(), []byte(settingJsonStr), 0600) + + cfgFile, err := os.Create(filepath.Join(tmpDir, "application.yaml")) + Expect(err).NotTo(HaveOccurred()) + + err = ut.Execute(cfgFile, templateParameters) Expect(err).NotTo(HaveOccurred()) cfgFile.Close() return cfgFile.Name() diff --git a/src/autoscaler/integration/scheduler_application.template.yml b/src/autoscaler/integration/scheduler_application.template.yml new file mode 100644 index 0000000000..d483703632 --- /dev/null +++ b/src/autoscaler/integration/scheduler_application.template.yml @@ -0,0 +1,87 @@ +autoscaler: + scalingengine: + url: {{ .ScalingEngineUri }} +client: + httpClientTimeout: {{ .HttpClientTimeout }} + ssl: + key-store: {{ .TestCertDir }}/scheduler.p12 + key-store-password: 123456 + key-store-type: PKCS12 + protocol: TLSv1.3 + trust-store: {{ .TestCertDir }}/autoscaler.truststore + trust-store-password: 123456 +endpoints: + enabled: false +org: + quartz: + scheduler: + instanceId: 0 + instanceName: app-autoscaler +scalingengine: + notification: + reschedule: + maxcount: 3 +scalingenginejob: + reschedule: + interval: + millisecond: 10000 + maxcount: 3 +scheduler: + healthserver: + port: 0 +server: + port: {{ .Port }} + ssl: + ciphers: TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256 + enabled-protocols: TLSv1.3 + bundle: "server" + client-auth: NEED +spring: + aop: + auto: false + application: + name: scheduler + data: + jpa: + repositories: + enabled: false + datasource: + driverClassName: {{ .DriverClassName }} + password: {{ .DBPassword }} + url: {{ .JDBCURI }} + username: {{ .DBUser }} + main: + allow-bean-definition-overriding: true + mvc: + servlet: + load-on-startup: 1 + policy-db-datasource: + driverClassName: {{ .DriverClassName }} + password: {{ .DBPassword }} + url: {{ .JDBCURI }} + username: {{ .DBUser }} + quartz: + properties: + org: + quartz: + jobStore: + driverDelegateClass: org.quartz.impl.jdbcjobstore.PostgreSQLDelegate + isClustered: true + misfireThreshold: 120000 + scheduler: + instanceId: scheduler-12345 + instanceName: app-autoscaler + threadPool: + threadCount: 10 + ssl: + bundle: + jks: + server: + key: + alias: scheduler + keystore: + location: {{ .TestCertDir }}/scheduler.p12 + password: '123456' + truststore: + location: {{ .TestCertDir }}/autoscaler.truststore + password: '123456' diff --git a/src/scheduler/src/main/java/org/cloudfoundry/autoscaler/scheduler/conf/MetricsConfig.java b/src/scheduler/src/main/java/org/cloudfoundry/autoscaler/scheduler/conf/MetricsConfig.java index 58e81f2d35..ef9934481b 100644 --- a/src/scheduler/src/main/java/org/cloudfoundry/autoscaler/scheduler/conf/MetricsConfig.java +++ b/src/scheduler/src/main/java/org/cloudfoundry/autoscaler/scheduler/conf/MetricsConfig.java @@ -1,18 +1,32 @@ package org.cloudfoundry.autoscaler.scheduler.conf; import com.sun.net.httpserver.BasicAuthenticator; +import com.sun.net.httpserver.HttpsConfigurator; import io.prometheus.client.exporter.HTTPServer; import io.prometheus.client.exporter.HTTPServer.Builder; import java.io.IOException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.boot.ssl.NoSuchSslBundleException; +import org.springframework.boot.ssl.SslBundles; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @Configuration public class MetricsConfig { + private Logger logger = LoggerFactory.getLogger(this.getClass()); @Bean(destroyMethod = "close") - HTTPServer metricsServer(MetricsConfiguration config) throws IOException { + HTTPServer metricsServer(MetricsConfiguration config, SslBundles sslBundles) throws IOException { Builder builder = new Builder().withPort(config.getPort()); + + try { + var sslBundle = sslBundles.getBundle("healthendpoint"); + builder.withHttpsConfigurator(new HttpsConfigurator(sslBundle.createSslContext())); + } catch (NoSuchSslBundleException e) { + logger.warn("Starting plain-text (non-TLS) health endpoint server"); + } + if (config.isBasicAuthEnabled()) { builder.withAuthenticator( new BasicAuthenticator("/") { diff --git a/src/scheduler/src/main/resources/application.yml b/src/scheduler/src/main/resources/application.yml index ab13cbe183..b708586689 100644 --- a/src/scheduler/src/main/resources/application.yml +++ b/src/scheduler/src/main/resources/application.yml @@ -47,6 +47,22 @@ spring: instanceName: app-autoscaler threadPool: threadCount: 10 + ############################################################ + # SSL Bundles + ############################################################ + ssl: + bundle: + jks: + server: + key: + alias: "test-scheduler" + keystore: + location: "src/test/resources/certs/test-scheduler.p12" + password: "123456" + truststore: + location: "src/test/resources/certs/test.truststore" + password: "123456" + ############################################################ # Logging ############################################################ @@ -77,7 +93,7 @@ client: key-store: src/test/resources/certs/test-scheduler.p12 key-store-password: 123456 key-store-type: PKCS12 - protocol: TLSv1.2 + protocol: TLSv1.3 trust-store: src/test/resources/certs/test.truststore trust-store-password: 123456 ############################################################ @@ -107,14 +123,12 @@ scheduler: ############################################################ # Server SSL keys ############################################################ + server: ssl: - ciphers: TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA - enabled-protocols: TLSv1,TLSv1.1,TLSv1.2 - key-alias: test-scheduler - key-store: src/test/resources/certs/test-scheduler.p12 - key-store-password: 123456 - key-store-type: PKCS12 - trust-store: src/test/resources/certs/test.truststore - trust-store-password: 123456 + ciphers: TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256 + enabled-protocols: TLSv1.3 + bundle: "server" + client-auth: NEED + From c0eedb9769690f8ec77fcde1fd3c7f9ae02b8772 Mon Sep 17 00:00:00 2001 From: Silvestre Zabala Date: Tue, 7 Nov 2023 17:54:44 +0100 Subject: [PATCH 3/4] fixup! Unify HTTP server creation --- jobs/metricsforwarder/templates/metricsforwarder.crt.erb | 3 --- jobs/metricsforwarder/templates/metricsforwarder.key.erb | 3 --- jobs/metricsforwarder/templates/metricsforwarder_ca.crt.erb | 2 +- .../metricsforwarder/templates/metricsforwarder_server.crt.erb | 3 +++ .../metricsforwarder/templates/metricsforwarder_server.key.erb | 3 +++ 5 files changed, 7 insertions(+), 7 deletions(-) delete mode 100644 jobs/metricsforwarder/templates/metricsforwarder.crt.erb delete mode 100644 jobs/metricsforwarder/templates/metricsforwarder.key.erb create mode 100644 jobs/metricsforwarder/templates/metricsforwarder_server.crt.erb create mode 100644 jobs/metricsforwarder/templates/metricsforwarder_server.key.erb diff --git a/jobs/metricsforwarder/templates/metricsforwarder.crt.erb b/jobs/metricsforwarder/templates/metricsforwarder.crt.erb deleted file mode 100644 index 661720b8ea..0000000000 --- a/jobs/metricsforwarder/templates/metricsforwarder.crt.erb +++ /dev/null @@ -1,3 +0,0 @@ -<% if_p("autoscaler.metricsforwarder.health.server_cert") do |value| %> -<%= value %> -<% end %> \ No newline at end of file diff --git a/jobs/metricsforwarder/templates/metricsforwarder.key.erb b/jobs/metricsforwarder/templates/metricsforwarder.key.erb deleted file mode 100644 index 6b295aeee4..0000000000 --- a/jobs/metricsforwarder/templates/metricsforwarder.key.erb +++ /dev/null @@ -1,3 +0,0 @@ -<% if_p("autoscaler.metricsforwarder.health.server_key") do |value| %> -<%= value %> -<% end %> \ No newline at end of file diff --git a/jobs/metricsforwarder/templates/metricsforwarder_ca.crt.erb b/jobs/metricsforwarder/templates/metricsforwarder_ca.crt.erb index 258983f9bc..cd9854785d 100644 --- a/jobs/metricsforwarder/templates/metricsforwarder_ca.crt.erb +++ b/jobs/metricsforwarder/templates/metricsforwarder_ca.crt.erb @@ -1,3 +1,3 @@ -<% if_p("autoscaler.metricsforwarder.health.ca_cert") do |value| %> +<% if_p("autoscaler.metricsforwarder.server.ca_cert") do |value| %> <%= value %> <% end %> \ No newline at end of file diff --git a/jobs/metricsforwarder/templates/metricsforwarder_server.crt.erb b/jobs/metricsforwarder/templates/metricsforwarder_server.crt.erb new file mode 100644 index 0000000000..5e86c5a929 --- /dev/null +++ b/jobs/metricsforwarder/templates/metricsforwarder_server.crt.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.metricsforwarder.server.server_cert") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/metricsforwarder/templates/metricsforwarder_server.key.erb b/jobs/metricsforwarder/templates/metricsforwarder_server.key.erb new file mode 100644 index 0000000000..0918526bb4 --- /dev/null +++ b/jobs/metricsforwarder/templates/metricsforwarder_server.key.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.metricsforwarder.server.server_key") do |value| %> +<%= value %> +<% end %> \ No newline at end of file From e49f9f19e231a0f6fbcdd378d82b1e763e9f7c1a Mon Sep 17 00:00:00 2001 From: Silvestre Zabala Date: Wed, 8 Nov 2023 10:17:38 +0100 Subject: [PATCH 4/4] fixup! WIP - adapt scheduler --- .tool-versions | 2 +- jobs/scheduler/templates/scheduler.yml.erb | 48 +++++++++++----------- 2 files changed, 25 insertions(+), 25 deletions(-) diff --git a/.tool-versions b/.tool-versions index 5e010b6d98..dab1bd33bf 100644 --- a/.tool-versions +++ b/.tool-versions @@ -6,7 +6,7 @@ concourse 7.11.0 direnv 2.32.3 gcloud 454.0.0 ginkgo 2.13.0 -golang 1.21.4 +golang 1.20.6 golangci-lint 1.55.2 java temurin-17.0.9+9 make 4.4 diff --git a/jobs/scheduler/templates/scheduler.yml.erb b/jobs/scheduler/templates/scheduler.yml.erb index bea4285588..95b36d13ca 100644 --- a/jobs/scheduler/templates/scheduler.yml.erb +++ b/jobs/scheduler/templates/scheduler.yml.erb @@ -99,30 +99,30 @@ spring: instanceName: app-autoscaler threadPool: threadCount: 10 - ############################################################ - # SSL Bundles - ############################################################ - ssl: - bundle: - jks: - server: - key: - alias: "scheduler" - keystore: - location: "/var/vcap/jobs/scheduler/config/certs/server.p12" - password: "123456" - truststore: - location: "/var/vcap/jobs/scheduler/config/certs/cacerts" - password: "123456" - <% if_p("autoscaler.scheduler.health.ca_cert", "autoscaler.scheduler.health.server_cert", "autoscaler.scheduler.health.server_key") do %> - pem: - healthendpoint: - keystore: - certificate: "/var/vcap/jobs/scheduler/config/certs/healthendpoint/server.crt" - private-key: "/var/vcap/jobs/scheduler/config/certs/healthendpoint/server.key" - truststore: - certificate: "/var/vcap/jobs/scheduler/config/certs/healthendpoint/ca.crt" - <% end %> + ############################################################ + # SSL Bundles + ############################################################ + ssl: + bundle: + jks: + server: + key: + alias: "scheduler" + keystore: + location: "/var/vcap/jobs/scheduler/config/certs/server.p12" + password: "123456" + truststore: + location: "/var/vcap/jobs/scheduler/config/certs/cacerts" + password: "123456" + <% if_p("autoscaler.scheduler.health.ca_cert", "autoscaler.scheduler.health.server_cert", "autoscaler.scheduler.health.server_key") do %> + pem: + healthendpoint: + keystore: + certificate: "/var/vcap/jobs/scheduler/config/certs/healthendpoint/server.crt" + private-key: "/var/vcap/jobs/scheduler/config/certs/healthendpoint/server.key" + truststore: + certificate: "/var/vcap/jobs/scheduler/config/certs/healthendpoint/ca.crt" + <% end %> ############################################################ # Client SSL keys