seg_yinzy
/
che-server
mirror of https://github.com/eclipse-che/che-server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Revert "Fixes #18065 - Handle the mixed endpoints correctly with singlehost strategy (#18121)" (#18161) 

This reverts commit 8305c38bc5.
7.22.x
Lukas Krejci 2020-10-21 19:31:46 +02:00 committed by GitHub
parent 8305c38bc5
commit 9e51c5ef7d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 27 additions and 355 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
core/che-core-api-model/src/main/java/org/eclipse/che/api/core/model/workspace/config/ServerConfig.java
View File

@ -227,26 +227,6 @@ public interface ServerConfig {
}
}
/**
* This is checking if the attributes configure the server to be exposed on a subdomain if we're
* on single-host. It has no effect on other server exposure strategies.
*/
static boolean isRequireSubdomain(Map<String, String> attributes) {
return AttributesEvaluator.booleanAttr(attributes, REQUIRE_SUBDOMAIN, false);
}
/**
* Modify the attributes to configure the server to be exposed on a subdomain if we're on
* single-host. It has no effect on other server exposure strategies.
*/
static void setRequireSubdomain(Map<String, String> attributes, boolean value) {
if (value) {
attributes.put(REQUIRE_SUBDOMAIN, Boolean.TRUE.toString());
} else {
attributes.remove(REQUIRE_SUBDOMAIN);
}
}
/**
* Finds the unsecured paths configuration in the provided attributes.s
*
@ -299,11 +279,6 @@ public interface ServerConfig {
default boolean isDiscoverable() {
return isDiscoverable(getAttributes());
}
/** @see #isRequireSubdomain(Map) */
default boolean isRequireSubdomain() {
return isRequireSubdomain(getAttributes());
}
}
// helper class for the default methods in the above interface

8
infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/provision/GatewayTlsProvisioner.java
View File

@ -24,7 +24,6 @@ import org.eclipse.che.api.workspace.server.model.impl.ServerConfigImpl;
import org.eclipse.che.api.workspace.server.spi.InfrastructureException;
import org.eclipse.che.workspace.infrastructure.kubernetes.Annotations;
import org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment;
import org.eclipse.che.workspace.infrastructure.kubernetes.server.WorkspaceExposureType;
import org.eclipse.che.workspace.infrastructure.kubernetes.util.GatewayConfigmapLabels;
/**
@ -36,16 +35,13 @@ public class GatewayTlsProvisioner<T extends KubernetesEnvironment>
private final boolean isTlsEnabled;
private final GatewayConfigmapLabels configmapLabels;
private final TlsProvisioner<T> nativeProvisioner;
@Inject
public GatewayTlsProvisioner(
@Named("che.infra.kubernetes.tls_enabled") boolean isTlsEnabled,
GatewayConfigmapLabels configmapLabels,
TlsProvisionerProvider<T> provisionerProvider) {
GatewayConfigmapLabels configmapLabels) {
this.isTlsEnabled = isTlsEnabled;
this.configmapLabels = configmapLabels;
this.nativeProvisioner = provisionerProvider.get(WorkspaceExposureType.NATIVE);
}
@Override
@ -59,8 +55,6 @@ public class GatewayTlsProvisioner<T extends KubernetesEnvironment>
useSecureProtocolForGatewayConfigMap(configMap);
}
}
nativeProvisioner.provision(k8sEnv, identity);
}
private void useSecureProtocolForGatewayConfigMap(ConfigMap configMap)

9
infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/AbstractExposureStrategyAwareProvider.java
View File

@ -25,7 +25,6 @@ import org.eclipse.che.workspace.infrastructure.kubernetes.server.external.Singl
public abstract class AbstractExposureStrategyAwareProvider<T> implements Provider<T> {
protected final T instance;
protected final Map<WorkspaceExposureType, T> instanceMap;
/**
* Constructs a new provider returning one of the instances from the provided mapping
@ -58,17 +57,9 @@ public abstract class AbstractExposureStrategyAwareProvider<T> implements Provid
if (instance == null) {
throw new IllegalStateException(String.format(errorMessageTemplate, wsExposureType));
}
instanceMap = mapping;
}
/** Returns the object mapped to the configured exposure type. */
public T get() {
return instance;
}
/** Returns the object mapped to the provided exposure type. */
public T get(WorkspaceExposureType exposureType) {
return instanceMap.get(exposureType);
}
}

38
infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/external/CombinedSingleHostServerExposer.java vendored
View File

@ -11,9 +11,11 @@
*/
package org.eclipse.che.workspace.infrastructure.kubernetes.server.external;
import static java.util.stream.Collectors.toMap;
import static java.lang.Boolean.FALSE;
import static org.eclipse.che.api.core.model.workspace.config.ServerConfig.REQUIRE_SUBDOMAIN;
import io.fabric8.kubernetes.api.model.ServicePort;
import java.util.HashMap;
import java.util.Map;
import org.eclipse.che.api.core.model.workspace.config.ServerConfig;
import org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment;
@ -70,8 +72,18 @@ public class CombinedSingleHostServerExposer<T extends KubernetesEnvironment>
serverId = servicePort.getName();
}
Map<String, ServerConfig> subpathServers = getStrategyConformingServers(externalServers);
Map<String, ServerConfig> subdomainServers = getServersRequiringSubdomain(externalServers);
Map<String, ServerConfig> subpathServers = new HashMap<>();
Map<String, ServerConfig> subdomainServers = new HashMap<>();
for (String esKey : externalServers.keySet()) {
ServerConfig serverConfig = externalServers.get(esKey);
if (Boolean.parseBoolean(
serverConfig.getAttributes().getOrDefault(REQUIRE_SUBDOMAIN, FALSE.toString()))) {
subdomainServers.put(esKey, serverConfig);
} else {
subpathServers.put(esKey, serverConfig);
}
}
if (!subpathServers.isEmpty()) {
subpathServerExposer.expose(
@ -83,24 +95,4 @@ public class CombinedSingleHostServerExposer<T extends KubernetesEnvironment>
k8sEnv, machineName, serviceName, serverId, servicePort, subdomainServers);
}
}
@Override
public Map<String, ServerConfig> getStrategyConformingServers(
Map<String, ServerConfig> externalServers) {
return externalServers
.entrySet()
.stream()
.filter(e -> !e.getValue().isRequireSubdomain())
.collect(toMap(Map.Entry::getKey, Map.Entry::getValue));
}
@Override
public Map<String, ServerConfig> getServersRequiringSubdomain(
Map<String, ServerConfig> externalServers) {
return externalServers
.entrySet()
.stream()
.filter(e -> e.getValue().isRequireSubdomain())
.collect(toMap(Map.Entry::getKey, Map.Entry::getValue));
}
}

25
infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/external/ExternalServerExposer.java vendored
View File

@ -12,7 +12,6 @@
package org.eclipse.che.workspace.infrastructure.kubernetes.server.external;
import io.fabric8.kubernetes.api.model.ServicePort;
import java.util.Collections;
import java.util.Map;
import org.eclipse.che.api.core.model.workspace.config.ServerConfig;
import org.eclipse.che.commons.annotation.Nullable;
@ -49,28 +48,4 @@ public interface ExternalServerExposer<T extends KubernetesEnvironment> {
String serverId,
ServicePort servicePort,
Map<String, ServerConfig> externalServers);
/**
* Returns the servers from the provided map that should be deployed using the current configured
* server exposure strategy.
*
* @param externalServers all the external servers that are being deployed
* @return a view of the provided map
*/
default Map<String, ServerConfig> getStrategyConformingServers(
Map<String, ServerConfig> externalServers) {
return externalServers;
}
/**
* Returns the servers from the provided map that should be deployed on a subdomain regardless of
* the current configured server exposure strategy.
*
* @param externalServers all the external servers that are being deployed
* @return a view of the provided map
*/
default Map<String, ServerConfig> getServersRequiringSubdomain(
Map<String, ServerConfig> externalServers) {
return Collections.emptyMap();
}
}

27
infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/DefaultSecureServerExposer.java
View File

@ -93,32 +93,6 @@ public class DefaultSecureServerExposer<T extends KubernetesEnvironment>
Map<String, ServerConfig> secureServers)
throws InfrastructureException {
Map<String, ServerConfig> conformingServers =
exposer.getStrategyConformingServers(secureServers);
Map<String, ServerConfig> subdomainServers =
exposer.getServersRequiringSubdomain(secureServers);
if (!conformingServers.isEmpty()) {
doExpose(
k8sEnv, pod, machineName, serviceName, serverId, servicePort, false, conformingServers);
}
if (!subdomainServers.isEmpty()) {
doExpose(
k8sEnv, pod, machineName, serviceName, serverId, servicePort, true, subdomainServers);
}
}
private void doExpose(
T k8sEnv,
PodData pod,
String machineName,
@Nullable String serviceName,
@Nullable String serverId,
ServicePort servicePort,
boolean requireSubdomain,
Map<String, ServerConfig> secureServers)
throws InfrastructureException {
ServicePort exposedServicePort =
proxyProvisioner.expose(
k8sEnv,
@ -127,7 +101,6 @@ public class DefaultSecureServerExposer<T extends KubernetesEnvironment>
serviceName,
servicePort,
servicePort.getProtocol(),
requireSubdomain,
secureServers);
exposer.expose(

3
infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/ProxyProvisioner.java
View File

@ -38,8 +38,6 @@ public interface ProxyProvisioner {
* @param backendServiceName service name that will be exposed
* @param backendServicePort service port that will be exposed
* @param protocol protocol that will be used for exposed port
* @param requireSubdomain if true, the supplied servers are supposed to require a subdomain, if
* false the servers are considered to follow the configured exposure strategy
* @param secureServers secure servers to expose
* @return JWTProxy service port that expose the specified one
* @throws InfrastructureException if any exception occurs during port exposing
@ -51,7 +49,6 @@ public interface ProxyProvisioner {
@Nullable String backendServiceName,
ServicePort backendServicePort,
String protocol,
boolean requireSubdomain,
Map<String, ServerConfig> secureServers)
throws InfrastructureException;

19
infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/AbstractJwtProxyProvisioner.java
View File

@ -51,7 +51,6 @@ import org.eclipse.che.workspace.infrastructure.kubernetes.environment.Kubernete
import org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment.PodData;
import org.eclipse.che.workspace.infrastructure.kubernetes.server.ServerServiceBuilder;
import org.eclipse.che.workspace.infrastructure.kubernetes.server.external.ExternalServiceExposureStrategy;
import org.eclipse.che.workspace.infrastructure.kubernetes.server.external.MultiHostExternalServiceExposureStrategy;
import org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.ProxyProvisioner;
import org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.factory.JwtProxyConfigBuilderFactory;
@ -74,9 +73,7 @@ abstract class AbstractJwtProxyProvisioner implements ProxyProvisioner {
private final Map<String, String> attributes;
private final String serviceName;
private final ExternalServiceExposureStrategy externalServiceExposureStrategy;
private final MultiHostExternalServiceExposureStrategy multiHostExternalServiceExposureStrategy;
private final CookiePathStrategy cookiePathStrategy;
private final MultiHostCookiePathStrategy multihostCookiePathStrategy;
private final String imagePullPolicy;
private int availablePort;
private final KeyPair keyPair;
@ -100,9 +97,7 @@ abstract class AbstractJwtProxyProvisioner implements ProxyProvisioner {
KeyPair signatureKeyPair,
JwtProxyConfigBuilderFactory jwtProxyConfigBuilderFactory,
ExternalServiceExposureStrategy externalServiceExposureStrategy,
MultiHostExternalServiceExposureStrategy multiHostStrategy,
CookiePathStrategy cookiePathStrategy,
MultiHostCookiePathStrategy multihostCookiePathStrategy,
String jwtProxyImage,
String memoryLimitBytes,
String cpuLimitCores,
@ -113,9 +108,7 @@ abstract class AbstractJwtProxyProvisioner implements ProxyProvisioner {
this.proxyConfigBuilder = jwtProxyConfigBuilderFactory.create(workspaceId);
this.jwtProxyImage = jwtProxyImage;
this.externalServiceExposureStrategy = externalServiceExposureStrategy;
this.multiHostExternalServiceExposureStrategy = multiHostStrategy;
this.cookiePathStrategy = cookiePathStrategy;
this.multihostCookiePathStrategy = multihostCookiePathStrategy;
this.imagePullPolicy = imagePullPolicy;
this.serviceName = generate(SERVER_PREFIX, SERVER_UNIQUE_PART_SIZE) + "-jwtproxy";
@ -163,7 +156,6 @@ abstract class AbstractJwtProxyProvisioner implements ProxyProvisioner {
String backendServiceName,
ServicePort backendServicePort,
String protocol,
boolean requireSubdomain,
Map<String, ServerConfig> secureServers)
throws InfrastructureException {
Preconditions.checkArgument(
@ -205,13 +197,6 @@ abstract class AbstractJwtProxyProvisioner implements ProxyProvisioner {
k8sEnv.getServices().get(serviceName).getSpec().getPorts().add(exposedPort);
CookiePathStrategy actualCookiePathStrategy =
requireSubdomain ? multihostCookiePathStrategy : cookiePathStrategy;
ExternalServiceExposureStrategy actualExposureStrategy =
requireSubdomain
? multiHostExternalServiceExposureStrategy
: externalServiceExposureStrategy;
// JwtProxySecureServerExposer creates no service for the exposed secure servers and
// assumes everything will be proxied from localhost, because JWT proxy is collocated
// with the workspace pod (because it is added to the environment as an injectable pod).
@ -227,8 +212,8 @@ abstract class AbstractJwtProxyProvisioner implements ProxyProvisioner {
"http://" + backendServiceName + ":" + backendServicePort.getTargetPort().getIntVal(),
excludes,
cookiesAuthEnabled == null ? false : cookiesAuthEnabled,
actualCookiePathStrategy.get(serviceName, exposedPort),
actualExposureStrategy.getExternalPath(serviceName, exposedPort.getName()));
cookiePathStrategy.get(serviceName, exposedPort),
externalServiceExposureStrategy.getExternalPath(serviceName, exposedPort.getName()));
k8sEnv
.getConfigMaps()
.get(getConfigMapName())

5
infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxyProvisioner.java
View File

@ -21,7 +21,6 @@ import org.eclipse.che.api.workspace.server.spi.InternalInfrastructureException;
import org.eclipse.che.multiuser.machine.authentication.server.signature.SignatureKeyManager;
import org.eclipse.che.multiuser.machine.authentication.server.signature.SignatureKeyManagerException;
import org.eclipse.che.workspace.infrastructure.kubernetes.server.external.ExternalServiceExposureStrategy;
import org.eclipse.che.workspace.infrastructure.kubernetes.server.external.MultiHostExternalServiceExposureStrategy;
import org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.factory.JwtProxyConfigBuilderFactory;
/**
@ -51,9 +50,7 @@ public class JwtProxyProvisioner extends AbstractJwtProxyProvisioner {
SignatureKeyManager signatureKeyManager,
JwtProxyConfigBuilderFactory jwtProxyConfigBuilderFactory,
ExternalServiceExposureStrategy externalServiceExposureStrategy,
MultiHostExternalServiceExposureStrategy multiHostStrategy,
CookiePathStrategy cookiePathStrategy,
MultiHostCookiePathStrategy multiHostCookiePathStrategy,
@Named("che.server.secure_exposer.jwtproxy.image") String jwtProxyImage,
@Named("che.server.secure_exposer.jwtproxy.memory_limit") String memoryLimitBytes,
@Named("che.server.secure_exposer.jwtproxy.cpu_limit") String cpuLimitCores,
@ -64,9 +61,7 @@ public class JwtProxyProvisioner extends AbstractJwtProxyProvisioner {
constructKeyPair(signatureKeyManager, identity),
jwtProxyConfigBuilderFactory,
externalServiceExposureStrategy,
multiHostStrategy,
cookiePathStrategy,
multiHostCookiePathStrategy,
jwtProxyImage,
memoryLimitBytes,
cpuLimitCores,

28
infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/MultiHostCookiePathStrategy.java
View File

@ -1,28 +0,0 @@
/*
* Copyright (c) 2012-2018 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
*
* SPDX-License-Identifier: EPL-2.0
*
* Contributors:
* Red Hat, Inc. - initial API and implementation
*/
package org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy;
import static org.eclipse.che.workspace.infrastructure.kubernetes.server.external.MultiHostExternalServiceExposureStrategy.MULTI_HOST_STRATEGY;
import javax.inject.Singleton;
/**
* A specialization of the {@link CookiePathStrategy} for multi-host server strategy. We need this
* declared specifically to be able to use both the configured strategy and multi-host in case of
* workspaces with mixed endpoints.
*/
@Singleton
public class MultiHostCookiePathStrategy extends CookiePathStrategy {
public MultiHostCookiePathStrategy() {
super(MULTI_HOST_STRATEGY);
}
}

5
infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/PassThroughProxyProvisioner.java
View File

@ -23,7 +23,6 @@ import org.eclipse.che.api.core.model.workspace.config.ServerConfig;
import org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity;
import org.eclipse.che.api.workspace.server.spi.InternalInfrastructureException;
import org.eclipse.che.workspace.infrastructure.kubernetes.server.external.ExternalServiceExposureStrategy;
import org.eclipse.che.workspace.infrastructure.kubernetes.server.external.MultiHostExternalServiceExposureStrategy;
import org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.factory.JwtProxyConfigBuilderFactory;
/**
@ -37,9 +36,7 @@ public class PassThroughProxyProvisioner extends AbstractJwtProxyProvisioner {
public PassThroughProxyProvisioner(
JwtProxyConfigBuilderFactory jwtProxyConfigBuilderFactory,
ExternalServiceExposureStrategy externalServiceExposureStrategy,
MultiHostExternalServiceExposureStrategy multiHostStrategy,
CookiePathStrategy cookiePathStrategy,
MultiHostCookiePathStrategy multiHostCookiePathStrategy,
@Named("che.server.secure_exposer.jwtproxy.image") String jwtImage,
@Named("che.server.secure_exposer.jwtproxy.memory_limit") String memoryLimitBytes,
@Named("che.server.secure_exposer.jwtproxy.cpu_limit") String cpuLimitCores,
@ -50,9 +47,7 @@ public class PassThroughProxyProvisioner extends AbstractJwtProxyProvisioner {
constructSignatureKeyPair(),
jwtProxyConfigBuilderFactory,
externalServiceExposureStrategy,
multiHostStrategy,
cookiePathStrategy,
multiHostCookiePathStrategy,
jwtImage,
memoryLimitBytes,
cpuLimitCores,

27
infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/provision/GatewayTlsProvisionerTest.java
View File

@ -14,9 +14,6 @@ package org.eclipse.che.workspace.infrastructure.kubernetes.provision;
import static java.util.Collections.emptyMap;
import static java.util.Collections.singletonMap;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.lenient;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import static org.testng.Assert.assertEquals;
@ -29,7 +26,6 @@ import org.eclipse.che.api.workspace.server.model.impl.ServerConfigImpl;
import org.eclipse.che.api.workspace.server.spi.InfrastructureException;
import org.eclipse.che.workspace.infrastructure.kubernetes.Annotations;
import org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment;
import org.eclipse.che.workspace.infrastructure.kubernetes.server.WorkspaceExposureType;
import org.eclipse.che.workspace.infrastructure.kubernetes.util.GatewayConfigmapLabels;
import org.mockito.Mock;
import org.mockito.testng.MockitoTestNGListener;
@ -45,8 +41,6 @@ public class GatewayTlsProvisionerTest {
@Mock private KubernetesEnvironment k8sEnv;
@Mock private RuntimeIdentity runtimeIdentity;
@Mock private GatewayConfigmapLabels gatewayConfigmapLabels;
@Mock private TlsProvisionerProvider<KubernetesEnvironment> tlsProvisionerProvider;
@Mock private TlsProvisioner<KubernetesEnvironment> nativeTlsProvisioner;
private final ServerConfigImpl httpServer =
new ServerConfigImpl("8080/tpc", "http", "/api", emptyMap());
@ -58,9 +52,7 @@ public class GatewayTlsProvisionerTest {
@BeforeMethod
public void setUp() {
lenient().when(gatewayConfigmapLabels.isGatewayConfig(any(ConfigMap.class))).thenReturn(true);
when(tlsProvisionerProvider.get(eq(WorkspaceExposureType.NATIVE)))
.thenReturn(nativeTlsProvisioner);
when(gatewayConfigmapLabels.isGatewayConfig(any(ConfigMap.class))).thenReturn(true);
}
@Test(dataProvider = "tlsProvisionData")
@ -79,7 +71,7 @@ public class GatewayTlsProvisionerTest {
.build();
GatewayTlsProvisioner<KubernetesEnvironment> gatewayTlsProvisioner =
new GatewayTlsProvisioner<>(tlsEnabled, gatewayConfigmapLabels, tlsProvisionerProvider);
new GatewayTlsProvisioner<>(tlsEnabled, gatewayConfigmapLabels);
when(k8sEnv.getConfigMaps()).thenReturn(singletonMap("route", routeConfigMap));
@ -123,24 +115,11 @@ public class GatewayTlsProvisionerTest {
when(k8sEnv.getConfigMaps()).thenReturn(singletonMap("route", routeConfigMap));
GatewayTlsProvisioner<KubernetesEnvironment> gatewayTlsProvisioner =
new GatewayTlsProvisioner<>(true, gatewayConfigmapLabels, tlsProvisionerProvider);
new GatewayTlsProvisioner<>(true, gatewayConfigmapLabels);
// when
gatewayTlsProvisioner.provision(k8sEnv, runtimeIdentity);
// then exception
}
@Test
public void nativeRoutesProvisioned() throws Exception {
// given
GatewayTlsProvisioner<KubernetesEnvironment> gatewayTlsProvisioner =
new GatewayTlsProvisioner<>(true, gatewayConfigmapLabels, tlsProvisionerProvider);
// when
gatewayTlsProvisioner.provision(k8sEnv, runtimeIdentity);
// then
verify(nativeTlsProvisioner).provision(eq(k8sEnv), eq(runtimeIdentity));
}
}

75
infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxyProvisionerTest.java
View File

@ -27,8 +27,6 @@ import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.ArgumentMatchers.isNull;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.never;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import static org.testng.Assert.assertEquals;
@ -58,7 +56,6 @@ import org.eclipse.che.multiuser.machine.authentication.server.signature.Signatu
import org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment;
import org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment.PodData;
import org.eclipse.che.workspace.infrastructure.kubernetes.server.external.ExternalServiceExposureStrategy;
import org.eclipse.che.workspace.infrastructure.kubernetes.server.external.MultiHostExternalServiceExposureStrategy;
import org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.factory.JwtProxyConfigBuilderFactory;
import org.mockito.Mock;
import org.mockito.testng.MockitoTestNGListener;
@ -84,10 +81,7 @@ public class JwtProxyProvisionerTest {
@Mock private PublicKey publicKey;
@Mock private JwtProxyConfigBuilderFactory configBuilderFactory;
@Mock private ExternalServiceExposureStrategy externalServiceExposureStrategy;
@Mock private MultiHostExternalServiceExposureStrategy multiHostExternalServiceExposureStrategy;
private CookiePathStrategy cookiePathStrategy = spy(new CookiePathStrategy(MULTI_HOST_STRATEGY));
private MultiHostCookiePathStrategy multiHostCookiePathStrategy =
spy(new MultiHostCookiePathStrategy());
private CookiePathStrategy cookiePathStrategy = new CookiePathStrategy(MULTI_HOST_STRATEGY);
private JwtProxyProvisioner jwtProxyProvisioner;
private KubernetesEnvironment k8sEnv;
@ -107,9 +101,7 @@ public class JwtProxyProvisionerTest {
signatureKeyManager,
configBuilderFactory,
externalServiceExposureStrategy,
multiHostExternalServiceExposureStrategy,
cookiePathStrategy,
multiHostCookiePathStrategy,
"eclipse/che-jwtproxy",
"128mb",
"0.5",
@ -143,7 +135,6 @@ public class JwtProxyProvisionerTest {
"terminal",
port,
"TCP",
false,
ImmutableMap.of("server", secureServer));
// then
@ -214,7 +205,6 @@ public class JwtProxyProvisionerTest {
"terminal",
port,
"TCP",
false,
ImmutableMap.of("server1", server1, "server2", server2, "server3", server3));
}
@ -229,9 +219,7 @@ public class JwtProxyProvisionerTest {
signatureKeyManager,
configBuilderFactory,
externalServiceExposureStrategy,
multiHostExternalServiceExposureStrategy,
cookiePathStrategy,
multiHostCookiePathStrategy,
"eclipse/che-jwtproxy",
"128mb",
"500m",
@ -262,7 +250,6 @@ public class JwtProxyProvisionerTest {
"terminal",
port,
"TCP",
false,
ImmutableMap.of("server1", server1));
// then
@ -280,9 +267,7 @@ public class JwtProxyProvisionerTest {
signatureKeyManager,
configBuilderFactory,
externalServiceExposureStrategy,
multiHostExternalServiceExposureStrategy,
cookiePathStrategy,
multiHostCookiePathStrategy,
"eclipse/che-jwtproxy",
"128mb",
"0.5",
@ -302,7 +287,6 @@ public class JwtProxyProvisionerTest {
"terminal",
port,
"TCP",
false,
ImmutableMap.of("server1", server1));
// then
@ -322,9 +306,7 @@ public class JwtProxyProvisionerTest {
signatureKeyManager,
configBuilderFactory,
externalServiceExposureStrategy,
multiHostExternalServiceExposureStrategy,
cookiePathStrategy,
multiHostCookiePathStrategy,
"eclipse/che-jwtproxy",
"128mb",
"0.5",
@ -338,14 +320,7 @@ public class JwtProxyProvisionerTest {
// when
jwtProxyProvisioner.expose(
k8sEnv,
podWithName(),
"machine",
null,
port,
"TCP",
false,
ImmutableMap.of("server1", server1));
k8sEnv, podWithName(), "machine", null, port, "TCP", ImmutableMap.of("server1", server1));
// then
verify(configBuilder)
@ -353,52 +328,6 @@ public class JwtProxyProvisionerTest {
eq(4400), eq("http://127.0.0.1:4401"), eq(emptySet()), eq(false), eq("/"), isNull());
}
@Test
public void multiHostStrategiesUsedForServerRequiringSubdomain() throws Exception {
// given
JwtProxyConfigBuilder configBuilder = mock(JwtProxyConfigBuilder.class);
when(configBuilderFactory.create(any())).thenReturn(configBuilder);
jwtProxyProvisioner =
new JwtProxyProvisioner(
signatureKeyManager,
configBuilderFactory,
externalServiceExposureStrategy,
multiHostExternalServiceExposureStrategy,
cookiePathStrategy,
multiHostCookiePathStrategy,
"eclipse/che-jwtproxy",
"128mb",
"0.5",
"Always",
runtimeId);
ServerConfigImpl server1 = new ServerConfigImpl("4401/tcp", "http", "/", emptyMap());
ServicePort port = new ServicePort();
port.setTargetPort(new IntOrString(4401));
// when
jwtProxyProvisioner.expose(
k8sEnv,
podWithName(),
"machine",
null,
port,
"TCP",
true,
ImmutableMap.of("server1", server1));
// then
verify(configBuilder)
.addVerifierProxy(
eq(4400), eq("http://127.0.0.1:4401"), eq(emptySet()), eq(false), eq("/"), isNull());
verify(externalServiceExposureStrategy, never()).getExternalPath(any(), any());
verify(cookiePathStrategy, never()).get(any(), any());
verify(multiHostExternalServiceExposureStrategy).getExternalPath(any(), any());
verify(multiHostCookiePathStrategy).get(any(), any());
}
private static PodData podWithName() {
ObjectMeta meta = new ObjectMeta();
meta.setName("a-pod-name");

80
infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxySecureServerExposerTest.java
View File

@ -12,7 +12,6 @@
package org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyBoolean;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.ArgumentMatchers.isNull;
@ -23,7 +22,6 @@ import static org.mockito.Mockito.when;
import com.google.common.collect.ImmutableMap;
import io.fabric8.kubernetes.api.model.IntOrString;
import io.fabric8.kubernetes.api.model.ServicePort;
import java.util.Collections;
import java.util.Map;
import org.eclipse.che.api.core.model.workspace.config.ServerConfig;
import org.eclipse.che.api.workspace.server.model.impl.ServerConfigImpl;
@ -75,12 +73,10 @@ public class JwtProxySecureServerExposerTest {
ServicePort jwtProxyServicePort = new ServicePort();
doReturn(jwtProxyServicePort)
.when(jwtProxyProvisioner)
.expose(any(), any(), anyString(), anyString(), any(), anyString(), anyBoolean(), any());
.expose(any(), any(), anyString(), anyString(), any(), anyString(), any());
when(jwtProxyProvisioner.getServiceName()).thenReturn(JWT_PROXY_SERVICE_NAME);
when(externalServerExposer.getStrategyConformingServers(eq(servers))).thenReturn(servers);
// when
secureServerExposer.expose(
k8sEnv, null, MACHINE_NAME, MACHINE_SERVICE_NAME, null, machineServicePort, servers);
@ -94,7 +90,6 @@ public class JwtProxySecureServerExposerTest {
eq(MACHINE_SERVICE_NAME),
eq(machineServicePort),
eq("TCP"),
eq(false),
any());
verify(externalServerExposer)
.expose(
@ -105,77 +100,4 @@ public class JwtProxySecureServerExposerTest {
eq(jwtProxyServicePort),
eq(servers));
}
@Test
public void shouldUseMultiHostStrategyForSubdomainRequiringServers() throws Exception {
// given
ServicePort machineServicePort = new ServicePort();
machineServicePort.setTargetPort(new IntOrString(8080));
machineServicePort.setProtocol("TCP");
Map<String, ServerConfig> servers =
ImmutableMap.of(
"server1",
new ServerConfigImpl("8080/tcp", "http", "/api", ImmutableMap.of("secure", "true")),
"server2",
new ServerConfigImpl("8080/tcp", "ws", "/connect", ImmutableMap.of("secure", "true")));
Map<String, ServerConfig> conformingServers =
Collections.singletonMap("server1", servers.get("server1"));
Map<String, ServerConfig> subdomainServers =
Collections.singletonMap("server2", servers.get("server2"));
ServicePort jwtProxyServicePort = new ServicePort();
doReturn(jwtProxyServicePort)
.when(jwtProxyProvisioner)
.expose(any(), any(), anyString(), anyString(), any(), anyString(), anyBoolean(), any());
when(jwtProxyProvisioner.getServiceName()).thenReturn(JWT_PROXY_SERVICE_NAME);
when(externalServerExposer.getStrategyConformingServers(eq(servers)))
.thenReturn(conformingServers);
when(externalServerExposer.getServersRequiringSubdomain(eq(servers)))
.thenReturn(subdomainServers);
// when
secureServerExposer.expose(
k8sEnv, null, MACHINE_NAME, MACHINE_SERVICE_NAME, null, machineServicePort, servers);
// then
verify(jwtProxyProvisioner)
.expose(
eq(k8sEnv),
any(),
anyString(),
eq(MACHINE_SERVICE_NAME),
eq(machineServicePort),
eq("TCP"),
eq(false),
any());
verify(jwtProxyProvisioner)
.expose(
eq(k8sEnv),
any(),
anyString(),
eq(MACHINE_SERVICE_NAME),
eq(machineServicePort),
eq("TCP"),
eq(true),
any());
verify(externalServerExposer)
.expose(
eq(k8sEnv),
eq(MACHINE_NAME),
eq(JWT_PROXY_SERVICE_NAME),
isNull(),
eq(jwtProxyServicePort),
eq(conformingServers));
verify(externalServerExposer)
.expose(
eq(k8sEnv),
eq(MACHINE_NAME),
eq(JWT_PROXY_SERVICE_NAME),
isNull(),
eq(jwtProxyServicePort),
eq(subdomainServers));
}
}

4
infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/PassThroughProxyProvisionerTest.java
View File

@ -33,7 +33,6 @@ import org.eclipse.che.api.workspace.server.model.impl.ServerConfigImpl;
import org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment;
import org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment.PodData;
import org.eclipse.che.workspace.infrastructure.kubernetes.server.external.ExternalServiceExposureStrategy;
import org.eclipse.che.workspace.infrastructure.kubernetes.server.external.MultiHostExternalServiceExposureStrategy;
import org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.factory.JwtProxyConfigBuilderFactory;
import org.mockito.testng.MockitoTestNGListener;
import org.testng.annotations.Listeners;
@ -62,9 +61,7 @@ public class PassThroughProxyProvisionerTest {
new PassThroughProxyProvisioner(
configBuilderFactory,
mock(ExternalServiceExposureStrategy.class),
mock(MultiHostExternalServiceExposureStrategy.class),
new CookiePathStrategy(MULTI_HOST_STRATEGY),
new MultiHostCookiePathStrategy(),
"eclipse/che-jwtproxy",
"128mb",
"0.5",
@ -87,7 +84,6 @@ public class PassThroughProxyProvisionerTest {
"terminal",
port,
"TCP",
false,
ImmutableMap.of("server1", server1));
// then

4
wsmaster/che-core-api-workspace/src/main/java/org/eclipse/che/api/workspace/server/model/impl/ServerConfigImpl.java
View File

@ -196,7 +196,9 @@ public class ServerConfigImpl implements ServerConfig {
ServerConfig.setInternal(attributes, true);
}
ServerConfig.setRequireSubdomain(attributes, devfileEndpoint);
if (devfileEndpoint) {
attributes.put(REQUIRE_SUBDOMAIN, Boolean.TRUE.toString());
}
return new ServerConfigImpl(Integer.toString(endpoint.getPort()), protocol, path, attributes);
}