You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@openwhisk.apache.org by GitBox <gi...@apache.org> on 2017/12/12 20:54:54 UTC
[GitHub] dgrove-oss closed pull request #3093: Make OpenWhisk CLI available only via redirect
dgrove-oss closed pull request #3093: Make OpenWhisk CLI available only via redirect
URL: https://github.com/apache/incubator-openwhisk/pull/3093
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/ansible/edge.yml b/ansible/edge.yml
index 6566d572ae..4a566b96fd 100644
--- a/ansible/edge.yml
+++ b/ansible/edge.yml
@@ -1,10 +1,8 @@
---
# This playbook deploys Openwhisk Edge servers.
# The edge is usually populated with NGINX serving as proxy.
-# The CLI also gets built and published for downloading from NGINX.
-# SDKs for blackbox and iOS get published to NGINX also.
+# The CLI and SDKs for blackbox and iOS are available via redirect
- hosts: edge
roles:
- nginx
- - cli
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index 78366dd2fc..54ecd8dad3 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -251,7 +251,6 @@ sdk:
cli:
path: "{{ openwhisk_home }}/bin/wsk"
- nginxdir: "{{ nginx.confdir }}/cli/go/download"
dir:
become: "{{ cli_dir_become | default(false) }}"
@@ -292,41 +291,23 @@ catalog_repos:
version: "HEAD"
repo_update: "no"
+# The version of the openwhisk cli to use
openwhisk_cli_tag: "{{ lookup('ini', 'git_tag section=openwhisk-cli file={{ openwhisk_home }}/ansible/files/package-versions.ini') }}"
-# The openwhisk_cli is used to determine how to install the OpenWhisk CLI. The
-# installation_mode can be specified into two modes: remote and local.
-# The mode remote means to download the available binaries from the releases page
-# of the official openwhisk cli repository. The mode local means to build the binaries
-# locally in a directory and get them from the local directory. The default value
-# for openwhisk is local.
-#
-# The name specifies the package name of the binaries in remote mode.
-#
-# The dest_name specifies the package name of the binaries in Nginx in remote mode.
-#
-# The location specifies the official website where Openwhisk CLI is hosted in
-# remote mode or location to save the binaries of the OpenWhisk CLI in local mode.
-#
-
+# Where to find cli binaries
openwhisk_cli:
- installation_mode: "{{ cli_installation_mode | default('remote') }}"
- local:
- location: "{{ openwhisk_cli_home }}/bin"
remote:
- name: OpenWhisk_CLI
- dest_name: OpenWhisk_CLI
- location: "https://github.com/apache/incubator-openwhisk-cli/releases/download/{{ openwhisk_cli_tag }}"
+ package_name: OpenWhisk_CLI
+ location_browse: "https://github.com/apache/incubator-openwhisk-cli/releases/{{ openwhisk_cli_tag }}"
+ location_download: "https://github.com/apache/incubator-openwhisk-cli/releases/download/{{ openwhisk_cli_tag }}"
-# The list of operating systems for which openwhisk cli binaries are downloaded,
-# if the installation_mode is remote.
+# The list of operating systems for which openwhisk cli binaries are available
cli_os:
- linux
- mac
- windows
-# The list of architectures for which openwhisk cli binaries are downloaded,
-# if the installation_mode is remote.
+# The list of architectures for which openwhisk cli binaries are available
cli_arch:
- amd64
- 386
diff --git a/ansible/install_cli.yml b/ansible/install_cli.yml
new file mode 100644
index 0000000000..4cc5fff50e
--- /dev/null
+++ b/ansible/install_cli.yml
@@ -0,0 +1,7 @@
+---
+# This playbook installs the cli to {{ openwhisk_home }}/bin/wsk
+
+- hosts: ansible
+ tasks:
+ - include: tasks/install_cli.yml
+ when: mode == "deploy"
diff --git a/ansible/openwhisk.yml b/ansible/openwhisk.yml
index 58263b6389..a5c085b808 100644
--- a/ansible/openwhisk.yml
+++ b/ansible/openwhisk.yml
@@ -3,6 +3,8 @@
# It assumes you have already set up your database with the respective db provider playbook (currently cloudant.yml or couchdb.yml)
# It assumes that wipe.yml have being deployed at least once
+- include: install_cli.yml
+
- include: kafka.yml
- include: controller.yml
diff --git a/ansible/publish.yml b/ansible/publish.yml
deleted file mode 100644
index 037e5a586a..0000000000
--- a/ansible/publish.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-# This playbook updates CLIs and SDKs on an existing edge host.
-# Artifacts get built and published to NGINX. This assumes an already running egde host in an Openwhisk deployment.
-
-- hosts: edge
- roles:
- - cli
- - sdk
diff --git a/ansible/roles/cli/files/createContentJson.sh b/ansible/roles/cli/files/createContentJson.sh
deleted file mode 100755
index 9f0c492c79..0000000000
--- a/ansible/roles/cli/files/createContentJson.sh
+++ /dev/null
@@ -1,70 +0,0 @@
-#!/bin/bash
-
-set +x
-set -e
-
-get_compressed_name() {
- local os=$1
- local arch=$2
- local product_name=$3
-
- if [ $arch = amd64 ]; then
- comp_name="$product_name-$os";
- elif [ $arch = 386 ]; then
- comp_name="$product_name-$os-32bit";
- else
- comp_name="$product_name-$os-$arch";
- fi
-
- echo $comp_name;
-};
-
-get_binary_path() {
- local comp_name=$1
- local os=$2
- local arch=$3
-
- if [ $os = "linux" ]; then
- comp_name="$comp_name.tgz"
- else
- comp_name="$comp_name.zip"
- fi
- echo $os/$arch/$comp_name;
-};
-
-create_cli_packages() {
- local dirIndex="{\"cli\":{"
-
- for platform in $platforms; do
- dirIndex="$dirIndex\"$platform\":{"
-
- for arch in $archs; do
- comp_name=$(get_compressed_name $platform $arch $zip_name)
- comp_path=$(get_binary_path $comp_name $platform $arch)
-
- if [ $arch = $default_arch ]; then
- dirIndex="$dirIndex\"default\":{\"path\":\"$comp_path\"},";
- fi
-
- dirIndex="$dirIndex\"$arch\":{\"path\":\"$comp_path\"},";
- done
-
- dirIndex="$(echo $dirIndex | rev | cut -c2- | rev)"
- dirIndex="$dirIndex},";
- done
-
- dirIndex="$(echo $dirIndex | rev | cut -c2- | rev)"
- dirIndex="$dirIndex}}"
-
- mkdir -p "${PATH_CONTENT_JSON}"
- echo $dirIndex > "${PATH_CONTENT_JSON}/content.json"
-};
-
-archs="386 amd64";
-default_arch="amd64"
-
-PATH_CONTENT_JSON=$1
-BINARY_TAG=$2
-platforms=$3
-zip_name=$4
-create_cli_packages
diff --git a/ansible/roles/cli/tasks/clean.yml b/ansible/roles/cli/tasks/clean.yml
deleted file mode 100644
index 6c365ab0cb..0000000000
--- a/ansible/roles/cli/tasks/clean.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-
-- name: remove cli nginx directory
- file:
- path: "{{ cli.nginxdir }}"
- state: absent
- become: "{{ cli.dir.become }}"
diff --git a/ansible/roles/cli/tasks/cli_remote_mode.yml b/ansible/roles/cli/tasks/cli_remote_mode.yml
deleted file mode 100644
index 063ac5144e..0000000000
--- a/ansible/roles/cli/tasks/cli_remote_mode.yml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-
-# Download the cli for the remote mode and generate the content.json file
-
-- name: "download the binaries from the release page of OpenWhisk CLI"
- include: download_openwhisk_cli.yml
- with_nested:
- - "{{ cli_os }}"
- - "{{ cli_arch }}"
-
-- name: "generate content.json locally for Nginx CLI directory"
- local_action: shell "./createContentJson.sh" "{{ config_root_dir }}" "{{ openwhisk_cli_tag }}" "{{ cli_os | join(" ") }}" "{{ openwhisk_cli.remote.dest_name }}" chdir="{{ openwhisk_home }}/ansible/roles/cli/files"
-
-- name: "ensure Nginx cli directory is writable"
- file:
- path: "{{ cli.nginxdir }}"
- state: directory
- mode: 0777
- become: "{{ cli.dir.become }}"
-
-- name: "copy the local content.json to the remote node"
- copy: src={{ config_root_dir }}/content.json dest={{ cli.nginxdir }}/
-
-- name: "delete the local content.json"
- local_action: file path={{ config_root_dir }}/content.json state=absent
diff --git a/ansible/roles/cli/tasks/copy_local_openwhisk_cli.yml b/ansible/roles/cli/tasks/copy_local_openwhisk_cli.yml
deleted file mode 100644
index 50bce81e19..0000000000
--- a/ansible/roles/cli/tasks/copy_local_openwhisk_cli.yml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-
-# Copy the cli binaries to Nginx directory
-
-- local_action: stat path={{ openwhisk_cli.local.location }}/{{ item }}
- register: binary_path
-
-- name: "ensure Nginx cli directory is writable"
- file:
- path: "{{ cli.nginxdir }}"
- state: directory
- mode: 0777
- become: "{{ cli.dir.become }}"
-
-- name: "copy the local binaries from a local directory to Nginx directory"
- copy: src={{ openwhisk_cli.local.location }}/{{ item }} dest={{ cli.nginxdir }}/
- when: binary_path.stat.exists
diff --git a/ansible/roles/cli/tasks/deploy.yml b/ansible/roles/cli/tasks/deploy.yml
deleted file mode 100644
index 3961ab84c0..0000000000
--- a/ansible/roles/cli/tasks/deploy.yml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-# Tasks for handling CLI customization and publishing
-
-- name: "ensure nginx directory for cli exists"
- file:
- path: "{{ cli.nginxdir }}"
- state: directory
- become: "{{ cli.dir.become }}"
-
-- set_fact:
- cli_installation_mode="{{ openwhisk_cli.installation_mode }}"
-
-- include: docker_login.yml
-
-- name: "download the binaries from the release page of OpenWhisk CLI"
- include: cli_remote_mode.yml
- when: cli_installation_mode == "remote"
-
-- name: "copy the binaries from a local directory to Nginx directory"
- include: copy_local_openwhisk_cli.yml
- when: cli_installation_mode == "local"
- with_items: "{{ cli_os }}"
-
-- name: "copy the local content.json from a local directory to Nginx directory"
- copy: src={{ openwhisk_cli.local.location }}/content.json dest={{ cli.nginxdir }}/
- when: cli_installation_mode == "local"
-
-- include: download_cli.yml
diff --git a/ansible/roles/cli/tasks/download_cli.yml b/ansible/roles/cli/tasks/download_cli.yml
deleted file mode 100644
index 6024b0682d..0000000000
--- a/ansible/roles/cli/tasks/download_cli.yml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-
-# Download the cli to openwhisk_home
-
-- name: "download cli (linux) to openwhisk home at {{ openwhisk_home }}"
- local_action: >
- get_url
- url="https://{{ groups['edge'] | first }}/cli/go/download/linux/amd64/wsk"
- dest="{{ openwhisk_home }}/bin/wsk"
- mode=0755
- validate_certs=False
- force=True
- when: ('environments/docker-machine' not in inventory_dir) and (ansible_os_family != "Darwin")
-
-- name: "download cli for mac (docker-machine or Docker for Mac) to openwhisk home at {{ openwhisk_home }}"
- local_action: >
- get_url
- url="https://{{ groups['edge'] | first }}/cli/go/download/mac/amd64/wsk"
- dest="{{ openwhisk_home }}/bin/wsk"
- mode=0755
- validate_certs=False
- force=True
- when: ('environments/docker-machine' in inventory_dir ) or (ansible_os_family == "Darwin")
diff --git a/ansible/roles/cli/tasks/download_openwhisk_cli.yml b/ansible/roles/cli/tasks/download_openwhisk_cli.yml
deleted file mode 100644
index 7ea209bedb..0000000000
--- a/ansible/roles/cli/tasks/download_openwhisk_cli.yml
+++ /dev/null
@@ -1,73 +0,0 @@
----
-
-# Download the cli to Nginx CLI directory and unzip them
-
-- name: "set the basic variables os, arc and suffix"
- set_fact:
- os="{{ item[0] }}"
- arc="{{ item[1] }}"
- suffix="zip"
-
-- name: "change the suffix to tgz if the operating system is Linux"
- set_fact:
- suffix="tgz"
- when: os == "linux"
-
-- name: "set the file name to download"
- set_fact:
- source_name="{{ openwhisk_cli.remote.name }}-{{ openwhisk_cli_tag }}-{{ os }}-{{ arc }}.{{ suffix }}"
-
-- name: "set the destination file name locally after download for 32 bit"
- set_fact:
- dest_name="{{ openwhisk_cli.remote.dest_name }}-{{ os }}-32bit.{{ suffix }}"
- when: arc == "386"
-
-- name: "set the destination file name locally after download for 64 bit"
- set_fact:
- dest_name="{{ openwhisk_cli.remote.dest_name }}-{{ os }}.{{ suffix }}"
- when: arc == "amd64"
-
-- name: "set the http header used to download the binary packages"
- set_fact:
- headers="{{ openwhisk_cli.remote.headers }}"
- when: openwhisk_cli.remote.headers is defined
-
-- name: "set the http header to empty"
- set_fact:
- headers=""
- when: openwhisk_cli.remote.headers is not defined
-
-- name: "set the volume_dir"
- vars:
- instance: "{{instances | selectattr('name', 'equalto', 'db') | list | first}}"
- set_fact:
- volume_dir: "{{ instance.volume.fsmount | default( '/mnt/' + group_names|first, true ) }}:/usr/local/var/lib/couchdb"
- when: (block_device is defined) and (block_device in disk_status.stdout)
-
-- name: "ensure Nginx cli directory for ({{ os }}) {{ arc }} exists"
- file:
- path: "{{ cli.nginxdir }}/{{ os }}/{{ arc }}"
- state: directory
- mode: 0777
- become: "{{ cli.dir.become }}"
-
-- name: "download cli ({{ os }}) {{ arc }} to Nginx directory"
- get_url:
- url: "{{ openwhisk_cli.remote.location }}/{{ source_name }}"
- dest: "{{ cli.nginxdir }}/{{ os }}/{{ arc }}/{{ dest_name }}"
- headers: "{{ headers }}"
- mode: 0755
-
-- name: "unarchive cli for Mac and Windows"
- unarchive:
- src: "{{ cli.nginxdir }}/{{ os }}/{{ arc }}/{{ dest_name }}"
- dest: "{{ cli.nginxdir }}/{{ os }}/{{ arc }}/"
- remote_src: True
- when: os != "linux"
-
-- name: "unarchive cli for Linux"
- command: tar -zxvf {{ dest_name }}
- args:
- chdir: "{{ cli.nginxdir }}/{{ os }}/{{ arc }}/"
- when: os == "linux"
-
diff --git a/ansible/roles/cli/tasks/main.yml b/ansible/roles/cli/tasks/main.yml
deleted file mode 100644
index b03b406c3a..0000000000
--- a/ansible/roles/cli/tasks/main.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-# This role will configure and publish the CLI tarball.
-# In deploy mode it will generate a new CLI config, generate a tarball and copy it to nginx.
-# In clean mode it will clean the cli.nginxdir
-
-- include: deploy.yml
- when: mode == "deploy"
-
-- include: clean.yml
- when: mode == "clean"
diff --git a/ansible/roles/nginx/templates/nginx.conf.j2 b/ansible/roles/nginx/templates/nginx.conf.j2
index 2212102bc8..f0ba461abc 100644
--- a/ansible/roles/nginx/templates/nginx.conf.j2
+++ b/ansible/roles/nginx/templates/nginx.conf.j2
@@ -90,9 +90,18 @@ http {
return 301 https://github.com/apache/incubator-openwhisk-client-swift/releases/download/0.2.3/starterapp-0.2.3.zip;
}
+ # redirect requests for specific binaries to the matching one from the {{ openwhisk_cli_tag }} openwhisk-cli release.
+{% for os in cli_os %}
+ {% for arch in cli_arch %}
+ location /cli/go/download/{{ os }}/{{ arch }} {
+ return 301 {{ openwhisk_cli.remote.location_download }}/{{ openwhisk_cli.remote.package_name }}-{{ openwhisk_cli_tag }}-{{ os }}-{{ arch }}{% if os == 'linux' %}.tgz{% else %}.zip{% endif %};
+ }
+ {% endfor %}
+{% endfor %}
+
+ # redirect top-level cli downloads to the {{ openwhisk_cli_tag }} openwhisk-cli release.
location /cli/go/download {
- autoindex on;
- root /etc/nginx;
+ return 301 {{ openwhisk_cli.remote.location_browse }};
}
}
}
diff --git a/ansible/tasks/install_cli.yml b/ansible/tasks/install_cli.yml
new file mode 100644
index 0000000000..972116a128
--- /dev/null
+++ b/ansible/tasks/install_cli.yml
@@ -0,0 +1,40 @@
+---
+
+# Download the cli to openwhisk_home/bin and unarchive it.
+
+- name: "set the file name to download for linux"
+ set_fact:
+ cli_download_name={{ openwhisk_cli.remote.package_name }}-{{ openwhisk_cli_tag }}-linux-amd64.tgz
+ when: ('environments/docker-machine' not in inventory_dir) and (ansible_os_family != "Darwin")
+
+- name: "set the file name to download for mac"
+ set_fact:
+ cli_download_name={{ openwhisk_cli.remote.package_name }}-{{ openwhisk_cli_tag }}-mac-amd64.zip
+ when: ('environments/docker-machine' in inventory_dir ) or (ansible_os_family == "Darwin")
+
+
+- name: "set the http header for downloading the binary packages"
+ set_fact:
+ headers="{{ openwhisk_cli.remote.headers }}"
+ when: openwhisk_cli.remote.headers is defined
+
+- name: "set the http header for downloading the binary packages to empty"
+ set_fact:
+ headers=""
+ when: openwhisk_cli.remote.headers is not defined
+
+
+- name: "download cli package to openwhisk home at {{ openwhisk_home }}"
+ local_action: >
+ get_url
+ url="{{ openwhisk_cli.remote.location_download }}/{{ cli_download_name }}"
+ headers="{{ headers }}"
+ dest="{{ openwhisk_home }}/bin/{{ cli_download_name }}"
+ mode=0755
+
+- name: "unarchive cli {{ openwhisk_home }}/bin/wsk"
+ local_action: >
+ unarchive
+ src="{{ openwhisk_home }}/bin/{{ cli_download_name }}"
+ dest="{{ openwhisk_home }}/bin"
+ creates="{{ openwhisk_home }}/bin/wsk"
diff --git a/tests/src/test/scala/system/rest/GoCLINginxTests.scala b/tests/src/test/scala/system/rest/GoCLINginxTests.scala
index a5049a63f5..35b08f4149 100644
--- a/tests/src/test/scala/system/rest/GoCLINginxTests.scala
+++ b/tests/src/test/scala/system/rest/GoCLINginxTests.scala
@@ -24,11 +24,8 @@ import org.scalatest.junit.JUnitRunner
import com.jayway.restassured.RestAssured
-import spray.json._
-import DefaultJsonProtocol._
-
/**
- * Basic tests of the download link for Go CLI binaries
+ * Basic tests of the download redirects for Go CLI binaries
*/
@RunWith(classOf[JUnitRunner])
class GoCLINginxTests extends FlatSpec with Matchers with RestUtil {
@@ -38,48 +35,26 @@ class GoCLINginxTests extends FlatSpec with Matchers with RestUtil {
val Architectures = List("386", "amd64")
val ServiceURL = getServiceURL()
- it should s"respond to all files in root directory" in {
- val response = RestAssured.given().config(sslconfig).get(s"$ServiceURL/$DownloadLinkGoCli")
- response.statusCode should be(200)
- val responseString = response.body.asString
- responseString should include("""<a href="content.json">content.json</a>""")
- val responseJSON = RestAssured.given().config(sslconfig).get(s"$ServiceURL/$DownloadLinkGoCli/content.json")
- responseJSON.statusCode should be(200)
- val cli = responseJSON.body.asString.parseJson.asJsObject
- .fields("cli")
- .convertTo[Map[String, Map[String, Map[String, String]]]]
- cli.foreach {
- case (os, arch) => responseString should include(s"""<a href="$os/">$os/</a>""")
- }
- }
-
- it should "respond to all operating systems and architectures in HTML index" in {
- val responseJSON = RestAssured.given().config(sslconfig).get(s"$ServiceURL/$DownloadLinkGoCli/content.json")
- responseJSON.statusCode should be(200)
- val cli = responseJSON.body.asString.parseJson.asJsObject
- .fields("cli")
- .convertTo[Map[String, Map[String, Map[String, String]]]]
- cli.foreach {
- case (os, arch) =>
- val response = RestAssured.given().config(sslconfig).get(s"$ServiceURL/$DownloadLinkGoCli/$os")
- response.statusCode should be(200)
- val responseString = response.body.asString
- arch.foreach {
- case (arch, path) =>
- if (arch != "default") {
- responseString should include(s"""<a href="$arch/">$arch/</a>""")
- }
- }
- }
+ it should s"check redirect for root directory request" in {
+ val response =
+ RestAssured.given().config(sslconfig).redirects().follow(false).get(s"$ServiceURL/$DownloadLinkGoCli")
+ response.statusCode should be(301)
+ response.header("Location") should include("https://github.com/apache/incubator-openwhisk-cli/releases")
+ println(response.header("Location"))
}
- it should "respond to the download paths in content.json" in {
- val response = RestAssured.given().config(sslconfig).get(s"$ServiceURL/$DownloadLinkGoCli/content.json")
- response.statusCode should be(200)
- val cli =
- response.body.asString.parseJson.asJsObject.fields("cli").convertTo[Map[String, Map[String, Map[String, String]]]]
- cli.values.flatMap(_.values).flatMap(_.values).foreach { path =>
- RestAssured.given().config(sslconfig).get(s"$ServiceURL/$DownloadLinkGoCli/$path").statusCode should be(200)
+ it should "check redirect exists for all operating system and architecture pairs" in {
+ for (os <- OperatingSystems) {
+ for (arch <- Architectures) {
+ val response = RestAssured
+ .given()
+ .config(sslconfig)
+ .redirects()
+ .follow(false)
+ .get(s"$ServiceURL/$DownloadLinkGoCli/$os/$arch")
+ response.statusCode should be(301)
+ response.header("Location") should include(s"$os-$arch")
+ }
}
}
}
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services