You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@brooklyn.apache.org by he...@apache.org on 2016/02/01 18:46:26 UTC
[23/50] brooklyn-library git commit: Nginx key/cert copying is now
configurable;
also the destination paths are configurable (useful if there are keys on the
nginx environment nginx should make use of, instead of always copying
Nginx key/cert copying is now configurable; also the destination paths are configurable (useful if there are keys on the nginx environment nginx should make use of, instead of always copying
Project: http://git-wip-us.apache.org/repos/asf/brooklyn-library/repo
Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-library/commit/af388f51
Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-library/tree/af388f51
Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-library/diff/af388f51
Branch: refs/heads/0.4.0
Commit: af388f516c764186818cd4baba35bd12ed1f5e9a
Parents: c582285
Author: Peter Veentjer <pe...@cloudsoft.com>
Authored: Sat Oct 6 11:20:50 2012 +0300
Committer: Peter Veentjer <pe...@cloudsoft.com>
Committed: Sat Oct 6 11:20:50 2012 +0300
----------------------------------------------------------------------
.../brooklyn/entity/proxy/ProxySslConfig.groovy | 35 ++++++++---
.../entity/proxy/nginx/NginxController.groovy | 62 ++++++++++++++------
.../nginx/NginxHttpsSslIntegrationTest.groovy | 11 ++--
3 files changed, 75 insertions(+), 33 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/brooklyn-library/blob/af388f51/software/webapp/src/main/java/brooklyn/entity/proxy/ProxySslConfig.groovy
----------------------------------------------------------------------
diff --git a/software/webapp/src/main/java/brooklyn/entity/proxy/ProxySslConfig.groovy b/software/webapp/src/main/java/brooklyn/entity/proxy/ProxySslConfig.groovy
index 91a17d0..3ed4149 100644
--- a/software/webapp/src/main/java/brooklyn/entity/proxy/ProxySslConfig.groovy
+++ b/software/webapp/src/main/java/brooklyn/entity/proxy/ProxySslConfig.groovy
@@ -22,7 +22,23 @@ public class ProxySslConfig implements Serializable {
* (however it will not currently merge multiple certificates.
* if conflicting certificates are attempted to be installed nginx will complain.)
*/
- String certificate, key;
+ String sourceCertificateUrl;
+
+ String sourceKeyUrl;
+
+ /**
+ * Sets the ssl_certificate path to be used. If set to null, Brooklyn will take control. If explicitly set
+ * this value will be placed in the ssl_certificate. Setting this field is useful if there is a certificate on the
+ * nginx machine you want to make use of.
+ */
+ String certificateDestination;
+
+ /**
+ * Sets the ssl_certificate_key path to be used. If set to null, Brooklyn will take control. If explicitly set
+ * this value will be placed in the ssl_certificate_key. Setting this field is useful if there is a certificate_key
+ * on the nginx machine you want to make use of.
+ */
+ String keyDestination;
/** whether the downstream server (if mapping) also expects https; default false */
boolean targetIsSsl = false;
@@ -31,12 +47,11 @@ public class ProxySslConfig implements Serializable {
* corresponds to nginx setting: proxy_ssl_session_reuse on|off */
boolean reuseSessions = false;
-
// autogenerated hash code and equals; nothing special required
-
+
@Override
public int hashCode() {
- return Objects.hashCode(certificate, key, reuseSessions, targetIsSsl);
+ return Objects.hashCode(sourceCertificateUrl, sourceKeyUrl, certificateDestination, keyDestination, reuseSessions, targetIsSsl);
}
@Override
@@ -48,10 +63,12 @@ public class ProxySslConfig implements Serializable {
if (getClass() != obj.getClass())
return false;
ProxySslConfig other = (ProxySslConfig) obj;
-
- return Objects.equal(certificate, other.certificate) &&
- Objects.equal(key, other.key) &&
- Objects.equal(reuseSessions, other.reuseSessions) &&
- Objects.equal(targetIsSsl, other.targetIsSsl);
+
+ return Objects.equal(sourceCertificateUrl, other.sourceCertificateUrl) &&
+ Object.equals(certificateDestination, other.certificateDestination) &&
+ Object.equals(keyDestination, other.keyDestination) &&
+ Objects.equal(sourceKeyUrl, other.sourceKeyUrl) &&
+ Objects.equal(reuseSessions, other.reuseSessions) &&
+ Objects.equal(targetIsSsl, other.targetIsSsl);
}
}
http://git-wip-us.apache.org/repos/asf/brooklyn-library/blob/af388f51/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxController.groovy
----------------------------------------------------------------------
diff --git a/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxController.groovy b/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxController.groovy
index 2e32eef..8646a5e 100644
--- a/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxController.groovy
+++ b/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxController.groovy
@@ -162,20 +162,31 @@ public class NginxController extends AbstractController {
}
Set<String> installedKeysCache = [];
- /** installs SSL keys named as ID.{crt,key} where nginx can find them;
+
+ /** installs SSL keys named as ID.{crt,key} where nginx can find them;
* currently skips re-installs (does not support changing)
*/
protected void installSslKeys(String id, ProxySslConfig ssl) {
- if (ssl==null) return;
+ if (ssl == null) return;
+
if (installedKeysCache.contains(id)) return;
- NginxSshDriver driver = (NginxSshDriver)getDriver();
- driver.machine.copyTo(permissions: "0400",
- new ResourceUtils(this).getResourceFromUrl(ssl.certificate),
- driver.getRunDir()+"/conf/"+id+".crt");
- if (ssl.key!=null)
- driver.machine.copyTo(permissions: "0400",
- new ResourceUtils(this).getResourceFromUrl(ssl.key),
- driver.getRunDir()+"/conf/"+id+".key");
+
+ NginxSshDriver driver = (NginxSshDriver) getDriver();
+
+ if (ssl.sourceCertificateUrl != null) {
+ String certificateDestination = ssl.certificateDestination == null ? driver.getRunDir() + "/conf/" + id + ".crt" : ssl.certificateDestination;
+ driver.machine.copyTo(permissions: "0400",
+ new ResourceUtils(this).getResourceFromUrl(ssl.sourceCertificateUrl),
+ certificateDestination);
+ }
+
+ if (ssl.sourceKeyUrl != null) {
+ String keyDestination = ssl.keyDestination == null ? driver.getRunDir() + "/conf/" + id + ".key" : ssl.keyDestination;
+ driver.machine.copyTo(permissions: "0400",
+ new ResourceUtils(this).getResourceFromUrl(ssl.sourceKeyUrl),
+ keyDestination);
+ }
+
installedKeysCache.add(id);
}
@@ -329,10 +340,10 @@ public class NginxController extends AbstractController {
return config.toString();
}
-
+
public boolean appendSslConfig(String id, StringBuilder out, String prefix, ProxySslConfig ssl,
- boolean sslBlock, boolean certificateBlock) {
- if (ssl==null) return false;
+ boolean sslBlock, boolean certificateBlock) {
+ if (ssl == null) return false;
if (sslBlock) {
out.append(prefix);
out.append("ssl on;\n");
@@ -342,13 +353,28 @@ public class NginxController extends AbstractController {
out.append("proxy_ssl_session_reuse on;");
}
if (certificateBlock) {
- String cert = ""+id+".crt";
+ String cert;
+ if (ssl.certificateDestination != null) {
+ cert = ssl.certificateDestination;
+ } else {
+ cert = "" + id + ".crt";
+ }
+
out.append(prefix);
- out.append("ssl_certificate "+cert+";\n");
- if (ssl.key!=null) {
- String key = ""+id+".key";
+ out.append("ssl_certificate " + cert + ";\n");
+
+ String key;
+ if (ssl.keyDestination != null) {
+ key = ssl.keyDestination;
+ } else if (ssl.sourceKeyUrl != null) {
+ key = "" + id + ".key";
+ } else {
+ key = null;
+ }
+
+ if (key != null) {
out.append(prefix);
- out.append("ssl_certificate_key "+key+";\n");
+ out.append("ssl_certificate_key " + key + ";\n");
}
}
return true;
http://git-wip-us.apache.org/repos/asf/brooklyn-library/blob/af388f51/software/webapp/src/test/java/brooklyn/entity/proxy/nginx/NginxHttpsSslIntegrationTest.groovy
----------------------------------------------------------------------
diff --git a/software/webapp/src/test/java/brooklyn/entity/proxy/nginx/NginxHttpsSslIntegrationTest.groovy b/software/webapp/src/test/java/brooklyn/entity/proxy/nginx/NginxHttpsSslIntegrationTest.groovy
index a284054..8ab3413 100644
--- a/software/webapp/src/test/java/brooklyn/entity/proxy/nginx/NginxHttpsSslIntegrationTest.groovy
+++ b/software/webapp/src/test/java/brooklyn/entity/proxy/nginx/NginxHttpsSslIntegrationTest.groovy
@@ -1,7 +1,6 @@
package brooklyn.entity.proxy.nginx;
import static brooklyn.test.TestUtils.*
-import static java.util.concurrent.TimeUnit.*
import static org.testng.Assert.*
import org.slf4j.Logger
@@ -56,11 +55,11 @@ public class NginxHttpsSslIntegrationTest {
cluster = new DynamicCluster(owner:app, factory:template, initialSize:1)
cluster.setConfig(JavaWebAppService.ROOT_WAR, WAR_URL)
- ProxySslConfig ssl = new ProxySslConfig(certificate:CERTIFICATE_URL, key:KEY_URL);
+ ProxySslConfig ssl = new ProxySslConfig(sourceCertificateUrl:CERTIFICATE_URL, sourceKeyUrl:KEY_URL);
nginx = new NginxController(app,
- cluster: cluster,
- domain : "localhost",
- port: "8443+",
+ cluster: cluster,
+ domain : "localhost",
+ port: "8443+",
ssl: ssl
);
@@ -81,7 +80,7 @@ public class NginxHttpsSslIntegrationTest {
// Web-server URL is available
cluster.members.each {
- assertTrue urlRespondsWithStatusCode200(it.getAttribute(WebAppService.ROOT_URL))
+ assertTrue urlRespondsWithStatusCode200(it.getAttribute(WebAppService.ROOT_URL))
}
}