This is an automated email from the ASF dual-hosted git repository.
heneveld pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git
The following commit(s) were added to refs/heads/master by this push:
new 856b8a0 Controllin ADD_JAVA and ADD_CATALOG entitlements in
BundleResource
new 7359f19 This closes #1219
856b8a0 is described below
commit 856b8a098de089931ee1944eccd341c9b28fe70d
Author: Juan Cabrerizo <j...@cloudsoft.io>
AuthorDate: Tue Aug 10 15:12:14 2021 +0100
Controllin ADD_JAVA and ADD_CATALOG entitlements in BundleResource
---
.../brooklyn/rest/resources/BundleResource.java | 14 ++++++--
.../brooklyn/rest/resources/CatalogResource.java | 18 ++--------
.../rest/resources/CatalogResourceTest.java | 25 --------------
.../java/org/apache/brooklyn/util/io/FileUtil.java | 18 ++++++++++
.../org/apache/brooklyn/util/io/FileUtilTest.java | 38 ++++++++++++++++++---
.../brooklyn/files}/testNoJava-0.1.0-SNAPSHOT.jar | Bin
.../files}/testWithJava-0.1.0-SNAPSHOT.jar | Bin
7 files changed, 65 insertions(+), 48 deletions(-)
diff --git
a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/BundleResource.java
b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/BundleResource.java
index c3650a4..824195a 100644
---
a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/BundleResource.java
+++
b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/BundleResource.java
@@ -50,6 +50,7 @@ import org.apache.brooklyn.rest.util.WebResourceUtils;
import org.apache.brooklyn.util.collections.MutableList;
import org.apache.brooklyn.util.exceptions.Exceptions;
import org.apache.brooklyn.util.exceptions.ReferenceWithError;
+import org.apache.brooklyn.util.io.FileUtil;
import org.apache.brooklyn.util.osgi.VersionedName;
import org.apache.brooklyn.util.osgi.VersionedName.VersionedNameComparator;
import org.apache.brooklyn.util.stream.InputStreamSource;
@@ -209,14 +210,21 @@ public class BundleResource extends
AbstractBrooklynRestResource implements Bund
@Override @Deprecated
public Response create(byte[] contents, String format, Boolean force) {
- if (!Entitlements.isEntitled(mgmt().getEntitlementManager(),
Entitlements.ROOT, null)) {
- throw WebResourceUtils.forbidden("User '%s' is not authorized to
add catalog items",
+ InputStreamSource source = InputStreamSource.of("REST bundle upload",
contents);
+ if(!BrooklynBomYamlCatalogBundleResolver.FORMAT.equals(format) &&
FileUtil.isJava(source)){
+ if (!Entitlements.isEntitled(mgmt().getEntitlementManager(),
Entitlements.ADD_JAVA, null)) {
+ throw WebResourceUtils.forbidden("User '%s' is not authorized
to add catalog item containing java classes",
+ Entitlements.getEntitlementContext().user());
+ }
+ }
+ if (!Entitlements.isEntitled(mgmt().getEntitlementManager(),
Entitlements.ADD_CATALOG_ITEM, null)) {
+ throw WebResourceUtils.forbidden("User '%s' is not authorized to
add catalog item",
Entitlements.getEntitlementContext().user());
}
if (force==null) force = false;
ReferenceWithError<OsgiBundleInstallationResult> result =
((ManagementContextInternal)mgmt()).getOsgiManager().get()
- .install(InputStreamSource.of("REST bundle upload", contents),
format, force);
+ .install(source, format, force);
if (result.hasError()) {
// (rollback already done as part of install, if necessary)
diff --git
a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/CatalogResource.java
b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/CatalogResource.java
index 9bb88d9..35fd1c7 100644
---
a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/CatalogResource.java
+++
b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/CatalogResource.java
@@ -66,6 +66,7 @@ import org.apache.brooklyn.util.collections.MutableSet;
import org.apache.brooklyn.util.core.ResourceUtils;
import org.apache.brooklyn.util.exceptions.Exceptions;
import org.apache.brooklyn.util.exceptions.ReferenceWithError;
+import org.apache.brooklyn.util.io.FileUtil;
import org.apache.brooklyn.util.stream.InputStreamSource;
import org.apache.brooklyn.util.text.StringPredicates;
import org.apache.brooklyn.util.text.Strings;
@@ -146,7 +147,7 @@ public class CatalogResource extends
AbstractBrooklynRestResource implements Cat
@Override
public Response create(byte[] archive, String format, boolean detail,
boolean itemDetails, boolean forceUpdate) {
InputStreamSource source = InputStreamSource.of("REST bundle upload",
archive);
- if(!BrooklynBomYamlCatalogBundleResolver.FORMAT.equals(format) &&
isJava(source)){
+ if(!BrooklynBomYamlCatalogBundleResolver.FORMAT.equals(format) &&
FileUtil.isJava(source)){
if (!Entitlements.isEntitled(mgmt().getEntitlementManager(),
Entitlements.ADD_JAVA, null)) {
throw WebResourceUtils.forbidden("User '%s' is not authorized
to add catalog item containing java classes",
Entitlements.getEntitlementContext().user());
@@ -191,21 +192,6 @@ public class CatalogResource extends
AbstractBrooklynRestResource implements Cat
return Response.status(status).entity( detail ? resultR :
resultR.getTypes() ).build();
}
- @VisibleForTesting
- protected boolean isJava(InputStreamSource archive) {
- try {
- ZipInputStream zipIS = new ZipInputStream(archive.get());
- for (ZipEntry entry = zipIS.getNextEntry(); entry != null; entry =
zipIS.getNextEntry()) {
- if (!entry.isDirectory() &&
(entry.getName().endsWith(".class") || entry.getName().endsWith(".jar"))) {
- return true;
- }
- }
- }catch (Exception e){
- log.debug("Error analyzing file to be added as a bundle", e);
- }
- return false;
- }
-
@Override
@Deprecated
public void deleteApplication(String symbolicName, String version) throws
Exception {
diff --git
a/rest/rest-resources/src/test/java/org/apache/brooklyn/rest/resources/CatalogResourceTest.java
b/rest/rest-resources/src/test/java/org/apache/brooklyn/rest/resources/CatalogResourceTest.java
index adbbc5c..9bbeb40 100644
---
a/rest/rest-resources/src/test/java/org/apache/brooklyn/rest/resources/CatalogResourceTest.java
+++
b/rest/rest-resources/src/test/java/org/apache/brooklyn/rest/resources/CatalogResourceTest.java
@@ -1295,32 +1295,7 @@ public class CatalogResourceTest extends
BrooklynRestResourceTest {
.applyAsserts(() -> client());
}
- @Test
- public void testIsJavaFileNull(){
- CatalogResource cut = new CatalogResource();
- assertFalse(cut.isJava(null));
- }
-
- @Test
- public void testIsJavaFileText() throws IOException {
- CatalogResource cut = new CatalogResource();
- byte[] bytes =
java.nio.file.Files.readAllBytes(Paths.get(this.getClass().getClassLoader().getResource("brooklyn/scanning.catalog.bom").getPath()));
- assertFalse(cut.isJava(InputStreamSource.of("Test bom file", bytes)));
- }
- @Test
- public void testIsJavaNoClassesJar() throws IOException {
- CatalogResource cut = new CatalogResource();
- byte[] bytes =
java.nio.file.Files.readAllBytes(Paths.get(this.getClass().getClassLoader().getResource("brooklyn/rest/resources/testNoJava-0.1.0-SNAPSHOT.jar").getPath()));
- assertFalse(cut.isJava(InputStreamSource.of("Test Jar without Java
classes", bytes)));
- }
-
- @Test
- public void testIsJavaWithClassesJar() throws IOException {
- CatalogResource cut = new CatalogResource();
- byte[] bytes =
java.nio.file.Files.readAllBytes(Paths.get(this.getClass().getClassLoader().getResource("brooklyn/rest/resources/testWithJava-0.1.0-SNAPSHOT.jar").getPath()));
- assertTrue(cut.isJava(InputStreamSource.of("Test JAR with Java
classes", bytes)));
- }
enum CatalogItemType {
APPLICATION("applications", CatalogEntitySummary.class),
diff --git
a/utils/common/src/main/java/org/apache/brooklyn/util/io/FileUtil.java
b/utils/common/src/main/java/org/apache/brooklyn/util/io/FileUtil.java
index 176ad82..525ad4d 100644
--- a/utils/common/src/main/java/org/apache/brooklyn/util/io/FileUtil.java
+++ b/utils/common/src/main/java/org/apache/brooklyn/util/io/FileUtil.java
@@ -26,10 +26,13 @@ import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.List;
+import java.util.zip.ZipEntry;
+import java.util.zip.ZipInputStream;
import org.apache.brooklyn.util.exceptions.Exceptions;
import org.apache.brooklyn.util.guava.Maybe;
import org.apache.brooklyn.util.os.Os;
+import org.apache.brooklyn.util.stream.InputStreamSource;
import org.apache.brooklyn.util.stream.StreamGobbler;
import org.apache.brooklyn.util.stream.Streams;
import org.apache.commons.io.FileUtils;
@@ -39,6 +42,7 @@ import org.slf4j.LoggerFactory;
import com.google.common.annotations.Beta;
import com.google.common.collect.ImmutableList;
+
public class FileUtil {
private static final Logger LOG = LoggerFactory.getLogger(FileUtil.class);
@@ -201,4 +205,18 @@ public class FileUtil {
}
}
}
+
+ public static boolean isJava(InputStreamSource archive) {
+ try {
+ ZipInputStream zipIS = new ZipInputStream(archive.get());
+ for (ZipEntry entry = zipIS.getNextEntry(); entry != null; entry =
zipIS.getNextEntry()) {
+ if (!entry.isDirectory() &&
(entry.getName().endsWith(".class") || entry.getName().endsWith(".jar"))) {
+ return true;
+ }
+ }
+ }catch (Exception e){
+ LOG.debug("Error analyzing file to be added as a bundle", e);
+ }
+ return false;
+ }
}
diff --git
a/utils/common/src/test/java/org/apache/brooklyn/util/io/FileUtilTest.java
b/utils/common/src/test/java/org/apache/brooklyn/util/io/FileUtilTest.java
index be8a33c..db16672 100644
--- a/utils/common/src/test/java/org/apache/brooklyn/util/io/FileUtilTest.java
+++ b/utils/common/src/test/java/org/apache/brooklyn/util/io/FileUtilTest.java
@@ -18,13 +18,12 @@
*/
package org.apache.brooklyn.util.io;
-import static org.testng.Assert.assertEquals;
-import static org.testng.Assert.assertFalse;
-
import java.io.File;
+import java.io.IOException;
+import java.nio.file.Paths;
-import org.apache.brooklyn.util.io.FileUtil;
import org.apache.brooklyn.util.os.Os;
+import org.apache.brooklyn.util.stream.InputStreamSource;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
@@ -33,6 +32,8 @@ import com.google.common.base.Charsets;
import com.google.common.collect.ImmutableList;
import com.google.common.io.Files;
+import static org.testng.Assert.*;
+
public class FileUtilTest {
private File file;
@@ -115,4 +116,33 @@ public class FileUtilTest {
FileUtil.setFilePermissionsTo700(file);
FileUtil.setFilePermissionsTo700(file);
}
+
+ @Test
+ public void testIsJavaFileNull(){
+ assertFalse(FileUtil.isJava(null));
+ }
+
+ @Test
+ public void testIsJavaFileText() throws IOException {
+ byte[] bytes =
java.nio.file.Files.readAllBytes(Paths.get(this.getClass().getClassLoader().getResource("brooklyn/osgi/brooklyn-osgi-test-a_0.1.0.txt").getPath()));
+ assertFalse(FileUtil.isJava(InputStreamSource.of("Test bom file",
bytes)));
+ }
+
+ @Test
+ public void testIsJavaNoClassesJar() throws IOException {
+ byte[] bytes =
java.nio.file.Files.readAllBytes(Paths.get(this.getClass().getClassLoader().getResource("brooklyn/files/testNoJava-0.1.0-SNAPSHOT.jar").getPath()));
+ assertFalse(FileUtil.isJava(InputStreamSource.of("Test Jar without
Java classes", bytes)));
+ }
+
+ @Test
+ public void testIsFakeJavaWithClassesJar() throws IOException {
+ byte[] bytes =
java.nio.file.Files.readAllBytes(Paths.get(this.getClass().getClassLoader().getResource("brooklyn/files/testWithJava-0.1.0-SNAPSHOT.jar").getPath()));
+ assertTrue(FileUtil.isJava(InputStreamSource.of("Test fail JAR with
files renamed as .class", bytes)));
+ }
+
+ @Test
+ public void testIsRealJavaFileText() throws IOException {
+ byte[] bytes =
java.nio.file.Files.readAllBytes(Paths.get(this.getClass().getClassLoader().getResource("brooklyn/osgi/brooklyn-osgi-test-a_0.1.0.jar").getPath()));
+ assertTrue(FileUtil.isJava(InputStreamSource.of("Test real JAR with
Java classes", bytes)));
+ }
}
diff --git
a/rest/rest-resources/src/test/resources/brooklyn/rest/resources/testNoJava-0.1.0-SNAPSHOT.jar
b/utils/common/src/test/resources/brooklyn/files/testNoJava-0.1.0-SNAPSHOT.jar
similarity index 100%
rename from
rest/rest-resources/src/test/resources/brooklyn/rest/resources/testNoJava-0.1.0-SNAPSHOT.jar
rename to
utils/common/src/test/resources/brooklyn/files/testNoJava-0.1.0-SNAPSHOT.jar
diff --git
a/rest/rest-resources/src/test/resources/brooklyn/rest/resources/testWithJava-0.1.0-SNAPSHOT.jar
b/utils/common/src/test/resources/brooklyn/files/testWithJava-0.1.0-SNAPSHOT.jar
similarity index 100%
rename from
rest/rest-resources/src/test/resources/brooklyn/rest/resources/testWithJava-0.1.0-SNAPSHOT.jar
rename to
utils/common/src/test/resources/brooklyn/files/testWithJava-0.1.0-SNAPSHOT.jar
