This is an automated email from the ASF dual-hosted git repository.
apkhmv pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/ignite-3.git
The following commit(s) were added to refs/heads/main by this push:
new 411261841b IGNITE-18972 SSL configuration validation doesn't work
(#1755)
411261841b is described below
commit 411261841bf8b7080ae3d44634df6e87fb52476e
Author: Vadim Pakhnushev <8614891+valep...@users.noreply.github.com>
AuthorDate: Tue Mar 7 12:36:42 2023 +0300
IGNITE-18972 SSL configuration validation doesn't work (#1755)
---
.../ClientConnectorConfigurationSchema.java | 2 +
.../configuration/NetworkConfigurationModule.java | 7 +++
.../SslConfigurationValidatorImpl.java | 8 +--
.../SslConfigurationValidatorImplTest.java | 6 +--
.../configuration/RestConfigurationModule.java | 8 ---
.../configuration/RestConfigurationSchema.java | 2 +
.../ItSslConfigurationValidationTest.java | 58 ++++++++++++++++++++++
7 files changed, 76 insertions(+), 15 deletions(-)
diff --git
a/modules/client-handler/src/main/java/org/apache/ignite/client/handler/configuration/ClientConnectorConfigurationSchema.java
b/modules/client-handler/src/main/java/org/apache/ignite/client/handler/configuration/ClientConnectorConfigurationSchema.java
index 22525e0572..837b959fad 100644
---
a/modules/client-handler/src/main/java/org/apache/ignite/client/handler/configuration/ClientConnectorConfigurationSchema.java
+++
b/modules/client-handler/src/main/java/org/apache/ignite/client/handler/configuration/ClientConnectorConfigurationSchema.java
@@ -23,6 +23,7 @@ import
org.apache.ignite.configuration.annotation.ConfigurationType;
import org.apache.ignite.configuration.annotation.Value;
import org.apache.ignite.configuration.validation.Range;
import org.apache.ignite.internal.network.configuration.SslConfigurationSchema;
+import
org.apache.ignite.internal.network.configuration.SslConfigurationValidator;
/**
* Configuration schema for thin client connector.
@@ -56,5 +57,6 @@ public class ClientConnectorConfigurationSchema {
/** SSL configuration schema. */
@ConfigValue
+ @SslConfigurationValidator
public SslConfigurationSchema ssl;
}
diff --git
a/modules/network/src/main/java/org/apache/ignite/internal/network/configuration/NetworkConfigurationModule.java
b/modules/network/src/main/java/org/apache/ignite/internal/network/configuration/NetworkConfigurationModule.java
index 3c25b93915..60aebb0c24 100644
---
a/modules/network/src/main/java/org/apache/ignite/internal/network/configuration/NetworkConfigurationModule.java
+++
b/modules/network/src/main/java/org/apache/ignite/internal/network/configuration/NetworkConfigurationModule.java
@@ -20,8 +20,10 @@ package org.apache.ignite.internal.network.configuration;
import com.google.auto.service.AutoService;
import java.util.Collection;
import java.util.Collections;
+import java.util.Set;
import org.apache.ignite.configuration.RootKey;
import org.apache.ignite.configuration.annotation.ConfigurationType;
+import org.apache.ignite.configuration.validation.Validator;
import org.apache.ignite.internal.configuration.ConfigurationModule;
/**
@@ -38,4 +40,9 @@ public class NetworkConfigurationModule implements
ConfigurationModule {
public Collection<RootKey<?, ?>> rootKeys() {
return Collections.singleton(NetworkConfiguration.KEY);
}
+
+ @Override
+ public Set<Validator<?, ?>> validators() {
+ return Set.of(SslConfigurationValidatorImpl.INSTANCE);
+ }
}
diff --git
a/modules/network/src/main/java/org/apache/ignite/internal/network/configuration/SslConfigurationValidatorImpl.java
b/modules/network/src/main/java/org/apache/ignite/internal/network/configuration/SslConfigurationValidatorImpl.java
index 03b8dbcb66..0efc970d06 100644
---
a/modules/network/src/main/java/org/apache/ignite/internal/network/configuration/SslConfigurationValidatorImpl.java
+++
b/modules/network/src/main/java/org/apache/ignite/internal/network/configuration/SslConfigurationValidatorImpl.java
@@ -30,13 +30,13 @@ import org.apache.ignite.configuration.validation.Validator;
/**
* SSL configuration validator implementation.
*/
-public class SslConfigurationValidatorImpl implements
Validator<SslConfigurationValidator, SslView> {
+public class SslConfigurationValidatorImpl implements
Validator<SslConfigurationValidator, AbstractSslView> {
public static final SslConfigurationValidatorImpl INSTANCE = new
SslConfigurationValidatorImpl();
@Override
- public void validate(SslConfigurationValidator annotation,
ValidationContext<SslView> ctx) {
- SslView ssl = ctx.getNewValue();
+ public void validate(SslConfigurationValidator annotation,
ValidationContext<AbstractSslView> ctx) {
+ AbstractSslView ssl = ctx.getNewValue();
if (ssl.enabled()) {
validateKeyStore(ctx, ".keyStore", "Key store", ssl.keyStore());
@@ -51,7 +51,7 @@ public class SslConfigurationValidatorImpl implements
Validator<SslConfiguration
}
}
- private static void validateKeyStore(ValidationContext<SslView> ctx,
String keyName, String type, KeyStoreView keyStore) {
+ private static void validateKeyStore(ValidationContext<AbstractSslView>
ctx, String keyName, String type, KeyStoreView keyStore) {
String keyStorePath = keyStore.path();
if (nullOrBlank(keyStorePath) && nullOrBlank(keyStore.password())) {
return;
diff --git
a/modules/network/src/test/java/org/apache/ignite/internal/network/configuration/SslConfigurationValidatorImplTest.java
b/modules/network/src/test/java/org/apache/ignite/internal/network/configuration/SslConfigurationValidatorImplTest.java
index b05d26d414..2ab49b09ba 100644
---
a/modules/network/src/test/java/org/apache/ignite/internal/network/configuration/SslConfigurationValidatorImplTest.java
+++
b/modules/network/src/test/java/org/apache/ignite/internal/network/configuration/SslConfigurationValidatorImplTest.java
@@ -102,17 +102,17 @@ class SslConfigurationValidatorImplTest {
validate(createTrustStoreConfig(workDir, "JKS",
trustStorePath.toAbsolutePath().toString(), null), (String[]) null);
}
- private static void validate(SslView config, String ...
errorMessagePrefixes) {
+ private static void validate(AbstractSslView config, String ...
errorMessagePrefixes) {
var ctx = mockValidationContext(null, config);
TestValidationUtil.validate(SslConfigurationValidatorImpl.INSTANCE,
mock(SslConfigurationValidator.class), ctx,
errorMessagePrefixes);
}
- private static SslView createKeyStoreConfig(String type, String path,
String password) {
+ private static AbstractSslView createKeyStoreConfig(String type, String
path, String password) {
return new StubSslView(true, "NONE", new StubKeyStoreView(type, path,
password), null);
}
- private static SslView createTrustStoreConfig(Path workDir, String type,
String path, String password) throws IOException {
+ private static AbstractSslView createTrustStoreConfig(Path workDir, String
type, String path, String password) throws IOException {
KeyStoreView keyStore = createValidKeyStoreConfig(workDir);
KeyStoreView trustStore = new StubKeyStoreView(type, path, password);
return new StubSslView(true, "OPTIONAL", keyStore, trustStore);
diff --git
a/modules/rest/src/main/java/org/apache/ignite/internal/rest/configuration/RestConfigurationModule.java
b/modules/rest/src/main/java/org/apache/ignite/internal/rest/configuration/RestConfigurationModule.java
index 8b267f2f23..bcee31330e 100644
---
a/modules/rest/src/main/java/org/apache/ignite/internal/rest/configuration/RestConfigurationModule.java
+++
b/modules/rest/src/main/java/org/apache/ignite/internal/rest/configuration/RestConfigurationModule.java
@@ -20,12 +20,9 @@ package org.apache.ignite.internal.rest.configuration;
import com.google.auto.service.AutoService;
import java.util.Collection;
import java.util.Collections;
-import java.util.Set;
import org.apache.ignite.configuration.RootKey;
import org.apache.ignite.configuration.annotation.ConfigurationType;
-import org.apache.ignite.configuration.validation.Validator;
import org.apache.ignite.internal.configuration.ConfigurationModule;
-import
org.apache.ignite.internal.network.configuration.SslConfigurationValidatorImpl;
/**
* {@link ConfigurationModule} for node-local configuration provided by
ignite-rest.
@@ -41,9 +38,4 @@ public class RestConfigurationModule implements
ConfigurationModule {
public Collection<RootKey<?, ?>> rootKeys() {
return Collections.singleton(RestConfiguration.KEY);
}
-
- @Override
- public Set<Validator<?, ?>> validators() {
- return Set.of(SslConfigurationValidatorImpl.INSTANCE);
- }
}
diff --git
a/modules/rest/src/main/java/org/apache/ignite/internal/rest/configuration/RestConfigurationSchema.java
b/modules/rest/src/main/java/org/apache/ignite/internal/rest/configuration/RestConfigurationSchema.java
index 6d06d7cf39..7f144dac26 100644
---
a/modules/rest/src/main/java/org/apache/ignite/internal/rest/configuration/RestConfigurationSchema.java
+++
b/modules/rest/src/main/java/org/apache/ignite/internal/rest/configuration/RestConfigurationSchema.java
@@ -22,6 +22,7 @@ import
org.apache.ignite.configuration.annotation.ConfigurationRoot;
import org.apache.ignite.configuration.annotation.ConfigurationType;
import org.apache.ignite.configuration.annotation.Value;
import org.apache.ignite.configuration.validation.Range;
+import
org.apache.ignite.internal.network.configuration.SslConfigurationValidator;
/**
* Configuration schema for REST endpoint subtree.
@@ -49,5 +50,6 @@ public class RestConfigurationSchema {
/** SSL configuration. */
@ConfigValue
+ @SslConfigurationValidator
public RestSslConfigurationSchema ssl;
}
diff --git
a/modules/runner/src/integrationTest/java/org/apache/ignite/internal/configuration/ItSslConfigurationValidationTest.java
b/modules/runner/src/integrationTest/java/org/apache/ignite/internal/configuration/ItSslConfigurationValidationTest.java
new file mode 100644
index 0000000000..7110c60edd
--- /dev/null
+++
b/modules/runner/src/integrationTest/java/org/apache/ignite/internal/configuration/ItSslConfigurationValidationTest.java
@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.internal.configuration;
+
+import static
org.apache.ignite.internal.testframework.IgniteTestUtils.assertThrowsWithCause;
+import static
org.apache.ignite.internal.testframework.IgniteTestUtils.testNodeName;
+
+import java.nio.file.Path;
+import org.apache.ignite.IgnitionManager;
+import
org.apache.ignite.configuration.validation.ConfigurationValidationException;
+import org.apache.ignite.internal.testframework.WorkDirectory;
+import org.apache.ignite.internal.testframework.WorkDirectoryExtension;
+import org.junit.jupiter.api.TestInfo;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+
+/**
+ * Integration test for checking SSL configuration validation.
+ */
+@ExtendWith(WorkDirectoryExtension.class)
+public class ItSslConfigurationValidationTest {
+ @ParameterizedTest
+ @ValueSource(strings = {"clientConnector", "network", "rest"})
+ void clientConnector(String rootKey, TestInfo testInfo, @WorkDirectory
Path workDir) {
+ String config = "{\n"
+ + " " + rootKey + ": {\n"
+ + " ssl: {\n"
+ + " enabled: true,\n"
+ + " clientAuth: none,\n"
+ + " keyStore: {\n"
+ + " path: \"bad_path\"\n"
+ + " }\n"
+ + " }\n"
+ + " }\n"
+ + "}";
+
+ assertThrowsWithCause(
+ () -> IgnitionManager.start(testNodeName(testInfo, 0), config,
workDir),
+ ConfigurationValidationException.class,
+ "Validation did not pass for keys: [" + rootKey +
".ssl.keyStore, Key store file doesn't exist at bad_path]");
+ }
+}
