This is an automated email from the ASF dual-hosted git repository. apkhmv pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/ignite-3.git
The following commit(s) were added to refs/heads/main by this push: new 411261841b IGNITE-18972 SSL configuration validation doesn't work (#1755) 411261841b is described below commit 411261841bf8b7080ae3d44634df6e87fb52476e Author: Vadim Pakhnushev <8614891+valep...@users.noreply.github.com> AuthorDate: Tue Mar 7 12:36:42 2023 +0300 IGNITE-18972 SSL configuration validation doesn't work (#1755) --- .../ClientConnectorConfigurationSchema.java | 2 + .../configuration/NetworkConfigurationModule.java | 7 +++ .../SslConfigurationValidatorImpl.java | 8 +-- .../SslConfigurationValidatorImplTest.java | 6 +-- .../configuration/RestConfigurationModule.java | 8 --- .../configuration/RestConfigurationSchema.java | 2 + .../ItSslConfigurationValidationTest.java | 58 ++++++++++++++++++++++ 7 files changed, 76 insertions(+), 15 deletions(-) diff --git a/modules/client-handler/src/main/java/org/apache/ignite/client/handler/configuration/ClientConnectorConfigurationSchema.java b/modules/client-handler/src/main/java/org/apache/ignite/client/handler/configuration/ClientConnectorConfigurationSchema.java index 22525e0572..837b959fad 100644 --- a/modules/client-handler/src/main/java/org/apache/ignite/client/handler/configuration/ClientConnectorConfigurationSchema.java +++ b/modules/client-handler/src/main/java/org/apache/ignite/client/handler/configuration/ClientConnectorConfigurationSchema.java @@ -23,6 +23,7 @@ import org.apache.ignite.configuration.annotation.ConfigurationType; import org.apache.ignite.configuration.annotation.Value; import org.apache.ignite.configuration.validation.Range; import org.apache.ignite.internal.network.configuration.SslConfigurationSchema; +import org.apache.ignite.internal.network.configuration.SslConfigurationValidator; /** * Configuration schema for thin client connector. @@ -56,5 +57,6 @@ public class ClientConnectorConfigurationSchema { /** SSL configuration schema. */ @ConfigValue + @SslConfigurationValidator public SslConfigurationSchema ssl; } diff --git a/modules/network/src/main/java/org/apache/ignite/internal/network/configuration/NetworkConfigurationModule.java b/modules/network/src/main/java/org/apache/ignite/internal/network/configuration/NetworkConfigurationModule.java index 3c25b93915..60aebb0c24 100644 --- a/modules/network/src/main/java/org/apache/ignite/internal/network/configuration/NetworkConfigurationModule.java +++ b/modules/network/src/main/java/org/apache/ignite/internal/network/configuration/NetworkConfigurationModule.java @@ -20,8 +20,10 @@ package org.apache.ignite.internal.network.configuration; import com.google.auto.service.AutoService; import java.util.Collection; import java.util.Collections; +import java.util.Set; import org.apache.ignite.configuration.RootKey; import org.apache.ignite.configuration.annotation.ConfigurationType; +import org.apache.ignite.configuration.validation.Validator; import org.apache.ignite.internal.configuration.ConfigurationModule; /** @@ -38,4 +40,9 @@ public class NetworkConfigurationModule implements ConfigurationModule { public Collection<RootKey<?, ?>> rootKeys() { return Collections.singleton(NetworkConfiguration.KEY); } + + @Override + public Set<Validator<?, ?>> validators() { + return Set.of(SslConfigurationValidatorImpl.INSTANCE); + } } diff --git a/modules/network/src/main/java/org/apache/ignite/internal/network/configuration/SslConfigurationValidatorImpl.java b/modules/network/src/main/java/org/apache/ignite/internal/network/configuration/SslConfigurationValidatorImpl.java index 03b8dbcb66..0efc970d06 100644 --- a/modules/network/src/main/java/org/apache/ignite/internal/network/configuration/SslConfigurationValidatorImpl.java +++ b/modules/network/src/main/java/org/apache/ignite/internal/network/configuration/SslConfigurationValidatorImpl.java @@ -30,13 +30,13 @@ import org.apache.ignite.configuration.validation.Validator; /** * SSL configuration validator implementation. */ -public class SslConfigurationValidatorImpl implements Validator<SslConfigurationValidator, SslView> { +public class SslConfigurationValidatorImpl implements Validator<SslConfigurationValidator, AbstractSslView> { public static final SslConfigurationValidatorImpl INSTANCE = new SslConfigurationValidatorImpl(); @Override - public void validate(SslConfigurationValidator annotation, ValidationContext<SslView> ctx) { - SslView ssl = ctx.getNewValue(); + public void validate(SslConfigurationValidator annotation, ValidationContext<AbstractSslView> ctx) { + AbstractSslView ssl = ctx.getNewValue(); if (ssl.enabled()) { validateKeyStore(ctx, ".keyStore", "Key store", ssl.keyStore()); @@ -51,7 +51,7 @@ public class SslConfigurationValidatorImpl implements Validator<SslConfiguration } } - private static void validateKeyStore(ValidationContext<SslView> ctx, String keyName, String type, KeyStoreView keyStore) { + private static void validateKeyStore(ValidationContext<AbstractSslView> ctx, String keyName, String type, KeyStoreView keyStore) { String keyStorePath = keyStore.path(); if (nullOrBlank(keyStorePath) && nullOrBlank(keyStore.password())) { return; diff --git a/modules/network/src/test/java/org/apache/ignite/internal/network/configuration/SslConfigurationValidatorImplTest.java b/modules/network/src/test/java/org/apache/ignite/internal/network/configuration/SslConfigurationValidatorImplTest.java index b05d26d414..2ab49b09ba 100644 --- a/modules/network/src/test/java/org/apache/ignite/internal/network/configuration/SslConfigurationValidatorImplTest.java +++ b/modules/network/src/test/java/org/apache/ignite/internal/network/configuration/SslConfigurationValidatorImplTest.java @@ -102,17 +102,17 @@ class SslConfigurationValidatorImplTest { validate(createTrustStoreConfig(workDir, "JKS", trustStorePath.toAbsolutePath().toString(), null), (String[]) null); } - private static void validate(SslView config, String ... errorMessagePrefixes) { + private static void validate(AbstractSslView config, String ... errorMessagePrefixes) { var ctx = mockValidationContext(null, config); TestValidationUtil.validate(SslConfigurationValidatorImpl.INSTANCE, mock(SslConfigurationValidator.class), ctx, errorMessagePrefixes); } - private static SslView createKeyStoreConfig(String type, String path, String password) { + private static AbstractSslView createKeyStoreConfig(String type, String path, String password) { return new StubSslView(true, "NONE", new StubKeyStoreView(type, path, password), null); } - private static SslView createTrustStoreConfig(Path workDir, String type, String path, String password) throws IOException { + private static AbstractSslView createTrustStoreConfig(Path workDir, String type, String path, String password) throws IOException { KeyStoreView keyStore = createValidKeyStoreConfig(workDir); KeyStoreView trustStore = new StubKeyStoreView(type, path, password); return new StubSslView(true, "OPTIONAL", keyStore, trustStore); diff --git a/modules/rest/src/main/java/org/apache/ignite/internal/rest/configuration/RestConfigurationModule.java b/modules/rest/src/main/java/org/apache/ignite/internal/rest/configuration/RestConfigurationModule.java index 8b267f2f23..bcee31330e 100644 --- a/modules/rest/src/main/java/org/apache/ignite/internal/rest/configuration/RestConfigurationModule.java +++ b/modules/rest/src/main/java/org/apache/ignite/internal/rest/configuration/RestConfigurationModule.java @@ -20,12 +20,9 @@ package org.apache.ignite.internal.rest.configuration; import com.google.auto.service.AutoService; import java.util.Collection; import java.util.Collections; -import java.util.Set; import org.apache.ignite.configuration.RootKey; import org.apache.ignite.configuration.annotation.ConfigurationType; -import org.apache.ignite.configuration.validation.Validator; import org.apache.ignite.internal.configuration.ConfigurationModule; -import org.apache.ignite.internal.network.configuration.SslConfigurationValidatorImpl; /** * {@link ConfigurationModule} for node-local configuration provided by ignite-rest. @@ -41,9 +38,4 @@ public class RestConfigurationModule implements ConfigurationModule { public Collection<RootKey<?, ?>> rootKeys() { return Collections.singleton(RestConfiguration.KEY); } - - @Override - public Set<Validator<?, ?>> validators() { - return Set.of(SslConfigurationValidatorImpl.INSTANCE); - } } diff --git a/modules/rest/src/main/java/org/apache/ignite/internal/rest/configuration/RestConfigurationSchema.java b/modules/rest/src/main/java/org/apache/ignite/internal/rest/configuration/RestConfigurationSchema.java index 6d06d7cf39..7f144dac26 100644 --- a/modules/rest/src/main/java/org/apache/ignite/internal/rest/configuration/RestConfigurationSchema.java +++ b/modules/rest/src/main/java/org/apache/ignite/internal/rest/configuration/RestConfigurationSchema.java @@ -22,6 +22,7 @@ import org.apache.ignite.configuration.annotation.ConfigurationRoot; import org.apache.ignite.configuration.annotation.ConfigurationType; import org.apache.ignite.configuration.annotation.Value; import org.apache.ignite.configuration.validation.Range; +import org.apache.ignite.internal.network.configuration.SslConfigurationValidator; /** * Configuration schema for REST endpoint subtree. @@ -49,5 +50,6 @@ public class RestConfigurationSchema { /** SSL configuration. */ @ConfigValue + @SslConfigurationValidator public RestSslConfigurationSchema ssl; } diff --git a/modules/runner/src/integrationTest/java/org/apache/ignite/internal/configuration/ItSslConfigurationValidationTest.java b/modules/runner/src/integrationTest/java/org/apache/ignite/internal/configuration/ItSslConfigurationValidationTest.java new file mode 100644 index 0000000000..7110c60edd --- /dev/null +++ b/modules/runner/src/integrationTest/java/org/apache/ignite/internal/configuration/ItSslConfigurationValidationTest.java @@ -0,0 +1,58 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.configuration; + +import static org.apache.ignite.internal.testframework.IgniteTestUtils.assertThrowsWithCause; +import static org.apache.ignite.internal.testframework.IgniteTestUtils.testNodeName; + +import java.nio.file.Path; +import org.apache.ignite.IgnitionManager; +import org.apache.ignite.configuration.validation.ConfigurationValidationException; +import org.apache.ignite.internal.testframework.WorkDirectory; +import org.apache.ignite.internal.testframework.WorkDirectoryExtension; +import org.junit.jupiter.api.TestInfo; +import org.junit.jupiter.api.extension.ExtendWith; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.ValueSource; + +/** + * Integration test for checking SSL configuration validation. + */ +@ExtendWith(WorkDirectoryExtension.class) +public class ItSslConfigurationValidationTest { + @ParameterizedTest + @ValueSource(strings = {"clientConnector", "network", "rest"}) + void clientConnector(String rootKey, TestInfo testInfo, @WorkDirectory Path workDir) { + String config = "{\n" + + " " + rootKey + ": {\n" + + " ssl: {\n" + + " enabled: true,\n" + + " clientAuth: none,\n" + + " keyStore: {\n" + + " path: \"bad_path\"\n" + + " }\n" + + " }\n" + + " }\n" + + "}"; + + assertThrowsWithCause( + () -> IgnitionManager.start(testNodeName(testInfo, 0), config, workDir), + ConfigurationValidationException.class, + "Validation did not pass for keys: [" + rootKey + ".ssl.keyStore, Key store file doesn't exist at bad_path]"); + } +}