gCubeSystem
/
common-smartgears
16
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Removed old VAleve

This commit is contained in:
Lucio Lelii 2022-05-30 18:29:46 +02:00
parent 230ae3bde9
commit 64bef37271
7 changed files with 65 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/main/java/org/gcube/smartgears/handlers/application/lifecycle/ServicePublisher.java
View File

@ -54,8 +54,7 @@ public class ServicePublisher extends AbstractProfilePublisher<GCoreEndpoint> {
@Override @Override
protected Set<String> getAllowedContexts() { protected Set<String> getAllowedContexts() {
// TODO Auto-generated method stub return context.container().configuration().authorizationProvider().getContexts();
return null;
} }
} }

59
src/main/java/org/gcube/smartgears/handlers/application/request/RequestAccounting.java
View File

@ -8,8 +8,7 @@ import org.gcube.accounting.datamodel.UsageRecord.OperationResult;
import org.gcube.accounting.datamodel.usagerecords.ServiceUsageRecord; import org.gcube.accounting.datamodel.usagerecords.ServiceUsageRecord;
import org.gcube.accounting.persistence.AccountingPersistence; import org.gcube.accounting.persistence.AccountingPersistence;
import org.gcube.accounting.persistence.AccountingPersistenceFactory; import org.gcube.accounting.persistence.AccountingPersistenceFactory;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider; import org.gcube.common.security.providers.SecretManagerProvider;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.smartgears.Constants; import org.gcube.smartgears.Constants;
import org.gcube.smartgears.configuration.Mode; import org.gcube.smartgears.configuration.Mode;
import org.gcube.smartgears.context.application.ApplicationContext; import org.gcube.smartgears.context.application.ApplicationContext;
@ -21,8 +20,6 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import io.micrometer.core.instrument.Metrics; import io.micrometer.core.instrument.Metrics;
import io.micrometer.core.instrument.Timer;
import io.micrometer.core.instrument.Timer.Sample;
@XmlRootElement(name = Constants.request_accounting) @XmlRootElement(name = Constants.request_accounting)
public class RequestAccounting extends RequestHandler { public class RequestAccounting extends RequestHandler {
@ -40,8 +37,11 @@ public class RequestAccounting extends RequestHandler {
@Override @Override
public void handleRequest(RequestEvent e) { public void handleRequest(RequestEvent e) {
ApplicationContext context = e.context(); ApplicationContext appContext = e.context();
String context = getContext(appContext);
String calledMethod = e.request().getHeader(Constants.called_method_header); String calledMethod = e.request().getHeader(Constants.called_method_header);
if (calledMethod==null){ if (calledMethod==null){
calledMethod = e.request().getRequestURI().substring(e.request().getContextPath().length()); calledMethod = e.request().getRequestURI().substring(e.request().getContextPath().length());
@ -54,22 +54,18 @@ public class RequestAccounting extends RequestHandler {
startCallThreadLocal.set(System.currentTimeMillis()); startCallThreadLocal.set(System.currentTimeMillis());
log.info("REQUEST START ON {}:{}({}) CALLED FROM {}@{} IN SCOPE {} ", log.info("REQUEST START ON {}:{}({}) CALLED FROM {}@{} IN SCOPE {} ",
context.configuration().name(),context.configuration().serviceClass(), InnerMethodName.instance.get(), appContext.configuration().name(),appContext.configuration().serviceClass(), InnerMethodName.instance.get(),
caller, e.request().getRemoteHost(), ScopeProvider.instance.get()); caller, e.request().getRemoteHost(), context );
} }
@Override @Override
public void handleResponse(ResponseEvent e) { public void handleResponse(ResponseEvent e) {
ApplicationContext context = e.context(); ApplicationContext appContext = e.context();
try { try {
boolean resetScope = false;
if (ScopeProvider.instance.get()==null && SecurityTokenProvider.instance.get()==null){ String context = getContext(appContext);
String infrastructure = e.context().container().configuration().infrastructure();
ScopeProvider.instance.set("/"+infrastructure);
resetScope = true;
}
String caller = "Unknown"; String caller = "Unknown";
String callerQualifier = "UNKNOWN"; String callerQualifier = "UNKNOWN";
@ -80,23 +76,22 @@ public class RequestAccounting extends RequestHandler {
boolean success = e.response().getStatus()<400; boolean success = e.response().getStatus()<400;
if (context.container().configuration().mode()!=Mode.offline) if (appContext.container().configuration().mode()!=Mode.offline)
generateAccounting(caller,callerQualifier,callerIp==null?"UNKNOWN":callerIp , success, context); generateAccounting(caller,callerQualifier,callerIp==null?"UNKNOWN":callerIp , success, context, appContext);
long durationInMillis = System.currentTimeMillis()-startCallThreadLocal.get(); long durationInMillis = System.currentTimeMillis()-startCallThreadLocal.get();
Metrics.globalRegistry.timer("http.requests", "response",Integer.toString(e.response().getStatus()) Metrics.globalRegistry.timer("http.requests", "response",Integer.toString(e.response().getStatus())
, "context", ScopeProvider.instance.get(), "result", success?"SUCCEDED":"FAILED", "caller-ip", callerIp, , "context", context, "result", success?"SUCCEDED":"FAILED", "caller-ip", callerIp,
"caller-username", caller, "service-class", context.configuration().serviceClass(), "service-name", context.configuration().name(), "caller-username", caller, "service-class", appContext.configuration().serviceClass(), "service-name", appContext.configuration().name(),
"method", InnerMethodName.instance.get()).record(durationInMillis, TimeUnit.MILLISECONDS); "method", InnerMethodName.instance.get()).record(durationInMillis, TimeUnit.MILLISECONDS);
log.info("REQUEST SERVED ON {}:{}({}) CALLED FROM {}@{} IN SCOPE {} {}(CODE {}) IN {} millis", log.info("REQUEST SERVED ON {}:{}({}) CALLED FROM {}@{} IN SCOPE {} {}(CODE {}) IN {} millis",
context.configuration().name(),context.configuration().serviceClass(), InnerMethodName.instance.get(), appContext.configuration().name(),appContext.configuration().serviceClass(), InnerMethodName.instance.get(),
caller, callerIp, ScopeProvider.instance.get(), success?"SUCCEDED":"FAILED", e.response().getStatus(),durationInMillis); caller, callerIp, context, success?"SUCCEDED":"FAILED", e.response().getStatus(),durationInMillis);
startCallThreadLocal.remove(); startCallThreadLocal.remove();
InnerMethodName.instance.reset(); InnerMethodName.instance.reset();
if (resetScope)
ScopeProvider.instance.reset();
}catch (Exception e1) { }catch (Exception e1) {
log.error("error on accounting",e); log.error("error on accounting",e);
throw e1; throw e1;
@ -104,19 +99,19 @@ public class RequestAccounting extends RequestHandler {
} }
void generateAccounting(String caller, String callerQualifier, String remoteHost, boolean success, ApplicationContext context){ void generateAccounting(String caller, String callerQualifier, String remoteHost, boolean success, String gcubeContext, ApplicationContext appContext){
AccountingPersistenceFactory.setFallbackLocation(context.container().configuration().accountingFallbackLocation()); AccountingPersistenceFactory.setFallbackLocation(appContext.container().configuration().accountingFallbackLocation());
AccountingPersistence persistence = AccountingPersistenceFactory.getPersistence(); AccountingPersistence persistence = AccountingPersistenceFactory.getPersistence();
ServiceUsageRecord serviceUsageRecord = new ServiceUsageRecord(); ServiceUsageRecord serviceUsageRecord = new ServiceUsageRecord();
try{ try{
serviceUsageRecord.setConsumerId(caller); serviceUsageRecord.setConsumerId(caller);
serviceUsageRecord.setCallerQualifier(callerQualifier); serviceUsageRecord.setCallerQualifier(callerQualifier);
serviceUsageRecord.setScope(ScopeProvider.instance.get()); serviceUsageRecord.setScope(gcubeContext);
serviceUsageRecord.setServiceClass(context.configuration().serviceClass()); serviceUsageRecord.setServiceClass(appContext.configuration().serviceClass());
serviceUsageRecord.setServiceName(context.configuration().name()); serviceUsageRecord.setServiceName(appContext.configuration().name());
serviceUsageRecord.setHost(context.container().configuration().hostname()+":"+context.container().configuration().port()); serviceUsageRecord.setHost(appContext.container().configuration().hostname()+":"+appContext.container().configuration().port());
serviceUsageRecord.setCalledMethod(InnerMethodName.instance.get()); serviceUsageRecord.setCalledMethod(InnerMethodName.instance.get());
serviceUsageRecord.setCallerHost(remoteHost); serviceUsageRecord.setCallerHost(remoteHost);
serviceUsageRecord.setOperationResult(success?OperationResult.SUCCESS:OperationResult.FAILED); serviceUsageRecord.setOperationResult(success?OperationResult.SUCCESS:OperationResult.FAILED);
@ -128,6 +123,14 @@ public class RequestAccounting extends RequestHandler {
} }
} }
private String getContext(ApplicationContext appContext) {
String infrastructure = appContext.container().configuration().infrastructure();
String context= "/"+infrastructure;
if (SecretManagerProvider.instance.get() != null)
context = SecretManagerProvider.instance.get().getContext();
return context;
}
@Override @Override
public String toString() { public String toString() {
return getName(); return getName();

12
src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java
View File

@ -6,14 +6,12 @@ import static org.gcube.smartgears.handlers.application.request.RequestError.app
import static org.gcube.smartgears.handlers.application.request.RequestError.invalid_request_error; import static org.gcube.smartgears.handlers.application.request.RequestError.invalid_request_error;
import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.crypto.dsig.keyinfo.RetrievalMethod;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.common.scope.impl.ScopeBean; import org.gcube.common.scope.impl.ScopeBean;
import org.gcube.common.scope.impl.ScopeBean.Type; import org.gcube.common.scope.impl.ScopeBean.Type;
import org.gcube.common.security.providers.SecretManagerProvider; import org.gcube.common.security.providers.SecretManagerProvider;
import org.gcube.common.security.secrets.AccessTokenSecret;
import org.gcube.common.security.secrets.GCubeSecret; import org.gcube.common.security.secrets.GCubeSecret;
import org.gcube.common.security.secrets.JWTSecret;
import org.gcube.common.security.secrets.Secret; import org.gcube.common.security.secrets.Secret;
import org.gcube.smartgears.Constants; import org.gcube.smartgears.Constants;
import org.gcube.smartgears.configuration.Mode; import org.gcube.smartgears.configuration.Mode;
@ -54,7 +52,7 @@ public class RequestValidator extends RequestHandler {
if (appContext.container().configuration().mode()!=Mode.offline) { if (appContext.container().configuration().mode()!=Mode.offline) {
validateScopeCall(); validateScopeCall();
validatePolicy(ScopeProvider.instance.get(), call); validatePolicy(call);
} }
} }
@ -106,7 +104,7 @@ public class RequestValidator extends RequestHandler {
Secret secret = SecretManagerProvider.instance.get(); Secret secret = SecretManagerProvider.instance.get();
if (secret!= null){ if (secret == null){
log.warn("rejecting call to {}, authorization required",appContext.name()); log.warn("rejecting call to {}, authorization required",appContext.name());
RequestError.request_not_authorized_error.fire(appContext.name()+": authorization required"); RequestError.request_not_authorized_error.fire(appContext.name()+": authorization required");
} }
@ -117,7 +115,7 @@ public class RequestValidator extends RequestHandler {
return getName(); return getName();
} }
private void validatePolicy(String scope, RequestEvent call){ private void validatePolicy(RequestEvent call){
//TODO: must be re-think //TODO: must be re-think
} }
@ -135,7 +133,7 @@ public class RequestValidator extends RequestHandler {
Secret secret = null; Secret secret = null;
if (accessToken!=null) if (accessToken!=null)
secret = new JWTSecret(accessToken); secret = new AccessTokenSecret(accessToken);
else if (token!=null) else if (token!=null)
secret = new GCubeSecret(token); secret = new GCubeSecret(token);
return secret; return secret;

2
src/main/java/org/gcube/smartgears/handlers/container/lifecycle/ProfileBuilder.java
View File

@ -71,6 +71,8 @@ public class ProfileBuilder {
node.profile().description().newArchitecture().platformType(System.getProperty("os.arch")).smpSize(0) node.profile().description().newArchitecture().platformType(System.getProperty("os.arch")).smpSize(0)
.smtSize(0); .smtSize(0);
node.profile().newSite().domain("It").country("It").location("Rome").latitude("1").longitude("1");
ArrayList<HashMap<String, String>> info = cpuInfo(); ArrayList<HashMap<String, String>> info = cpuInfo();
Group<Processor> processors = node.profile().description().processors(); Group<Processor> processors = node.profile().description().processors();

4
src/main/java/org/gcube/smartgears/security/AuthorizationProvider.java
View File

@ -2,7 +2,11 @@ package org.gcube.smartgears.security;
import java.util.Set; import java.util.Set;
import org.gcube.common.security.secrets.Secret;
public interface AuthorizationProvider { public interface AuthorizationProvider {
Set<String> getContexts(); Set<String> getContexts();
Secret getSecretForContext(String context);
} }

22
src/main/java/org/gcube/smartgears/security/defaults/DefaultAuthorizationProvider.java
View File

@ -12,6 +12,8 @@ import org.gcube.common.keycloak.model.AccessToken.Access;
import org.gcube.common.keycloak.model.ModelUtils; import org.gcube.common.keycloak.model.ModelUtils;
import org.gcube.common.keycloak.model.TokenResponse; import org.gcube.common.keycloak.model.TokenResponse;
import org.gcube.common.scope.impl.ScopeBean; import org.gcube.common.scope.impl.ScopeBean;
import org.gcube.common.security.secrets.AccessTokenSecret;
import org.gcube.common.security.secrets.Secret;
import org.gcube.smartgears.security.AuthorizationProvider; import org.gcube.smartgears.security.AuthorizationProvider;
import org.gcube.smartgears.security.SimpleCredentials; import org.gcube.smartgears.security.SimpleCredentials;
import org.slf4j.Logger; import org.slf4j.Logger;
@ -46,6 +48,7 @@ public class DefaultAuthorizationProvider implements AuthorizationProvider {
try { try {
ScopeBean scope = new ScopeBean(context.replaceAll("%2F", "/")); ScopeBean scope = new ScopeBean(context.replaceAll("%2F", "/"));
contexts.add(scope.toString()); contexts.add(scope.toString());
LOG.info("found context {}",context);
}catch (IllegalArgumentException e) { }catch (IllegalArgumentException e) {
LOG.warn("invalid context found in token: {}", context); LOG.warn("invalid context found in token: {}", context);
} }
@ -57,4 +60,23 @@ public class DefaultAuthorizationProvider implements AuthorizationProvider {
return contexts; return contexts;
} }
@Override
public Secret getSecretForContext(String context) {
try {
TokenResponse response;
if (this.endpoint == null)
response = client.queryUMAToken(credentials.getClientID(), credentials.getSecret(), context, null);
else
response = client.queryUMAToken(new URL(this.endpoint), credentials.getClientID(), credentials.getSecret(), context, null);
return new AccessTokenSecret(response.getAccessToken());
} catch (Exception e) {
LOG.error("error getting OIDToken from keycloak",e);
throw new RuntimeException("error getting access token for context "+context, e);
}
}
} }

85
src/main/java/org/gcube/smartgears/utils/GcubeAccountingValve.java
View File

@ -1,85 +0,0 @@
package org.gcube.smartgears.utils;
import java.io.IOException;
import javax.servlet.ServletException;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.valves.ValveBase;
import org.gcube.accounting.datamodel.UsageRecord.OperationResult;
import org.gcube.accounting.datamodel.usagerecords.ServiceUsageRecord;
import org.gcube.accounting.persistence.AccountingPersistence;
import org.gcube.accounting.persistence.AccountingPersistenceFactory;
import org.gcube.common.scope.api.ScopeProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class GcubeAccountingValve extends ValveBase {
private static Logger log = LoggerFactory.getLogger(GcubeAccountingValve.class);
private String infra;
private String serviceClass;
private String serviceName;
private String hostAndPort;
public void setInfra(String infra) {
this.infra = infra;
}
public void setServiceClass(String serviceClass) {
this.serviceClass = serviceClass;
}
public void setServiceName(String serviceName) {
this.serviceName = serviceName;
}
public void setHostAndPort(String hostAndPort) {
this.hostAndPort = hostAndPort;
}
@Override
public void invoke(Request request, Response response) throws IOException, ServletException {
try {
String callerIp = request.getHeader("x-forwarded-for");
if (callerIp == null) {
callerIp = request.getRemoteAddr();
}
boolean success = response.getStatus()<400;
ScopeProvider.instance.set(infra);
AccountingPersistenceFactory.setFallbackLocation("/tmp");
AccountingPersistence persistence = AccountingPersistenceFactory.getPersistence();
ServiceUsageRecord serviceUsageRecord = new ServiceUsageRecord();
try{
serviceUsageRecord.setConsumerId("UNKNOWN");
serviceUsageRecord.setCallerQualifier("UNKNOWN");
serviceUsageRecord.setScope(infra);
serviceUsageRecord.setServiceClass(serviceClass);
serviceUsageRecord.setServiceName(serviceName);
serviceUsageRecord.setDuration(200l);
serviceUsageRecord.setHost(hostAndPort);
serviceUsageRecord.setCalledMethod(request.getRequestURI());
serviceUsageRecord.setCallerHost(callerIp);
serviceUsageRecord.setOperationResult(success?OperationResult.SUCCESS:OperationResult.FAILED);
persistence.account(serviceUsageRecord);
log.info("Request: {} {} {} {} ", infra, request.getContextPath(), request.getRequestURI(), success);
}catch(Exception ex){
log.warn("invalid record passed to accounting ",ex);
}finally {
ScopeProvider.instance.reset();
}
}catch (Exception e) {
log.error("error executing valve", e);
}
getNext().invoke(request, response);
}
}