Skip to content

Commit

Permalink
KNOX-3051: Code cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
hanicz committed Dec 2, 2024
1 parent 95953e8 commit c418d49
Show file tree
Hide file tree
Showing 3 changed files with 233 additions and 42 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ public class Extender {

private final File base;
private final Properties properties;
private final Pattern pattern = Pattern.compile(CLASSPATH_PROPERTY_PATTERN, Pattern.DOTALL);

public Extender(File base, Properties properties) {
this.base = base;
Expand All @@ -56,8 +57,7 @@ public void extendClassPathProperty() throws IOException {
}

protected void extractExtensionPathIntoProperty(String configContent) {
Pattern pattern = Pattern.compile(CLASSPATH_PROPERTY_PATTERN, Pattern.DOTALL);
Matcher matcher = pattern.matcher(configContent);
final Matcher matcher = pattern.matcher(configContent);

if (matcher.find()) {
StringBuilder newClassPath = new StringBuilder(matcher.group(1).trim());
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,11 @@
package org.apache.knox.gateway.launcher;


import org.junit.After;
import org.junit.Before;
import org.junit.Test;

import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
Expand All @@ -34,9 +37,22 @@ public class ExtenderTest {
private Path confDir;
private Path configFilePath;

@Before
public void setup() throws IOException {
tempDir = Files.createTempDirectory("cp_extender_test");
confDir = Files.createDirectory(tempDir.resolve("conf"));
configFilePath = confDir.resolve("gateway-site.xml");
}

@After
public void cleanUp() throws IOException {
Files.deleteIfExists(configFilePath);
Files.deleteIfExists(confDir);
Files.deleteIfExists(tempDir);
}

@Test
public void extendClassPathPropertyTest() throws IOException {
this.setupDirs();
Properties properties = new Properties();
properties.setProperty("class.path", "classpath");
properties.setProperty("main.class", "org.apache.knox.gateway.GatewayServer");
Expand All @@ -47,12 +63,10 @@ public void extendClassPathPropertyTest() throws IOException {
extender.extendClassPathProperty();

assertEquals("/new/classp/*;classpath", properties.getProperty("class.path"));
this.cleanUpDirs();
}

@Test
public void extendClassPathPropertyDifferentMainClassTest() throws IOException {
this.setupDirs();
Properties properties = new Properties();
properties.setProperty("class.path", "classpath");
properties.setProperty("main.class", "org.apache.knox.gateway.KnoxCLI");
Expand All @@ -63,7 +77,6 @@ public void extendClassPathPropertyDifferentMainClassTest() throws IOException {
extender.extendClassPathProperty();

assertEquals("classpath", properties.getProperty("class.path"));
this.cleanUpDirs();
}

@Test
Expand Down Expand Up @@ -139,35 +152,15 @@ public void extractExtensionPathIntoPropertyEmptyWhitespaceTest() {
}

@Test
public void extractExtensionPathIntoPropertyNoConfigTest() {
public void extractExtensionPathIntoPropertyNoConfigTest() throws IOException {
Properties properties = new Properties();
properties.setProperty("class.path", "classpath");
Extender extender = new Extender(null, properties);

String configContent =
"<configuration>\n" +
" <property>\n" +
" <name>gateway.webshell.read.buffer.size</name>\n" +
" <value>1024</value>\n" +
" <description>Web Shell buffer size for reading</description>\n" +
" </property>\n" +
"\n" +
" <!-- @since 2.0.0 websocket JWT validation configs -->\n" +
" <property>\n" +
" <name>gateway.websocket.JWT.validation.feature.enabled</name>\n" +
" <value>true</value>\n" +
" <description>Enable/Disable websocket JWT validation at websocket layer.</description>\n" +
" </property>\n" +
"\n" +
" <!-- @since 1.5.0 homepage logout -->\n" +
" <property>\n" +
" <name>knox.homepage.logout.enabled</name>\n" +
" <value>true</value>\n" +
" <description>Enable/disable logout from the Knox Homepage.</description>\n" +
" </property>\n" +
"</configuration>";
ClassLoader classLoader = getClass().getClassLoader();
File file = new File(classLoader.getResource("gateway-site-test.xml").getFile());

extender.extractExtensionPathIntoProperty(configContent);
extender.extractExtensionPathIntoProperty(new String(Files.readAllBytes(file.toPath()), StandardCharsets.UTF_8));

assertEquals("classpath", properties.getProperty("class.path"));
}
Expand All @@ -180,16 +173,4 @@ private String getConfigContent(String extensionValue) {
" </property>\n" +
"</configuration>";
}

private void setupDirs() throws IOException {
tempDir = Files.createTempDirectory("cp_extender_test");
confDir = Files.createDirectory(tempDir.resolve("conf"));
configFilePath = confDir.resolve("gateway-site.xml");
}

private void cleanUpDirs() throws IOException {
Files.deleteIfExists(configFilePath);
Files.deleteIfExists(confDir);
Files.deleteIfExists(tempDir);
}
}
210 changes: 210 additions & 0 deletions gateway-util-launcher/src/test/resources/gateway-site-test.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,210 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<configuration>

<property>
<name>gateway.service.alias.impl</name>
<value>org.apache.knox.gateway.services.security.impl.RemoteAliasService</value>
</property>
<property>
<name>gateway.port</name>
<value>8443</value>
<description>The HTTP port for the Gateway.</description>
</property>

<property>
<name>gateway.path</name>
<value>gateway</value>
<description>The default context path for the gateway.</description>
</property>

<property>
<name>gateway.gateway.conf.dir</name>
<value>deployments</value>
<description>The directory within GATEWAY_HOME that contains gateway topology files and deployments.</description>
</property>

<property>
<name>gateway.hadoop.kerberos.secured</name>
<value>false</value>
<description>Boolean flag indicating whether the Hadoop cluster protected by Gateway is secured with Kerberos</description>
</property>

<property>
<name>java.security.krb5.conf</name>
<value>/etc/knox/conf/krb5.conf</value>
<description>Absolute path to krb5.conf file</description>
</property>

<property>
<name>java.security.auth.login.config</name>
<value>/etc/knox/conf/krb5JAASLogin.conf</value>
<description>Absolute path to JAAS login config file</description>
</property>

<property>
<name>sun.security.krb5.debug</name>
<value>false</value>
<description>Boolean flag indicating whether to enable debug messages for krb5 authentication</description>
</property>

<!-- @since 0.10 Websocket configs -->
<property>
<name>gateway.websocket.feature.enabled</name>
<value>false</value>
<description>Enable/Disable websocket feature.</description>
</property>

<property>
<name>gateway.scope.cookies.feature.enabled</name>
<value>false</value>
<description>Enable/Disable cookie scoping feature.</description>
</property>

<property>
<name>gateway.cluster.config.monitor.ambari.enabled</name>
<value>false</value>
<description>Enable/disable Ambari cluster configuration monitoring.</description>
</property>

<property>
<name>gateway.cluster.config.monitor.ambari.interval</name>
<value>60</value>
<description>The interval (in seconds) for polling Ambari for cluster configuration changes.</description>
</property>
<!-- @since 2.0.0 WebShell configs -->
<!-- must have websocket enabled to use webshell -->
<property>
<name>gateway.webshell.feature.enabled</name>
<value>false</value>
<description>Enable/Disable webshell feature.</description>
</property>
<property>
<name>gateway.webshell.max.concurrent.sessions</name>
<value>20</value>
<description>Maximum number of total concurrent webshell sessions</description>
</property>
<property>
<name>gateway.webshell.audit.logging.enabled</name>
<value>false</value>
<description>[Experimental Feature] Enable/Disable webshell command audit logging.
NOTE: Turning this on might log secrets that might be part of
command line arguments, please consider this before turning this on.</description>
</property>
<property>
<name>gateway.webshell.read.buffer.size</name>
<value>1024</value>
<description>Web Shell buffer size for reading</description>
</property>

<!-- @since 2.0.0 websocket JWT validation configs -->
<property>
<name>gateway.websocket.JWT.validation.feature.enabled</name>
<value>true</value>
<description>Enable/Disable websocket JWT validation at websocket layer.</description>
</property>

<!-- @since 1.5.0 homepage logout -->
<property>
<name>knox.homepage.logout.enabled</name>
<value>true</value>
<description>Enable/disable logout from the Knox Homepage.</description>
</property>

<!-- @since 2.1.0 KnoxSSO Cookie Invalidation -->
<property>
<name>gateway.knox.token.management.users.can.see.all.tokens</name>
<value>admin</value>
<description>A comma separated list of user names who can see all tokens on the Token Management page</description>
</property>

<!-- @since 1.6.0 token management related properties -->
<property>
<name>gateway.knox.token.eviction.grace.period</name>
<value>0</value>
<description>A duration (in seconds) beyond a token’s expiration to wait before evicting its state. This configuration only applies when server-managed token state is enabled either in gateway-site or at the topology level.</description>
</property>

<!-- @since 2.1.0 application path aliases -->
<property>
<name>gateway.application.path.alias.token-generation</name>
<value>tokengen</value>
</property>


<!-- Knox Admin related config -->
<property>
<name>gateway.knox.admin.groups</name>
<value>admin</value>
</property>

<!-- DEMO LDAP config for Hadoop Group Provider -->
<property>
<name>gateway.group.config.hadoop.security.group.mapping</name>
<value>org.apache.hadoop.security.LdapGroupsMapping</value>
</property>
<property>
<name>gateway.group.config.hadoop.security.group.mapping.ldap.bind.user</name>
<value>uid=guest,ou=people,dc=hadoop,dc=apache,dc=org</value>
</property>
<property>
<name>gateway.group.config.hadoop.security.group.mapping.ldap.bind.password</name>
<value>guest-password</value>
</property>
<property>
<name>gateway.group.config.hadoop.security.group.mapping.ldap.url</name>
<value>ldap://localhost:33389</value>
</property>
<property>
<name>gateway.group.config.hadoop.security.group.mapping.ldap.base</name>
<value></value>
</property>
<property>
<name>gateway.group.config.hadoop.security.group.mapping.ldap.search.filter.user</name>
<value>(&amp;(|(objectclass=person)(objectclass=applicationProcess))(cn={0}))</value>
</property>
<property>
<name>gateway.group.config.hadoop.security.group.mapping.ldap.search.filter.group</name>
<value>(objectclass=groupOfNames)</value>
</property>
<property>
<name>gateway.group.config.hadoop.security.group.mapping.ldap.search.attr.member</name>
<value>member</value>
</property>
<property>
<name>gateway.group.config.hadoop.security.group.mapping.ldap.search.attr.group.name</name>
<value>cn</value>
</property>
<property>
<name>gateway.dispatch.whitelist.services</name>
<value>DATANODE,HBASEUI,HDFSUI,JOBHISTORYUI,NODEUI,YARNUI,knoxauth</value>
<description>The comma-delimited list of service roles for which the gateway.dispatch.whitelist should be applied.</description>
</property>
<property>
<name>gateway.dispatch.whitelist</name>
<value>^https?:\/\/(localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$</value>
<description>The whitelist to be applied for dispatches associated with the service roles specified by gateway.dispatch.whitelist.services.
If the value is DEFAULT, a domain-based whitelist will be derived from the Knox host.</description>
</property>
<property>
<name>gateway.xforwarded.header.context.append.servicename</name>
<value>LIVYSERVER</value>
<description>Add service name to x-forward-context header for the list of services defined above.</description>
</property>
</configuration>

0 comments on commit c418d49

Please sign in to comment.