Skip to content

Commit

Permalink
[fix][proxy] Move status endpoint out of auth coverage (#21428)
Browse files Browse the repository at this point in the history
(cherry picked from commit fe2d61d)
  • Loading branch information
mattisonchao authored and lhotari committed Oct 25, 2023
1 parent 0923080 commit df4b0d8
Show file tree
Hide file tree
Showing 3 changed files with 54 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -255,9 +255,11 @@ public static void addWebServerHandlers(WebServer server,
ProxyConfiguration config,
ProxyService service,
BrokerDiscoveryProvider discoveryProvider) throws Exception {
// We can make 'status.html' publicly accessible without authentication since
// it does not contain any sensitive data.
server.addRestResource("/", VipStatus.ATTRIBUTE_STATUS_FILE_PATH, config.getStatusFilePath(),
VipStatus.class, false);
if (config.isEnableProxyStatsEndpoints()) {
server.addRestResource("/", VipStatus.ATTRIBUTE_STATUS_FILE_PATH, config.getStatusFilePath(),
VipStatus.class);
server.addRestResource("/proxy-stats", ProxyStats.ATTRIBUTE_PULSAR_PROXY_NAME, service,
ProxyStats.class);
if (service != null) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -239,15 +239,40 @@ private static void popularServletParams(ServletHolder servletHolder, ProxyConfi
}
}

/**
* Add a REST resource to the servlet context with authentication coverage.
*
* @see WebServer#addRestResource(String, String, Object, Class, boolean)
*
* @param basePath The base path for the resource.
* @param attribute An attribute associated with the resource.
* @param attributeValue The value of the attribute.
* @param resourceClass The class representing the resource.
*/
public void addRestResource(String basePath, String attribute, Object attributeValue, Class<?> resourceClass) {
addRestResource(basePath, attribute, attributeValue, resourceClass, true);
}

/**
* Add a REST resource to the servlet context.
*
* @param basePath The base path for the resource.
* @param attribute An attribute associated with the resource.
* @param attributeValue The value of the attribute.
* @param resourceClass The class representing the resource.
* @param requireAuthentication A boolean indicating whether authentication is required for this resource.
*/
public void addRestResource(String basePath, String attribute, Object attributeValue,
Class<?> resourceClass, boolean requireAuthentication) {
ResourceConfig config = new ResourceConfig();
config.register(resourceClass);
config.register(JsonMapperProvider.class);
ServletHolder servletHolder = new ServletHolder(new ServletContainer(config));
servletHolder.setAsyncSupported(true);
// This method has not historically checked for existing paths, so we don't check here either. The
// method call is added to reduce code duplication.
addServlet(basePath, servletHolder, Collections.singletonList(Pair.of(attribute, attributeValue)), true, false);
addServlet(basePath, servletHolder, Collections.singletonList(Pair.of(attribute, attributeValue)),
requireAuthentication, false);
}

public int getExternalServicePort() {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,7 @@ protected void setup() throws Exception {
proxyConfig.setBrokerClientAuthenticationPlugin(AuthenticationToken.class.getName());
proxyConfig.setBrokerClientAuthenticationParameters(PROXY_TOKEN);
proxyConfig.setAuthenticationProviders(providers);
proxyConfig.setStatusFilePath("./src/test/resources/vip_status.html");

AuthenticationService authService =
new AuthenticationService(PulsarConfigurationLoader.convertFrom(proxyConfig));
Expand Down Expand Up @@ -405,6 +406,29 @@ public void testProxyAuthorizationWithPrefixSubscriptionAuthMode() throws Except
log.info("-- Exiting {} test --", methodName);
}

@Test
void testGetStatus() throws Exception {
log.info("-- Starting {} test --", methodName);
final PulsarResources resource = new PulsarResources(new ZKMetadataStore(mockZooKeeper),
new ZKMetadataStore(mockZooKeeperGlobal));
final AuthenticationService authService = new AuthenticationService(
PulsarConfigurationLoader.convertFrom(proxyConfig));
final WebServer webServer = new WebServer(proxyConfig, authService);
ProxyServiceStarter.addWebServerHandlers(webServer, proxyConfig, proxyService,
new BrokerDiscoveryProvider(proxyConfig, resource));
webServer.start();
@Cleanup
final Client client = javax.ws.rs.client.ClientBuilder
.newClient(new ClientConfig().register(LoggingFeature.class));
try {
final Response r = client.target(webServer.getServiceUri()).path("/status.html").request().get();
Assert.assertEquals(r.getStatus(), Response.Status.OK.getStatusCode());
} finally {
webServer.stop();
}
log.info("-- Exiting {} test --", methodName);
}

@Test
void testGetMetrics() throws Exception {
log.info("-- Starting {} test --", methodName);
Expand Down

0 comments on commit df4b0d8

Please sign in to comment.