func makeProxy(adapter storeadapter.StoreAdapter, config *Config, logger *gosteno.Logger, messageGenerator marshaller.MessageGenerator, translator dopplerproxy.RequestTranslator, listenerConstructor channel_group_connector.ListenerConstructor, cookieDomain string) *dopplerproxy.Proxy { logAuthorizer := authorization.NewLogAccessAuthorizer(*disableAccessControl, config.ApiHost, config.SkipCertVerify) uaaClient := uaa_client.NewUaaClient(config.UaaHost, config.UaaClientId, config.UaaClientSecret, config.SkipCertVerify) adminAuthorizer := authorization.NewAdminAccessAuthorizer(*disableAccessControl, &uaaClient) provider := MakeProvider(adapter, "/healthstatus/doppler", config.DopplerPort, logger) cgc := channel_group_connector.NewChannelGroupConnector(provider, listenerConstructor, messageGenerator, logger) return dopplerproxy.NewDopplerProxy(logAuthorizer, adminAuthorizer, cgc, translator, cookieDomain, logger) }
func makeProxy(adapter storeadapter.StoreAdapter, config *config.Config, logger *gosteno.Logger, messageGenerator marshaller.MessageGenerator, translator dopplerproxy.RequestTranslator, listenerConstructor channel_group_connector.ListenerConstructor, cookieDomain string) *dopplerproxy.Proxy { logAuthorizer := authorization.NewLogAccessAuthorizer(*disableAccessControl, config.ApiHost, config.SkipCertVerify) uaaClient := uaa_client.NewUaaClient(config.UaaHost, config.UaaClientId, config.UaaClientSecret, config.SkipCertVerify) adminAuthorizer := authorization.NewAdminAccessAuthorizer(*disableAccessControl, &uaaClient) preferredServers := func(string) bool { return false } finder := dopplerservice.NewLegacyFinder(adapter, int(config.DopplerPort), preferredServers, nil, logger) finder.Start() cgc := channel_group_connector.NewChannelGroupConnector(finder, listenerConstructor, messageGenerator, logger) return dopplerproxy.NewDopplerProxy(logAuthorizer, adminAuthorizer, cgc, translator, cookieDomain, logger) }
type ErrorUaaClient struct { UsedToken string } func (client *ErrorUaaClient) GetAuthData(token string) (*uaa_client.AuthData, error) { client.UsedToken = token return nil, errors.New("An error occurred") } var _ = Describe("AdminAccessAuthorizer", func() { authToken := "bearer my-token" Context("Disable Access Control", func() { It("returns true", func() { client := &NonAdminUaaClient{} authorizer := authorization.NewAdminAccessAuthorizer(true, client) authorized, err := authorizer("", loggertesthelper.Logger()) Expect(authorized).To(BeTrue()) Expect(err).To(BeNil()) }) }) Context("when no auth token is present", func() { It("returns false", func() { client := &LoggregatorAdminUaaClient{} authorizer := authorization.NewAdminAccessAuthorizer(false, client) authorized, err := authorizer("", loggertesthelper.Logger()) Expect(authorized).To(BeFalse())
func main() { flag.Parse() config, err := config.ParseConfig(*logLevel, *configFile, *logFilePath) if err != nil { panic(err) } log := logger.NewLogger(*logLevel, *logFilePath, "loggregator trafficcontroller", config.Syslog) log.Info("Startup: Setting up the loggregator traffic controller") dropsonde.Initialize("127.0.0.1:"+strconv.Itoa(config.MetronPort), "LoggregatorTrafficController") profiler := profiler.NewProfiler(*cpuprofile, *memprofile, 1*time.Second, log) profiler.Profile() defer profiler.Stop() uptimeMonitor := monitor.NewUptimeMonitor(time.Duration(config.MonitorIntervalSeconds) * time.Second) go uptimeMonitor.Start() defer uptimeMonitor.Stop() etcdAdapter := DefaultStoreAdapterProvider(config.EtcdUrls, config.EtcdMaxConcurrentRequests) err = etcdAdapter.Connect() if err != nil { log.Errorf("Cannot connect to ETCD: %s", err.Error()) os.Exit(-1) } ipAddress, err := localip.LocalIP() if err != nil { panic(err) } logAuthorizer := authorization.NewLogAccessAuthorizer(*disableAccessControl, config.ApiHost, config.SkipCertVerify) uaaClient := uaa_client.NewUaaClient(config.UaaHost, config.UaaClientId, config.UaaClientSecret, config.SkipCertVerify) adminAuthorizer := authorization.NewAdminAccessAuthorizer(*disableAccessControl, &uaaClient) preferredServers := func(string) bool { return false } finder := dopplerservice.NewLegacyFinder(etcdAdapter, int(config.DopplerPort), preferredServers, nil, log) finder.Start() dopplerProxy := makeProxy(etcdAdapter, config, log, marshaller.DropsondeLogMessage, dopplerproxy.TranslateFromDropsondePath, newDropsondeWebsocketListener, finder, logAuthorizer, adminAuthorizer, "doppler."+config.SystemDomain) startOutgoingDopplerProxy(net.JoinHostPort(ipAddress, strconv.FormatUint(uint64(config.OutgoingDropsondePort), 10)), dopplerProxy) legacyProxy := makeProxy(etcdAdapter, config, log, marshaller.LoggregatorLogMessage, dopplerproxy.TranslateFromLegacyPath, newLegacyWebsocketListener, finder, logAuthorizer, adminAuthorizer, "loggregator."+config.SystemDomain) startOutgoingProxy(net.JoinHostPort(ipAddress, strconv.FormatUint(uint64(config.OutgoingPort), 10)), legacyProxy) killChan := make(chan os.Signal) signal.Notify(killChan, os.Kill, os.Interrupt) dumpChan := registerGoRoutineDumpSignalChannel() for { select { case <-dumpChan: logger.DumpGoRoutine() case <-killChan: break } } }
func main() { flag.Parse() config, err := config.ParseConfig(*logLevel, *configFile) if err != nil { panic(fmt.Errorf("Unable to parse config: %s", err)) } transport := &http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: config.SkipCertVerify}} http.DefaultClient.Transport = transport ipAddress, err := localip.LocalIP() if err != nil { panic(fmt.Errorf("Unable to resolve own IP address: %s", err)) } log := logger.NewLogger(*logLevel, *logFilePath, "loggregator trafficcontroller", config.Syslog) log.Info("Startup: Setting up the loggregator traffic controller") dropsonde.Initialize(net.JoinHostPort(config.MetronHost, strconv.Itoa(config.MetronPort)), "LoggregatorTrafficController") go func() { err := http.ListenAndServe(net.JoinHostPort(ipAddress, pprofPort), nil) if err != nil { log.Errorf("Error starting pprof server: %s", err.Error()) } }() uptimeMonitor := monitor.NewUptimeMonitor(time.Duration(config.MonitorIntervalSeconds) * time.Second) go uptimeMonitor.Start() defer uptimeMonitor.Stop() etcdAdapter := defaultStoreAdapterProvider(config.EtcdUrls, config.EtcdMaxConcurrentRequests) err = etcdAdapter.Connect() if err != nil { panic(fmt.Errorf("Unable to connect to ETCD: %s", err)) } logAuthorizer := authorization.NewLogAccessAuthorizer(*disableAccessControl, config.ApiHost) uaaClient := uaa_client.NewUaaClient(config.UaaHost, config.UaaClientId, config.UaaClientSecret) adminAuthorizer := authorization.NewAdminAccessAuthorizer(*disableAccessControl, &uaaClient) // TODO: The preferredProtocol of udp tells the finder to pull out the Doppler URLs from the legacy ETCD endpoint. // Eventually we'll have a separate websocket client pool finder := dopplerservice.NewFinder(etcdAdapter, int(config.DopplerPort), []string{"udp"}, "", log) finder.Start() // Draining the finder's events channel in order to not block the finder from handling etcd events. go func() { for { finder.Next() } }() var accessMiddleware, legacyAccessMiddleware func(middleware.HttpHandler) *middleware.AccessHandler if config.SecurityEventLog != "" { accessLog, err := os.OpenFile(config.SecurityEventLog, os.O_APPEND|os.O_WRONLY, os.ModeAppend) if err != nil { panic(fmt.Errorf("Unable to open access log: %s", err)) } defer func() { accessLog.Sync() accessLog.Close() }() accessLogger := accesslogger.New(accessLog, log) accessMiddleware = middleware.Access(accessLogger, ipAddress, config.OutgoingDropsondePort, log) legacyAccessMiddleware = middleware.Access(accessLogger, ipAddress, config.OutgoingPort, log) } dopplerCgc := channel_group_connector.NewChannelGroupConnector(finder, newDropsondeWebsocketListener, marshaller.DropsondeLogMessage, log) dopplerHandler := http.Handler(dopplerproxy.NewDopplerProxy(logAuthorizer, adminAuthorizer, dopplerCgc, dopplerproxy.TranslateFromDropsondePath, "doppler."+config.SystemDomain, log)) if accessMiddleware != nil { dopplerHandler = accessMiddleware(dopplerHandler) } startOutgoingProxy(net.JoinHostPort(ipAddress, strconv.FormatUint(uint64(config.OutgoingDropsondePort), 10)), dopplerHandler) legacyCgc := channel_group_connector.NewChannelGroupConnector(finder, newLegacyWebsocketListener, marshaller.LoggregatorLogMessage, log) legacyHandler := http.Handler(dopplerproxy.NewDopplerProxy(logAuthorizer, adminAuthorizer, legacyCgc, dopplerproxy.TranslateFromLegacyPath, "loggregator."+config.SystemDomain, log)) if legacyAccessMiddleware != nil { legacyHandler = legacyAccessMiddleware(legacyHandler) } startOutgoingProxy(net.JoinHostPort(ipAddress, strconv.FormatUint(uint64(config.OutgoingPort), 10)), legacyHandler) killChan := signalmanager.RegisterKillSignalChannel() dumpChan := signalmanager.RegisterGoRoutineDumpSignalChannel() for { select { case <-dumpChan: signalmanager.DumpGoRoutine() case <-killChan: log.Info("Shutting down") return } } }
func main() { // Put os.Exit in a deferred statement so that other defers get executed prior to // the os.Exit call. exitCode := 0 defer func() { os.Exit(exitCode) }() flag.Parse() config, err := config.ParseConfig(*logLevel, *configFile, *logFilePath) if err != nil { panic(err) } log := logger.NewLogger(*logLevel, *logFilePath, "loggregator trafficcontroller", config.Syslog) log.Info("Startup: Setting up the loggregator traffic controller") dropsonde.Initialize("127.0.0.1:"+strconv.Itoa(config.MetronPort), "LoggregatorTrafficController") profiler := profiler.New(*cpuprofile, *memprofile, 1*time.Second, log) profiler.Profile() defer profiler.Stop() uptimeMonitor := monitor.NewUptimeMonitor(time.Duration(config.MonitorIntervalSeconds) * time.Second) go uptimeMonitor.Start() defer uptimeMonitor.Stop() etcdAdapter := DefaultStoreAdapterProvider(config.EtcdUrls, config.EtcdMaxConcurrentRequests) err = etcdAdapter.Connect() if err != nil { log.Errorf("Cannot connect to ETCD: %s", err.Error()) exitCode = -1 return } ipAddress, err := localip.LocalIP() if err != nil { panic(err) } logAuthorizer := authorization.NewLogAccessAuthorizer(*disableAccessControl, config.ApiHost, config.SkipCertVerify) uaaClient := uaa_client.NewUaaClient(config.UaaHost, config.UaaClientId, config.UaaClientSecret, config.SkipCertVerify) adminAuthorizer := authorization.NewAdminAccessAuthorizer(*disableAccessControl, &uaaClient) preferredServers := func(string) bool { return false } finder := dopplerservice.NewLegacyFinder(etcdAdapter, int(config.DopplerPort), preferredServers, nil, log) finder.Start() dopplerCgc := channel_group_connector.NewChannelGroupConnector(finder, newDropsondeWebsocketListener, marshaller.DropsondeLogMessage, log) dopplerProxy := dopplerproxy.NewDopplerProxy(logAuthorizer, adminAuthorizer, dopplerCgc, dopplerproxy.TranslateFromDropsondePath, "doppler."+config.SystemDomain, log) startOutgoingProxy(net.JoinHostPort(ipAddress, strconv.FormatUint(uint64(config.OutgoingDropsondePort), 10)), dopplerProxy) legacyCgc := channel_group_connector.NewChannelGroupConnector(finder, newLegacyWebsocketListener, marshaller.LoggregatorLogMessage, log) legacyProxy := dopplerproxy.NewDopplerProxy(logAuthorizer, adminAuthorizer, legacyCgc, dopplerproxy.TranslateFromLegacyPath, "loggregator."+config.SystemDomain, log) startOutgoingProxy(net.JoinHostPort(ipAddress, strconv.FormatUint(uint64(config.OutgoingPort), 10)), legacyProxy) killChan := signalmanager.RegisterKillSignalChannel() dumpChan := signalmanager.RegisterGoRoutineDumpSignalChannel() for { select { case <-dumpChan: signalmanager.DumpGoRoutine() case <-killChan: log.Info("Shutting down") return } } }