func makeProxy(adapter storeadapter.StoreAdapter, config *Config, logger *gosteno.Logger, messageGenerator marshaller.MessageGenerator, translator dopplerproxy.RequestTranslator, listenerConstructor channel_group_connector.ListenerConstructor, cookieDomain string) *dopplerproxy.Proxy {
logAuthorizer := authorization.NewLogAccessAuthorizer(*disableAccessControl, config.ApiHost, config.SkipCertVerify)
uaaClient := uaa_client.NewUaaClient(config.UaaHost, config.UaaClientId, config.UaaClientSecret, config.SkipCertVerify)
adminAuthorizer := authorization.NewAdminAccessAuthorizer(*disableAccessControl, &uaaClient)
provider := MakeProvider(adapter, "/healthstatus/doppler", config.DopplerPort, logger)
cgc := channel_group_connector.NewChannelGroupConnector(provider, listenerConstructor, messageGenerator, logger)
return dopplerproxy.NewDopplerProxy(logAuthorizer, adminAuthorizer, cgc, translator, cookieDomain, logger)
}
func makeProxy(adapter storeadapter.StoreAdapter, config *config.Config, logger *gosteno.Logger, messageGenerator marshaller.MessageGenerator, translator dopplerproxy.RequestTranslator, listenerConstructor channel_group_connector.ListenerConstructor, cookieDomain string) *dopplerproxy.Proxy {
logAuthorizer := authorization.NewLogAccessAuthorizer(*disableAccessControl, config.ApiHost, config.SkipCertVerify)
uaaClient := uaa_client.NewUaaClient(config.UaaHost, config.UaaClientId, config.UaaClientSecret, config.SkipCertVerify)
adminAuthorizer := authorization.NewAdminAccessAuthorizer(*disableAccessControl, &uaaClient)
preferredServers := func(string) bool { return false }
finder := dopplerservice.NewLegacyFinder(adapter, int(config.DopplerPort), preferredServers, nil, logger)
finder.Start()
cgc := channel_group_connector.NewChannelGroupConnector(finder, listenerConstructor, messageGenerator, logger)
return dopplerproxy.NewDopplerProxy(logAuthorizer, adminAuthorizer, cgc, translator, cookieDomain, logger)
}
func main() {
flag.Parse()
config, err := config.ParseConfig(*logLevel, *configFile, *logFilePath)
if err != nil {
panic(err)
}
log := logger.NewLogger(*logLevel, *logFilePath, "loggregator trafficcontroller", config.Syslog)
log.Info("Startup: Setting up the loggregator traffic controller")
dropsonde.Initialize("127.0.0.1:"+strconv.Itoa(config.MetronPort), "LoggregatorTrafficController")
profiler := profiler.NewProfiler(*cpuprofile, *memprofile, 1*time.Second, log)
profiler.Profile()
defer profiler.Stop()
uptimeMonitor := monitor.NewUptimeMonitor(time.Duration(config.MonitorIntervalSeconds) * time.Second)
go uptimeMonitor.Start()
defer uptimeMonitor.Stop()
etcdAdapter := DefaultStoreAdapterProvider(config.EtcdUrls, config.EtcdMaxConcurrentRequests)
err = etcdAdapter.Connect()
if err != nil {
log.Errorf("Cannot connect to ETCD: %s", err.Error())
os.Exit(-1)
}
ipAddress, err := localip.LocalIP()
if err != nil {
panic(err)
}
logAuthorizer := authorization.NewLogAccessAuthorizer(*disableAccessControl, config.ApiHost, config.SkipCertVerify)
uaaClient := uaa_client.NewUaaClient(config.UaaHost, config.UaaClientId, config.UaaClientSecret, config.SkipCertVerify)
adminAuthorizer := authorization.NewAdminAccessAuthorizer(*disableAccessControl, &uaaClient)
preferredServers := func(string) bool { return false }
finder := dopplerservice.NewLegacyFinder(etcdAdapter, int(config.DopplerPort), preferredServers, nil, log)
finder.Start()
dopplerProxy := makeProxy(etcdAdapter, config, log, marshaller.DropsondeLogMessage, dopplerproxy.TranslateFromDropsondePath,
newDropsondeWebsocketListener, finder, logAuthorizer, adminAuthorizer, "doppler."+config.SystemDomain)
startOutgoingDopplerProxy(net.JoinHostPort(ipAddress, strconv.FormatUint(uint64(config.OutgoingDropsondePort), 10)), dopplerProxy)
legacyProxy := makeProxy(etcdAdapter, config, log, marshaller.LoggregatorLogMessage, dopplerproxy.TranslateFromLegacyPath,
newLegacyWebsocketListener, finder, logAuthorizer, adminAuthorizer, "loggregator."+config.SystemDomain)
startOutgoingProxy(net.JoinHostPort(ipAddress, strconv.FormatUint(uint64(config.OutgoingPort), 10)), legacyProxy)
killChan := make(chan os.Signal)
signal.Notify(killChan, os.Kill, os.Interrupt)
dumpChan := registerGoRoutineDumpSignalChannel()
for {
select {
case <-dumpChan:
logger.DumpGoRoutine()
case <-killChan:
break
}
}
}
func main() {
flag.Parse()
config, err := config.ParseConfig(*logLevel, *configFile)
if err != nil {
panic(fmt.Errorf("Unable to parse config: %s", err))
}
transport := &http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: config.SkipCertVerify}}
http.DefaultClient.Transport = transport
ipAddress, err := localip.LocalIP()
if err != nil {
panic(fmt.Errorf("Unable to resolve own IP address: %s", err))
}
log := logger.NewLogger(*logLevel, *logFilePath, "loggregator trafficcontroller", config.Syslog)
log.Info("Startup: Setting up the loggregator traffic controller")
dropsonde.Initialize(net.JoinHostPort(config.MetronHost, strconv.Itoa(config.MetronPort)), "LoggregatorTrafficController")
go func() {
err := http.ListenAndServe(net.JoinHostPort(ipAddress, pprofPort), nil)
if err != nil {
log.Errorf("Error starting pprof server: %s", err.Error())
}
}()
uptimeMonitor := monitor.NewUptimeMonitor(time.Duration(config.MonitorIntervalSeconds) * time.Second)
go uptimeMonitor.Start()
defer uptimeMonitor.Stop()
etcdAdapter := defaultStoreAdapterProvider(config.EtcdUrls, config.EtcdMaxConcurrentRequests)
err = etcdAdapter.Connect()
if err != nil {
panic(fmt.Errorf("Unable to connect to ETCD: %s", err))
}
logAuthorizer := authorization.NewLogAccessAuthorizer(*disableAccessControl, config.ApiHost)
uaaClient := uaa_client.NewUaaClient(config.UaaHost, config.UaaClientId, config.UaaClientSecret)
adminAuthorizer := authorization.NewAdminAccessAuthorizer(*disableAccessControl, &uaaClient)
// TODO: The preferredProtocol of udp tells the finder to pull out the Doppler URLs from the legacy ETCD endpoint.
// Eventually we'll have a separate websocket client pool
finder := dopplerservice.NewFinder(etcdAdapter, int(config.DopplerPort), []string{"udp"}, "", log)
finder.Start()
// Draining the finder's events channel in order to not block the finder from handling etcd events.
go func() {
for {
finder.Next()
}
}()
var accessMiddleware, legacyAccessMiddleware func(middleware.HttpHandler) *middleware.AccessHandler
if config.SecurityEventLog != "" {
accessLog, err := os.OpenFile(config.SecurityEventLog, os.O_APPEND|os.O_WRONLY, os.ModeAppend)
if err != nil {
panic(fmt.Errorf("Unable to open access log: %s", err))
}
defer func() {
accessLog.Sync()
accessLog.Close()
}()
accessLogger := accesslogger.New(accessLog, log)
accessMiddleware = middleware.Access(accessLogger, ipAddress, config.OutgoingDropsondePort, log)
legacyAccessMiddleware = middleware.Access(accessLogger, ipAddress, config.OutgoingPort, log)
}
dopplerCgc := channel_group_connector.NewChannelGroupConnector(finder, newDropsondeWebsocketListener, marshaller.DropsondeLogMessage, log)
dopplerHandler := http.Handler(dopplerproxy.NewDopplerProxy(logAuthorizer, adminAuthorizer, dopplerCgc, dopplerproxy.TranslateFromDropsondePath, "doppler."+config.SystemDomain, log))
if accessMiddleware != nil {
dopplerHandler = accessMiddleware(dopplerHandler)
}
startOutgoingProxy(net.JoinHostPort(ipAddress, strconv.FormatUint(uint64(config.OutgoingDropsondePort), 10)), dopplerHandler)
legacyCgc := channel_group_connector.NewChannelGroupConnector(finder, newLegacyWebsocketListener, marshaller.LoggregatorLogMessage, log)
legacyHandler := http.Handler(dopplerproxy.NewDopplerProxy(logAuthorizer, adminAuthorizer, legacyCgc, dopplerproxy.TranslateFromLegacyPath, "loggregator."+config.SystemDomain, log))
if legacyAccessMiddleware != nil {
legacyHandler = legacyAccessMiddleware(legacyHandler)
}
startOutgoingProxy(net.JoinHostPort(ipAddress, strconv.FormatUint(uint64(config.OutgoingPort), 10)), legacyHandler)
killChan := signalmanager.RegisterKillSignalChannel()
dumpChan := signalmanager.RegisterGoRoutineDumpSignalChannel()
for {
select {
case <-dumpChan:
signalmanager.DumpGoRoutine()
case <-killChan:
log.Info("Shutting down")
return
}
}
}
func main() {
// Put os.Exit in a deferred statement so that other defers get executed prior to
// the os.Exit call.
exitCode := 0
defer func() {
os.Exit(exitCode)
}()
flag.Parse()
config, err := config.ParseConfig(*logLevel, *configFile, *logFilePath)
if err != nil {
panic(err)
}
log := logger.NewLogger(*logLevel, *logFilePath, "loggregator trafficcontroller", config.Syslog)
log.Info("Startup: Setting up the loggregator traffic controller")
dropsonde.Initialize("127.0.0.1:"+strconv.Itoa(config.MetronPort), "LoggregatorTrafficController")
profiler := profiler.New(*cpuprofile, *memprofile, 1*time.Second, log)
profiler.Profile()
defer profiler.Stop()
uptimeMonitor := monitor.NewUptimeMonitor(time.Duration(config.MonitorIntervalSeconds) * time.Second)
go uptimeMonitor.Start()
defer uptimeMonitor.Stop()
etcdAdapter := DefaultStoreAdapterProvider(config.EtcdUrls, config.EtcdMaxConcurrentRequests)
err = etcdAdapter.Connect()
if err != nil {
log.Errorf("Cannot connect to ETCD: %s", err.Error())
exitCode = -1
return
}
ipAddress, err := localip.LocalIP()
if err != nil {
panic(err)
}
logAuthorizer := authorization.NewLogAccessAuthorizer(*disableAccessControl, config.ApiHost, config.SkipCertVerify)
uaaClient := uaa_client.NewUaaClient(config.UaaHost, config.UaaClientId, config.UaaClientSecret, config.SkipCertVerify)
adminAuthorizer := authorization.NewAdminAccessAuthorizer(*disableAccessControl, &uaaClient)
preferredServers := func(string) bool { return false }
finder := dopplerservice.NewLegacyFinder(etcdAdapter, int(config.DopplerPort), preferredServers, nil, log)
finder.Start()
dopplerCgc := channel_group_connector.NewChannelGroupConnector(finder, newDropsondeWebsocketListener, marshaller.DropsondeLogMessage, log)
dopplerProxy := dopplerproxy.NewDopplerProxy(logAuthorizer, adminAuthorizer, dopplerCgc, dopplerproxy.TranslateFromDropsondePath, "doppler."+config.SystemDomain, log)
startOutgoingProxy(net.JoinHostPort(ipAddress, strconv.FormatUint(uint64(config.OutgoingDropsondePort), 10)), dopplerProxy)
legacyCgc := channel_group_connector.NewChannelGroupConnector(finder, newLegacyWebsocketListener, marshaller.LoggregatorLogMessage, log)
legacyProxy := dopplerproxy.NewDopplerProxy(logAuthorizer, adminAuthorizer, legacyCgc, dopplerproxy.TranslateFromLegacyPath, "loggregator."+config.SystemDomain, log)
startOutgoingProxy(net.JoinHostPort(ipAddress, strconv.FormatUint(uint64(config.OutgoingPort), 10)), legacyProxy)
killChan := signalmanager.RegisterKillSignalChannel()
dumpChan := signalmanager.RegisterGoRoutineDumpSignalChannel()
for {
select {
case <-dumpChan:
signalmanager.DumpGoRoutine()
case <-killChan:
log.Info("Shutting down")
return
}
}
}
import (
"integration_tests/trafficcontroller/fake_uaa_server"
"net/http/httptest"
"trafficcontroller/uaa_client"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
)
var _ = Describe("UaaClient", func() {
handler := fake_uaa_server.FakeUaaHandler{}
fakeUaaServer := httptest.NewTLSServer(&handler)
Context("when the user is an admin", func() {
It("Determines permissions from correct credentials", func() {
uaaClient := uaa_client.NewUaaClient(fakeUaaServer.URL, "bob", "yourUncle", true)
authData, err := uaaClient.GetAuthData("iAmAnAdmin")
Expect(err).ToNot(HaveOccurred())
Expect(authData.HasPermission("doppler.firehose")).To(Equal(true))
Expect(authData.HasPermission("uaa.not-admin")).To(Equal(false))
})
})
Context("when the user is not an admin", func() {
It("Determines permissions from correct credentials", func() {
uaaClient := uaa_client.NewUaaClient(fakeUaaServer.URL, "bob", "yourUncle", true)
authData, err := uaaClient.GetAuthData("iAmNotAnAdmin")