private void validateConnection(RegistryHostSpec hostSpec, Operation op, boolean storeHost) { validatePlainHttpConnection(this, hostSpec, op, () -> validateSslTrust(this, hostSpec, op, () -> { if (hostSpec.sslTrust != null && hostSpec.hostState != null) { if (hostSpec.hostState.customProperties == null) { hostSpec.hostState.customProperties = new HashMap<>(); } hostSpec.hostState.customProperties.put(RegistryService .REGISTRY_TRUST_CERTS_PROP_NAME, UriUtils .buildUriPath( SslTrustCertificateService .FACTORY_LINK, hostSpec .sslTrust.documentSelfLink)); } pingHost(hostSpec, op, hostSpec.sslTrust, () -> { if (storeHost) { storeHost(hostSpec, op); } else { completeOperationSuccess(op); } }); }) ); }
@Override public void handlePut(Operation op) { if (!op.hasBody()) { op.fail(new IllegalArgumentException("RegistryHostSpec body is required")); return; } RegistryHostSpec hostSpec = op.getBody(RegistryHostSpec.class); validate(hostSpec); boolean validateHostConnection = op.getUri().getQuery() != null && op.getUri().getQuery().contains(REQUEST_PARAM_VALIDATE_OPERATION_NAME); if (validateHostConnection) { validateConnection(hostSpec, op, false); } else { createHost(hostSpec, op); } }
private void distributeCertificate(RegistryState registry, Operation parentOp) { parentOp.complete(); logInfo("Distributing certificate for %s. Fetching registry certificate", registry.address); RegistryService.fetchRegistryCertificate(registry, (certificate) -> { RegistryConfigCertificateDistributionState distributionState = new RegistryConfigCertificateDistributionState(); distributionState.registryAddress = registry.address; distributionState.tenantLinks = registry.tenantLinks; distributionState.certState = new SslTrustCertificateState(); distributionState.certState.certificate = certificate; logInfo("Distributing certificate for %s. Fetched registry certificate.", registry.address); sendRequest(Operation.createPost(this, RegistryConfigCertificateDistributionService.SELF_LINK) .setContextId(parentOp.getContextId()) .setBody(distributionState)); }, getHost()); }
if (hostState.documentSelfLink == null || !hostState.documentSelfLink.startsWith(RegistryFactoryService.SELF_LINK)) { URI uri = UriUtils.buildUri(getHost(), RegistryFactoryService.SELF_LINK); store = OperationUtil.createForcedPost(uri); } else { URI uri = UriUtils.buildUri(getHost(), hostState.documentSelfLink); store = Operation.createPut(uri); sendRequest(store .addPragmaDirective(Operation.PRAGMA_DIRECTIVE_QUEUE_FOR_SERVICE_AVAILABILITY) .setContextId(op.getContextId()) (o, e) -> { if (e != null) { logSevere("Failed to store registry %s", hostState.address); op.fail(e); return; logInfo("Stored registry %s", hostState.address); completeOperationSuccess(op); }); distributeCertificate(hostState, op); }));
validateHostAddress(hostState, sslTrust); failOperation(hostSpec, op, e); return; request.operationTypeId = ImageOperationType.PING.id; request.serviceTaskCallback = ServiceTaskCallback.createEmpty(); request.resourceReference = getHostUri(hostState); sendRequest(Operation .createPatch(this, ManagementUriParts.ADAPTER_REGISTRY) .setBody(request) .setCompletion((o, ex) -> { if (ex != null) { failOperation(hostSpec, op, ex); return;
private void validate(RegistryHostSpec hostSpec) { RegistryState state = hostSpec.hostState; AssertUtil.assertNotNull(state, "registryState"); AssertUtil.assertNotNull(state.address, "registryState.address"); AssertUtil.assertNotNull(state.name, "registryState.name"); state.address = state.address.trim().replaceAll("/+$", ""); state.name = state.name.trim(); hostSpec.uri = getHostUri(state); }
@Override public void handleStart(Operation post) { // we depend on another service, start, when it starts getHost().registerForServiceAvailability((o, e) -> { if (e != null) { post.fail(e); } else { post.complete(); } }, RegistryConfigCertificateDistributionService.SELF_LINK); }
private void validatePlainHttpConnection(Service sender, HostSpec hostSpec, Operation op, Runnable callbackFunction) { boolean allowRegistryInsecureConnection = Boolean.valueOf( ConfigurationUtil.getProperty(ALLOW_REGISTRY_PLAIN_HTTP_CONNECTION_PROP_NAME)); if (!hostSpec.isSecureScheme() && !allowRegistryInsecureConnection) { String message = String.format("Plain HTTP registry connections are not allowed."); LocalizableValidationException ex = new LocalizableValidationException(message, "compute.registry.plain.http.not.allowed"); ServiceErrorResponse rsp = Utils.toValidationErrorResponse(ex, op); logSevere(rsp.message); op.setStatusCode(Operation.STATUS_CODE_BAD_REQUEST); op.fail(ex, rsp); } else { callbackFunction.run(); } }
@Before public void setUp() throws Throwable { host.startService( Operation.createPost(UriUtils.buildUri(host, RegistryAdapterService.class)), new RegistryAdapterService()); host.startService( Operation.createPost(UriUtils.buildUri(host, RegistryConfigCertificateDistributionService.class)), new RegistryConfigCertificateDistributionService()); host.startService( Operation.createPost(UriUtils.buildUri(host, RegistryHostConfigService.class)), new RegistryHostConfigService()); waitForServiceAvailability(RegistryAdapterService.SELF_LINK); waitForServiceAvailability(RegistryHostConfigService.SELF_LINK); }