apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

core: use the URL scheme same as iframe for non-SSL enabled consoles (#5624)

Browse Source 
* core: use the URL scheme same as iframe for non-SSL enabled consoles

For environments where SSL is not enabled for console, this forces the
URL scheme (http/https) in iframe to match the iframe URL scheme.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

* consoleproxy: enable SSL on CPVM when both console proxy url/domain and
ssl setting are configured

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

* fix unit test

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

* address code review comments

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This commit is contained in:
Rohit Yadav 2021-10-29 22:12:44 +05:30 committed by GitHub
parent 0a88e710b2
commit 77fb93c513
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 17 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/src/main/java/com/cloud/info/ConsoleProxyInfo.java
View File

@ -46,7 +46,7 @@ public class ConsoleProxyInfo {
} }
} else { } else {
proxyImageUrl = "http://" + proxyAddress; proxyImageUrl = "//" + proxyAddress;
if (proxyUrlPort != 80) { if (proxyUrlPort != 80) {
proxyImageUrl += ":" + proxyUrlPort; proxyImageUrl += ":" + proxyUrlPort;
} }

10
core/src/test/java/com/cloud/info/ConsoleProxyInfoTest.java
View File

@ -19,10 +19,10 @@
package com.cloud.info; package com.cloud.info;
import org.junit.Test;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import org.junit.Test;
public class ConsoleProxyInfoTest { public class ConsoleProxyInfoTest {
@Test @Test
@ -35,7 +35,7 @@ public class ConsoleProxyInfoTest {
public void testGetProxyImageUrlHttp() { public void testGetProxyImageUrlHttp() {
ConsoleProxyInfo cpi = new ConsoleProxyInfo(false, "10.10.10.10", 80, 80 , "console.example.com"); ConsoleProxyInfo cpi = new ConsoleProxyInfo(false, "10.10.10.10", 80, 80 , "console.example.com");
String url = cpi.getProxyImageUrl(); String url = cpi.getProxyImageUrl();
assertEquals("http://console.example.com", url); assertEquals("//console.example.com", url);
} }
@Test @Test
public void testGetProxyImageUrlWildcardHttps() { public void testGetProxyImageUrlWildcardHttps() {
@ -47,13 +47,13 @@ public class ConsoleProxyInfoTest {
public void testGetProxyImageUrlWildcardHttp() { public void testGetProxyImageUrlWildcardHttp() {
ConsoleProxyInfo cpi = new ConsoleProxyInfo(false, "1.2.3.4", 80, 8888 , "*.example.com"); ConsoleProxyInfo cpi = new ConsoleProxyInfo(false, "1.2.3.4", 80, 8888 , "*.example.com");
String url = cpi.getProxyImageUrl(); String url = cpi.getProxyImageUrl();
assertEquals("http://1-2-3-4.example.com:8888", url); assertEquals("//1-2-3-4.example.com:8888", url);
} }
@Test @Test
public void testGetProxyImageUrlIpHttp() { public void testGetProxyImageUrlIpHttp() {
ConsoleProxyInfo cpi = new ConsoleProxyInfo(false, "1.2.3.4", 80, 8888, ""); ConsoleProxyInfo cpi = new ConsoleProxyInfo(false, "1.2.3.4", 80, 8888, "");
String url = cpi.getProxyImageUrl(); String url = cpi.getProxyImageUrl();
assertEquals("http://1.2.3.4:8888", url); assertEquals("//1.2.3.4:8888", url);
} }
@Test @Test
public void testGetProxyImageUrlIpHttps() { public void testGetProxyImageUrlIpHttps() {

20
server/src/main/java/com/cloud/consoleproxy/AgentHookBase.java
View File

@ -21,15 +21,12 @@ import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.util.Date; import java.util.Date;
import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.Logger;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao; import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
import org.apache.cloudstack.framework.security.keys.KeysManager; import org.apache.cloudstack.framework.security.keys.KeysManager;
import org.apache.cloudstack.framework.security.keystore.KeystoreManager; import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import com.cloud.agent.AgentManager; import com.cloud.agent.AgentManager;
import com.cloud.agent.api.AgentControlAnswer; import com.cloud.agent.api.AgentControlAnswer;
@ -54,6 +51,8 @@ import com.cloud.servlet.ConsoleProxyServlet;
import com.cloud.utils.Ternary; import com.cloud.utils.Ternary;
import com.cloud.vm.VirtualMachine; import com.cloud.vm.VirtualMachine;
import com.cloud.vm.dao.VMInstanceDao; import com.cloud.vm.dao.VMInstanceDao;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
/** /**
* Utility class to manage interactions with agent-based console access * Utility class to manage interactions with agent-based console access
@ -198,12 +197,15 @@ public abstract class AgentHookBase implements AgentHook {
String storePassword = Base64.encodeBase64String(randomBytes); String storePassword = Base64.encodeBase64String(randomBytes);
byte[] ksBits = null; byte[] ksBits = null;
String consoleProxyUrlDomain = _configDao.getValue(Config.ConsoleProxyUrlDomain.key()); String consoleProxyUrlDomain = _configDao.getValue(Config.ConsoleProxyUrlDomain.key());
if (consoleProxyUrlDomain == null || consoleProxyUrlDomain.isEmpty()) { String consoleProxySslEnabled = _configDao.getValue("consoleproxy.sslEnabled");
s_logger.debug("SSL is disabled for console proxy based on global config, skip loading certificates"); if (!StringUtils.isEmpty(consoleProxyUrlDomain) && !StringUtils.isEmpty(consoleProxySslEnabled)
} else { && consoleProxySslEnabled.equalsIgnoreCase("true")) {
ksBits = _ksMgr.getKeystoreBits(ConsoleProxyManager.CERTIFICATE_NAME, ConsoleProxyManager.CERTIFICATE_NAME, storePassword); ksBits = _ksMgr.getKeystoreBits(ConsoleProxyManager.CERTIFICATE_NAME, ConsoleProxyManager.CERTIFICATE_NAME, storePassword);
//ks manager raises exception if ksBits are null, hence no need to explicltly handle the condition //ks manager raises exception if ksBits are null, hence no need to explicltly handle the condition
} else {
s_logger.debug("SSL is disabled for console proxy. To enable SSL, please configure consoleproxy.sslEnabled and consoleproxy.url.domain global settings.");
} }
cmd = new StartConsoleProxyAgentHttpHandlerCommand(ksBits, storePassword); cmd = new StartConsoleProxyAgentHttpHandlerCommand(ksBits, storePassword);