/// <summary>
/// Register the Cloud Foundry endpoint, OWIN middleware and options
/// </summary>
/// <param name="container">Autofac DI <see cref="ContainerBuilder"/></param>
/// <param name="config">Your application's <see cref="IConfiguration"/></param>
public static void RegisterCloudFoundryActuator(this ContainerBuilder container, IConfiguration config)
{
if (container == null)
{
throw new ArgumentNullException(nameof(container));
}
if (config == null)
{
throw new ArgumentNullException(nameof(config));
}
container.RegisterInstance(new CloudFoundryManagementOptions())
.SingleInstance()
.As <IManagementOptions>();
container.Register(c =>
{
var options = new CloudFoundryEndpointOptions(config);
var mgmtOptions = c.Resolve <IEnumerable <IManagementOptions> >().OfType <CloudFoundryManagementOptions>().Single();
mgmtOptions.EndpointOptions.Add(options);
return(options);
}).As <ICloudFoundryOptions>().SingleInstance();
container.RegisterType <CloudFoundryEndpoint>().SingleInstance();
container.RegisterType <CloudFoundryEndpointOwinMiddleware>().SingleInstance();
}
public void Constructor_BindsConfigurationCorrectly()
{
var appsettings = new Dictionary <string, string>()
{
["management:endpoints:enabled"] = "false",
["management:endpoints:path"] = "/cloudfoundryapplication",
["management:endpoints:health:enabled"] = "true",
["management:endpoints:health:requiredPermissions"] = "NONE",
["management:endpoints:cloudfoundry:validatecertificates"] = "true",
["management:endpoints:cloudfoundry:enabled"] = "true"
};
ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
configurationBuilder.AddInMemoryCollection(appsettings);
var config = configurationBuilder.Build();
var opts = new HealthEndpointOptions(config);
var cloudOpts = new CloudFoundryEndpointOptions(config);
Assert.True(cloudOpts.Enabled);
Assert.Equal(string.Empty, cloudOpts.Id);
Assert.Equal(string.Empty, cloudOpts.Path);
Assert.True(cloudOpts.ValidateCertificates);
Assert.True(opts.Enabled);
Assert.Equal("health", opts.Id);
Assert.Equal("health", opts.Path);
Assert.Equal(Permissions.NONE, opts.RequiredPermissions);
}
/// <summary>
/// Add Cloud Foundry actuator to OWIN Pipeline
/// </summary>
/// <param name="builder">Your OWIN <see cref="IAppBuilder"/></param>
/// <param name="config">Your application's <see cref="IConfiguration"/></param>
/// <param name="mgmtOptions">Shared management options</param>
/// <param name="loggerFactory"><see cref="ILoggerFactory"/> for logging within the middleware</param>
/// <returns>Your OWIN <see cref="IAppBuilder"/> with Cloud Foundry actuator attached</returns>
public static IAppBuilder UseCloudFoundryActuator(this IAppBuilder builder, IConfiguration config, IEnumerable <IManagementOptions> mgmtOptions, ILoggerFactory loggerFactory = null)
{
if (builder == null)
{
throw new ArgumentNullException(nameof(builder));
}
if (config == null)
{
throw new ArgumentNullException(nameof(config));
}
if (mgmtOptions == null)
{
mgmtOptions = ManagementOptions.Get(config);
}
var cloudFoundryOptions = new CloudFoundryEndpointOptions(config);
var mgmt = mgmtOptions.OfType <CloudFoundryManagementOptions>().Single();
mgmt.EndpointOptions.Add(cloudFoundryOptions);
var endpoint = new CloudFoundryEndpoint(cloudFoundryOptions, mgmtOptions, loggerFactory?.CreateLogger <CloudFoundryEndpoint>());
var logger = loggerFactory?.CreateLogger <CloudFoundryEndpointOwinMiddleware>();
return(builder.Use <CloudFoundryEndpointOwinMiddleware>(endpoint, mgmtOptions, logger));
}
public void Constructor_BindsConfigurationCorrectly()
{
var appsettings = new Dictionary <string, string>()
{
["management:endpoints:enabled"] = "false",
["management:endpoints:loggers:enabled"] = "false",
["management:endpoints:dump:enabled"] = "true",
["management:endpoints:cloudfoundry:validatecertificates"] = "true",
["management:endpoints:cloudfoundry:enabled"] = "true"
};
ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
configurationBuilder.AddInMemoryCollection(appsettings);
var config = configurationBuilder.Build();
var opts = new ThreadDumpEndpointOptions(config);
var cloudOpts = new CloudFoundryEndpointOptions(config);
var ep = new ThreadDumpEndpoint(opts, new ThreadDumper(opts));
Assert.True(cloudOpts.Enabled);
Assert.Equal(string.Empty, cloudOpts.Id);
Assert.Equal(string.Empty, cloudOpts.Path);
Assert.True(cloudOpts.ValidateCertificates);
Assert.True(opts.Enabled);
Assert.Equal("dump", opts.Id);
Assert.Equal("dump", opts.Path);
Assert.True(ep.Enabled);
}
public void Constructor_InitializesWithDefaults()
{
var opts = new CloudFoundryEndpointOptions();
Assert.Null(opts.Enabled);
Assert.True(opts.ValidateCertificates);
Assert.Equal(string.Empty, opts.Id);
}
public void IsCloudFoundryRequest_ReturnsExpected()
{
var cloudOpts = new CloudFoundryEndpointOptions();
var mgmtOpts = new CloudFoundryManagementOptions();
mgmtOpts.EndpointOptions.Add(cloudOpts);
var securityBase = new SecurityBase(cloudOpts, mgmtOpts, null);
Assert.True(securityBase.IsCloudFoundryRequest("/cloudfoundryapplication"));
Assert.True(securityBase.IsCloudFoundryRequest("/cloudfoundryapplication/badpath"));
}
public async Task GetPermissionsAsyncTest()
{
var cloudOpts = new CloudFoundryEndpointOptions();
var mgmtOpts = new CloudFoundryManagementOptions();
mgmtOpts.EndpointOptions.Add(cloudOpts);
var securityBase = new SecurityBase(cloudOpts, mgmtOpts, null);
var result = await securityBase.GetPermissionsAsync("testToken");
Assert.NotNull(result);
}
public void CloudFoundryEndpointMiddleware_PathAndVerbMatching_ReturnsExpected()
{
var opts = new CloudFoundryEndpointOptions();
var mgmtOptions = TestHelpers.GetManagementOptions(opts);
var ep = new CloudFoundryEndpoint(opts, mgmtOptions);
var middle = new CloudFoundryEndpointMiddleware(null, ep, mgmtOptions);
Assert.True(middle.RequestVerbAndPathMatch("GET", "/cloudfoundryapplication"));
Assert.False(middle.RequestVerbAndPathMatch("PUT", "/cloudfoundryapplication"));
Assert.False(middle.RequestVerbAndPathMatch("GET", "/cloudfoundryapplication/badpath"));
}
public async void GetPermissions_ReturnsExpected()
{
var opts = new CloudFoundryEndpointOptions();
var mgmtOptions = TestHelper.GetManagementOptions(opts);
var middle = new CloudFoundrySecurityMiddleware(null, opts, mgmtOptions, null);
var context = CreateRequest("GET", "/");
var result = await middle.GetPermissions(context);
Assert.NotNull(result);
Assert.Equal(Security.Permissions.NONE, result.Permissions);
Assert.Equal(HttpStatusCode.Unauthorized, result.Code);
}
public async void CloudFoundrySecurityMiddleware_ReturnsError()
{
var mgmtOptions = new CloudFoundryManagementOptions();
var options = new CloudFoundryEndpointOptions();
mgmtOptions.EndpointOptions.Add(options);
options.ApplicationId = "foo";
options.CloudFoundryApi = "http://localhost:9999/foo";
var middle = new CloudFoundrySecurityMiddleware(null, options, mgmtOptions);
var context = CreateRequest("Get", "/cloudfoundryapplication");
await middle.Invoke(context);
}
public async void CloudFoundryInvoke_ReturnsExpected()
{
// arrange
var opts = new CloudFoundryEndpointOptions();
var mgmtOpts = TestHelpers.GetManagementOptions(opts);
var middle = new CloudFoundryEndpointOwinMiddleware(null, new TestCloudFoundryEndpoint(opts, mgmtOpts), mgmtOpts);
var context = OwinTestHelpers.CreateRequest("GET", "/cloudfoundryapplication");
// act
var json = await middle.InvokeAndReadResponse(context);
// assert
Assert.Equal("{\"type\":\"steeltoe\",\"_links\":{}}", json);
}
public void Contstructor_BindsConfigurationCorrectly()
{
var appsettings = new Dictionary <string, string>()
{
["management:endpoints:enabled"] = "false",
["management:endpoints:path"] = "/cloudfoundryapplication",
["management:endpoints:loggers:enabled"] = "false",
["management:endpoints:trace:enabled"] = "true",
["management:endpoints:trace:capacity"] = "1000",
["management:endpoints:trace:addTimeTaken"] = "false",
["management:endpoints:trace:addRequestHeaders"] = "false",
["management:endpoints:trace:addResponseHeaders"] = "false",
["management:endpoints:trace:addPathInfo"] = "true",
["management:endpoints:trace:addUserPrincipal"] = "true",
["management:endpoints:trace:addParameters"] = "true",
["management:endpoints:trace:addQueryString"] = "true",
["management:endpoints:trace:addAuthType"] = "true",
["management:endpoints:trace:addRemoteAddress"] = "true",
["management:endpoints:trace:addSessionId"] = "true",
["management:endpoints:cloudfoundry:validatecertificates"] = "true",
["management:endpoints:cloudfoundry:enabled"] = "true"
};
ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
configurationBuilder.AddInMemoryCollection(appsettings);
var config = configurationBuilder.Build();
var opts = new TraceEndpointOptions(config);
var cloudOpts = new CloudFoundryEndpointOptions(config);
Assert.True(cloudOpts.Enabled);
Assert.Equal(string.Empty, cloudOpts.Id);
Assert.Equal(string.Empty, cloudOpts.Path);
Assert.True(cloudOpts.ValidateCertificates);
Assert.True(opts.Enabled);
Assert.Equal("trace", opts.Id);
Assert.Equal("trace", opts.Path);
Assert.Equal(1000, opts.Capacity);
Assert.False(opts.AddTimeTaken);
Assert.False(opts.AddRequestHeaders);
Assert.False(opts.AddResponseHeaders);
Assert.True(opts.AddPathInfo);
Assert.True(opts.AddUserPrincipal);
Assert.True(opts.AddParameters);
Assert.True(opts.AddQueryString);
Assert.True(opts.AddAuthType);
Assert.True(opts.AddRemoteAddress);
Assert.True(opts.AddSessionId);
}
public void Invoke_OnlyCloudFoundryEndpoint_ReturnsExpectedLinks()
{
var cloudOpts = new CloudFoundryEndpointOptions();
var mgmtOptions = TestHelper.GetManagementOptions(cloudOpts);
var ep = new CloudFoundryEndpoint(cloudOpts, mgmtOptions);
var info = ep.Invoke("http://localhost:5000/foobar");
Assert.NotNull(info);
Assert.NotNull(info._links);
Assert.True(info._links.ContainsKey("self"));
Assert.Equal("http://localhost:5000/foobar", info._links["self"].href);
Assert.Single(info._links);
}
public void Invoke_CloudFoundryDisable_ReturnsExpectedLinks()
{
var infoOpts = new InfoEndpointOptions {
Enabled = true
};
var cloudOpts = new CloudFoundryEndpointOptions {
Enabled = false
};
var mgmtOptions = TestHelper.GetManagementOptions(infoOpts, cloudOpts);
var ep = new CloudFoundryEndpoint(cloudOpts, mgmtOptions);
var info = ep.Invoke("http://localhost:5000/foobar");
Assert.NotNull(info);
Assert.NotNull(info._links);
Assert.Empty(info._links);
}
public async void HandleCloudFoundryRequestAsync_ReturnsExpected()
{
var opts = new CloudFoundryEndpointOptions();
var mgmtOptions = TestHelpers.GetManagementOptions(opts);
var ep = new TestCloudFoundryEndpoint(opts, mgmtOptions);
var middle = new CloudFoundryEndpointMiddleware(null, ep, mgmtOptions);
var context = CreateRequest("GET", "/");
await middle.HandleCloudFoundryRequestAsync(context);
context.Response.Body.Seek(0, SeekOrigin.Begin);
StreamReader rdr = new StreamReader(context.Response.Body);
string json = await rdr.ReadToEndAsync();
Assert.Equal("{\"type\":\"steeltoe\",\"_links\":{}}", json);
}
public async Task GetPermissionsTest()
{
var cloudOpts = new CloudFoundryEndpointOptions();
var mgmtOpts = new CloudFoundryManagementOptions();
mgmtOpts.EndpointOptions.Add(cloudOpts);
var securityBase = new SecurityBase(cloudOpts, mgmtOpts, null);
var response = new HttpResponseMessage(System.Net.HttpStatusCode.OK);
var perms = new Dictionary <string, object> {
{ "read_sensitive_data", true }
};
response.Content = JsonContent.Create(perms);
var result = await securityBase.GetPermissions(response);
Assert.Equal(Permissions.FULL, result);
}
public void GetAccessToken_ReturnsExpected()
{
var opts = new CloudFoundryEndpointOptions();
var mgmtOptions = TestHelper.GetManagementOptions(opts);
var middle = new CloudFoundrySecurityMiddleware(null, opts, mgmtOptions, null);
var context = CreateRequest("GET", "/");
var token = middle.GetAccessToken(context.Request);
Assert.Null(token);
var context2 = CreateRequest("GET", "/");
context2.Request.Headers.Add("Authorization", new StringValues("Bearer foobar"));
var token2 = middle.GetAccessToken(context2.Request);
Assert.Equal("foobar", token2);
}
/// <summary>
/// Add Cloud Foundry security to actuator requests in the OWIN Pipeline
/// </summary>
/// <param name="builder">Your OWIN <see cref="IAppBuilder"/></param>
/// <param name="config">Your application's <see cref="IConfiguration"/></param>
/// <param name="loggerFactory"><see cref="ILoggerFactory"/> for logging within the middleware</param>
/// <returns>Your OWIN <see cref="IAppBuilder"/> with Cloud Foundry request security and CORS configured</returns>
public static IAppBuilder UseCloudFoundrySecurityMiddleware(this IAppBuilder builder, IConfiguration config, ILoggerFactory loggerFactory = null)
{
if (builder == null)
{
throw new System.ArgumentNullException(nameof(builder));
}
if (config == null)
{
throw new System.ArgumentNullException(nameof(config));
}
var mgmtOptions = ManagementOptions.Get(config);
var cloudFoundryOptions = new CloudFoundryEndpointOptions(config);
var logger = loggerFactory?.CreateLogger <CloudFoundrySecurityOwinMiddleware>();
return(builder.Use <CloudFoundrySecurityOwinMiddleware>(cloudFoundryOptions, mgmtOptions, logger));
}
public static void UseCloudFoundryActuator(IConfiguration configuration, ILoggerFactory loggerFactory = null)
{
var options = new CloudFoundryEndpointOptions(configuration);
var managementOptions = _mgmtOptions.OfType <CloudFoundryManagementOptions>().SingleOrDefault();
if (managementOptions == null)
{
managementOptions = new CloudFoundryManagementOptions(configuration, Platform.IsCloudFoundry);
_mgmtOptions.Add(managementOptions);
}
managementOptions.EndpointOptions.Add(options);
var ep = new CloudFoundryEndpoint(options, _mgmtOptions, CreateLogger <CloudFoundryEndpoint>(loggerFactory));
var handler = new CloudFoundryHandler(ep, SecurityServices, _mgmtOptions, CreateLogger <CloudFoundryHandler>(loggerFactory));
ConfiguredHandlers.Add(handler);
var handler2 = new CloudFoundryCorsHandler(options, SecurityServices, _mgmtOptions, CreateLogger <CloudFoundryCorsHandler>(loggerFactory));
ConfiguredHandlers.Add(handler2);
}
public void Invoke_ReturnsExpectedLinks()
{
var infoOpts = new InfoEndpointOptions();
var cloudOpts = new CloudFoundryEndpointOptions();
var mgmtOptions = new CloudFoundryManagementOptions();
mgmtOptions.EndpointOptions.Add(infoOpts);
mgmtOptions.EndpointOptions.Add(cloudOpts);
var ep = new CloudFoundryEndpoint(cloudOpts, mgmtOptions, null);
var info = ep.Invoke("http://localhost:5000/foobar");
Assert.NotNull(info);
Assert.NotNull(info._links);
Assert.True(info._links.ContainsKey("self"));
Assert.Equal("http://localhost:5000/foobar", info._links["self"].Href);
Assert.True(info._links.ContainsKey("info"));
Assert.Equal("http://localhost:5000/foobar/info", info._links["info"].Href);
Assert.Equal(2, info._links.Count);
}
public void Invoke_HonorsEndpointEnabled_ReturnsExpectedLinks()
{
var infoOpts = new InfoEndpointOptions {
Enabled = false
};
var cloudOpts = new CloudFoundryEndpointOptions();
var mgmtOptions = new CloudFoundryManagementOptions();
mgmtOptions.EndpointOptions.Add(infoOpts);
mgmtOptions.EndpointOptions.Add(cloudOpts);
var ep = new CloudFoundryEndpoint(cloudOpts, mgmtOptions);
var info = ep.Invoke("http://localhost:5000/foobar");
Assert.NotNull(info);
Assert.NotNull(info._links);
Assert.True(info._links.ContainsKey("self"));
Assert.Equal("http://localhost:5000/foobar", info._links["self"].href);
Assert.False(info._links.ContainsKey("info"));
Assert.Single(info._links);
}
public void Constructor_BindsConfigurationCorrectly()
{
var appsettings = new Dictionary <string, string>()
{
["management:endpoints:enabled"] = "false",
["management:endpoints:path"] = "/cloudfoundryapplication",
["management:endpoints:health:enabled"] = "true",
["management:endpoints:health:requiredPermissions"] = "NONE",
["management:endpoints:cloudfoundry:validatecertificates"] = "true",
["management:endpoints:cloudfoundry:enabled"] = "true",
["management:endpoints:health:groups:custom:include"] = "diskSpace",
["management:endpoints:health:groups:lIveness:include"] = "diskSpace",
["management:endpoints:health:groups:rEadinEss:include"] = "diskSpace"
};
ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
configurationBuilder.AddInMemoryCollection(appsettings);
var config = configurationBuilder.Build();
var opts = new HealthEndpointOptions(config);
var cloudOpts = new CloudFoundryEndpointOptions(config);
Assert.True(cloudOpts.Enabled);
Assert.Equal(string.Empty, cloudOpts.Id);
Assert.Equal(string.Empty, cloudOpts.Path);
Assert.True(cloudOpts.ValidateCertificates);
Assert.True(opts.Enabled);
Assert.Equal("health", opts.Id);
Assert.Equal("health", opts.Path);
Assert.Equal(Permissions.NONE, opts.RequiredPermissions);
Assert.Equal(3, opts.Groups.Count);
Assert.True(opts.Groups.ContainsKey("custom"));
Assert.True(opts.Groups.ContainsKey("liveness"));
Assert.True(opts.Groups.ContainsKey("READINESS"));
}
