/// <summary> /// Register the Cloud Foundry endpoint, OWIN middleware and options /// </summary> /// <param name="container">Autofac DI <see cref="ContainerBuilder"/></param> /// <param name="config">Your application's <see cref="IConfiguration"/></param> public static void RegisterCloudFoundryActuator(this ContainerBuilder container, IConfiguration config) { if (container == null) { throw new ArgumentNullException(nameof(container)); } if (config == null) { throw new ArgumentNullException(nameof(config)); } container.RegisterInstance(new CloudFoundryManagementOptions()) .SingleInstance() .As <IManagementOptions>(); container.Register(c => { var options = new CloudFoundryEndpointOptions(config); var mgmtOptions = c.Resolve <IEnumerable <IManagementOptions> >().OfType <CloudFoundryManagementOptions>().Single(); mgmtOptions.EndpointOptions.Add(options); return(options); }).As <ICloudFoundryOptions>().SingleInstance(); container.RegisterType <CloudFoundryEndpoint>().SingleInstance(); container.RegisterType <CloudFoundryEndpointOwinMiddleware>().SingleInstance(); }
public void Constructor_BindsConfigurationCorrectly() { var appsettings = new Dictionary <string, string>() { ["management:endpoints:enabled"] = "false", ["management:endpoints:path"] = "/cloudfoundryapplication", ["management:endpoints:health:enabled"] = "true", ["management:endpoints:health:requiredPermissions"] = "NONE", ["management:endpoints:cloudfoundry:validatecertificates"] = "true", ["management:endpoints:cloudfoundry:enabled"] = "true" }; ConfigurationBuilder configurationBuilder = new ConfigurationBuilder(); configurationBuilder.AddInMemoryCollection(appsettings); var config = configurationBuilder.Build(); var opts = new HealthEndpointOptions(config); var cloudOpts = new CloudFoundryEndpointOptions(config); Assert.True(cloudOpts.Enabled); Assert.Equal(string.Empty, cloudOpts.Id); Assert.Equal(string.Empty, cloudOpts.Path); Assert.True(cloudOpts.ValidateCertificates); Assert.True(opts.Enabled); Assert.Equal("health", opts.Id); Assert.Equal("health", opts.Path); Assert.Equal(Permissions.NONE, opts.RequiredPermissions); }
/// <summary> /// Add Cloud Foundry actuator to OWIN Pipeline /// </summary> /// <param name="builder">Your OWIN <see cref="IAppBuilder"/></param> /// <param name="config">Your application's <see cref="IConfiguration"/></param> /// <param name="mgmtOptions">Shared management options</param> /// <param name="loggerFactory"><see cref="ILoggerFactory"/> for logging within the middleware</param> /// <returns>Your OWIN <see cref="IAppBuilder"/> with Cloud Foundry actuator attached</returns> public static IAppBuilder UseCloudFoundryActuator(this IAppBuilder builder, IConfiguration config, IEnumerable <IManagementOptions> mgmtOptions, ILoggerFactory loggerFactory = null) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } if (config == null) { throw new ArgumentNullException(nameof(config)); } if (mgmtOptions == null) { mgmtOptions = ManagementOptions.Get(config); } var cloudFoundryOptions = new CloudFoundryEndpointOptions(config); var mgmt = mgmtOptions.OfType <CloudFoundryManagementOptions>().Single(); mgmt.EndpointOptions.Add(cloudFoundryOptions); var endpoint = new CloudFoundryEndpoint(cloudFoundryOptions, mgmtOptions, loggerFactory?.CreateLogger <CloudFoundryEndpoint>()); var logger = loggerFactory?.CreateLogger <CloudFoundryEndpointOwinMiddleware>(); return(builder.Use <CloudFoundryEndpointOwinMiddleware>(endpoint, mgmtOptions, logger)); }
public void Constructor_BindsConfigurationCorrectly() { var appsettings = new Dictionary <string, string>() { ["management:endpoints:enabled"] = "false", ["management:endpoints:loggers:enabled"] = "false", ["management:endpoints:dump:enabled"] = "true", ["management:endpoints:cloudfoundry:validatecertificates"] = "true", ["management:endpoints:cloudfoundry:enabled"] = "true" }; ConfigurationBuilder configurationBuilder = new ConfigurationBuilder(); configurationBuilder.AddInMemoryCollection(appsettings); var config = configurationBuilder.Build(); var opts = new ThreadDumpEndpointOptions(config); var cloudOpts = new CloudFoundryEndpointOptions(config); var ep = new ThreadDumpEndpoint(opts, new ThreadDumper(opts)); Assert.True(cloudOpts.Enabled); Assert.Equal(string.Empty, cloudOpts.Id); Assert.Equal(string.Empty, cloudOpts.Path); Assert.True(cloudOpts.ValidateCertificates); Assert.True(opts.Enabled); Assert.Equal("dump", opts.Id); Assert.Equal("dump", opts.Path); Assert.True(ep.Enabled); }
public void Constructor_InitializesWithDefaults() { var opts = new CloudFoundryEndpointOptions(); Assert.Null(opts.Enabled); Assert.True(opts.ValidateCertificates); Assert.Equal(string.Empty, opts.Id); }
public void IsCloudFoundryRequest_ReturnsExpected() { var cloudOpts = new CloudFoundryEndpointOptions(); var mgmtOpts = new CloudFoundryManagementOptions(); mgmtOpts.EndpointOptions.Add(cloudOpts); var securityBase = new SecurityBase(cloudOpts, mgmtOpts, null); Assert.True(securityBase.IsCloudFoundryRequest("/cloudfoundryapplication")); Assert.True(securityBase.IsCloudFoundryRequest("/cloudfoundryapplication/badpath")); }
public async Task GetPermissionsAsyncTest() { var cloudOpts = new CloudFoundryEndpointOptions(); var mgmtOpts = new CloudFoundryManagementOptions(); mgmtOpts.EndpointOptions.Add(cloudOpts); var securityBase = new SecurityBase(cloudOpts, mgmtOpts, null); var result = await securityBase.GetPermissionsAsync("testToken"); Assert.NotNull(result); }
public void CloudFoundryEndpointMiddleware_PathAndVerbMatching_ReturnsExpected() { var opts = new CloudFoundryEndpointOptions(); var mgmtOptions = TestHelpers.GetManagementOptions(opts); var ep = new CloudFoundryEndpoint(opts, mgmtOptions); var middle = new CloudFoundryEndpointMiddleware(null, ep, mgmtOptions); Assert.True(middle.RequestVerbAndPathMatch("GET", "/cloudfoundryapplication")); Assert.False(middle.RequestVerbAndPathMatch("PUT", "/cloudfoundryapplication")); Assert.False(middle.RequestVerbAndPathMatch("GET", "/cloudfoundryapplication/badpath")); }
public async void GetPermissions_ReturnsExpected() { var opts = new CloudFoundryEndpointOptions(); var mgmtOptions = TestHelper.GetManagementOptions(opts); var middle = new CloudFoundrySecurityMiddleware(null, opts, mgmtOptions, null); var context = CreateRequest("GET", "/"); var result = await middle.GetPermissions(context); Assert.NotNull(result); Assert.Equal(Security.Permissions.NONE, result.Permissions); Assert.Equal(HttpStatusCode.Unauthorized, result.Code); }
public async void CloudFoundrySecurityMiddleware_ReturnsError() { var mgmtOptions = new CloudFoundryManagementOptions(); var options = new CloudFoundryEndpointOptions(); mgmtOptions.EndpointOptions.Add(options); options.ApplicationId = "foo"; options.CloudFoundryApi = "http://localhost:9999/foo"; var middle = new CloudFoundrySecurityMiddleware(null, options, mgmtOptions); var context = CreateRequest("Get", "/cloudfoundryapplication"); await middle.Invoke(context); }
public async void CloudFoundryInvoke_ReturnsExpected() { // arrange var opts = new CloudFoundryEndpointOptions(); var mgmtOpts = TestHelpers.GetManagementOptions(opts); var middle = new CloudFoundryEndpointOwinMiddleware(null, new TestCloudFoundryEndpoint(opts, mgmtOpts), mgmtOpts); var context = OwinTestHelpers.CreateRequest("GET", "/cloudfoundryapplication"); // act var json = await middle.InvokeAndReadResponse(context); // assert Assert.Equal("{\"type\":\"steeltoe\",\"_links\":{}}", json); }
public void Contstructor_BindsConfigurationCorrectly() { var appsettings = new Dictionary <string, string>() { ["management:endpoints:enabled"] = "false", ["management:endpoints:path"] = "/cloudfoundryapplication", ["management:endpoints:loggers:enabled"] = "false", ["management:endpoints:trace:enabled"] = "true", ["management:endpoints:trace:capacity"] = "1000", ["management:endpoints:trace:addTimeTaken"] = "false", ["management:endpoints:trace:addRequestHeaders"] = "false", ["management:endpoints:trace:addResponseHeaders"] = "false", ["management:endpoints:trace:addPathInfo"] = "true", ["management:endpoints:trace:addUserPrincipal"] = "true", ["management:endpoints:trace:addParameters"] = "true", ["management:endpoints:trace:addQueryString"] = "true", ["management:endpoints:trace:addAuthType"] = "true", ["management:endpoints:trace:addRemoteAddress"] = "true", ["management:endpoints:trace:addSessionId"] = "true", ["management:endpoints:cloudfoundry:validatecertificates"] = "true", ["management:endpoints:cloudfoundry:enabled"] = "true" }; ConfigurationBuilder configurationBuilder = new ConfigurationBuilder(); configurationBuilder.AddInMemoryCollection(appsettings); var config = configurationBuilder.Build(); var opts = new TraceEndpointOptions(config); var cloudOpts = new CloudFoundryEndpointOptions(config); Assert.True(cloudOpts.Enabled); Assert.Equal(string.Empty, cloudOpts.Id); Assert.Equal(string.Empty, cloudOpts.Path); Assert.True(cloudOpts.ValidateCertificates); Assert.True(opts.Enabled); Assert.Equal("trace", opts.Id); Assert.Equal("trace", opts.Path); Assert.Equal(1000, opts.Capacity); Assert.False(opts.AddTimeTaken); Assert.False(opts.AddRequestHeaders); Assert.False(opts.AddResponseHeaders); Assert.True(opts.AddPathInfo); Assert.True(opts.AddUserPrincipal); Assert.True(opts.AddParameters); Assert.True(opts.AddQueryString); Assert.True(opts.AddAuthType); Assert.True(opts.AddRemoteAddress); Assert.True(opts.AddSessionId); }
public void Invoke_OnlyCloudFoundryEndpoint_ReturnsExpectedLinks() { var cloudOpts = new CloudFoundryEndpointOptions(); var mgmtOptions = TestHelper.GetManagementOptions(cloudOpts); var ep = new CloudFoundryEndpoint(cloudOpts, mgmtOptions); var info = ep.Invoke("http://localhost:5000/foobar"); Assert.NotNull(info); Assert.NotNull(info._links); Assert.True(info._links.ContainsKey("self")); Assert.Equal("http://localhost:5000/foobar", info._links["self"].href); Assert.Single(info._links); }
public void Invoke_CloudFoundryDisable_ReturnsExpectedLinks() { var infoOpts = new InfoEndpointOptions { Enabled = true }; var cloudOpts = new CloudFoundryEndpointOptions { Enabled = false }; var mgmtOptions = TestHelper.GetManagementOptions(infoOpts, cloudOpts); var ep = new CloudFoundryEndpoint(cloudOpts, mgmtOptions); var info = ep.Invoke("http://localhost:5000/foobar"); Assert.NotNull(info); Assert.NotNull(info._links); Assert.Empty(info._links); }
public async void HandleCloudFoundryRequestAsync_ReturnsExpected() { var opts = new CloudFoundryEndpointOptions(); var mgmtOptions = TestHelpers.GetManagementOptions(opts); var ep = new TestCloudFoundryEndpoint(opts, mgmtOptions); var middle = new CloudFoundryEndpointMiddleware(null, ep, mgmtOptions); var context = CreateRequest("GET", "/"); await middle.HandleCloudFoundryRequestAsync(context); context.Response.Body.Seek(0, SeekOrigin.Begin); StreamReader rdr = new StreamReader(context.Response.Body); string json = await rdr.ReadToEndAsync(); Assert.Equal("{\"type\":\"steeltoe\",\"_links\":{}}", json); }
public async Task GetPermissionsTest() { var cloudOpts = new CloudFoundryEndpointOptions(); var mgmtOpts = new CloudFoundryManagementOptions(); mgmtOpts.EndpointOptions.Add(cloudOpts); var securityBase = new SecurityBase(cloudOpts, mgmtOpts, null); var response = new HttpResponseMessage(System.Net.HttpStatusCode.OK); var perms = new Dictionary <string, object> { { "read_sensitive_data", true } }; response.Content = JsonContent.Create(perms); var result = await securityBase.GetPermissions(response); Assert.Equal(Permissions.FULL, result); }
public void GetAccessToken_ReturnsExpected() { var opts = new CloudFoundryEndpointOptions(); var mgmtOptions = TestHelper.GetManagementOptions(opts); var middle = new CloudFoundrySecurityMiddleware(null, opts, mgmtOptions, null); var context = CreateRequest("GET", "/"); var token = middle.GetAccessToken(context.Request); Assert.Null(token); var context2 = CreateRequest("GET", "/"); context2.Request.Headers.Add("Authorization", new StringValues("Bearer foobar")); var token2 = middle.GetAccessToken(context2.Request); Assert.Equal("foobar", token2); }
/// <summary> /// Add Cloud Foundry security to actuator requests in the OWIN Pipeline /// </summary> /// <param name="builder">Your OWIN <see cref="IAppBuilder"/></param> /// <param name="config">Your application's <see cref="IConfiguration"/></param> /// <param name="loggerFactory"><see cref="ILoggerFactory"/> for logging within the middleware</param> /// <returns>Your OWIN <see cref="IAppBuilder"/> with Cloud Foundry request security and CORS configured</returns> public static IAppBuilder UseCloudFoundrySecurityMiddleware(this IAppBuilder builder, IConfiguration config, ILoggerFactory loggerFactory = null) { if (builder == null) { throw new System.ArgumentNullException(nameof(builder)); } if (config == null) { throw new System.ArgumentNullException(nameof(config)); } var mgmtOptions = ManagementOptions.Get(config); var cloudFoundryOptions = new CloudFoundryEndpointOptions(config); var logger = loggerFactory?.CreateLogger <CloudFoundrySecurityOwinMiddleware>(); return(builder.Use <CloudFoundrySecurityOwinMiddleware>(cloudFoundryOptions, mgmtOptions, logger)); }
public static void UseCloudFoundryActuator(IConfiguration configuration, ILoggerFactory loggerFactory = null) { var options = new CloudFoundryEndpointOptions(configuration); var managementOptions = _mgmtOptions.OfType <CloudFoundryManagementOptions>().SingleOrDefault(); if (managementOptions == null) { managementOptions = new CloudFoundryManagementOptions(configuration, Platform.IsCloudFoundry); _mgmtOptions.Add(managementOptions); } managementOptions.EndpointOptions.Add(options); var ep = new CloudFoundryEndpoint(options, _mgmtOptions, CreateLogger <CloudFoundryEndpoint>(loggerFactory)); var handler = new CloudFoundryHandler(ep, SecurityServices, _mgmtOptions, CreateLogger <CloudFoundryHandler>(loggerFactory)); ConfiguredHandlers.Add(handler); var handler2 = new CloudFoundryCorsHandler(options, SecurityServices, _mgmtOptions, CreateLogger <CloudFoundryCorsHandler>(loggerFactory)); ConfiguredHandlers.Add(handler2); }
public void Invoke_ReturnsExpectedLinks() { var infoOpts = new InfoEndpointOptions(); var cloudOpts = new CloudFoundryEndpointOptions(); var mgmtOptions = new CloudFoundryManagementOptions(); mgmtOptions.EndpointOptions.Add(infoOpts); mgmtOptions.EndpointOptions.Add(cloudOpts); var ep = new CloudFoundryEndpoint(cloudOpts, mgmtOptions, null); var info = ep.Invoke("http://localhost:5000/foobar"); Assert.NotNull(info); Assert.NotNull(info._links); Assert.True(info._links.ContainsKey("self")); Assert.Equal("http://localhost:5000/foobar", info._links["self"].Href); Assert.True(info._links.ContainsKey("info")); Assert.Equal("http://localhost:5000/foobar/info", info._links["info"].Href); Assert.Equal(2, info._links.Count); }
public void Invoke_HonorsEndpointEnabled_ReturnsExpectedLinks() { var infoOpts = new InfoEndpointOptions { Enabled = false }; var cloudOpts = new CloudFoundryEndpointOptions(); var mgmtOptions = new CloudFoundryManagementOptions(); mgmtOptions.EndpointOptions.Add(infoOpts); mgmtOptions.EndpointOptions.Add(cloudOpts); var ep = new CloudFoundryEndpoint(cloudOpts, mgmtOptions); var info = ep.Invoke("http://localhost:5000/foobar"); Assert.NotNull(info); Assert.NotNull(info._links); Assert.True(info._links.ContainsKey("self")); Assert.Equal("http://localhost:5000/foobar", info._links["self"].href); Assert.False(info._links.ContainsKey("info")); Assert.Single(info._links); }
public void Constructor_BindsConfigurationCorrectly() { var appsettings = new Dictionary <string, string>() { ["management:endpoints:enabled"] = "false", ["management:endpoints:path"] = "/cloudfoundryapplication", ["management:endpoints:health:enabled"] = "true", ["management:endpoints:health:requiredPermissions"] = "NONE", ["management:endpoints:cloudfoundry:validatecertificates"] = "true", ["management:endpoints:cloudfoundry:enabled"] = "true", ["management:endpoints:health:groups:custom:include"] = "diskSpace", ["management:endpoints:health:groups:lIveness:include"] = "diskSpace", ["management:endpoints:health:groups:rEadinEss:include"] = "diskSpace" }; ConfigurationBuilder configurationBuilder = new ConfigurationBuilder(); configurationBuilder.AddInMemoryCollection(appsettings); var config = configurationBuilder.Build(); var opts = new HealthEndpointOptions(config); var cloudOpts = new CloudFoundryEndpointOptions(config); Assert.True(cloudOpts.Enabled); Assert.Equal(string.Empty, cloudOpts.Id); Assert.Equal(string.Empty, cloudOpts.Path); Assert.True(cloudOpts.ValidateCertificates); Assert.True(opts.Enabled); Assert.Equal("health", opts.Id); Assert.Equal("health", opts.Path); Assert.Equal(Permissions.NONE, opts.RequiredPermissions); Assert.Equal(3, opts.Groups.Count); Assert.True(opts.Groups.ContainsKey("custom")); Assert.True(opts.Groups.ContainsKey("liveness")); Assert.True(opts.Groups.ContainsKey("READINESS")); }