private void AddOtherSettings(SettingsOverridesTypeSection[] settings, FabricCertificateType secretsCertificate)
{
foreach (SettingsOverridesTypeSection section in settings)
{
if (section.Name != Constants.SectionNames.Votes && section.Name != Constants.SectionNames.SeedNodeClientConnectionAddresses)
{
var settingsTypeSection = ClusterSettings.ConvertToSettingsTypeSection(section);
if (settingsTypeSection != null)
{
this.Settings.Add(settingsTypeSection);
}
}
}
// Adds the "SettingsX509StoreName" parameter under the "Security" section
// if a SettingsCertificate is specified on the ClusterManifest
if (secretsCertificate != null)
{
SettingsTypeSection securitySection = this.Settings.FirstOrDefault(section => section.Name.Equals(Constants.SectionNames.Security, StringComparison.OrdinalIgnoreCase));
if (securitySection == null)
{
securitySection = new SettingsTypeSection()
{
Name = Constants.SectionNames.Security
};
this.Settings.Add(securitySection);
}
SettingsTypeSectionParameter securityParameter = null;
string securityParameterName = string.Format(CultureInfo.InvariantCulture, Constants.ParameterNames.X509StoreNamePattern, "Settings");
if (securitySection.Parameter != null)
{
securityParameter = securitySection.Parameter.FirstOrDefault(parameter => parameter.Name.Equals(securityParameterName, StringComparison.OrdinalIgnoreCase));
}
if (securityParameter == null)
{
securityParameter = new SettingsTypeSectionParameter()
{
Name = securityParameterName
};
}
securityParameter.Value = secretsCertificate.X509StoreName;
securityParameter.IsEncrypted = false;
List <SettingsTypeSectionParameter> parameterList =
(securitySection.Parameter != null) ? new List <SettingsTypeSectionParameter>(securitySection.Parameter) : new List <SettingsTypeSectionParameter>();
parameterList.Add(securityParameter);
securitySection.Parameter = parameterList.ToArray();
}
}
internal void VerifyLoadCertList_Remove(
ClusterManifestType manifest,
string originalPrimaryThumbprint,
string originalSecondaryThumbprint,
bool removePrimarythumbprint)
{
FabricCertificateType certificates = manifest.NodeTypes.First().Certificates.ClusterCertificate;
string primaryThumbprint = certificates.X509FindValue;
string secondaryThumbprint = certificates.X509FindValueSecondary;
string expectedPrimaryThumbprint = removePrimarythumbprint ? originalSecondaryThumbprint : originalPrimaryThumbprint;
string expectedSecondaryThumbprint = null;
Assert.AreEqual(expectedPrimaryThumbprint, primaryThumbprint);
Assert.AreEqual(expectedSecondaryThumbprint, secondaryThumbprint);
}
internal void VerifyLoadCertList_Replace(
ClusterManifestType manifest,
string originalThumbprint,
string newThumbprint,
int currentPhase)
{
FabricCertificateType certificates = manifest.NodeTypes.First().Certificates.ClusterCertificate;
string primaryThumbprint = certificates.X509FindValue;
string secondaryThumbprint = certificates.X509FindValueSecondary;
string expectedPrimaryThumbprint = null;
string expectedSecondaryThumbprint = null;
switch (currentPhase)
{
case 0:
{
expectedPrimaryThumbprint = originalThumbprint;
expectedSecondaryThumbprint = null;
break;
}
case 1:
case 2:
{
expectedPrimaryThumbprint = newThumbprint;
expectedSecondaryThumbprint = null;
break;
}
default:
throw new NotSupportedException();
}
Assert.AreEqual(expectedPrimaryThumbprint, primaryThumbprint);
Assert.AreEqual(expectedSecondaryThumbprint, secondaryThumbprint);
}
public ClusterSettings(SettingsOverridesTypeSection[] otherSettings, SettingsTypeSection votes, SettingsTypeSection seedNodeClientConnectionAddresses, FabricCertificateType secretsCertificate)
{
this.Settings = new List <SettingsTypeSection>();
this.Settings.Add(votes);
this.Settings.Add(seedNodeClientConnectionAddresses);
AddOtherSettings(otherSettings, secretsCertificate);
AddApplicationLogCollectorSettingsIfRequired();
DcaSettings.AddDcaSettingsIfRequired(this.Settings);
}
private void AddSingleCertificateInformation(List <SettingsTypeSectionParameter> parameters, FabricCertificateType certificate, string certType)
{
if (certificate == null)
{
return;
}
string storeNameTag = string.Format(CultureInfo.InvariantCulture, Constants.ParameterNames.X509StoreNamePattern, certType);
string findTypeTag = string.Format(CultureInfo.InvariantCulture, Constants.ParameterNames.X509FindTypePattern, certType);
string findValueTag = string.Format(CultureInfo.InvariantCulture, Constants.ParameterNames.X509FindValuePattern, certType);
string findValueSecondaryTag = string.Format(CultureInfo.InvariantCulture, Constants.ParameterNames.X509FindValueSecondaryPattern, certType);
if (certificate.X509StoreName != null)
{
parameters.Add(new SettingsTypeSectionParameter()
{
Name = storeNameTag, Value = certificate.X509StoreName, MustOverride = false
});
}
parameters.Add(new SettingsTypeSectionParameter()
{
Name = findTypeTag, Value = certificate.X509FindType.ToString(), MustOverride = false
});
parameters.Add(new SettingsTypeSectionParameter()
{
Name = findValueTag, Value = certificate.X509FindValue, MustOverride = false
});
parameters.Add(new SettingsTypeSectionParameter()
{
Name = findValueSecondaryTag, Value = certificate.X509FindValueSecondary, MustOverride = false
});
}
protected IEnumerable <ClusterManifestTypeNodeType> GetNodeTypes(
IEnumerable <NodeTypeDescription> nodeTypeDescriptions,
Security security,
ClusterManifestType existingClusterManifestType = null)
{
//// TODO: Implement smarter port selection to avoid conflicts with ports specified by the user
var result = new List <ClusterManifestTypeNodeType>();
foreach (var nodeTypeDescription in nodeTypeDescriptions)
{
ClusterManifestTypeNodeType matchigExistingNodeType = null;
if (existingClusterManifestType != null)
{
matchigExistingNodeType =
existingClusterManifestType.NodeTypes.FirstOrDefault(
existingNodeType => existingNodeType.Name.Equals(nodeTypeDescription.Name));
}
var clusterConnectionEndpointPort = matchigExistingNodeType == null
? this.ClusterManifestGeneratorSettings.ClusterConnectionEndpointPort.ToString()
: matchigExistingNodeType.Endpoints.ClusterConnectionEndpoint.Port;
var leaseDriverEndpointPort = matchigExistingNodeType == null
? this.ClusterManifestGeneratorSettings.LeaseDriverEndpointPort.ToString()
: matchigExistingNodeType.Endpoints.LeaseDriverEndpoint.Port;
var serviceConnectionEndpointPort = matchigExistingNodeType == null
? this.ClusterManifestGeneratorSettings.ServiceConnectionEndpointPort.ToString()
: matchigExistingNodeType.Endpoints.ServiceConnectionEndpoint.Port;
var nodeType = nodeTypeDescription.ToClusterManifestTypeNodeType();
var defaultPlacementProperty = new KeyValuePairType()
{
Name = StringConstants.DefaultPlacementConstraintsKey,
Value = nodeType.Name
};
if (nodeType.PlacementProperties == null)
{
nodeType.PlacementProperties = new[] { defaultPlacementProperty };
}
else
{
var existingPlacementProperties = nodeType.PlacementProperties.ToList();
existingPlacementProperties.Add(defaultPlacementProperty);
nodeType.PlacementProperties = existingPlacementProperties.ToArray();
}
nodeType.Endpoints.ClusterConnectionEndpoint = new InternalEndpointType()
{
Port = nodeTypeDescription.ClusterConnectionEndpointPort == 0 ? clusterConnectionEndpointPort : nodeTypeDescription.ClusterConnectionEndpointPort.ToString(),
Protocol = InternalEndpointTypeProtocol.tcp
};
nodeType.Endpoints.LeaseDriverEndpoint = new InternalEndpointType()
{
Port = nodeTypeDescription.LeaseDriverEndpointPort == 0 ? leaseDriverEndpointPort : nodeTypeDescription.LeaseDriverEndpointPort.ToString(),
Protocol = InternalEndpointTypeProtocol.tcp
};
nodeType.Endpoints.ServiceConnectionEndpoint = new InternalEndpointType()
{
Port = nodeTypeDescription.ServiceConnectionEndpointPort == 0 ? serviceConnectionEndpointPort : nodeTypeDescription.ServiceConnectionEndpointPort.ToString(),
Protocol = InternalEndpointTypeProtocol.tcp
};
nodeType.Endpoints.ApplicationEndpoints = new FabricEndpointsTypeApplicationEndpoints()
{
StartPort = nodeTypeDescription.ApplicationPorts.StartPort,
EndPort = nodeTypeDescription.ApplicationPorts.EndPort
};
if (nodeTypeDescription.EphemeralPorts != null)
{
nodeType.Endpoints.EphemeralEndpoints = new FabricEndpointsTypeEphemeralEndpoints()
{
StartPort = nodeTypeDescription.EphemeralPorts.StartPort,
EndPort = nodeTypeDescription.EphemeralPorts.EndPort
};
}
if (nodeTypeDescription.KtlLogger != null)
{
nodeType.KtlLoggerSettings = nodeTypeDescription.KtlLogger.ToFabricKtlLoggerSettingsType();
}
if (nodeTypeDescription.LogicalDirectories != null && nodeTypeDescription.LogicalDirectories.Length > 0)
{
LogicalDirectoryType[] logicalDirectories = new LogicalDirectoryType[nodeTypeDescription.LogicalDirectories.Count()];
var i = 0;
foreach (var dir in nodeTypeDescription.LogicalDirectories)
{
logicalDirectories[i++] = dir.ToLogicalDirectoryType();
}
nodeType.LogicalDirectories = logicalDirectories;
}
if (security != null && security.CertificateInformation != null &&
(security.CertificateInformation.ClusterCertificate != null || security.CertificateInformation.ClusterCertificateCommonNames != null ||
security.CertificateInformation.ServerCertificate != null || security.CertificateInformation.ServerCertificateCommonNames != null))
{
nodeType.Endpoints.HttpGatewayEndpoint.Protocol = InputEndpointTypeProtocol.https;
FabricCertificateType clusterCertificate = null;
FabricCertificateType serverCertificate = null;
if (security.CertificateInformation.ClusterCertificate != null)
{
clusterCertificate = security.CertificateInformation.ClusterCertificate.ToFabricCertificateType();
}
else if (security.CertificateInformation.ClusterCertificateCommonNames != null)
{
clusterCertificate = security.CertificateInformation.ClusterCertificateCommonNames.ToFabricCertificateType();
}
if (security.CertificateInformation.ServerCertificate != null)
{
serverCertificate = security.CertificateInformation.ServerCertificate.ToFabricCertificateType();
}
else if (security.CertificateInformation.ServerCertificateCommonNames != null)
{
serverCertificate = security.CertificateInformation.ServerCertificateCommonNames.ToFabricCertificateType();
}
nodeType.Certificates = new CertificatesType()
{
ClientCertificate = clusterCertificate != null ? clusterCertificate : serverCertificate,
ClusterCertificate = clusterCertificate,
ServerCertificate = serverCertificate
};
}
if (nodeType.Endpoints.HttpApplicationGatewayEndpoint != null &&
this.TargetCsmConfig.Security != null &&
this.TargetCsmConfig.Security.CertificateInformation != null &&
(this.TargetCsmConfig.Security.CertificateInformation.ReverseProxyCertificate != null ||
(this.TargetCsmConfig.Security.CertificateInformation.ReverseProxyCertificateCommonNames != null &&
this.TargetCsmConfig.Security.CertificateInformation.ReverseProxyCertificateCommonNames.Any())))
{
nodeType.Endpoints.HttpApplicationGatewayEndpoint.Protocol = InputEndpointTypeProtocol.https;
}
result.Add(nodeType);
}
return(result);
}
