private void AddOtherSettings(SettingsOverridesTypeSection[] settings, FabricCertificateType secretsCertificate) { foreach (SettingsOverridesTypeSection section in settings) { if (section.Name != Constants.SectionNames.Votes && section.Name != Constants.SectionNames.SeedNodeClientConnectionAddresses) { var settingsTypeSection = ClusterSettings.ConvertToSettingsTypeSection(section); if (settingsTypeSection != null) { this.Settings.Add(settingsTypeSection); } } } // Adds the "SettingsX509StoreName" parameter under the "Security" section // if a SettingsCertificate is specified on the ClusterManifest if (secretsCertificate != null) { SettingsTypeSection securitySection = this.Settings.FirstOrDefault(section => section.Name.Equals(Constants.SectionNames.Security, StringComparison.OrdinalIgnoreCase)); if (securitySection == null) { securitySection = new SettingsTypeSection() { Name = Constants.SectionNames.Security }; this.Settings.Add(securitySection); } SettingsTypeSectionParameter securityParameter = null; string securityParameterName = string.Format(CultureInfo.InvariantCulture, Constants.ParameterNames.X509StoreNamePattern, "Settings"); if (securitySection.Parameter != null) { securityParameter = securitySection.Parameter.FirstOrDefault(parameter => parameter.Name.Equals(securityParameterName, StringComparison.OrdinalIgnoreCase)); } if (securityParameter == null) { securityParameter = new SettingsTypeSectionParameter() { Name = securityParameterName }; } securityParameter.Value = secretsCertificate.X509StoreName; securityParameter.IsEncrypted = false; List <SettingsTypeSectionParameter> parameterList = (securitySection.Parameter != null) ? new List <SettingsTypeSectionParameter>(securitySection.Parameter) : new List <SettingsTypeSectionParameter>(); parameterList.Add(securityParameter); securitySection.Parameter = parameterList.ToArray(); } }
internal void VerifyLoadCertList_Remove( ClusterManifestType manifest, string originalPrimaryThumbprint, string originalSecondaryThumbprint, bool removePrimarythumbprint) { FabricCertificateType certificates = manifest.NodeTypes.First().Certificates.ClusterCertificate; string primaryThumbprint = certificates.X509FindValue; string secondaryThumbprint = certificates.X509FindValueSecondary; string expectedPrimaryThumbprint = removePrimarythumbprint ? originalSecondaryThumbprint : originalPrimaryThumbprint; string expectedSecondaryThumbprint = null; Assert.AreEqual(expectedPrimaryThumbprint, primaryThumbprint); Assert.AreEqual(expectedSecondaryThumbprint, secondaryThumbprint); }
internal void VerifyLoadCertList_Replace( ClusterManifestType manifest, string originalThumbprint, string newThumbprint, int currentPhase) { FabricCertificateType certificates = manifest.NodeTypes.First().Certificates.ClusterCertificate; string primaryThumbprint = certificates.X509FindValue; string secondaryThumbprint = certificates.X509FindValueSecondary; string expectedPrimaryThumbprint = null; string expectedSecondaryThumbprint = null; switch (currentPhase) { case 0: { expectedPrimaryThumbprint = originalThumbprint; expectedSecondaryThumbprint = null; break; } case 1: case 2: { expectedPrimaryThumbprint = newThumbprint; expectedSecondaryThumbprint = null; break; } default: throw new NotSupportedException(); } Assert.AreEqual(expectedPrimaryThumbprint, primaryThumbprint); Assert.AreEqual(expectedSecondaryThumbprint, secondaryThumbprint); }
public ClusterSettings(SettingsOverridesTypeSection[] otherSettings, SettingsTypeSection votes, SettingsTypeSection seedNodeClientConnectionAddresses, FabricCertificateType secretsCertificate) { this.Settings = new List <SettingsTypeSection>(); this.Settings.Add(votes); this.Settings.Add(seedNodeClientConnectionAddresses); AddOtherSettings(otherSettings, secretsCertificate); AddApplicationLogCollectorSettingsIfRequired(); DcaSettings.AddDcaSettingsIfRequired(this.Settings); }
private void AddSingleCertificateInformation(List <SettingsTypeSectionParameter> parameters, FabricCertificateType certificate, string certType) { if (certificate == null) { return; } string storeNameTag = string.Format(CultureInfo.InvariantCulture, Constants.ParameterNames.X509StoreNamePattern, certType); string findTypeTag = string.Format(CultureInfo.InvariantCulture, Constants.ParameterNames.X509FindTypePattern, certType); string findValueTag = string.Format(CultureInfo.InvariantCulture, Constants.ParameterNames.X509FindValuePattern, certType); string findValueSecondaryTag = string.Format(CultureInfo.InvariantCulture, Constants.ParameterNames.X509FindValueSecondaryPattern, certType); if (certificate.X509StoreName != null) { parameters.Add(new SettingsTypeSectionParameter() { Name = storeNameTag, Value = certificate.X509StoreName, MustOverride = false }); } parameters.Add(new SettingsTypeSectionParameter() { Name = findTypeTag, Value = certificate.X509FindType.ToString(), MustOverride = false }); parameters.Add(new SettingsTypeSectionParameter() { Name = findValueTag, Value = certificate.X509FindValue, MustOverride = false }); parameters.Add(new SettingsTypeSectionParameter() { Name = findValueSecondaryTag, Value = certificate.X509FindValueSecondary, MustOverride = false }); }
protected IEnumerable <ClusterManifestTypeNodeType> GetNodeTypes( IEnumerable <NodeTypeDescription> nodeTypeDescriptions, Security security, ClusterManifestType existingClusterManifestType = null) { //// TODO: Implement smarter port selection to avoid conflicts with ports specified by the user var result = new List <ClusterManifestTypeNodeType>(); foreach (var nodeTypeDescription in nodeTypeDescriptions) { ClusterManifestTypeNodeType matchigExistingNodeType = null; if (existingClusterManifestType != null) { matchigExistingNodeType = existingClusterManifestType.NodeTypes.FirstOrDefault( existingNodeType => existingNodeType.Name.Equals(nodeTypeDescription.Name)); } var clusterConnectionEndpointPort = matchigExistingNodeType == null ? this.ClusterManifestGeneratorSettings.ClusterConnectionEndpointPort.ToString() : matchigExistingNodeType.Endpoints.ClusterConnectionEndpoint.Port; var leaseDriverEndpointPort = matchigExistingNodeType == null ? this.ClusterManifestGeneratorSettings.LeaseDriverEndpointPort.ToString() : matchigExistingNodeType.Endpoints.LeaseDriverEndpoint.Port; var serviceConnectionEndpointPort = matchigExistingNodeType == null ? this.ClusterManifestGeneratorSettings.ServiceConnectionEndpointPort.ToString() : matchigExistingNodeType.Endpoints.ServiceConnectionEndpoint.Port; var nodeType = nodeTypeDescription.ToClusterManifestTypeNodeType(); var defaultPlacementProperty = new KeyValuePairType() { Name = StringConstants.DefaultPlacementConstraintsKey, Value = nodeType.Name }; if (nodeType.PlacementProperties == null) { nodeType.PlacementProperties = new[] { defaultPlacementProperty }; } else { var existingPlacementProperties = nodeType.PlacementProperties.ToList(); existingPlacementProperties.Add(defaultPlacementProperty); nodeType.PlacementProperties = existingPlacementProperties.ToArray(); } nodeType.Endpoints.ClusterConnectionEndpoint = new InternalEndpointType() { Port = nodeTypeDescription.ClusterConnectionEndpointPort == 0 ? clusterConnectionEndpointPort : nodeTypeDescription.ClusterConnectionEndpointPort.ToString(), Protocol = InternalEndpointTypeProtocol.tcp }; nodeType.Endpoints.LeaseDriverEndpoint = new InternalEndpointType() { Port = nodeTypeDescription.LeaseDriverEndpointPort == 0 ? leaseDriverEndpointPort : nodeTypeDescription.LeaseDriverEndpointPort.ToString(), Protocol = InternalEndpointTypeProtocol.tcp }; nodeType.Endpoints.ServiceConnectionEndpoint = new InternalEndpointType() { Port = nodeTypeDescription.ServiceConnectionEndpointPort == 0 ? serviceConnectionEndpointPort : nodeTypeDescription.ServiceConnectionEndpointPort.ToString(), Protocol = InternalEndpointTypeProtocol.tcp }; nodeType.Endpoints.ApplicationEndpoints = new FabricEndpointsTypeApplicationEndpoints() { StartPort = nodeTypeDescription.ApplicationPorts.StartPort, EndPort = nodeTypeDescription.ApplicationPorts.EndPort }; if (nodeTypeDescription.EphemeralPorts != null) { nodeType.Endpoints.EphemeralEndpoints = new FabricEndpointsTypeEphemeralEndpoints() { StartPort = nodeTypeDescription.EphemeralPorts.StartPort, EndPort = nodeTypeDescription.EphemeralPorts.EndPort }; } if (nodeTypeDescription.KtlLogger != null) { nodeType.KtlLoggerSettings = nodeTypeDescription.KtlLogger.ToFabricKtlLoggerSettingsType(); } if (nodeTypeDescription.LogicalDirectories != null && nodeTypeDescription.LogicalDirectories.Length > 0) { LogicalDirectoryType[] logicalDirectories = new LogicalDirectoryType[nodeTypeDescription.LogicalDirectories.Count()]; var i = 0; foreach (var dir in nodeTypeDescription.LogicalDirectories) { logicalDirectories[i++] = dir.ToLogicalDirectoryType(); } nodeType.LogicalDirectories = logicalDirectories; } if (security != null && security.CertificateInformation != null && (security.CertificateInformation.ClusterCertificate != null || security.CertificateInformation.ClusterCertificateCommonNames != null || security.CertificateInformation.ServerCertificate != null || security.CertificateInformation.ServerCertificateCommonNames != null)) { nodeType.Endpoints.HttpGatewayEndpoint.Protocol = InputEndpointTypeProtocol.https; FabricCertificateType clusterCertificate = null; FabricCertificateType serverCertificate = null; if (security.CertificateInformation.ClusterCertificate != null) { clusterCertificate = security.CertificateInformation.ClusterCertificate.ToFabricCertificateType(); } else if (security.CertificateInformation.ClusterCertificateCommonNames != null) { clusterCertificate = security.CertificateInformation.ClusterCertificateCommonNames.ToFabricCertificateType(); } if (security.CertificateInformation.ServerCertificate != null) { serverCertificate = security.CertificateInformation.ServerCertificate.ToFabricCertificateType(); } else if (security.CertificateInformation.ServerCertificateCommonNames != null) { serverCertificate = security.CertificateInformation.ServerCertificateCommonNames.ToFabricCertificateType(); } nodeType.Certificates = new CertificatesType() { ClientCertificate = clusterCertificate != null ? clusterCertificate : serverCertificate, ClusterCertificate = clusterCertificate, ServerCertificate = serverCertificate }; } if (nodeType.Endpoints.HttpApplicationGatewayEndpoint != null && this.TargetCsmConfig.Security != null && this.TargetCsmConfig.Security.CertificateInformation != null && (this.TargetCsmConfig.Security.CertificateInformation.ReverseProxyCertificate != null || (this.TargetCsmConfig.Security.CertificateInformation.ReverseProxyCertificateCommonNames != null && this.TargetCsmConfig.Security.CertificateInformation.ReverseProxyCertificateCommonNames.Any()))) { nodeType.Endpoints.HttpApplicationGatewayEndpoint.Protocol = InputEndpointTypeProtocol.https; } result.Add(nodeType); } return(result); }