diff --git a/config/blobs.yml b/config/blobs.yml
index 377911dcb6..12a3207b2d 100644
--- a/config/blobs.yml
+++ b/config/blobs.yml
@@ -1,7 +1,3 @@
-apache-tomcat-10.1.49.tar.gz:
- size: 14129174
- object_id: 2bcc158e-35eb-45a9-5459-8cfd83914714
- sha: sha256:d1f5969fbaf7ade296fb8acf7b13a1ef1305d27f2caa3a4c5124e8d4c8aa2b88
bellsoft-21.0.9+15.tar.gz:
size: 231042429
object_id: 02cb0a18-6116-4eed-7fc4-193eafb4ab7d
diff --git a/jobs/uaa/spec b/jobs/uaa/spec
index 14b16b40b3..0bd8623fb5 100644
--- a/jobs/uaa/spec
+++ b/jobs/uaa/spec
@@ -18,9 +18,6 @@ templates:
config/messages.properties.erb: config/messages.properties
config/uaa.crt.erb: config/uaa.crt
config/boot/application.yml.erb: config/boot/application.yml
- config/tomcat/tomcat.logging.properties: config/tomcat/logging.properties
- config/tomcat/tomcat.server.xml.erb: config/tomcat/server.xml
- config/tomcat/tomcat.context.xml.erb: config/tomcat/context.xml
bbr/pre-backup-lock.sh.erb: bin/bbr/pre-backup-lock
bbr/pre-restore-lock.sh.erb: bin/bbr/pre-restore-lock
@@ -51,12 +48,6 @@ packages:
- uaa
properties:
- runtime.tomcat.enabled:
- description: |
- Deprecated. Set to true to force UAA to run within a Apache Tomcat container.
- Set to false, to use a Spring Boot runtime with an embedded Apache Tomcat container.
- This property will be removed when Apache Tomcat as a runtime is removed.
- default: true
uaa.rate_limiter:
config:
loggingOption:
@@ -149,7 +140,7 @@ properties:
# General server properties
uaa.catalina_opts:
- description: "The options used to configure Tomcat"
+ description: "The options used to configure the UAA Server"
default: -Xmx768m -XX:MaxMetaspaceSize=256m
uaa.localhost_http_port:
description: |
@@ -187,7 +178,7 @@ properties:
description: "Array of the router IPs acting as the first group of HTTP/TCP backends. These will be added to the proxy_ips_regex as exact matches."
default: []
uaa.keepalive_timeout:
- description: Timeout value in milliseconds for the connection keepalive of the tomcat server
+ description: Timeout value in milliseconds for the connection keepalive of the UAA server
default: 120000
env.http_proxy:
diff --git a/jobs/uaa/templates/bin/pre-start.erb b/jobs/uaa/templates/bin/pre-start.erb
index 605d318032..5901545e5b 100755
--- a/jobs/uaa/templates/bin/pre-start.erb
+++ b/jobs/uaa/templates/bin/pre-start.erb
@@ -149,29 +149,21 @@ function insert_ssl_cert {
log "Installed Server SSL certificate"
}
-function configure_tomcat {
- # When run with bpm, the vcap user does not have permissions to read
- # files in the jobs and packages directories. Consequently, we move
- # our tomcat installation into a directory where we have full permissions.
- rm -rf /var/vcap/data/uaa/tomcat
- mkdir -p /var/vcap/data/uaa/
- cp -a /var/vcap/packages/uaa/tomcat /var/vcap/data/uaa/
- cp -a /var/vcap/jobs/uaa/config/tomcat/* /var/vcap/data/uaa/tomcat/conf/
- chown -R vcap:vcap /var/vcap/data/uaa/
-}
-
function configure_spring_boot {
+ log "Configure Spring Boot directories"
+
# When run with bpm, the vcap user does not have permissions to read
# files in the jobs and packages directories. Consequently, we move
# our spring boot installation into a directory where we have full permissions.
rm -rf /var/vcap/data/uaa/boot
- mkdir -p /var/vcap/data/uaa
- mkdir -p /var/vcap/data/sys/run/uaa/exec-tmp
- cp -a /var/vcap/packages/uaa/boot /var/vcap/data/uaa/
- cp -a /var/vcap/jobs/uaa/config/boot/* /var/vcap/data/uaa/boot/
mkdir -p /var/vcap/data/uaa/boot/webapps
mkdir -p /var/vcap/data/uaa/boot/work
- chown -R vcap:vcap /var/vcap/data/uaa/boot
+ cp -a /var/vcap/packages/uaa/boot /var/vcap/data/uaa/
+ cp -a /var/vcap/jobs/uaa/config/boot/* /var/vcap/data/uaa/boot/
+ chown -R vcap:vcap /var/vcap/data/uaa
+
+ # Bouncy Castle FIPS needs a tmp dir with exec permissions
+ mkdir -p /var/vcap/data/sys/run/uaa/exec-tmp
chown -R vcap:vcap /var/vcap/data/sys/run/uaa/exec-tmp
chmod 0755 /var/vcap/data/sys/run/uaa/exec-tmp
}
@@ -191,11 +183,8 @@ PERSISTENT_UAA_CA_CERTS_FILE=$PERSISTENT_CERTS_DIR/uaa-ca-certs-cache.txt
LDAP_CERTS_FILE=/var/vcap/jobs/uaa/config/ldap.crt
PERSISTENT_LDAP_CERTS_FILE=$PERSISTENT_CERTS_DIR/ldap-certs-cache.txt
-process_certs
-
-configure_tomcat
-
configure_spring_boot
+process_certs
rm -rf $TMP_DIR
diff --git a/jobs/uaa/templates/bin/uaa b/jobs/uaa/templates/bin/uaa
index 55105b3fee..d71bbf7d17 100644
--- a/jobs/uaa/templates/bin/uaa
+++ b/jobs/uaa/templates/bin/uaa
@@ -32,12 +32,13 @@ JAVA_OPTS="$JAVA_OPTS -Dnetworkaddress.cache.ttl=0 $HTTP_PROXY_JAVA_OPTIONS $KEY
JAVA_OPTS="$JAVA_OPTS -Dlog4j.configurationFile=/var/vcap/jobs/uaa/config/log4j2.properties"
JAVA_OPTS="$JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true"
JAVA_OPTS="$JAVA_OPTS -Djava.io.tmpdir=/var/vcap/data/sys/run/uaa/exec-tmp"
+JAVA_OPTS="$JAVA_OPTS -Dorg.bouncycastle.native.loader.install_dir=/var/vcap/data/sys/run/uaa/exec-tmp"
JAVA_OPTS="$JAVA_OPTS -XX:+HeapDumpOnOutOfMemoryError"
JAVA_OPTS="$JAVA_OPTS -XX:HeapDumpPath=${uaa_log_dir}"
export PATH
export JAVA_OPTS
-BOOT_RUN_LOCATION=/var/vcap/data/uaa/boot
+boot_run_location=/var/vcap/data/uaa/boot
BOOT_OPTS="${JAVA_OPTS}"
### TODO what is the difference between -Dlog4j.configurationFile and -Dlogging.config?
BOOT_OPTS="${BOOT_OPTS} -Dlogging.config=/var/vcap/jobs/uaa/config/log4j2.properties"
@@ -46,27 +47,17 @@ BOOT_OPTS="${BOOT_OPTS} -Dmetrics.perRequestMetrics=true"
BOOT_OPTS="${BOOT_OPTS} -Dserver.servlet.context-path=/"
BOOT_OPTS="${BOOT_OPTS} -Dstatsd.enabled=true"
BOOT_OPTS="${BOOT_OPTS} <%= p("uaa.catalina_opts") %>"
-BOOT_FILE=${BOOT_RUN_LOCATION}/uaa-boot.war
-
-TOMCAT_ENABLED=<%= p("runtime.tomcat.enabled") %>
-if [[ "${TOMCAT_ENABLED}" == "true" ]]; then
- export CATALINA_TMPDIR=/var/vcap/data/sys/run/uaa/exec-tmp
- log "Calling Tomcat start up command"
- /var/vcap/packages/uaa/tomcat/bin/catalina.sh run &
- CATALINA_PID=$!
- log "uaa/tomcat started in background. Waiting for signals."
- wait "${CATALINA_PID}"
- EXIT_STATUS=$?
- log "uaa/tomcat job exiting"
- exit $EXIT_STATUS
-else
- # location of application.yml
- cd ${BOOT_RUN_LOCATION}
- java ${BOOT_OPTS} -jar ${BOOT_FILE} &
- BOOT_PID=$!
- log "uaa/boot started in background. Waiting for signals."
- wait "${BOOT_PID}"
- EXIT_STATUS=$?
- log "uaa/boot job exiting"
- exit $EXIT_STATUS
-fi
+BOOT_FILE=${boot_run_location}/uaa-boot.war
+
+# location of application.yml
+cd ${boot_run_location}
+java ${BOOT_OPTS} -jar ${BOOT_FILE} > ${uaa_log_dir}/boot.log 2>&1 &
+boot_pid=$!
+mkdir -p /var/vcap/sys/run/bpm/uaa
+echo "${boot_pid}" > /var/vcap/sys/run/bpm/uaa/uaa.pid
+sleep 1
+log "uaa/boot(pid=${boot_pid}) started in background. Waiting for signals."
+wait "${boot_pid}"
+exit_status=$?
+log "uaa/boot(pid=${boot_pid}) job exiting, with status: ${exit_status}"
+exit ${exit_status}
diff --git a/jobs/uaa/templates/config/bpm.yml.erb b/jobs/uaa/templates/config/bpm.yml.erb
index 5529a57989..d96ad06c8d 100644
--- a/jobs/uaa/templates/config/bpm.yml.erb
+++ b/jobs/uaa/templates/config/bpm.yml.erb
@@ -2,8 +2,6 @@ processes:
- name: uaa
executable: /var/vcap/jobs/uaa/bin/uaa
env:
- CATALINA_BASE: /var/vcap/data/uaa/tomcat
- CATALINA_HOME: /var/vcap/data/uaa/tomcat
CLOUDFOUNDRY_CONFIG_PATH: /var/vcap/jobs/uaa/config
CLOUDFOUNDRY_LOG_PATH: /var/vcap/sys/log/uaa
CATALINA_OPTS: "<%= p('uaa.catalina_opts') %>"
diff --git a/jobs/uaa/templates/config/tomcat/tomcat.context.xml.erb b/jobs/uaa/templates/config/tomcat/tomcat.context.xml.erb
deleted file mode 100644
index cc52eff2a7..0000000000
--- a/jobs/uaa/templates/config/tomcat/tomcat.context.xml.erb
+++ /dev/null
@@ -1,22 +0,0 @@
-
-
-
-
- WEB-INF/web.xml
- ${catalina.base}/conf/web.xml
-
diff --git a/jobs/uaa/templates/config/tomcat/tomcat.logging.properties b/jobs/uaa/templates/config/tomcat/tomcat.logging.properties
deleted file mode 100644
index f7aa6933ed..0000000000
--- a/jobs/uaa/templates/config/tomcat/tomcat.logging.properties
+++ /dev/null
@@ -1,49 +0,0 @@
-handlers = 1catalina.org.apache.juli.FileHandler, 2localhost.org.apache.juli.FileHandler, 3manager.org.apache.juli.FileHandler, 4host-manager.org.apache.juli.FileHandler
-
-.handlers = 1catalina.org.apache.juli.FileHandler
-
-############################################################
-# Handler specific properties.
-# Describes specific configuration info for Handlers.
-############################################################
-
-1catalina.org.apache.juli.FileHandler.level = FINE
-1catalina.org.apache.juli.FileHandler.directory = /var/vcap/sys/log/uaa
-1catalina.org.apache.juli.FileHandler.prefix = catalina
-1catalina.org.apache.juli.FileHandler.rotatable = false
-
-2localhost.org.apache.juli.FileHandler.level = FINE
-2localhost.org.apache.juli.FileHandler.directory = /var/vcap/sys/log/uaa
-2localhost.org.apache.juli.FileHandler.prefix = localhost
-2localhost.org.apache.juli.FileHandler.rotatable = false
-
-3manager.org.apache.juli.FileHandler.level = FINE
-3manager.org.apache.juli.FileHandler.directory = /var/vcap/sys/log/uaa
-3manager.org.apache.juli.FileHandler.prefix = manager
-3manager.org.apache.juli.FileHandler.rotatable = false
-
-4host-manager.org.apache.juli.FileHandler.level = FINE
-4host-manager.org.apache.juli.FileHandler.directory = /var/vcap/sys/log/uaa
-4host-manager.org.apache.juli.FileHandler.prefix = host-manager
-4host-manager.org.apache.juli.FileHandler.rotatable = false
-
-############################################################
-# Facility specific properties.
-# Provides extra control for each logger.
-############################################################
-
-org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO
-org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = 2localhost.org.apache.juli.FileHandler
-
-org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].level = INFO
-org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].handlers = 3manager.org.apache.juli.FileHandler
-
-org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].level = INFO
-org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].handlers = 4host-manager.org.apache.juli.FileHandler
-
-# For example, set the org.apache.catalina.util.LifecycleBase logger to log
-# each component that extends LifecycleBase changing state:
-#org.apache.catalina.util.LifecycleBase.level = FINE
-
-# To see debug messages in TldLocationsCache, uncomment the following line:
-#org.apache.jasper.compiler.TldLocationsCache.level = FINE
diff --git a/jobs/uaa/templates/config/tomcat/tomcat.server.xml.erb b/jobs/uaa/templates/config/tomcat/tomcat.server.xml.erb
deleted file mode 100644
index c2eb57dde4..0000000000
--- a/jobs/uaa/templates/config/tomcat/tomcat.server.xml.erb
+++ /dev/null
@@ -1,110 +0,0 @@
-
-
-
-
-
-
-
-
-
-
- <%
- default_internal_proxies = "10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}"
-
- def escape(str)
- str.gsub(".","\\.").gsub(":","\\:")
- end
-
- internal_proxies = p('uaa.proxy_ips_regex')
-
- if_p('uaa.proxy.servers') do |proxyServers|
- internal_proxies = proxyServers.map { |ip| escape(ip) }
- .push(internal_proxies)
- .join('|')
- end
-
- if_link('router') do |router|
- internal_proxies = router.instances.map { |instance| escape(instance.address) }
- .push(internal_proxies)
- .join('|')
- end
-
- if internal_proxies.to_s.strip.length == 0
- internal_proxies = default_internal_proxies
- end
-
- if p("uaa.localhost_http_port") < 1024 || p("uaa.localhost_http_port") > 65535
- raise ArgumentError, "Invalid value (#{p("uaa.localhost_http_port")}) specified for uaa.localhost_http_port, please specify a valid port number in this range [1024-65535]"
- end
-
- if p("uaa.ssl.port") < 1024 || p("uaa.ssl.port") > 65535
- raise ArgumentError, "Invalid value (#{p("uaa.ssl.port")}) specified for uaa.ssl.port, please specify a valid port number in this range [1024-65535]"
- end
-
- if p("uaa.ssl.port") == p("uaa.localhost_http_port")
- raise ArgumentError, 'Please specify different values for uaa.ssl.port and uaa.localhost_http_port'
- end
-
- if p("uaa.keepalive_timeout") < -1
- raise ArgumentError, "Invalid value (#{p("uaa.keepalive_timeout")}) specified for uaa.keepalive_timeout, please specify either a positive integer value or -1"
- end
- %>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/packages/uaa/packaging b/packages/uaa/packaging
index 0b8f0267d7..b76025e923 100644
--- a/packages/uaa/packaging
+++ b/packages/uaa/packaging
@@ -14,23 +14,6 @@ fi
# Ensure correct permissions
chmod -R a+r jdk
-tomcat_tar_file=$(find "${BOSH_COMPILE_TARGET}" -name "apache-tomcat-*.tar.gz" | sort --version-sort| tail -n1)
-mkdir tomcat
-tar zxvf "${tomcat_tar_file}" -C tomcat --strip 1
-if [[ $? != 0 ]] ; then
- echo "Cannot unpack Tomcat"
- exit 1
-fi
-
-cd tomcat
-rm -rf webapps/*
-cp -a "${BOSH_COMPILE_TARGET}"/wars/cloudfoundry-identity-uaa.war webapps/ROOT.war
-cp -a "${BOSH_COMPILE_TARGET}"/wars/cloudfoundry-identity-statsd.war webapps/statsd.war
-cp -a "${BOSH_COMPILE_TARGET}"/wars/tomcat-listener.jar lib/tomcat-listener.jar
-
-chmod 0755 bin/
-chmod 0755 bin/*.sh
-
# setup a spring boot directory
cd ${BOSH_INSTALL_TARGET}
mkdir boot
diff --git a/packages/uaa/pre_packaging b/packages/uaa/pre_packaging
index 5646c34a60..3322e61dbf 100644
--- a/packages/uaa/pre_packaging
+++ b/packages/uaa/pre_packaging
@@ -22,16 +22,12 @@ fi
#setup Java path
export PATH=$JAVA_HOME/bin:$PATH
-
mkdir wars
#build cloud foundry UAA war
cd "${BUILD_DIR}"/uaa
GIT_DIR=$(find "${RELEASE_DIR}" -path "*/modules/src/uaa") ./gradlew clean assemble --max-workers=4 -Pversion="${UAA_VERSION}"
cp uaa/build/libs/"cloudfoundry-identity-uaa-${UAA_VERSION}.war" "${BUILD_DIR}"/wars/cloudfoundry-identity-uaa.war
-cp statsd/build/libs/"cloudfoundry-identity-statsd-${UAA_VERSION}.war" "${BUILD_DIR}"/wars/cloudfoundry-identity-statsd.war
-cp server/build/libs/"tomcat-listener-${UAA_VERSION}.jar" "${BUILD_DIR}"/wars/tomcat-listener.jar
-
ls -la "${BUILD_DIR}"/wars
#clean build UAA data and build tools (java)
diff --git a/packages/uaa/spec b/packages/uaa/spec
index b6882306c5..b72425f9b5 100644
--- a/packages/uaa/spec
+++ b/packages/uaa/spec
@@ -3,5 +3,4 @@ name: uaa
dependencies:
files:
- uaa/**/*
-- bellsoft-*.tar.gz
-- apache-*.tar.gz
+- bellsoft-*.tar.gz
\ No newline at end of file
diff --git a/spec/compare/all-properties-tomcat-server.xml b/spec/compare/all-properties-tomcat-server.xml
deleted file mode 100644
index 1c345791f7..0000000000
--- a/spec/compare/all-properties-tomcat-server.xml
+++ /dev/null
@@ -1,70 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/spec/tomcat.server.xml.erb_spec.rb b/spec/tomcat.server.xml.erb_spec.rb
deleted file mode 100644
index abff26b6a9..0000000000
--- a/spec/tomcat.server.xml.erb_spec.rb
+++ /dev/null
@@ -1,219 +0,0 @@
-require 'rspec'
-require 'nokogiri'
-require 'bosh/template/evaluation_context'
-require 'spec_helper'
-require 'yaml'
-
-describe 'tomcat.server.xml' do
- def read_file(relative_path)
- File.read(File.join(File.dirname(__FILE__), relative_path))
- end
-
- def compile_erb(erb_template_location, manifest)
- erb_content = read_file(erb_template_location)
- binding = Bosh::Template::EvaluationContext.new(manifest, nil).get_binding
- ERB.new(erb_content).result(binding)
- end
-
- let(:compiled_xml) {compile_erb(template, manifest)}
- let(:template) {'../jobs/uaa/templates/config/tomcat/tomcat.server.xml.erb'}
- let(:manifest) {generate_cf_manifest('spec/input/all-properties-set.yml')}
-
- it 'matches the expected result' do
- expect(compiled_xml.gsub(/\s/, '')).to eq(read_file('compare/all-properties-tomcat-server.xml').gsub(/\s/, ''))
- end
-
- let(:connectors) do
- config = Nokogiri::XML.parse(compiled_xml)
- config.xpath('//Connector')
- end
-
- let(:http_connector) do
- connectors[0]
- end
-
- let(:https_connector) do
- connectors[1]
- end
-
- it 'has two connector elements' do
- expect(connectors.length).to eq(2)
- end
-
- context 'when uaa.localhost_http_port is valid' do
- before(:each) do
- manifest['properties']['uaa']['localhost_http_port'] = 2000
- end
-
- it 'has an http connector with value of uaa.localhost_http_port' do
- expect(http_connector["port"]).to eq("2000")
- end
- end
-
- context 'when uaa.localhost_http_port is invalid (-1)' do
- before(:each) do
- manifest['properties']['uaa']['localhost_http_port'] = -1
- end
-
- it 'returns an error' do
- expect {compiled_xml}.to raise_error(ArgumentError, 'Invalid value (-1) specified for uaa.localhost_http_port, please specify a valid port number in this range [1024-65535]')
- end
- end
-
- context 'when uaa.localhost_http_port is invalid (1023)' do
- before(:each) do
- manifest['properties']['uaa']['localhost_http_port'] = 1023
- end
-
- it 'returns an error' do
- expect {compiled_xml}.to raise_error(ArgumentError, 'Invalid value (1023) specified for uaa.localhost_http_port, please specify a valid port number in this range [1024-65535]')
- end
- end
-
- context 'when uaa.localhost_http_port is invalid (65536)' do
- before(:each) do
- manifest['properties']['uaa']['localhost_http_port'] = 65536
- end
-
- it 'returns an error' do
- expect {compiled_xml}.to raise_error(ArgumentError, 'Invalid value (65536) specified for uaa.localhost_http_port, please specify a valid port number in this range [1024-65535]')
- end
- end
-
- context 'when uaa.ssl.port is valid' do
- before(:each) do
- manifest['properties']['uaa']['ssl']['port'] = 3333
- end
-
- it 'has an http connector with value of uaa.localhost_http_port' do
- expect(https_connector["port"]).to eq("3333")
- end
- end
-
- context 'when uaa.ssl.port is invalid (-1)' do
- before(:each) do
- manifest['properties']['uaa']['ssl']['port'] = -1
- end
-
- it 'returns an error' do
- expect {compiled_xml}.to raise_error(ArgumentError, 'Invalid value (-1) specified for uaa.ssl.port, please specify a valid port number in this range [1024-65535]')
- end
- end
-
- context 'when uaa.ssl.port is invalid (1023)' do
- before(:each) do
- manifest['properties']['uaa']['ssl']['port'] = 1023
- end
-
- it 'returns an error' do
- expect {compiled_xml}.to raise_error(ArgumentError, 'Invalid value (1023) specified for uaa.ssl.port, please specify a valid port number in this range [1024-65535]')
- end
- end
-
- context 'when uaa.ssl.port is invalid (65536)' do
- before(:each) do
- manifest['properties']['uaa']['ssl']['port'] = 65536
- end
-
- it 'returns an error' do
- expect {compiled_xml}.to raise_error(ArgumentError, 'Invalid value (65536) specified for uaa.ssl.port, please specify a valid port number in this range [1024-65535]')
- end
- end
-
- context 'when uaa.localhost_http_port is the same as uaa.ssl.port' do
- before(:each) do
- manifest['properties']['uaa']['ssl']['port'] = 9090
- manifest['properties']['uaa']['localhost_http_port'] = 9090
- end
-
- it 'returns an error' do
- expect {compiled_xml}.to raise_error(ArgumentError, 'Please specify different values for uaa.ssl.port and uaa.localhost_http_port')
- end
- end
-
- context 'when uaa.keepalive_timeout is invalid (-1)' do
- before(:each) do
- manifest['properties']['uaa']['keepalive_timeout'] = -2
- end
-
- it 'returns an error' do
- expect {compiled_xml}.to raise_error(ArgumentError, 'Invalid value (-2) specified for uaa.keepalive_timeout, please specify either a positive integer value or -1')
- end
- end
-
- context 'using bosh links' do
- let(:internal_proxies) do
- config = Nokogiri::XML.parse(compiled_xml)
- config.xpath('//Valve')[0].attributes['internalProxies'].value
- end
-
- context 'when uaa.proxy_ips_regex is in the manifest' do
- it 'includes the proxy_ips_regex when uaa.proxy.servers not set and bosh links not available' do
- manifest['properties']['uaa']['proxy']['servers'] = []
- manifest['properties']['uaa']['proxy_ips_regex'] = 'proxy_ips_regex'
- manifest['links'] = {}
-
- expect(internal_proxies).to include('proxy_ips_regex')
- end
-
- it 'includes proxy_ips_regex when uaa.proxy.servers are set and bosh links are not available' do
- manifest['properties']['uaa']['proxy']['servers'] = ['1.1.1.1']
- manifest['properties']['uaa']['proxy_ips_regex'] = 'proxy_ips_regex'
- manifest['links'] = {}
-
- expect(internal_proxies).to include('proxy_ips_regex')
- end
-
- it 'includes proxy_ips_regex when uaa.proxy.servers not set and bosh link is available' do
- manifest['properties']['uaa']['proxy']['servers'] = []
- manifest['properties']['uaa']['proxy_ips_regex'] = 'proxy_ips_regex'
- manifest['links'] = {
- 'router' => {'instances' => [{'address' => 'linked-address'}]}
- }
-
- expect(internal_proxies).to include('proxy_ips_regex')
- end
-
- it 'includes proxy_ips_regex when uaa.proxy.servers is set and bosh link is available' do
- manifest['properties']['uaa']['proxy']['servers'] = ['1.12.3.4']
- manifest['properties']['uaa']['proxy_ips_regex'] = 'proxy_ips_regex'
- manifest['links'] = {
- 'router' => {'instances' => [{'address' => 'linked-address'}]}
- }
-
- expect(internal_proxies).to include('proxy_ips_regex')
- end
- end
-
- context 'when uaa.proxy.servers is left to default value in the manifest' do
- before(:each) do
- manifest['properties']['uaa']['proxy_ips_regex'] = 'proxy_ips_regex'
- manifest['properties']['uaa']['proxy']['servers'] = []
- end
-
- let(:manifest) {generate_cf_manifest('spec/input/all-properties-set.yml', links)}
-
- context 'when a bosh-link is available' do
- let(:links) {{
- 'router' => {'instances' => [{'address' => 'linked-address'}]}
- }}
-
- it 'uses the bosh-linked router config' do
- expect(internal_proxies).to eq('linked-address|proxy_ips_regex')
- end
- end
-
- context 'when there is no bosh-link available' do
- before(:each) do
- manifest['properties']['uaa']['proxy_ips_regex'] = ''
- manifest['properties']['uaa']['proxy']['servers'] = []
- end
- let(:links) {{}}
-
- it 'uses the default internal proxies list' do
- expect(internal_proxies).to eq '10.d{1,3}.d{1,3}.d{1,3}|192.168.d{1,3}.d{1,3}|169.254.d{1,3}.d{1,3}|127.d{1,3}.d{1,3}.d{1,3}|172.1[6-9]{1}.d{1,3}.d{1,3}|172.2[0-9]{1}.d{1,3}.d{1,3}|172.3[0-1]{1}.d{1,3}.d{1,3}'
- end
- end
- end
- end
-end