From 06d3237f00e11bfd08856e5b26c33842999c912e Mon Sep 17 00:00:00 2001 From: Duane May Date: Wed, 5 Nov 2025 17:58:01 -0500 Subject: [PATCH] Remove Tomcat support from UAA Release - Only support the Spring Boot runtime. - Eliminated all configurations, templates, tests, and spec files related to Tomcat usage. Simplified scripts to only Spring Boot. Removed relevant Tomcat dependencies and tarballs. - Added explicit dir for bouncycastle libs - Need to remove the Tomcat update job before merge --- config/blobs.yml | 4 - jobs/uaa/spec | 13 +- jobs/uaa/templates/bin/pre-start.erb | 29 +-- jobs/uaa/templates/bin/uaa | 41 ++-- jobs/uaa/templates/config/bpm.yml.erb | 2 - .../config/tomcat/tomcat.context.xml.erb | 22 -- .../config/tomcat/tomcat.logging.properties | 49 ---- .../config/tomcat/tomcat.server.xml.erb | 110 --------- packages/uaa/packaging | 17 -- packages/uaa/pre_packaging | 4 - packages/uaa/spec | 3 +- spec/compare/all-properties-tomcat-server.xml | 70 ------ spec/tomcat.server.xml.erb_spec.rb | 219 ------------------ 13 files changed, 28 insertions(+), 555 deletions(-) delete mode 100644 jobs/uaa/templates/config/tomcat/tomcat.context.xml.erb delete mode 100644 jobs/uaa/templates/config/tomcat/tomcat.logging.properties delete mode 100644 jobs/uaa/templates/config/tomcat/tomcat.server.xml.erb delete mode 100644 spec/compare/all-properties-tomcat-server.xml delete mode 100644 spec/tomcat.server.xml.erb_spec.rb diff --git a/config/blobs.yml b/config/blobs.yml index 377911dcb6..12a3207b2d 100644 --- a/config/blobs.yml +++ b/config/blobs.yml @@ -1,7 +1,3 @@ -apache-tomcat-10.1.49.tar.gz: - size: 14129174 - object_id: 2bcc158e-35eb-45a9-5459-8cfd83914714 - sha: sha256:d1f5969fbaf7ade296fb8acf7b13a1ef1305d27f2caa3a4c5124e8d4c8aa2b88 bellsoft-21.0.9+15.tar.gz: size: 231042429 object_id: 02cb0a18-6116-4eed-7fc4-193eafb4ab7d diff --git a/jobs/uaa/spec b/jobs/uaa/spec index 14b16b40b3..0bd8623fb5 100644 --- a/jobs/uaa/spec +++ b/jobs/uaa/spec @@ -18,9 +18,6 @@ templates: config/messages.properties.erb: config/messages.properties config/uaa.crt.erb: config/uaa.crt config/boot/application.yml.erb: config/boot/application.yml - config/tomcat/tomcat.logging.properties: config/tomcat/logging.properties - config/tomcat/tomcat.server.xml.erb: config/tomcat/server.xml - config/tomcat/tomcat.context.xml.erb: config/tomcat/context.xml bbr/pre-backup-lock.sh.erb: bin/bbr/pre-backup-lock bbr/pre-restore-lock.sh.erb: bin/bbr/pre-restore-lock @@ -51,12 +48,6 @@ packages: - uaa properties: - runtime.tomcat.enabled: - description: | - Deprecated. Set to true to force UAA to run within a Apache Tomcat container. - Set to false, to use a Spring Boot runtime with an embedded Apache Tomcat container. - This property will be removed when Apache Tomcat as a runtime is removed. - default: true uaa.rate_limiter: config: loggingOption: @@ -149,7 +140,7 @@ properties: # General server properties uaa.catalina_opts: - description: "The options used to configure Tomcat" + description: "The options used to configure the UAA Server" default: -Xmx768m -XX:MaxMetaspaceSize=256m uaa.localhost_http_port: description: | @@ -187,7 +178,7 @@ properties: description: "Array of the router IPs acting as the first group of HTTP/TCP backends. These will be added to the proxy_ips_regex as exact matches." default: [] uaa.keepalive_timeout: - description: Timeout value in milliseconds for the connection keepalive of the tomcat server + description: Timeout value in milliseconds for the connection keepalive of the UAA server default: 120000 env.http_proxy: diff --git a/jobs/uaa/templates/bin/pre-start.erb b/jobs/uaa/templates/bin/pre-start.erb index 605d318032..5901545e5b 100755 --- a/jobs/uaa/templates/bin/pre-start.erb +++ b/jobs/uaa/templates/bin/pre-start.erb @@ -149,29 +149,21 @@ function insert_ssl_cert { log "Installed Server SSL certificate" } -function configure_tomcat { - # When run with bpm, the vcap user does not have permissions to read - # files in the jobs and packages directories. Consequently, we move - # our tomcat installation into a directory where we have full permissions. - rm -rf /var/vcap/data/uaa/tomcat - mkdir -p /var/vcap/data/uaa/ - cp -a /var/vcap/packages/uaa/tomcat /var/vcap/data/uaa/ - cp -a /var/vcap/jobs/uaa/config/tomcat/* /var/vcap/data/uaa/tomcat/conf/ - chown -R vcap:vcap /var/vcap/data/uaa/ -} - function configure_spring_boot { + log "Configure Spring Boot directories" + # When run with bpm, the vcap user does not have permissions to read # files in the jobs and packages directories. Consequently, we move # our spring boot installation into a directory where we have full permissions. rm -rf /var/vcap/data/uaa/boot - mkdir -p /var/vcap/data/uaa - mkdir -p /var/vcap/data/sys/run/uaa/exec-tmp - cp -a /var/vcap/packages/uaa/boot /var/vcap/data/uaa/ - cp -a /var/vcap/jobs/uaa/config/boot/* /var/vcap/data/uaa/boot/ mkdir -p /var/vcap/data/uaa/boot/webapps mkdir -p /var/vcap/data/uaa/boot/work - chown -R vcap:vcap /var/vcap/data/uaa/boot + cp -a /var/vcap/packages/uaa/boot /var/vcap/data/uaa/ + cp -a /var/vcap/jobs/uaa/config/boot/* /var/vcap/data/uaa/boot/ + chown -R vcap:vcap /var/vcap/data/uaa + + # Bouncy Castle FIPS needs a tmp dir with exec permissions + mkdir -p /var/vcap/data/sys/run/uaa/exec-tmp chown -R vcap:vcap /var/vcap/data/sys/run/uaa/exec-tmp chmod 0755 /var/vcap/data/sys/run/uaa/exec-tmp } @@ -191,11 +183,8 @@ PERSISTENT_UAA_CA_CERTS_FILE=$PERSISTENT_CERTS_DIR/uaa-ca-certs-cache.txt LDAP_CERTS_FILE=/var/vcap/jobs/uaa/config/ldap.crt PERSISTENT_LDAP_CERTS_FILE=$PERSISTENT_CERTS_DIR/ldap-certs-cache.txt -process_certs - -configure_tomcat - configure_spring_boot +process_certs rm -rf $TMP_DIR diff --git a/jobs/uaa/templates/bin/uaa b/jobs/uaa/templates/bin/uaa index 55105b3fee..d71bbf7d17 100644 --- a/jobs/uaa/templates/bin/uaa +++ b/jobs/uaa/templates/bin/uaa @@ -32,12 +32,13 @@ JAVA_OPTS="$JAVA_OPTS -Dnetworkaddress.cache.ttl=0 $HTTP_PROXY_JAVA_OPTIONS $KEY JAVA_OPTS="$JAVA_OPTS -Dlog4j.configurationFile=/var/vcap/jobs/uaa/config/log4j2.properties" JAVA_OPTS="$JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true" JAVA_OPTS="$JAVA_OPTS -Djava.io.tmpdir=/var/vcap/data/sys/run/uaa/exec-tmp" +JAVA_OPTS="$JAVA_OPTS -Dorg.bouncycastle.native.loader.install_dir=/var/vcap/data/sys/run/uaa/exec-tmp" JAVA_OPTS="$JAVA_OPTS -XX:+HeapDumpOnOutOfMemoryError" JAVA_OPTS="$JAVA_OPTS -XX:HeapDumpPath=${uaa_log_dir}" export PATH export JAVA_OPTS -BOOT_RUN_LOCATION=/var/vcap/data/uaa/boot +boot_run_location=/var/vcap/data/uaa/boot BOOT_OPTS="${JAVA_OPTS}" ### TODO what is the difference between -Dlog4j.configurationFile and -Dlogging.config? BOOT_OPTS="${BOOT_OPTS} -Dlogging.config=/var/vcap/jobs/uaa/config/log4j2.properties" @@ -46,27 +47,17 @@ BOOT_OPTS="${BOOT_OPTS} -Dmetrics.perRequestMetrics=true" BOOT_OPTS="${BOOT_OPTS} -Dserver.servlet.context-path=/" BOOT_OPTS="${BOOT_OPTS} -Dstatsd.enabled=true" BOOT_OPTS="${BOOT_OPTS} <%= p("uaa.catalina_opts") %>" -BOOT_FILE=${BOOT_RUN_LOCATION}/uaa-boot.war - -TOMCAT_ENABLED=<%= p("runtime.tomcat.enabled") %> -if [[ "${TOMCAT_ENABLED}" == "true" ]]; then - export CATALINA_TMPDIR=/var/vcap/data/sys/run/uaa/exec-tmp - log "Calling Tomcat start up command" - /var/vcap/packages/uaa/tomcat/bin/catalina.sh run & - CATALINA_PID=$! - log "uaa/tomcat started in background. Waiting for signals." - wait "${CATALINA_PID}" - EXIT_STATUS=$? - log "uaa/tomcat job exiting" - exit $EXIT_STATUS -else - # location of application.yml - cd ${BOOT_RUN_LOCATION} - java ${BOOT_OPTS} -jar ${BOOT_FILE} & - BOOT_PID=$! - log "uaa/boot started in background. Waiting for signals." - wait "${BOOT_PID}" - EXIT_STATUS=$? - log "uaa/boot job exiting" - exit $EXIT_STATUS -fi +BOOT_FILE=${boot_run_location}/uaa-boot.war + +# location of application.yml +cd ${boot_run_location} +java ${BOOT_OPTS} -jar ${BOOT_FILE} > ${uaa_log_dir}/boot.log 2>&1 & +boot_pid=$! +mkdir -p /var/vcap/sys/run/bpm/uaa +echo "${boot_pid}" > /var/vcap/sys/run/bpm/uaa/uaa.pid +sleep 1 +log "uaa/boot(pid=${boot_pid}) started in background. Waiting for signals." +wait "${boot_pid}" +exit_status=$? +log "uaa/boot(pid=${boot_pid}) job exiting, with status: ${exit_status}" +exit ${exit_status} diff --git a/jobs/uaa/templates/config/bpm.yml.erb b/jobs/uaa/templates/config/bpm.yml.erb index 5529a57989..d96ad06c8d 100644 --- a/jobs/uaa/templates/config/bpm.yml.erb +++ b/jobs/uaa/templates/config/bpm.yml.erb @@ -2,8 +2,6 @@ processes: - name: uaa executable: /var/vcap/jobs/uaa/bin/uaa env: - CATALINA_BASE: /var/vcap/data/uaa/tomcat - CATALINA_HOME: /var/vcap/data/uaa/tomcat CLOUDFOUNDRY_CONFIG_PATH: /var/vcap/jobs/uaa/config CLOUDFOUNDRY_LOG_PATH: /var/vcap/sys/log/uaa CATALINA_OPTS: "<%= p('uaa.catalina_opts') %>" diff --git a/jobs/uaa/templates/config/tomcat/tomcat.context.xml.erb b/jobs/uaa/templates/config/tomcat/tomcat.context.xml.erb deleted file mode 100644 index cc52eff2a7..0000000000 --- a/jobs/uaa/templates/config/tomcat/tomcat.context.xml.erb +++ /dev/null @@ -1,22 +0,0 @@ - - - - - WEB-INF/web.xml - ${catalina.base}/conf/web.xml - diff --git a/jobs/uaa/templates/config/tomcat/tomcat.logging.properties b/jobs/uaa/templates/config/tomcat/tomcat.logging.properties deleted file mode 100644 index f7aa6933ed..0000000000 --- a/jobs/uaa/templates/config/tomcat/tomcat.logging.properties +++ /dev/null @@ -1,49 +0,0 @@ -handlers = 1catalina.org.apache.juli.FileHandler, 2localhost.org.apache.juli.FileHandler, 3manager.org.apache.juli.FileHandler, 4host-manager.org.apache.juli.FileHandler - -.handlers = 1catalina.org.apache.juli.FileHandler - -############################################################ -# Handler specific properties. -# Describes specific configuration info for Handlers. -############################################################ - -1catalina.org.apache.juli.FileHandler.level = FINE -1catalina.org.apache.juli.FileHandler.directory = /var/vcap/sys/log/uaa -1catalina.org.apache.juli.FileHandler.prefix = catalina -1catalina.org.apache.juli.FileHandler.rotatable = false - -2localhost.org.apache.juli.FileHandler.level = FINE -2localhost.org.apache.juli.FileHandler.directory = /var/vcap/sys/log/uaa -2localhost.org.apache.juli.FileHandler.prefix = localhost -2localhost.org.apache.juli.FileHandler.rotatable = false - -3manager.org.apache.juli.FileHandler.level = FINE -3manager.org.apache.juli.FileHandler.directory = /var/vcap/sys/log/uaa -3manager.org.apache.juli.FileHandler.prefix = manager -3manager.org.apache.juli.FileHandler.rotatable = false - -4host-manager.org.apache.juli.FileHandler.level = FINE -4host-manager.org.apache.juli.FileHandler.directory = /var/vcap/sys/log/uaa -4host-manager.org.apache.juli.FileHandler.prefix = host-manager -4host-manager.org.apache.juli.FileHandler.rotatable = false - -############################################################ -# Facility specific properties. -# Provides extra control for each logger. -############################################################ - -org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO -org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = 2localhost.org.apache.juli.FileHandler - -org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].level = INFO -org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].handlers = 3manager.org.apache.juli.FileHandler - -org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].level = INFO -org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].handlers = 4host-manager.org.apache.juli.FileHandler - -# For example, set the org.apache.catalina.util.LifecycleBase logger to log -# each component that extends LifecycleBase changing state: -#org.apache.catalina.util.LifecycleBase.level = FINE - -# To see debug messages in TldLocationsCache, uncomment the following line: -#org.apache.jasper.compiler.TldLocationsCache.level = FINE diff --git a/jobs/uaa/templates/config/tomcat/tomcat.server.xml.erb b/jobs/uaa/templates/config/tomcat/tomcat.server.xml.erb deleted file mode 100644 index c2eb57dde4..0000000000 --- a/jobs/uaa/templates/config/tomcat/tomcat.server.xml.erb +++ /dev/null @@ -1,110 +0,0 @@ - - - - - - - - - - - <% - default_internal_proxies = "10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}" - - def escape(str) - str.gsub(".","\\.").gsub(":","\\:") - end - - internal_proxies = p('uaa.proxy_ips_regex') - - if_p('uaa.proxy.servers') do |proxyServers| - internal_proxies = proxyServers.map { |ip| escape(ip) } - .push(internal_proxies) - .join('|') - end - - if_link('router') do |router| - internal_proxies = router.instances.map { |instance| escape(instance.address) } - .push(internal_proxies) - .join('|') - end - - if internal_proxies.to_s.strip.length == 0 - internal_proxies = default_internal_proxies - end - - if p("uaa.localhost_http_port") < 1024 || p("uaa.localhost_http_port") > 65535 - raise ArgumentError, "Invalid value (#{p("uaa.localhost_http_port")}) specified for uaa.localhost_http_port, please specify a valid port number in this range [1024-65535]" - end - - if p("uaa.ssl.port") < 1024 || p("uaa.ssl.port") > 65535 - raise ArgumentError, "Invalid value (#{p("uaa.ssl.port")}) specified for uaa.ssl.port, please specify a valid port number in this range [1024-65535]" - end - - if p("uaa.ssl.port") == p("uaa.localhost_http_port") - raise ArgumentError, 'Please specify different values for uaa.ssl.port and uaa.localhost_http_port' - end - - if p("uaa.keepalive_timeout") < -1 - raise ArgumentError, "Invalid value (#{p("uaa.keepalive_timeout")}) specified for uaa.keepalive_timeout, please specify either a positive integer value or -1" - end - %> - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/packages/uaa/packaging b/packages/uaa/packaging index 0b8f0267d7..b76025e923 100644 --- a/packages/uaa/packaging +++ b/packages/uaa/packaging @@ -14,23 +14,6 @@ fi # Ensure correct permissions chmod -R a+r jdk -tomcat_tar_file=$(find "${BOSH_COMPILE_TARGET}" -name "apache-tomcat-*.tar.gz" | sort --version-sort| tail -n1) -mkdir tomcat -tar zxvf "${tomcat_tar_file}" -C tomcat --strip 1 -if [[ $? != 0 ]] ; then - echo "Cannot unpack Tomcat" - exit 1 -fi - -cd tomcat -rm -rf webapps/* -cp -a "${BOSH_COMPILE_TARGET}"/wars/cloudfoundry-identity-uaa.war webapps/ROOT.war -cp -a "${BOSH_COMPILE_TARGET}"/wars/cloudfoundry-identity-statsd.war webapps/statsd.war -cp -a "${BOSH_COMPILE_TARGET}"/wars/tomcat-listener.jar lib/tomcat-listener.jar - -chmod 0755 bin/ -chmod 0755 bin/*.sh - # setup a spring boot directory cd ${BOSH_INSTALL_TARGET} mkdir boot diff --git a/packages/uaa/pre_packaging b/packages/uaa/pre_packaging index 5646c34a60..3322e61dbf 100644 --- a/packages/uaa/pre_packaging +++ b/packages/uaa/pre_packaging @@ -22,16 +22,12 @@ fi #setup Java path export PATH=$JAVA_HOME/bin:$PATH - mkdir wars #build cloud foundry UAA war cd "${BUILD_DIR}"/uaa GIT_DIR=$(find "${RELEASE_DIR}" -path "*/modules/src/uaa") ./gradlew clean assemble --max-workers=4 -Pversion="${UAA_VERSION}" cp uaa/build/libs/"cloudfoundry-identity-uaa-${UAA_VERSION}.war" "${BUILD_DIR}"/wars/cloudfoundry-identity-uaa.war -cp statsd/build/libs/"cloudfoundry-identity-statsd-${UAA_VERSION}.war" "${BUILD_DIR}"/wars/cloudfoundry-identity-statsd.war -cp server/build/libs/"tomcat-listener-${UAA_VERSION}.jar" "${BUILD_DIR}"/wars/tomcat-listener.jar - ls -la "${BUILD_DIR}"/wars #clean build UAA data and build tools (java) diff --git a/packages/uaa/spec b/packages/uaa/spec index b6882306c5..b72425f9b5 100644 --- a/packages/uaa/spec +++ b/packages/uaa/spec @@ -3,5 +3,4 @@ name: uaa dependencies: files: - uaa/**/* -- bellsoft-*.tar.gz -- apache-*.tar.gz +- bellsoft-*.tar.gz \ No newline at end of file diff --git a/spec/compare/all-properties-tomcat-server.xml b/spec/compare/all-properties-tomcat-server.xml deleted file mode 100644 index 1c345791f7..0000000000 --- a/spec/compare/all-properties-tomcat-server.xml +++ /dev/null @@ -1,70 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/spec/tomcat.server.xml.erb_spec.rb b/spec/tomcat.server.xml.erb_spec.rb deleted file mode 100644 index abff26b6a9..0000000000 --- a/spec/tomcat.server.xml.erb_spec.rb +++ /dev/null @@ -1,219 +0,0 @@ -require 'rspec' -require 'nokogiri' -require 'bosh/template/evaluation_context' -require 'spec_helper' -require 'yaml' - -describe 'tomcat.server.xml' do - def read_file(relative_path) - File.read(File.join(File.dirname(__FILE__), relative_path)) - end - - def compile_erb(erb_template_location, manifest) - erb_content = read_file(erb_template_location) - binding = Bosh::Template::EvaluationContext.new(manifest, nil).get_binding - ERB.new(erb_content).result(binding) - end - - let(:compiled_xml) {compile_erb(template, manifest)} - let(:template) {'../jobs/uaa/templates/config/tomcat/tomcat.server.xml.erb'} - let(:manifest) {generate_cf_manifest('spec/input/all-properties-set.yml')} - - it 'matches the expected result' do - expect(compiled_xml.gsub(/\s/, '')).to eq(read_file('compare/all-properties-tomcat-server.xml').gsub(/\s/, '')) - end - - let(:connectors) do - config = Nokogiri::XML.parse(compiled_xml) - config.xpath('//Connector') - end - - let(:http_connector) do - connectors[0] - end - - let(:https_connector) do - connectors[1] - end - - it 'has two connector elements' do - expect(connectors.length).to eq(2) - end - - context 'when uaa.localhost_http_port is valid' do - before(:each) do - manifest['properties']['uaa']['localhost_http_port'] = 2000 - end - - it 'has an http connector with value of uaa.localhost_http_port' do - expect(http_connector["port"]).to eq("2000") - end - end - - context 'when uaa.localhost_http_port is invalid (-1)' do - before(:each) do - manifest['properties']['uaa']['localhost_http_port'] = -1 - end - - it 'returns an error' do - expect {compiled_xml}.to raise_error(ArgumentError, 'Invalid value (-1) specified for uaa.localhost_http_port, please specify a valid port number in this range [1024-65535]') - end - end - - context 'when uaa.localhost_http_port is invalid (1023)' do - before(:each) do - manifest['properties']['uaa']['localhost_http_port'] = 1023 - end - - it 'returns an error' do - expect {compiled_xml}.to raise_error(ArgumentError, 'Invalid value (1023) specified for uaa.localhost_http_port, please specify a valid port number in this range [1024-65535]') - end - end - - context 'when uaa.localhost_http_port is invalid (65536)' do - before(:each) do - manifest['properties']['uaa']['localhost_http_port'] = 65536 - end - - it 'returns an error' do - expect {compiled_xml}.to raise_error(ArgumentError, 'Invalid value (65536) specified for uaa.localhost_http_port, please specify a valid port number in this range [1024-65535]') - end - end - - context 'when uaa.ssl.port is valid' do - before(:each) do - manifest['properties']['uaa']['ssl']['port'] = 3333 - end - - it 'has an http connector with value of uaa.localhost_http_port' do - expect(https_connector["port"]).to eq("3333") - end - end - - context 'when uaa.ssl.port is invalid (-1)' do - before(:each) do - manifest['properties']['uaa']['ssl']['port'] = -1 - end - - it 'returns an error' do - expect {compiled_xml}.to raise_error(ArgumentError, 'Invalid value (-1) specified for uaa.ssl.port, please specify a valid port number in this range [1024-65535]') - end - end - - context 'when uaa.ssl.port is invalid (1023)' do - before(:each) do - manifest['properties']['uaa']['ssl']['port'] = 1023 - end - - it 'returns an error' do - expect {compiled_xml}.to raise_error(ArgumentError, 'Invalid value (1023) specified for uaa.ssl.port, please specify a valid port number in this range [1024-65535]') - end - end - - context 'when uaa.ssl.port is invalid (65536)' do - before(:each) do - manifest['properties']['uaa']['ssl']['port'] = 65536 - end - - it 'returns an error' do - expect {compiled_xml}.to raise_error(ArgumentError, 'Invalid value (65536) specified for uaa.ssl.port, please specify a valid port number in this range [1024-65535]') - end - end - - context 'when uaa.localhost_http_port is the same as uaa.ssl.port' do - before(:each) do - manifest['properties']['uaa']['ssl']['port'] = 9090 - manifest['properties']['uaa']['localhost_http_port'] = 9090 - end - - it 'returns an error' do - expect {compiled_xml}.to raise_error(ArgumentError, 'Please specify different values for uaa.ssl.port and uaa.localhost_http_port') - end - end - - context 'when uaa.keepalive_timeout is invalid (-1)' do - before(:each) do - manifest['properties']['uaa']['keepalive_timeout'] = -2 - end - - it 'returns an error' do - expect {compiled_xml}.to raise_error(ArgumentError, 'Invalid value (-2) specified for uaa.keepalive_timeout, please specify either a positive integer value or -1') - end - end - - context 'using bosh links' do - let(:internal_proxies) do - config = Nokogiri::XML.parse(compiled_xml) - config.xpath('//Valve')[0].attributes['internalProxies'].value - end - - context 'when uaa.proxy_ips_regex is in the manifest' do - it 'includes the proxy_ips_regex when uaa.proxy.servers not set and bosh links not available' do - manifest['properties']['uaa']['proxy']['servers'] = [] - manifest['properties']['uaa']['proxy_ips_regex'] = 'proxy_ips_regex' - manifest['links'] = {} - - expect(internal_proxies).to include('proxy_ips_regex') - end - - it 'includes proxy_ips_regex when uaa.proxy.servers are set and bosh links are not available' do - manifest['properties']['uaa']['proxy']['servers'] = ['1.1.1.1'] - manifest['properties']['uaa']['proxy_ips_regex'] = 'proxy_ips_regex' - manifest['links'] = {} - - expect(internal_proxies).to include('proxy_ips_regex') - end - - it 'includes proxy_ips_regex when uaa.proxy.servers not set and bosh link is available' do - manifest['properties']['uaa']['proxy']['servers'] = [] - manifest['properties']['uaa']['proxy_ips_regex'] = 'proxy_ips_regex' - manifest['links'] = { - 'router' => {'instances' => [{'address' => 'linked-address'}]} - } - - expect(internal_proxies).to include('proxy_ips_regex') - end - - it 'includes proxy_ips_regex when uaa.proxy.servers is set and bosh link is available' do - manifest['properties']['uaa']['proxy']['servers'] = ['1.12.3.4'] - manifest['properties']['uaa']['proxy_ips_regex'] = 'proxy_ips_regex' - manifest['links'] = { - 'router' => {'instances' => [{'address' => 'linked-address'}]} - } - - expect(internal_proxies).to include('proxy_ips_regex') - end - end - - context 'when uaa.proxy.servers is left to default value in the manifest' do - before(:each) do - manifest['properties']['uaa']['proxy_ips_regex'] = 'proxy_ips_regex' - manifest['properties']['uaa']['proxy']['servers'] = [] - end - - let(:manifest) {generate_cf_manifest('spec/input/all-properties-set.yml', links)} - - context 'when a bosh-link is available' do - let(:links) {{ - 'router' => {'instances' => [{'address' => 'linked-address'}]} - }} - - it 'uses the bosh-linked router config' do - expect(internal_proxies).to eq('linked-address|proxy_ips_regex') - end - end - - context 'when there is no bosh-link available' do - before(:each) do - manifest['properties']['uaa']['proxy_ips_regex'] = '' - manifest['properties']['uaa']['proxy']['servers'] = [] - end - let(:links) {{}} - - it 'uses the default internal proxies list' do - expect(internal_proxies).to eq '10.d{1,3}.d{1,3}.d{1,3}|192.168.d{1,3}.d{1,3}|169.254.d{1,3}.d{1,3}|127.d{1,3}.d{1,3}.d{1,3}|172.1[6-9]{1}.d{1,3}.d{1,3}|172.2[0-9]{1}.d{1,3}.d{1,3}|172.3[0-1]{1}.d{1,3}.d{1,3}' - end - end - end - end -end