diff --git a/.jshintrc b/.jshintrc
deleted file mode 100644
index cefd7b5..0000000
--- a/.jshintrc
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- "esversion": 6,
- "esnext": true
-}
diff --git a/index.js b/index.js
index 8a64363..47c68fe 100644
--- a/index.js
+++ b/index.js
@@ -12,12 +12,11 @@
* the License.
*/
-import session from './server/session';
-import binding from './server/binding';
-import healthCheck from './server/healthcheck';
+module.exports = (kibana) => {
-export default (kibana) => {
- const COOKIE_PASSWORD_SIZE = 32;
+ const session = require('./server/session');
+ const proxy = require('./server/proxy');
+ const healthCheck = require('./server/healthcheck');
return new kibana.Plugin({
require: ['elasticsearch'],
@@ -28,19 +27,17 @@ export default (kibana) => {
function config(Joi) {
const cookie = Joi.object({
- name : Joi.string()
- .default('keystone'),
password : Joi.string()
- .min(COOKIE_PASSWORD_SIZE)
- .default(require('crypto').randomBytes(COOKIE_PASSWORD_SIZE).toString('hex')),
+ .min(16)
+ .default(require('crypto').randomBytes(16).toString('hex')),
isSecure : Joi.boolean()
- .default(process.env.NODE_ENV !== 'development'),
+ .default(false),
ignoreErrors: Joi.boolean()
.default(true),
expiresIn : Joi.number()
.positive()
.integer()
- .default(60 * 60 * 1000) // 1 hour
+ .default(24 * 60 * 60 * 1000) // 1 day
}).default();
return Joi.object({
@@ -54,11 +51,9 @@ export default (kibana) => {
}
function init(server) {
- server.log(['status', 'debug', 'keystone'], 'Initializing keystone plugin');
- binding(server).start();
- session(server).start();
+ session(server);
+ proxy(server);
healthCheck(this, server).start();
- server.log(['status', 'debug', 'keystone'], 'Initialized keystone plugin');
}
};
diff --git a/package.json b/package.json
index 20b490b..a7af291 100644
--- a/package.json
+++ b/package.json
@@ -1,14 +1,13 @@
{
"name": "fts-keystone",
- "version": "0.0.2",
- "description": "Keystone authentication & multitenancy support for Kibana 4.4.x",
+ "version": "0.0.1",
+ "description": "Keystone authentication support for Kibana 4.4.x",
"author": "Fujitsu Enabling Software Technology GmbH",
- "license": "Apache-2.0",
+ "licenses": "Apache-2.0",
"keywords": [
"kibana",
"authentication",
"keystone",
- "multitenancy",
"plugin"
],
"scripts": {
@@ -23,9 +22,8 @@
},
"main": "gulpfile.js",
"dependencies": {
- "hoek": "^4.0.1",
- "keystone-v3-client": "^0.0.7",
- "yar": "^7.x.x"
+ "yar": "^4.2.0",
+ "keystone-v3-client": "^0.0.7"
},
"repository": {
"type": "git",
@@ -45,14 +43,11 @@
"gulp-mocha": "^2.2.0",
"gulp-tar": "^1.8.0",
"gulp-util": "^3.0.7",
- "joi": "^9.0.4",
"lodash": "^4.2.1",
"mkdirp": "^0.5.1",
"proxyquire": "^1.7.4",
"rimraf": "^2.5.1",
"rsync": "^0.4.0",
- "semver": "^5.3.0",
- "sinon": "^1.17.3",
- "wreck": "^8.0.0"
+ "sinon": "^1.17.3"
}
}
diff --git a/server/__tests__/binding.spec.js b/server/__tests__/binding.spec.js
deleted file mode 100644
index 1c752e6..0000000
--- a/server/__tests__/binding.spec.js
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-const sinon = require('sinon');
-const chai = require('chai');
-const proxyRequire = require('proxyquire');
-
-describe('fts-keystone', () => {
- describe('binding', () => {
-
- it('should expose tokens & users', () => {
-
- let tokens = sinon.spy();
- let users = sinon.spy();
-
- let server = {
- config: sinon.stub().returns({
- get: sinon.spy()
- }),
- expose: sinon.spy()
- };
-
- proxyRequire('../binding', {
- 'keystone-v3-client/lib/keystone/tokens': tokens,
- 'keystone-v3-client/lib/keystone/users' : users
- })(server).start();
-
- chai.expect(server.expose.callCount).to.be.eq(2);
- chai.expect(server.expose.calledWith('tokens', tokens));
- chai.expect(server.expose.calledWith('users', users));
-
- });
- });
-});
diff --git a/server/__tests__/healthcheck.spec.js b/server/__tests__/healthcheck.spec.js
index da44619..1da9106 100644
--- a/server/__tests__/healthcheck.spec.js
+++ b/server/__tests__/healthcheck.spec.js
@@ -52,7 +52,6 @@ describe('plugins/fts-keystone', ()=> {
server = {
log : sinon.stub(),
- on : sinon.stub(),
config: function () {
return {
get: configGet
@@ -64,7 +63,6 @@ describe('plugins/fts-keystone', ()=> {
it('should set status to green if keystone available', (done)=> {
let expectedCode = 200;
- let expectedStatus = true;
let healthcheck = proxyRequire('../healthcheck', {
'http': {
request: (_, callback)=> {
@@ -84,8 +82,8 @@ describe('plugins/fts-keystone', ()=> {
check
.run()
- .then((status) => {
- chai.expect(expectedStatus).to.be.equal(status);
+ .then((code) => {
+ chai.expect(expectedCode).to.be.equal(code);
chai.expect(plugin.status.green.calledWith('Ready')).to.be.ok;
})
.finally(done);
@@ -94,7 +92,6 @@ describe('plugins/fts-keystone', ()=> {
it('should set status to red if keystone not available', (done) => {
let expectedCode = 500;
- let expectedStatus = false;
let healthcheck = proxyRequire('../healthcheck', {
'http': {
request: (_, callback)=> {
@@ -114,8 +111,8 @@ describe('plugins/fts-keystone', ()=> {
check
.run()
- .catch((status) => {
- chai.expect(expectedStatus).to.be.equal(status);
+ .catch((code) => {
+ chai.expect(expectedCode).to.be.equal(code);
chai.expect(plugin.status.red.calledWith('Unavailable')).to.be.ok;
})
.finally(done);
diff --git a/server/__tests__/proxy.spec.js b/server/__tests__/proxy.spec.js
new file mode 100644
index 0000000..ef07373
--- /dev/null
+++ b/server/__tests__/proxy.spec.js
@@ -0,0 +1,174 @@
+/*
+ * Copyright 2016 FUJITSU LIMITED
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+const proxyRequire = require('proxyquire');
+const Promise = require('bluebird');
+const sinon = require('sinon');
+const chai = require('chai');
+
+describe('plugins/fts-keystone', ()=> {
+ describe('proxy', ()=> {
+ describe('proxy_check', ()=> {
+
+ const keystoneUrl = 'http://localhost'; // mocking http
+ const keystonePort = 9000;
+
+ let server;
+ let configGet;
+
+ beforeEach(()=> {
+ configGet = sinon.stub();
+ configGet.withArgs('fts-keystone.url').returns(keystoneUrl);
+ configGet.withArgs('fts-keystone.port').returns(keystonePort);
+
+ server = {
+ log : sinon.stub(),
+ config: function () {
+ return {
+ get: configGet
+ };
+ }
+ };
+ });
+
+ it('should do nothing if not /elasticsearch call', ()=> {
+ let checkSpy = sinon.spy();
+ let retrieveTokenSpy = sinon.spy();
+ let proxy = proxyRequire('../proxy/proxy', {
+ 'keystone-v3-client/lib/keystone/tokens': () => {
+ return {check: checkSpy};
+ },
+ './retrieveToken' : retrieveTokenSpy
+ })(server);
+ let request = {
+ url: {
+ path: '/bundles/styles.css'
+ }
+ };
+ let reply = {
+ 'continue': sinon.spy()
+ };
+
+ proxy(request, reply);
+
+ chai.expect(reply.continue.calledOnce).to.be.ok;
+ chai.expect(checkSpy.called).to.not.be.ok;
+ chai.expect(retrieveTokenSpy.called).to.not.be.ok;
+ });
+
+ it('should authenticate with keystone', (done)=> {
+
+ let token = '1234567890';
+ let checkStub = sinon.stub().returns(Promise.resolve());
+ let retrieveTokenStub = sinon.stub().returns(token);
+
+ let proxy = proxyRequire('../proxy/proxy', {
+ 'keystone-v3-client/lib/keystone/tokens': () => {
+ return {check: checkStub};
+ },
+ './retrieveToken' : retrieveTokenStub
+ })(server);
+ let request = {
+ session: {
+ 'get' : sinon.stub(),
+ 'set' : sinon.stub()
+ },
+ url : {
+ path: '/elasticsearch/.kibana'
+ }
+ };
+
+ let reply = {
+ 'continue': sinon.spy()
+ };
+ let replyCall;
+
+ proxy(request, reply)
+ .finally(verifyStubs)
+ .done(done);
+
+ function verifyStubs() {
+ chai.expect(reply.continue.calledOnce).to.be.ok;
+ replyCall = reply.continue.firstCall.args;
+
+ chai.expect(replyCall).to.be.empty;
+
+ // other stubs
+ chai.expect(checkStub.calledOnce).to.be.ok;
+ chai.expect(checkStub.calledWithExactly({
+ headers: {
+ 'X-Auth-Token' : token,
+ 'X-Subject-Token': token
+ }
+ })).to.be.ok;
+
+ chai.expect(retrieveTokenStub.calledOnce).to.be.ok;
+ chai.expect(retrieveTokenStub.calledWithExactly(server, request))
+ .to.be.ok;
+ }
+ });
+
+ it('should not authenticate with keystone', (done)=> {
+ let token = '1234567890';
+ let checkStub = sinon.stub().returns(Promise.reject({
+ statusCode: 666
+ }));
+ let retrieveTokenStub = sinon.stub().returns(token);
+ let proxy = proxyRequire('../proxy/proxy', {
+ 'keystone-v3-client/lib/keystone/tokens': () => {
+ return {check: checkStub};
+ },
+ './retrieveToken' : retrieveTokenStub
+ })(server);
+ let request = {
+ session: {
+ 'get' : sinon.stub(),
+ 'set' : sinon.stub()
+ },
+ url : {
+ path: '/elasticsearch/.kibana'
+ }
+ };
+ let reply = sinon.spy();
+ let replyCall;
+
+ proxy(request, reply)
+ .finally(verifyStubs)
+ .done(done);
+
+ function verifyStubs() {
+ chai.expect(reply.calledOnce).to.be.ok;
+ replyCall = reply.firstCall.args[0];
+
+ chai.expect(replyCall.isBoom).to.be.ok;
+
+ // other stubs
+ chai.expect(checkStub.calledOnce).to.be.ok;
+ chai.expect(checkStub.calledWithExactly({
+ headers: {
+ 'X-Auth-Token' : token,
+ 'X-Subject-Token': token
+ }
+ })).to.be.ok;
+
+ chai.expect(retrieveTokenStub.calledOnce).to.be.ok;
+ chai.expect(retrieveTokenStub.calledWithExactly(server, request))
+ .to.be.ok;
+ }
+
+ });
+
+ });
+ });
+});
diff --git a/server/__tests__/retrieveToken.spec.js b/server/__tests__/retrieveToken.spec.js
index dba95ff..03bb6b8 100644
--- a/server/__tests__/retrieveToken.spec.js
+++ b/server/__tests__/retrieveToken.spec.js
@@ -15,176 +15,157 @@
const sinon = require('sinon');
const chai = require('chai');
-const retrieveToken = require('../mt/auth/token');
-const CONSTANTS = require('../const');
-const RELOAD_SYMBOL = require('../mt/auth/reload');
+const retrieveToken = require('../proxy/retrieveToken');
describe('plugins/fts-keystone', ()=> {
- describe('mt', ()=> {
- describe('auth', () => {
- describe('token', ()=> {
+ describe('proxy', ()=> {
+ describe('retrieveToken', ()=> {
- let server;
+ let server;
- beforeEach(()=> {
- server = {
- log: sinon.stub()
- };
- });
+ beforeEach(()=> {
+ server = {
+ log: sinon.stub()
+ };
+ });
- it('should return isBoom if session not available', ()=> {
- let request = {};
- let errMsg = /Session support is missing/;
+ it('should return isBoom if session not available', ()=> {
+ let request = {};
+ let errMsg = /Session support is missing/;
- chai.expect(()=> {
- retrieveToken(server, request);
- }).to.throw(errMsg);
+ chai.expect(()=> {
+ retrieveToken(server, request);
+ }).to.throw(errMsg);
- request = {
- yar: undefined
- };
- chai.expect(()=> {
- retrieveToken(server, request);
- }).to.throw(errMsg);
+ request = {
+ session: undefined
+ };
+ chai.expect(()=> {
+ retrieveToken(server, request);
+ }).to.throw(errMsg);
- request = {
- session: null
- };
- chai.expect(()=> {
- retrieveToken(server, request);
- }).to.throw(errMsg);
- });
+ request = {
+ session: null
+ };
+ chai.expect(()=> {
+ retrieveToken(server, request);
+ }).to.throw(errMsg);
+ });
- it('should Boom with unauthorized if token not in header or session', function () {
- let expectedMsg = 'You\'re not logged into the OpenStack. Please login via Horizon Dashboard';
- let request = {
- yar : {
- 'get': sinon
- .stub()
- .withArgs(CONSTANTS.SESSION_TOKEN_KEY)
- .returns(undefined)
- },
- headers: {}
- };
-
- let result = retrieveToken(server, request);
- chai.expect(result.isBoom).to.be.true;
- chai.expect(result.output.payload.message).to.be.eq(expectedMsg);
- chai.expect(result.output.statusCode).to.be.eq(401);
- });
-
- it('should use session token if requested does not have it', () => {
- let expectedToken = 'SOME_RANDOM_TOKEN';
- let yar = {
- 'reset': sinon.spy(),
- 'set' : sinon.spy(),
- 'get' : sinon.stub()
- };
- let request = {
- yar : yar,
- headers: {}
- };
- let token;
-
- yar.get.returns(expectedToken);
-
- token = retrieveToken(server, request);
- chai.expect(token).not.to.be.undefined;
- chai.expect(token).to.be.eql(expectedToken);
-
- console.log(yar.get.callCount);
-
- chai.expect(yar.get.callCount).to.be.eq(2);
- chai.expect(yar.set.calledOnce).not.to.be.ok;
- chai.expect(
- yar.set.calledWithExactly(CONSTANTS.SESSION_TOKEN_KEY, expectedToken)
- ).not.to.be.ok;
- });
-
- it('should set token in session if not there and request has it', () => {
- let expectedToken = 'SOME_RANDOM_TOKEN';
- let yar = {
- 'reset': sinon.spy(),
- 'set' : sinon.spy(),
- 'get' : sinon.stub()
- };
- let request = {
- yar : yar,
- headers: {
- 'x-auth-token': expectedToken
- }
- };
- let token;
-
- yar.get
- .withArgs(CONSTANTS.SESSION_TOKEN_KEY)
- .onCall(0).returns(undefined)
- .onCall(1).returns(expectedToken);
-
- token = retrieveToken(server, request);
- chai.expect(token).to.not.be.undefined;
- chai.expect(token).to.be.eql(expectedToken);
-
- chai.expect(yar.get.callCount).to.be.eq(2);
- chai.expect(yar.set.calledOnce).to.be.ok;
-
- chai.expect(
- yar.set.calledWithExactly(
- CONSTANTS.SESSION_TOKEN_KEY,
- expectedToken
- )
- ).to.be.ok;
- chai.expect(
- yar.set.calledWithExactly(
- CONSTANTS.SESSION_TOKEN_CHANGED,
- CONSTANTS.TOKEN_CHANGED_VALUE
- )
- ).to.not.be.ok;
- });
-
- it('should update token in session if request\'s token is different', ()=> {
- let expectedToken = 'SOME_RANDOM_TOKEN';
- let oldToken = 'OLD_TOKEN';
-
- let headers = {
- 'x-auth-token': expectedToken
- };
- let yar = {
- 'reset': sinon.stub(),
- 'get' : sinon
+ it('should Boom with unauthorized if token not in header or session', function () {
+ let expectedMsg = 'You\'re not logged into the OpenStack. Please login via Horizon Dashboard';
+ let request = {
+ session: {
+ 'get': sinon
.stub()
- .withArgs(CONSTANTS.SESSION_TOKEN_KEY)
- .returns(oldToken),
- 'set' : sinon.spy()
- };
- let token;
- let request = {
- yar : yar,
- headers: headers
- };
+ .withArgs('keystone_token')
+ .returns(undefined)
+ },
+ headers: {}
+ };
- token = retrieveToken(server, request);
- chai.expect(token).to.not.be.undefined;
- chai.expect(token).to.be.eql(RELOAD_SYMBOL);
+ let result = retrieveToken(server, request);
+ chai.expect(result.isBoom).to.be.true;
+ chai.expect(result.output.payload.message).to.be.eq(expectedMsg);
+ chai.expect(result.output.statusCode).to.be.eq(401);
+ });
- chai.expect(yar.reset.calledOnce).to.be.ok;
- chai.expect(yar.get.calledOnce).to.be.ok;
+ it('should use session token if requested does not have it', () => {
+ let expectedToken = 'SOME_RANDOM_TOKEN';
+ let yar = {
+ 'set': sinon
+ .spy(),
+ 'get': sinon
+ .stub()
+ .withArgs('keystone_token')
+ .returns(expectedToken)
+ };
+ let request = {
+ session: yar,
+ headers: {}
+ };
+ let token;
- chai.expect(yar.set.callCount).to.be.eq(2);
- chai.expect(
- yar.set.calledWithExactly(
- CONSTANTS.SESSION_TOKEN_KEY,
- expectedToken
- )
- ).to.be.ok;
- chai.expect(
- yar.set.calledWithExactly(
- CONSTANTS.SESSION_TOKEN_CHANGED,
- CONSTANTS.TOKEN_CHANGED_VALUE
- )
- ).to.be.ok;
+ token = retrieveToken(server, request);
+ chai.expect(token).not.to.be.undefined;
+ chai.expect(token).to.be.eql(expectedToken);
- });
+ chai.expect(
+ yar.get.calledOnce
+ ).to.be.ok;
+ chai.expect(
+ yar.set.calledOnce
+ ).not.to.be.ok;
+ chai.expect(
+ yar.set.calledWithExactly('keystone_token', expectedToken)
+ ).not.to.be.ok;
+ });
+
+ it('should set token in session if not there and request has it', () => {
+ let expectedToken = 'SOME_RANDOM_TOKEN';
+ let yar = {
+ 'set': sinon
+ .spy(),
+ 'get': sinon
+ .stub()
+ .withArgs('keystone_token')
+ .returns(undefined)
+ };
+ let request = {
+ session: yar,
+ headers: {
+ 'x-auth-token': expectedToken
+ }
+ };
+ let token;
+
+ token = retrieveToken(server, request);
+ chai.expect(token).to.not.be.undefined;
+ chai.expect(token).to.be.eql(expectedToken);
+
+ chai.expect(
+ yar.get.calledOnce
+ ).to.be.ok;
+ chai.expect(
+ yar.set.calledOnce
+ ).to.be.ok;
+ chai.expect(
+ yar.set.calledWithExactly('keystone_token', expectedToken)
+ ).to.be.ok;
+ });
+
+ it('should update token in session if request\'s token is different', ()=> {
+ let expectedToken = 'SOME_RANDOM_TOKEN';
+ let headers = {
+ 'x-auth-token': expectedToken
+ };
+ let yar = {
+ 'get': sinon
+ .stub()
+ .withArgs('keystone_token')
+ .returns('SOME_OLD_TOKEN'),
+ 'set': sinon
+ .spy()
+ };
+ let token;
+ let request = {
+ session: yar,
+ headers: headers
+ };
+
+ token = retrieveToken(server, request);
+ chai.expect(token).to.not.be.undefined;
+ chai.expect(token).to.be.eql(expectedToken);
+
+ chai.expect(
+ yar.get.calledOnce
+ ).to.be.ok;
+ chai.expect(
+ yar.set.calledOnce
+ ).to.be.ok;
+ chai.expect(
+ yar.set.calledWithExactly('keystone_token', expectedToken)
+ ).to.be.ok;
});
});
});
diff --git a/server/__tests__/routing.createProxy.spec.js b/server/__tests__/routing.createProxy.spec.js
deleted file mode 100644
index 9f3c95a..0000000
--- a/server/__tests__/routing.createProxy.spec.js
+++ /dev/null
@@ -1,132 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-const sinon = require('sinon');
-const chai = require('chai');
-const proxyRequire = require('proxyquire');
-
-describe('plugins/fts-keystone', () => {
- describe('mt', () => {
- describe('routing', () => {
- describe('createProxy', () => {
- const kibanaIndex = '.kibana';
- const server = {
- log : sinon.spy(),
- config: sinon.stub().returns({
- get: sinon.stub().withArgs('kibana.index').returns(kibanaIndex)
- })
- };
-
- let mgetHandler;
- let pathsHandler;
- let kibanaIndexHandler;
- let defaultHandler;
-
- beforeEach(() => {
- mgetHandler = sinon.stub().returns({});
- pathsHandler = sinon.stub().returns({});
- kibanaIndexHandler = sinon.stub().returns({});
- defaultHandler = sinon.stub().returns({});
-
- server.route = sinon.spy();
- });
-
- it('should load mget handler if that is the route', () => {
- const route = '/_mget';
- const method = sinon.spy();
-
- proxyRequire('../mt/routing/_create_proxy', {
- './routes/mget' : mgetHandler,
- './routes/paths' : pathsHandler,
- './routes/kibana_index': kibanaIndexHandler,
- './routes/default' : defaultHandler
- })(server, method, route);
-
- chai.expect(mgetHandler.calledOnce).to.be.ok;
- chai.expect(mgetHandler.calledWith(server, method, sinon.match.string)).to.be.ok;
-
- chai.expect(pathsHandler.calledOnce).to.not.be.ok;
- chai.expect(kibanaIndexHandler.calledOnce).to.not.be.ok;
- chai.expect(defaultHandler.calledOnce).to.not.be.ok;
-
- chai.expect(server.route.calledWith(sinon.match.object)).to.be.ok;
- });
-
- it('should load paths handler if that is the route', () => {
- const route = '/{paths*}';
- const method = sinon.spy();
-
- proxyRequire('../mt/routing/_create_proxy', {
- './routes/mget' : mgetHandler,
- './routes/paths' : pathsHandler,
- './routes/kibana_index': kibanaIndexHandler,
- './routes/default' : defaultHandler
- })(server, method, route);
-
- chai.expect(pathsHandler.calledOnce).to.be.ok;
- chai.expect(pathsHandler.calledWith(server, method, sinon.match.string)).to.be.ok;
-
- chai.expect(mgetHandler.calledOnce).to.not.be.ok;
- chai.expect(kibanaIndexHandler.calledOnce).to.not.be.ok;
- chai.expect(defaultHandler.calledOnce).to.not.be.ok;
-
- chai.expect(server.route.calledWith(sinon.match.object)).to.be.ok;
- });
-
- it('should load default handler if that is the route', () => {
- const route = '/other';
- const method = sinon.spy();
-
- proxyRequire('../mt/routing/_create_proxy', {
- './routes/mget' : mgetHandler,
- './routes/paths' : pathsHandler,
- './routes/kibana_index': kibanaIndexHandler,
- './routes/default' : defaultHandler
- })(server, method, route);
-
- chai.expect(defaultHandler.calledOnce).to.be.ok;
- chai.expect(defaultHandler.calledWith(server, method, sinon.match.string)).to.be.ok;
-
- chai.expect(mgetHandler.calledOnce).to.not.be.ok;
- chai.expect(kibanaIndexHandler.calledOnce).to.not.be.ok;
- chai.expect(pathsHandler.calledOnce).to.not.be.ok;
-
- chai.expect(server.route.calledWith(sinon.match.object)).to.be.ok;
- });
-
- it('should load kibana handler if that is the route', () => {
- const route = `/${kibanaIndex}/{paths*}`;
- const method = sinon.spy();
-
- proxyRequire('../mt/routing/_create_proxy', {
- './routes/mget' : mgetHandler,
- './routes/paths' : pathsHandler,
- './routes/kibana_index': kibanaIndexHandler,
- './routes/default' : defaultHandler
- })(server, method, route);
-
- chai.expect(kibanaIndexHandler.calledOnce).to.be.ok;
- chai.expect(kibanaIndexHandler.calledWith(server, method, sinon.match.string)).to.be.ok;
-
- chai.expect(mgetHandler.calledOnce).to.not.be.ok;
- chai.expect(defaultHandler.calledOnce).to.not.be.ok;
- chai.expect(pathsHandler.calledOnce).to.not.be.ok;
-
- chai.expect(server.route.calledWith(sinon.match.object)).to.be.ok;
- });
-
- });
- });
- });
-});
diff --git a/server/__tests__/routing.reRouting.spec.js b/server/__tests__/routing.reRouting.spec.js
deleted file mode 100644
index 8704809..0000000
--- a/server/__tests__/routing.reRouting.spec.js
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-const sinon = require('sinon');
-const chai = require('chai');
-const proxyRequire = require('proxyquire');
-
-describe('plugins/fts-keystone', () => {
- describe('mt', () => {
- describe('routing', () => {
- describe('reRoute', () => {
- const prefix = '/test';
- const server = {
- log: sinon.spy()
- };
-
- it('should re-route ElasticSearch request', () => {
- const requestPath = '/elasticsearch/something/a/b/c';
-
- let request = {
- setUrl: sinon.spy()
- };
- let reply = {
- continue: sinon.spy()
- };
- let utils = {
- requestPath: sinon.stub().withArgs(request).returns(requestPath),
- isESRequest: sinon.stub().withArgs(request).returns(true)
- };
-
- proxyRequire('../mt/routing/_re_route', {
- '../../util': utils,
- './_utils' : {
- PREFIX: prefix
- }
- })(server)(request, reply);
-
- chai.expect(request.setUrl.calledOnce).to.be.ok;
- chai.expect(request.setUrl.calledWith(`${prefix}${requestPath}`)).to.be.ok;
- chai.expect(reply.continue.calledOnce).to.be.ok;
-
- });
-
- it('should not re-route non-ElasticSearch request', () => {
- const requestPath = '/resources/cool.ico';
-
- let request = {
- setUrl: sinon.spy()
- };
- let reply = {
- continue: sinon.spy()
- };
- let utils = {
- requestPath: sinon.stub().withArgs(request).returns(requestPath),
- isESRequest: sinon.stub().withArgs(request).returns(false)
- };
-
- proxyRequire('../mt/routing/_re_route', {
- '../../util': utils,
- './_utils' : {
- PREFIX: prefix
- }
- })(server)(request, reply);
-
- chai.expect(request.setUrl.calledOnce).to.not.be.ok;
- chai.expect(request.setUrl.calledWith(`${prefix}${requestPath}`)).to.not.be.ok;
- chai.expect(reply.continue.calledOnce).to.be.ok;
-
- });
-
-
- });
- });
- });
-});
diff --git a/server/__tests__/routing.spec.js b/server/__tests__/routing.spec.js
deleted file mode 100644
index 4896c82..0000000
--- a/server/__tests__/routing.spec.js
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-const sinon = require('sinon');
-const chai = require('chai');
-const proxyRequire = require('proxyquire');
-
-describe('plugins/fts-keystone', ()=> {
- describe('mt', ()=> {
- describe('routing', () => {
-
- const createProxy = sinon.spy();
- const serverLog = sinon.spy();
-
- let serverExt;
- let server;
- let reRoute;
-
- beforeEach(() => {
- serverExt = sinon.spy();
- server = {
- log: serverLog,
- ext: serverExt
- };
- reRoute = sinon.spy();
- });
-
- it('should load re-route logic', (done) => {
-
- proxyRequire('../mt/routing', {
- './_create_proxy': createProxy,
- './_re_route' : reRoute
- })(server).then(verify);
-
- function verify(route) {
- chai.expect(serverExt.calledOnce).to.be.ok;
- chai.expect(serverExt.calledWith('onRequest', reRoute));
- chai.expect(createProxy).to.be.eq(route);
- done();
- }
-
- });
-
- });
- });
-});
diff --git a/server/__tests__/verify.spec.js b/server/__tests__/verify.spec.js
deleted file mode 100644
index d8e6000..0000000
--- a/server/__tests__/verify.spec.js
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-const sinon = require('sinon');
-const chai = require('chai');
-const proxyRequire = require('proxyquire');
-
-const CONSTANTS = require('../const');
-
-describe('plugins/fts-keystone', ()=> {
- describe('mt', ()=> {
- describe('verify', () => {
-
- it('should skip if session not available', () => {
- let server = {
- log: sinon.spy()
- };
- let request = {
- yar: {
- _store: undefined
- }
- };
- let reply = {
- continue: sinon.spy()
- };
-
- require('../mt/verify')(server)(request, reply);
- chai.expect(reply.continue.calledOnce).to.be.ok;
- });
-
- it('should skip if session available but user object not found', () => {
- let server = {
- log: sinon.spy()
- };
- let request = {
- yar: {
- _store: {
- '1': 1
- }
- }
- };
- let reply = {
- continue: sinon.spy()
- };
-
- require('../mt/verify')(server)(request, reply);
- chai.expect(reply.continue.calledOnce).to.be.ok;
- });
-
- it('should skip non ElasticSearch requests', () => {
- let store = {};
-
- store[CONSTANTS.SESSION_USER_KEY] = {'id': 1};
-
- let server = {
- log: sinon.spy()
- };
- let request = {
- url : {
- path: '/some/other/path'
- },
- yar: {
- _store: store
- }
- };
- let reply = {
- continue: sinon.spy()
- };
-
- require('../mt/verify')(server)(request, reply);
- chai.expect(reply.continue.calledOnce).to.be.ok;
- });
-
- it('should call verify indexPattern', () => {
- let store = {};
- let indexPattern = '*';
-
- store[CONSTANTS.SESSION_USER_KEY] = {'id': 1};
-
- let server = {
- log: sinon.spy()
- };
- let request = {
- method: 'GET',
- url : {
- path: `/elasticsearch/${indexPattern}/_mapping/field/`
- },
- yar: {
- _store: store
- }
- };
- let verifyIndexPattern = sinon.spy();
-
- proxyRequire('../mt/verify', {
- './_verify_index_pattern': verifyIndexPattern
- })(server)(request);
-
- chai.expect(verifyIndexPattern.calledOnce).to.be.ok;
- });
-
- });
- });
-});
diff --git a/server/__tests__/verifyIndexPattern.spec.js b/server/__tests__/verifyIndexPattern.spec.js
deleted file mode 100644
index fa23a1d..0000000
--- a/server/__tests__/verifyIndexPattern.spec.js
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-const sinon = require('sinon');
-const chai = require('chai');
-
-const CONSTANTS = require('../const');
-const verifyIndexPattern = require('../mt/verify/_verify_index_pattern');
-
-describe('plugins/fts-keystone', ()=> {
- describe('mt', ()=> {
- describe('verify', () => {
- describe('verify_index_pattern', () => {
-
- it('should reject * as index-pattern', () => {
- let indexPattern = '*';
- let request = {
- url: {
- path: `/a/${indexPattern}/`
- },
- yar: {
- _store: {}
- }
- };
- verifyIndexPattern(request, (result) => {
- chai.expect(result.isBoom)
- .to.be.true;
- chai.expect(result.output.payload.message)
- .to.be.eq('* as pattern is not supported at the moment');
- chai.expect(result.output.statusCode)
- .to.be.eq(422);
- });
- });
-
- it('should reject index-pattern if it does not match user`s projects', () => {
- let projects = [
- { id: 'project_1'}, { id: 'project_2' }, {id: 'project_3'}
- ];
- let indexPattern = 'test';
- let store = {};
-
- store[CONSTANTS.SESSION_PROJECTS_KEY] = projects;
-
- let request = {
- url: {
- path: `/a/${indexPattern}/`
- },
- yar: {
- _store: store
- }
- };
- let reply = sinon.spy();
-
- verifyIndexPattern(request, (result) => {
- chai.expect(result.isBoom)
- .to.be.true;
- chai.expect(result.output.payload.message)
- .to.be.eq(`${indexPattern} do not match any project of current user`);
- chai.expect(result.output.statusCode)
- .to.be.eq(422);
- });
- });
-
- it('should accept index-pattern it it constaint project id', () => {
- let projects = [
- { id: 'project_1'}, { id: 'project_2' }, {id: 'project_3'}
- ];
- let indexPattern = projects[1].id;
- let store = {};
-
- store[CONSTANTS.SESSION_PROJECTS_KEY] = projects;
-
- let request = {
- url: {
- path: `/a/${indexPattern}/`
- },
- yar: {
- _store: store
- }
- };
- let reply = {
- continue: sinon.spy()
- };
-
- verifyIndexPattern(request, reply);
- chai.expect(reply.continue.calledOnce).to.be.ok;
- });
-
- });
- });
- });
-});
diff --git a/server/binding/index.js b/server/binding/index.js
deleted file mode 100644
index b997e9e..0000000
--- a/server/binding/index.js
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-import TokensApi from 'keystone-v3-client/lib/keystone/tokens';
-import UsersApi from 'keystone-v3-client/lib/keystone/users';
-
-module.exports = function binding(server) {
- const config = server.config();
- const keystoneCfg = {
- url: `${config.get('fts-keystone.url')}:${config.get('fts-keystone.port')}`
- };
-
- return {
- start: () => {
- server.expose('tokens', new TokensApi(keystoneCfg));
- server.expose('users', new UsersApi(keystoneCfg));
- }
- };
-
-};
diff --git a/server/const.js b/server/const.js
deleted file mode 100644
index 81850f9..0000000
--- a/server/const.js
+++ /dev/null
@@ -1,22 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-const NOW_TIME = (new Date().valueOf() / 1000);
-
-export const SESSION_USER_KEY = `fts-keystone-user-${NOW_TIME}`;
-export const SESSION_TOKEN_KEY = `fts-keystone-token-${NOW_TIME}`;
-export const SESSION_PROJECTS_KEY = `fts-keystone-projects-${NOW_TIME}`;
-export const SESSION_TOKEN_CHANGED = `fts-keystone-token-changed-${NOW_TIME}`;
-
-export const TOKEN_CHANGED_VALUE = Symbol('token-changed');
diff --git a/server/healthcheck/index.js b/server/healthcheck/index.js
index 5c69b2f..ade00be 100644
--- a/server/healthcheck/index.js
+++ b/server/healthcheck/index.js
@@ -12,19 +12,18 @@
* the License.
*/
-import url from 'url';
-import Promise from 'bluebird';
+const Promise = require('bluebird');
+const url = require('url');
-import util from '../util';
+const util = require('../util/');
+
+module.exports = function (plugin, server) {
+ let timeoutId;
-module.exports = function healthcheck(plugin, server) {
const config = server.config();
const keystoneUrl = config.get('fts-keystone.url');
const keystonePort = config.get('fts-keystone.port');
const request = getRequest();
-
- let timeoutId;
-
const service = {
run : check,
start : start,
@@ -34,12 +33,22 @@ module.exports = function healthcheck(plugin, server) {
}
};
- server.on('stop', stop);
-
return service;
+ function getRequest() {
+ let required;
+ if (util.startsWith(keystoneUrl, 'https')) {
+ required = require('https');
+ } else {
+ required = require('http');
+ }
+ return required.request;
+ }
+
function check() {
+
return new Promise((resolve, reject)=> {
+
const req = request({
hostname: getHostname(),
port : keystonePort,
@@ -48,13 +57,12 @@ module.exports = function healthcheck(plugin, server) {
const statusCode = res.statusCode;
if (statusCode >= 400) {
plugin.status.red('Unavailable');
- reject(false);
+ reject(statusCode);
} else {
plugin.status.green('Ready');
- resolve(true);
+ resolve(statusCode);
}
});
-
req.on('error', (error)=> {
plugin.status.red('Unavailable: Failed to communicate with Keystone');
server.log(['keystone', 'healthcheck', 'error'], `${error.message}`);
@@ -62,9 +70,14 @@ module.exports = function healthcheck(plugin, server) {
});
req.end();
+
});
}
+ function getHostname() {
+ return url.parse(keystoneUrl).hostname;
+ }
+
function start() {
scheduleCheck(service.stop() ? 10000 : 1);
}
@@ -96,18 +109,4 @@ module.exports = function healthcheck(plugin, server) {
return true;
}
- function getHostname() {
- return url.parse(keystoneUrl).hostname;
- }
-
- function getRequest() {
- let required;
- if (util.startsWith(keystoneUrl, 'https')) {
- required = require('https');
- } else {
- required = require('http');
- }
- return required.request;
- }
-
};
diff --git a/server/mt/auth/_authenticate.js b/server/mt/auth/_authenticate.js
deleted file mode 100644
index 2569694..0000000
--- a/server/mt/auth/_authenticate.js
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-import Boom from 'boom';
-import Joi from 'joi';
-
-import { SESSION_USER_KEY } from '../../const';
-import lookupToken from './token';
-import RELOAD from './reload';
-
-const RELOAD_MARKUP = `
-
-reloading...
-`;
-const NOOP = ()=> {
-};
-const SCHEMA = {
- tokenOk : Joi.func().default(NOOP),
- tokenBad: Joi.func().default(NOOP)
-};
-
-export default (server, opts) => {
- Joi.assert(opts, SCHEMA, 'Invalid keystone auth options');
-
- const tokensApi = server.plugins['fts-keystone'].tokens;
- const callbackOk = opts.tokenOk;
- const callbackBad = opts.tokenBad;
-
- return (request, reply) => {
- const token = lookupToken(server, request);
- const session = request.yar;
-
- let userObj = session.get(SESSION_USER_KEY);
-
- if (token.isBoom) {
- server.log(['status', 'debug', 'keystone'],
- 'Received error object from token lookup'
- );
- return reply(token);
- } else if (token === RELOAD) {
- server.log(['status', 'debug', 'keystone'],
- 'Received reload markup object from token lookup'
- );
- return reply(RELOAD_MARKUP).type('text/html');
- } else if (userObj && 'project' in userObj) {
- server.log(['status','info','keystone'], `${token} already authorized`);
- return reply.continue({credentials:token});
- }
-
- server.log(['status', 'debug', 'keystone'],
- 'About to validate token with keystone'
- );
-
- return tokensApi
- .validate({
- headers: {
- 'X-Auth-Token' : token,
- 'X-Subject-Token': token
- }
- })
- .then(
- (data) => {
- userObj = data.data.token;
- return callbackOk(token, userObj, session)
- .then(()=> {
- server.log(['status', 'debug', 'keystone'],
- `Auth process completed for user ${userObj.user.id}`);
- return reply.continue({credentials: token});
- });
- })
- .catch((error) => {
- return callbackBad(token, error, session)
- .then((err)=> {
- server.log(['status', 'error', 'keystone'], `Auth process did not complete for token ${token}`);
- server.log(['status', 'error', 'keystone'], `${err}`);
- return reply(Boom.wrap(err));
- });
- });
- };
-};
diff --git a/server/mt/auth/reload/index.js b/server/mt/auth/reload/index.js
deleted file mode 100644
index f3d48d4..0000000
--- a/server/mt/auth/reload/index.js
+++ /dev/null
@@ -1,17 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-const RELOAD = Symbol('reload-me');
-
-module.exports = RELOAD;
diff --git a/server/mt/auth/strategy.js b/server/mt/auth/strategy.js
deleted file mode 100644
index d176c67..0000000
--- a/server/mt/auth/strategy.js
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-import Boom from 'boom';
-import Promise from 'bluebird';
-
-import kibanaIndex from '../kibana';
-import userProjects from '../projects';
-
-import {
- SESSION_TOKEN_KEY,
- SESSION_USER_KEY
-} from '../../const';
-
-export default (server) => {
-
- return {
- tokenOk : tokenOk,
- tokenBad: tokenBad
- };
-
- function tokenOk(token, userObj, session) {
- session.reset();
- session.set(SESSION_TOKEN_KEY, token);
- session.set(SESSION_USER_KEY, userObj);
-
- return Promise
- .all([
- userProjects(server, session, userObj),
- kibanaIndex(server, userObj)
- ])
- .then(() => {
- server.log(['status', 'info', 'keystone'], `User ${userObj.user.id} authorized with keystone`);
- return token;
- })
- .catch(err => {
- server.log(['status', 'info', 'keystone'],
- `Error caught in process of authorization, err was ${err}`);
- throw err;
- });
- }
-
- function tokenBad(token, error, session) {
- return new Promise((resolve)=> {
- server.log(['keystone', 'error'], `Failed to authenticate token ${token} with keystone, error is ${error.statusCode}.`);
- session.reset();
-
- let err;
-
- if (error.statusCode === 401) {
- err = Boom.forbidden('\You\'re not logged in as a user who\'s authorized to access log information');
- } else {
- err = Boom.internal(
- error.message || 'Unexpected error during Keystone communication',
- {},
- error.statusCode
- );
- }
- return resolve(err);
- });
- }
-
-};
diff --git a/server/mt/auth/verify.js b/server/mt/auth/verify.js
deleted file mode 100644
index 055da34..0000000
--- a/server/mt/auth/verify.js
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-import Boom from 'boom';
-
-import {
- SESSION_PROJECTS_KEY,
- SESSION_USER_KEY,
- SESSION_TOKEN_CHANGED,
- TOKEN_CHANGED_VALUE
-} from '../../const';
-import reload from './reload';
-
-export default () => {
- return (request, reply) => {
-
- let session = request.yar;
- let userObj = session.get(SESSION_USER_KEY);
- let tokenChanged = session.get(SESSION_TOKEN_CHANGED);
-
- if (tokenChanged === TOKEN_CHANGED_VALUE) {
- request.log(['status', 'info', 'keystone'],
- 'Detected that token has been changed, replaying the request'
- );
- session.clear(SESSION_TOKEN_CHANGED);
- return reply(reload.markup).type('text/html');
- } else if (userObj) {
- let expiresAt = new Date(userObj.expires_at).valueOf();
- let now = new Date().valueOf();
- let diff = now - expiresAt;
-
- if (diff >= 0) {
- session.reset();
- return reply(Boom.unauthorized('User token has expired')).takeover();
- } else {
- return reply.continue({
- credentials: userObj,
- artifacts : {
- projects: session.get(SESSION_PROJECTS_KEY)
- },
- log : {
- tags: 'keystone ok'
- }
- });
- }
- }
-
- // TODO(trebskit) should actually throw error here I guess
- return reply.continue();
- };
-};
diff --git a/server/mt/index.js b/server/mt/index.js
deleted file mode 100644
index 7c03b3a..0000000
--- a/server/mt/index.js
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-export default {
- bind: (server) => {
- server.log(['status', 'info', 'keystone'], 'Registering keystone-auth schema');
- return Promise.all([
- bindAuthScheme(server),
- bindExt(server),
- bindRouting(server)
- ]);
- }
-};
-
-function bindRouting(server) {
- const kibanaIndex = server.config().get('kibana.index');
- return require('./routing')(server)
- .then((route)=> {
- route(server, 'GET', '/{paths*}');
- route(server, 'POST', '/_mget');
- route(server, 'POST', '/{index}/_search');
- route(server, 'POST', '/{index}/_field_stats');
- route(server, 'POST', '/_msearch');
- route(server, 'POST', '/_search/scroll');
- route(server, ['PUT', 'POST', 'DELETE'], '/' + kibanaIndex + '/{paths*}');
- });
-}
-
-function bindAuthScheme(server) {
- return Promise.all([
- server.auth.scheme(
- 'keystone-token',
- require('./auth/scheme')
- ),
- server.auth.strategy(
- 'session',
- 'keystone-token',
- true,
- require('./auth/strategy')(server)
- )
- ]);
-}
-
-function bindExt(server) {
- return Promise.all([
- server.ext(
- 'onPreAuth',
- require('./auth/verify')(server),
- {after: ['yar']}
- ),
- server.ext('onRequest', require('./verify')(server))
- ]);
-}
diff --git a/server/mt/kibana/_can_upgrade.js b/server/mt/kibana/_can_upgrade.js
deleted file mode 100644
index bfb85f6..0000000
--- a/server/mt/kibana/_can_upgrade.js
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-import semver from 'semver';
-
-const VERSION_REGEX = /(\d+\.\d+\.\d+)\-rc(\d+)/i;
-
-export default (server, doc) => {
- const config = server.config();
-
- if (/beta|snapshot/i.test(doc._id)) {
- return false;
- }
- if (!doc._id) {
- return false;
- }
- if (doc._id === config.get('pkg.version')) {
- return false;
- }
-
- let packageRcRelease = Infinity;
- let rcRelease = Infinity;
- let packageVersion = config.get('pkg.version');
- let version = doc._id;
- let matches = doc._id.match(VERSION_REGEX);
- let packageMatches = config.get('pkg.version').match(VERSION_REGEX);
-
- if (matches) {
- version = matches[1];
- rcRelease = parseInt(matches[2], 10);
- }
-
- if (packageMatches) {
- packageVersion = packageMatches[1];
- packageRcRelease = parseInt(packageMatches[2], 10);
- }
-
- try {
- if (semver.gte(version, packageVersion) && rcRelease >= packageRcRelease) {
- return false;
- }
- } catch (e) {
- return false;
- }
- return true;
-};
diff --git a/server/mt/kibana/_configure.js b/server/mt/kibana/_configure.js
deleted file mode 100644
index d0cc1a5..0000000
--- a/server/mt/kibana/_configure.js
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-import { find } from 'lodash';
-import Promise from 'bluebird';
-
-import canUpgradeConfig from './_can_upgrade';
-
-export default (server, indexName) => {
- const config = server.config();
- const client = server.plugins.elasticsearch.client;
- const options = {
- index: indexName,
- type : 'config',
- body : {
- size: 1000,
- sort: [
- {
- buildNum: {
- order : 'desc',
- ignore_unmapped: true
- }
- }
- ]
- }
- };
-
- server.log(['status', 'debug', 'keystone'], `Configuring index ${indexName}`);
-
- return client
- .search(options)
- .then(upgradeConfig(server, indexName))
- .then(()=>{
- return Promise
- .delay(666)
- .then(() => {
- server.log(['status', 'debug', 'keystone'], `Index ${indexName} has been configured`);
- return indexName;
- });
- })
- .catch((err)=> {
- throw new Error(`Configuring ${indexName} failed, error is ${err}`);
- });
-
- function upgradeConfig(server, indexName) {
- const client = server.plugins.elasticsearch.client;
- const config = server.config();
-
- return (response) => {
- if (response.hits.hits.length === 0) {
- return client.create({
- index: indexName,
- type : 'config',
- body : {
- buildNum: config.get('pkg.buildNum')
- },
- id : config.get('pkg.version')
- });
- }
-
- // if we already have a the current version in the index then we need to stop
- var devConfig = find(response.hits.hits, function currentVersion(hit) {
- return hit._id !== '@@version' && hit._id === config.get('pkg.version');
- });
-
- if (devConfig) {
- return Promise.resolve();
- }
-
- // Look for upgradeable configs. If none of them are upgradeable
- // then resolve with null.
- let body = find(response.hits.hits, canUpgradeConfig.bind(null, server));
- if (!body) {
- return Promise.resolve();
- }
-
- // if the build number is still the template string (which it wil be in development)
- // then we need to set it to the max interger. Otherwise we will set it to the build num
- body._source.buildNum = config.get('pkg.buildNum');
-
- server.log(['plugin', 'elasticsearch'], {
- tmpl : 'Upgrade config from <%= prevVersion %> to <%= newVersion %>',
- prevVersion: body._id,
- newVersion : config.get('pkg.version')
- });
-
- return client.create({
- index: indexName,
- type : 'config',
- body : body._source,
- id : config.get('pkg.version')
- });
- };
- }
-
-};
diff --git a/server/mt/kibana/_create.js b/server/mt/kibana/_create.js
deleted file mode 100644
index e2ae0ea..0000000
--- a/server/mt/kibana/_create.js
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-import Boom from 'boom';
-
-import { exists as indexExists } from './_exists';
-
-export default (server, indexName) => {
- const client = server.plugins.elasticsearch.client;
-
- server.log(['status', 'info', 'keystone'], `Creating user index ${indexName}`);
-
- return client.indices
- .create({
- index: indexName,
- body : {
- settings: {
- number_of_shards: 1
- },
- mappings: {
- config: {
- properties: {
- buildNum: {
- type : 'string',
- index: 'not_analyzed'
- }
- }
- }
- }
- }
- })
- .catch((err)=> {
- throw Boom.wrap(err, 500,
- `Failed to create index ${indexName}`);
- })
- .then(() => {
- return indexExists(server, indexName, 'yellow')
- .catch((err)=> {
- throw Boom.wrap(err, 500,
- `Waiting for index ${indexName} to come online failed`);
- })
- .then(()=> {
- server.log(['status', 'info', 'keystone'],
- `Index ${indexName} has been created`);
- return Promise.resolve(indexName);
- });
- });
-
-};
diff --git a/server/mt/kibana/_exists.js b/server/mt/kibana/_exists.js
deleted file mode 100644
index f16a989..0000000
--- a/server/mt/kibana/_exists.js
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-import kibanaIndex from './kibanaIndex';
-
-export default (server, userObj) => {
- const indexName = kibanaIndex(server, userObj);
- return exists(server, indexName)
- .then((resp) => {
- return {indexName, resp};
- });
-};
-
-export function exists(server, indexName, status) {
- const es = server.plugins.elasticsearch.client;
- const opts = {
- timeout : '5s',
- index : indexName,
- ignore : [408],
- waitForActiveShards: 1
- };
- if (status) {
- opts.status = status;
- }
- return es.cluster.health(opts);
-}
-
diff --git a/server/mt/kibana/index.js b/server/mt/kibana/index.js
deleted file mode 100644
index 1971457..0000000
--- a/server/mt/kibana/index.js
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-import indexExists from './_exists';
-import createIndex from './_create';
-import configureIndex from './_configure';
-
-export default (server, userObj) => {
- return doCheck();
-
- function doCheck() {
- return indexExists(server, userObj)
- .then(({indexName, resp}) => {
- if (!resp || resp.timed_out) {
- server.log(['status', 'warning', 'keystone'], `Index ${indexName} does not exists`);
- return createIndex(server, indexName);
- }
- if (resp.status === 'red') {
- server.log(['status', 'warning', 'keystone'], `Shards not ready for index ${indexName}`);
- return Promise.delay(2500).then(doCheck);
- }
- return Promise.resolve(indexName);
- })
- .then((indexName)=> {
- return configureIndex(server, indexName);
- });
- }
-};
diff --git a/server/mt/kibana/kibanaIndex.js b/server/mt/kibana/kibanaIndex.js
deleted file mode 100644
index 8d914a2..0000000
--- a/server/mt/kibana/kibanaIndex.js
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-/**
- * Returns tenant/project-aware kibana index
- *
- * @param server server object
- * @param userObj user details as retrieved from keystone
- * @returns {string} project aware kibana index
- *
- */
-export default (server, userObj) => {
- return `${server.config().get('kibana.index')}-${getProjectId(userObj)}`;
-};
-
-function getProjectId(userObj) {
- return userObj.project.id;
-}
diff --git a/server/mt/projects/index.js b/server/mt/projects/index.js
deleted file mode 100644
index dec11dd..0000000
--- a/server/mt/projects/index.js
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-import Promise from 'bluebird';
-import { pick, sortBy } from 'lodash';
-
-import { SESSION_PROJECTS_KEY, SESSION_TOKEN_KEY } from '../../const';
-
-export default (server, session, userObj) => {
-
- const usersApi = server.plugins['fts-keystone'].users;
-
- return new Promise((resolve) => {
- return usersApi
- .allProjects({
- params : {
- user_id: userObj.user.id
- },
- headers: {
- 'X-Auth-Token' : session.get(SESSION_TOKEN_KEY),
- 'X-Subject-Token': session.get(SESSION_TOKEN_KEY)
- }
- })
- .then((response) => {
- const data = response.data;
- const projects = data.projects;
-
- return sortBy(
- projects.map(
- project=>pick(project, ['id', 'name', 'description', 'domain_id'])
- ),
- 'name'
- );
- })
- .then((projects) => {
- session.set(SESSION_PROJECTS_KEY, projects);
- return resolve(projects);
- });
- });
-
-};
diff --git a/server/mt/routing/_create_agent.js b/server/mt/routing/_create_agent.js
deleted file mode 100644
index 4fd7d87..0000000
--- a/server/mt/routing/_create_agent.js
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-/*
- This file was copied and modified for this plugin needs.
- Original file can be found here => https://github.com/elastic/kibana/blob/4.4/src/plugins/elasticsearch/lib/create_agent.js
- */
-
-import url from 'url';
-import {memoize, size} from 'lodash';
-import fs from 'fs';
-import http from 'http';
-import https from 'https';
-
-const readFile = (file) => fs.readFileSync(file, 'utf8');
-
-module.exports = memoize(function (server) {
- const config = server.config();
- const target = url.parse(config.get('elasticsearch.url'));
-
- if (!/^https/.test(target.protocol)) {
- return new http.Agent();
- }
-
- const agentOptions = {
- rejectUnauthorized: config.get('elasticsearch.ssl.verify')
- };
-
- if (size(config.get('elasticsearch.ssl.ca'))) {
- agentOptions.ca = config.get('elasticsearch.ssl.ca').map(readFile);
- }
-
- if (hasSSLEnabled()) {
- agentOptions.cert = readFile(config.get('elasticsearch.ssl.cert'));
- agentOptions.key = readFile(config.get('elasticsearch.ssl.key'));
- }
-
- return new https.Agent(agentOptions);
-
- function hasSSLEnabled() {
- return config.get('elasticsearch.ssl.cert')
- && config.get('elasticsearch.ssl.key');
- }
-
-});
-
-module.exports.cache = new Map();
diff --git a/server/mt/routing/_create_proxy.js b/server/mt/routing/_create_proxy.js
deleted file mode 100644
index e6f962d..0000000
--- a/server/mt/routing/_create_proxy.js
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-import { PREFIX } from './_utils';
-
-module.exports = (server, method, route) => {
-
- const serverConfig = server.config();
- const pre = '/elasticsearch';
- const sep = route[0] === '/' ? '' : '/';
- const path = `${PREFIX}${pre}${sep}${route}`;
-
- let options;
-
- switch (route) {
- case '/_mget':
- options = require('./routes/mget')(server, method, path);
- break;
- case '/{paths*}':
- options = require('./routes/paths')(server, method, path);
- break;
- default:
- if (route === `/${serverConfig.get('kibana.index')}/{paths*}`) {
- options = require('./routes/kibana_index')(server, method, path);
- } else {
- options = require('./routes/default')(server, method, path);
- }
- }
-
- return server.route(options);
-};
diff --git a/server/mt/routing/_map_uri.js b/server/mt/routing/_map_uri.js
deleted file mode 100644
index 8a478ed..0000000
--- a/server/mt/routing/_map_uri.js
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-/*
-This file was copied and modified for this plugin needs.
-Original file can be found here => https://github.com/elastic/kibana/blob/4.4/src/plugins/elasticsearch/lib/map_uri.js
- */
-
-import querystring from 'querystring';
-
-import { PREFIX } from './_utils';
-
-export default (server, request) => {
- const config = server.config();
- const path = request.path.replace(`${PREFIX}/elasticsearch`, '');
- const query = querystring.stringify(request.query);
-
- let url = config.get('elasticsearch.url');
-
- if (path) {
- if (/\/$/.test(url)) {
- url = url.substring(0, url.length - 1);
- }
- url += path;
- }
-
- if (query) {
- url += '?' + query;
- }
-
- return url;
-};
diff --git a/server/mt/routing/_re_route.js b/server/mt/routing/_re_route.js
deleted file mode 100644
index 275d145..0000000
--- a/server/mt/routing/_re_route.js
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-import utils from '../../util';
-import { PREFIX } from './_utils';
-
-module.exports = function reRoute(server) {
- return (request, reply) => {
- const requestPath = utils.requestPath(request);
- if (utils.isESRequest(request)) {
- server.log(['status', 'debug', 'keystone'], `Routing ${requestPath} onto ${PREFIX}${requestPath}`);
- request.setUrl(`${PREFIX}${requestPath}`);
- }
- return reply.continue();
- };
-};
diff --git a/server/mt/routing/_utils.js b/server/mt/routing/_utils.js
deleted file mode 100644
index 2408003..0000000
--- a/server/mt/routing/_utils.js
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-import createAgent from './_create_agent';
-
-export const PREFIX = '/mt';
-
-export function getOpts(server, request, url, payload) {
-
- let options = {
- headers : {},
- redirects : true,
- passThrough : true,
- xforward : true,
- timeout : 1000 * 60 * 3,
- localStatePassThrough: false,
- agent : createAgent(server),
- };
- let protocol = url.split(':', 1)[0];
-
- if (payload) {
- options.payload = JSON.stringify(payload);
- }
-
- if (options.passThrough) {
- options.headers = require('hoek').clone(request.headers);
- delete options.headers.host;
- if (options.acceptEncoding === false) {
- delete options.headers['accept-encoding'];
- }
- }
-
- if (options.xforward &&
- request.info.remoteAddress &&
- request.info.remotePort) {
-
- options.headers['x-forwarded-for'] = (options.headers['x-forwarded-for'] ?
- options.headers['x-forwarded-for'] + ',' : '') + request.info.remoteAddress;
- options.headers['x-forwarded-port'] = (options.headers['x-forwarded-port'] ?
- options.headers['x-forwarded-port'] + ',' : '') + request.info.remotePort;
- options.headers['x-forwarded-proto'] = (options.headers['x-forwarded-proto'] ?
- options.headers['x-forwarded-proto'] + ',' : '') + protocol;
- }
-
- const contentType = request.headers['content-type'];
- if (contentType) {
- options.headers['content-type'] = contentType;
- }
-
- return options;
-}
-
-export function parsePayload(request) {
- let payload = request.payload;
- if (!payload || payload.length <= 0) {
- return {};
- }
- return JSON.parse(payload.toString('utf-8'));
-}
diff --git a/server/mt/routing/index.js b/server/mt/routing/index.js
deleted file mode 100644
index 08d8f16..0000000
--- a/server/mt/routing/index.js
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-import Promise from 'bluebird';
-import reRoute from './_re_route';
-
-module.exports = function routing(server) {
- return new Promise((resolve) => {
- server.ext('onRequest', reRoute(server));
- resolve(require('./_create_proxy'));
- });
-};
diff --git a/server/mt/routing/routes/default.js b/server/mt/routing/routes/default.js
deleted file mode 100644
index 28a937c..0000000
--- a/server/mt/routing/routes/default.js
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-import mapUri from '../_map_uri';
-import createAgent from '../_create_agent';
-
-module.exports = function defaultHandler(server, method, path) {
- return {
- method : method,
- path : path,
- handler: {
- proxy: {
- mapUri : (request, done) => {
- server.log(['status', 'debug', 'keystone'],
- `mapUri for path ${request.path}`);
- done(null, mapUri(server, request));
- },
- agent : createAgent(server),
- passThrough: true,
- xforward : true
- }
- }
- };
-};
diff --git a/server/mt/routing/routes/kibana_index.js b/server/mt/routing/routes/kibana_index.js
deleted file mode 100644
index d1ede83..0000000
--- a/server/mt/routing/routes/kibana_index.js
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-import Wreck from 'wreck';
-
-import { SESSION_USER_KEY } from '../../../const';
-import { getOpts, parsePayload } from '../_utils';
-import kibanaIndex from '../../kibana/kibanaIndex';
-import mapUri from '../_map_uri';
-
-export default function (server, method, path) {
-
- const defaultKibanaIndex = server.config().get('kibana.index');
-
- return {
- method : method,
- path : path,
- config : {
- auth : false,
- payload: {
- output: 'data',
- parse : false
- }
- },
- handler: handler
- };
-
- function handler(request, reply) {
- const url = getUrl(request);
- const opts = getOpts(server, request, url, parsePayload(request));
- return Wreck.request(request.method, url, opts, (err, res) => {
- return reply(res).code(res.statusCode).passThrough(!!opts.passThrough);
- });
- }
-
- function getUrl(request) {
- const session = request.yar._store;
-
- let url = mapUri(server, request).split('/');
- let indexPos = url.findIndex((item) => item === defaultKibanaIndex);
-
- url[indexPos] = kibanaIndex(server, session[SESSION_USER_KEY]);
-
- return url.join('/');
- }
-}
diff --git a/server/mt/routing/routes/mget.js b/server/mt/routing/routes/mget.js
deleted file mode 100644
index 5dfade5..0000000
--- a/server/mt/routing/routes/mget.js
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-import Boom from 'boom';
-import Wreck from 'wreck';
-
-import { SESSION_USER_KEY } from '../../../const';
-import { getOpts, parsePayload } from '../_utils';
-import kibanaIndex from '../../kibana/kibanaIndex';
-import mapUri from '../_map_uri';
-
-export default function (server, method, path) {
-
- return {
- method : method,
- path : path,
- config : {
- auth : false,
- payload: {
- output: 'data',
- parse : false
- }
- },
- handler: handler
- };
-
- function handler(request, reply) {
- const url = mapUri(server, request);
- const session = request.yar._store;
- const payload = parsePayload(request);
-
- payload.docs.forEach((doc) => {
- doc._index = kibanaIndex(server, session[SESSION_USER_KEY]);
- });
-
- const opts = getOpts(server, request, url, payload);
- return Wreck.request(request.method, url, opts, (err, res) => {
- if (err) {
- server.log(
- ['status', 'error', 'keystone'],
- `Failed to request ${url}, error is ${err}`);
- return reply(Boom.wrap(err));
- }
- return Wreck.read(res, {json: true}, (err, body)=> {
- if (err) {
- server.log(
- ['status', 'error', 'keystone'],
- `Failed to read response from ${url}, error is ${err}`);
- return reply(Boom.wrap(err));
- }
-
- return reply(body)
- .code(res.statusCode)
- .passThrough(!!opts.passThrough);
- });
- });
- }
-}
diff --git a/server/mt/routing/routes/paths.js b/server/mt/routing/routes/paths.js
deleted file mode 100644
index 4622d22..0000000
--- a/server/mt/routing/routes/paths.js
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-import Wreck from 'wreck';
-
-import { SESSION_USER_KEY } from '../../../const';
-import { getOpts } from '../_utils';
-import kibanaIndex from '../../kibana/kibanaIndex';
-import mapUri from '../_map_uri';
-
-export default function (server, method, path) {
- const defaultKibanaIndex = defaultKibanaIndex;
-
- return {
- method : method,
- path : path,
- config : {
- tags: ['elasticsearch', 'multitenancy'],
- auth: false
- },
- handler: handler
- };
-
- function handler(request, reply) {
- const session = request.yar._store;
-
- let url = mapUri(server, request).split('/');
- let kibanaIndexRequest = false;
-
- let indexPos = url.findIndex((item) => item === defaultKibanaIndex);
- if (indexPos > -1) {
- url[indexPos] = kibanaIndex(server, session[SESSION_USER_KEY]);
- kibanaIndexRequest = true;
- }
- url = url.join('/');
-
- const opts = getOpts(server, request, url);
- return Wreck.request(request.method, url, opts, (err, res) => {
- return Wreck.read(res, {json: true}, (err, body)=> {
- let newData = {};
-
- if (kibanaIndexRequest) {
- let tenantAwareIndex = Object.keys(body)[0];
- newData[defaultKibanaIndex] = body[tenantAwareIndex];
- } else {
- newData = body;
- }
-
- return reply(newData)
- .code(res.statusCode)
- .passThrough(!!opts.passThrough);
- });
- });
- }
-}
diff --git a/server/mt/verify/_verify_index_pattern.js b/server/mt/verify/_verify_index_pattern.js
deleted file mode 100644
index 2384c79..0000000
--- a/server/mt/verify/_verify_index_pattern.js
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-import Boom from 'boom';
-
-import { SESSION_PROJECTS_KEY } from '../../const';
-import util from '../../util';
-
-const INDEX_PATTER_POS = 2;
-
-module.exports = (request, reply) => {
- const session = request.yar._store;
- const requestPath = util.requestPath(request);
- const splittedPath = requestPath.split('/');
-
- let pattern = splittedPath[INDEX_PATTER_POS];
- let projects = session[SESSION_PROJECTS_KEY];
-
- if ('*' === pattern) {
- return reply(Boom.badData('* as pattern is not supported at the moment'));
- } else if (projects.filter(filter).length === 0) {
- return reply(Boom.badData(`${pattern} do not match any project of current user`));
- }
-
- return reply.continue();
-
- function filter(project) {
- return new RegExp(`${project.id}.*`, 'gi').test(pattern);
- }
-};
diff --git a/server/mt/verify/index.js b/server/mt/verify/index.js
deleted file mode 100644
index 0b009cb..0000000
--- a/server/mt/verify/index.js
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright 2016 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-import { SESSION_USER_KEY } from '../../const';
-import util from '../../util';
-
-module.exports = (server) => {
-
- return (request, reply) => {
- const session = request.yar._store;
- if (!(session && (SESSION_USER_KEY in session))) {
- server.log(['status', 'warning', 'keystone'], 'Session not yet available');
- return reply.continue();
- }
-
- let requestPath = util.requestPath(request);
- let requestMethod = request.method;
-
- if (util.isESRequest(request)) {
- let handler;
- if (isIndexPatternLookup()) {
- handler = require('./_verify_index_pattern');
- }
- if (handler) {
- return handler(request, reply);
- }
- }
-
- return reply.continue();
-
- function isIndexPatternLookup() {
- let regExp = /\/elasticsearch\/.*\/_mapping\/field\/.*/;
- return regExp.test(requestPath) && requestMethod.toLowerCase() === 'get';
- }
-
- };
-};
diff --git a/server/mt/auth/scheme.js b/server/proxy/index.js
similarity index 77%
rename from server/mt/auth/scheme.js
rename to server/proxy/index.js
index fc56580..79abed2 100644
--- a/server/mt/auth/scheme.js
+++ b/server/proxy/index.js
@@ -12,10 +12,14 @@
* the License.
*/
-import authenticateFactory from './_authenticate';
+const proxy = require('./proxy');
-export default (server, opts) => {
- return {
- authenticate: authenticateFactory(server, opts)
- };
+module.exports = function createProxy(server) {
+ server.ext(
+ 'onPreAuth',
+ proxy(server),
+ {
+ after: ['yar']
+ }
+ );
};
diff --git a/server/proxy/proxy.js b/server/proxy/proxy.js
new file mode 100644
index 0000000..29d3f6a
--- /dev/null
+++ b/server/proxy/proxy.js
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2016 FUJITSU LIMITED
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+const Boom = require('boom');
+const retrieveToken = require('./retrieveToken');
+const TokensApi = require('keystone-v3-client/lib/keystone/tokens');
+
+const util = require('../util/');
+
+module.exports = function (server) {
+ const config = server.config();
+ const tokensApi = new TokensApi({
+ url: `${config.get('fts-keystone.url')}:${config.get('fts-keystone.port')}`
+ });
+
+ return (request, reply) => {
+ const requestPath = getRequestPath(request);
+ let token;
+
+ if (shouldCallKeystone(requestPath)) {
+ server.log(
+ ['keystone', 'debug'],
+ `Call for ${requestPath} detected, authenticating with keystone`
+ );
+
+ token = retrieveToken(server, request);
+ if (token.isBoom) {
+ return reply(token);
+ }
+
+ return tokensApi
+ .check({
+ headers: {
+ 'X-Auth-Token' : token,
+ 'X-Subject-Token': token
+ }
+ })
+ .then(onFulfilled, onFailed);
+
+ }
+
+ return reply.continue();
+
+ function onFulfilled() {
+ reply.continue();
+ }
+
+ function onFailed(error) {
+
+ server.log(
+ ['keystone', 'error'],
+ `Failed to authenticate token ${token} with keystone,
+ error is ${error.statusCode}.`
+ );
+
+ if (error.statusCode === 401) {
+ request.session.clear('keystone_token');
+ reply(Boom.forbidden(
+ `
+ You\'re not logged in as a
+ user who\'s authenticated to access log information
+ `
+ ));
+ } else {
+ reply(Boom.internal(
+ error.message || 'Unexpected error during Keystone communication',
+ {},
+ error.statusCode
+ ));
+ }
+ }
+
+ };
+};
+
+function getRequestPath(request) {
+ return request.url.path;
+}
+
+function shouldCallKeystone(path) {
+ return util.startsWith(path, '/elasticsearch');
+}
diff --git a/server/mt/auth/token/index.js b/server/proxy/retrieveToken.js
similarity index 63%
rename from server/mt/auth/token/index.js
rename to server/proxy/retrieveToken.js
index 2bbcdbe..af6ba14 100644
--- a/server/mt/auth/token/index.js
+++ b/server/proxy/retrieveToken.js
@@ -12,15 +12,10 @@
* the License.
*/
-import Boom from 'boom';
-import {
- SESSION_TOKEN_KEY,
- SESSION_TOKEN_CHANGED,
- TOKEN_CHANGED_VALUE
-} from '../../../const';
-import RELOAD_SYMBOL from '../reload';
+const Boom = require('boom');
-const HEADER_NAME = 'x-auth-token';
+/** @module */
+module.exports = retrieveToken;
/**
* Retrieves token from the response header using key X-Keystone-Token.
@@ -36,21 +31,21 @@ const HEADER_NAME = 'x-auth-token';
*
* @returns {string} current token value
*/
-module.exports = (server, request) => {
- if (!request.yar || request.yar === null) {
- server.log(['status', 'keystone', 'error'], 'Session is not enabled');
+const HEADER_NAME = 'x-auth-token';
+
+function retrieveToken(server, request) {
+
+ if (!request.session || request.session === null) {
+ server.log(['keystone', 'error'], 'Session is not enabled');
throw new Error('Session support is missing');
}
- // DEV PURPOSE ONLY
- // request.yar.set(SESSION_TOKEN_KEY, 'a60e832483c34526a0c2bc3c6f8fa320');
-
- let tokenFromSession = request.yar.get(SESSION_TOKEN_KEY);
+ let tokenFromSession = request.session.get('keystone_token');
let token = request.headers[HEADER_NAME];
if (!token && !tokenFromSession) {
- server.log(['status', 'keystone', 'error'],
+ server.log(['keystone', 'error'],
'Token hasn\'t been located, looked in headers and session');
return Boom.unauthorized(
'You\'re not logged into the OpenStack. Please login via Horizon Dashboard'
@@ -59,28 +54,15 @@ module.exports = (server, request) => {
if (!token && tokenFromSession) {
token = tokenFromSession;
- server.log(['status', 'debug', 'keystone'],
+ server.log(['keystone', 'debug'],
'Token lookup status: Found token in session'
);
} else if ((token && !tokenFromSession) || (token !== tokenFromSession)) {
- server.log(['status', 'debug', 'keystone'],
+ server.log(['keystone', 'debug'],
'Token lookup status: Token located in header/session or token changed'
);
-
- if ((token !== tokenFromSession) && (token && tokenFromSession)) {
- server.log(['status', 'info', 'keystone'],
- 'Reseting session because token has changed'
- );
- request.yar.reset();
-
- request.yar.set(SESSION_TOKEN_CHANGED, TOKEN_CHANGED_VALUE);
- request.yar.set(SESSION_TOKEN_KEY, token);
-
- return RELOAD_SYMBOL;
- }
-
- request.yar.set(SESSION_TOKEN_KEY, token);
+ request.session.set('keystone_token', token);
}
- return request.yar.get(SESSION_TOKEN_KEY);
-};
+ return token;
+}
diff --git a/server/session/index.js b/server/session/index.js
index 57a8a35..da04fb3 100644
--- a/server/session/index.js
+++ b/server/session/index.js
@@ -12,39 +12,34 @@
* the License.
*/
-import yarCookie from 'yar';
-import multiTenancy from '../mt';
+module.exports = function initSession(server) {
-export default (server) => {
const config = server.config();
- return {
- start: ()=> {
- server.register({
- register: yarCookie,
- options : {
- maxCookieSize: 4096,
- name : config.get('fts-keystone.cookie.name'),
- storeBlank : false,
- cache : {
- expiresIn: config.get('fts-keystone.cookie.expiresIn')
- },
- cookieOptions: {
- password : config.get('fts-keystone.cookie.password'),
- isSecure : config.get('fts-keystone.cookie.isSecure'),
- ignoreErrors: config.get('fts-keystone.cookie.ignoreErrors'),
- clearInvalid: false
- }
- }
- }, (error) => {
- if (!error) {
- server.log(['status', 'info', 'keystone'], 'Session registered');
- multiTenancy.bind(server);
- } else {
- server.log(['status', 'error', 'keystone'], error);
- throw error;
- }
- });
+ const registerOpts = {
+ register: require('yar'),
+ options : {
+ name : 'kibana_session',
+ storeBlank : false,
+ cache : {
+ expiresIn: config.get('fts-keystone.cookie.expiresIn')
+ },
+ cookieOptions: {
+ password : config.get('fts-keystone.cookie.password'),
+ isSecure : config.get('fts-keystone.cookie.isSecure'),
+ ignoreErrors: config.get('fts-keystone.cookie.ignoreErrors'),
+ clearInvalid: true
+ }
}
};
+ const callback = (error) => {
+ if (!error) {
+ server.log(['session', 'debug'], 'Session registered');
+ } else {
+ server.log(['session', 'error'], error);
+ throw error;
+ }
+ };
+
+ server.register(registerOpts, callback);
};
diff --git a/server/util/index.js b/server/util/index.js
index 3211722..6bffcad 100644
--- a/server/util/index.js
+++ b/server/util/index.js
@@ -13,9 +13,7 @@
*/
module.exports = {
- startsWith: startsWith,
- requestPath: getRequestPath,
- isESRequest: isESRequest
+ startsWith: startsWith
};
function startsWith(str) {
@@ -27,11 +25,3 @@ function startsWith(str) {
}
return false;
}
-
-function getRequestPath(request) {
- return request.url.path;
-}
-
-function isESRequest(request) {
- return startsWith(getRequestPath(request), '/elasticsearch');
-}