-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable publicapi to run on CF #3119
base: main
Are you sure you want to change the base?
Conversation
a1186d0
to
cee86b5
Compare
…rder • Removed metricsforwarder and metricsforwarder.yml from .gitignore. • Changed health check configuration keys to nest under BasicAuth and ServerConfig. • Updated tests to reflect configuration changes and removed unused code. • Fixed request creation in tests to use dynamic server URL and proper basic auth setup.
…e server and tests • Add generate.go for autoscaler API generation • Create ogen-config.yaml to allow remote parser configuration • Introduce security.go with SecuritySource struct • Refactor main.go to remove Prometheus and health endpoint dependencies • Update scalingengine_suite_test.go and scalingengine_test.go to reflect new health server configuration and client creation • Modify config_test.go and valid.yml to adjust health server port configuration • Implement scaling_history_handler.go without bearer auth for internal mTLS use • Adjust scaling_history_handler_test.go to use new package path • Overhaul server.go to separate health and mTLS server creation, and to streamline router setup • Amend server_test.go to align with server refactoring and use dynamic URL construction
• Removed scalingEngineClient from PublicApiHandler and associated creation logic. • Replaced CreateHTTPClient with CreateHTTPSClient for eventGeneratorClient. • Deleted GetScalingHistories function as it's no longer needed. • Refactored NewPublicApiServer to use a new PublicApiServer struct and split into GetHealthServer and GetMtlsServer methods. • Updated import paths and variable names to reflect internal scaling history API changes. • Added SecuritySource struct to handle security for scaling history handler. • Modified ScalingHistoryHandler to use the new internal scaling history client and updated JSON marshaling logic.
• Update API test suite to use testhelpers package for utility functions. • Modify health check configuration to use BasicAuth struct instead of separate username and password fields. • Remove unused variables and imports, and clean up test setup for clarity. • Adjust API server creation to directly instantiate servers without a separate function.
…ort config, and switch to HTTPS client in schedulerclient
• Add a new Makefile for the eventgenerator component with a fetch-config target to pull configuration and certificates from the metricsforwarder VM. • Refactor eventgenerator test suites to improve readability and organization, including the use of When blocks for context-specific conditions. • Update eventgenerator REST API tests to use helper functions for creating HTTP clients and constructing request URLs. • Modify the eventgenerator main.go to use a new server creation function that handles both MTLS and health endpoints. • Adjust eventgenerator configuration tests to reflect changes in the health check server configuration structure. • Implement server.go changes to separate the creation of the event generator and health routers, and to provide functions for retrieving MTLS and health servers. • Update server_suite_test.go to remove unnecessary setup code due to refactoring. • Refactor server_test.go to use the new server creation functions and to organize tests into When and Describe blocks for clarity.
…reation • Replace individual HealthCheckUsername and HealthCheckPassword fields with a BasicAuth struct in HealthConfig. • Update validation logic in HealthConfig to work with the new BasicAuth fields. • Modify tests to reflect changes in HealthConfig structure. • Implement TransportWithBasicAuth to add basic authentication headers to HTTP requests. • Adjust CreateHTTPClient function to accept BasicAuth and use TransportWithBasicAuth. • Add BasicAuth struct to models package to encapsulate basic authentication data.
• Rename HealthCheckUsername and related fields to BasicAuth struct fields • Update health readiness tests to use new BasicAuth struct fields • Remove basic auth middleware implementation from server.go • Simplify health router creation by using helpers.CreateBasicAuthMiddleware
- Replace direct Prometheus registry creation with `createPrometheusRegistry` function. - Change `CreateHTTPClient` to `CreateHTTPSClient` for both scaling engine and scheduler clients. - Update health endpoint creation to use `NewHealthRouter` and `NewHTTPServer`. - Adjust health check configuration structure in tests and sample config.
• Implement BasicAuthenticationMiddleware with bcrypt password hashing • Create middleware to protect healthcheck endpoint using basic auth • Add unit tests for BasicAuthenticationMiddleware with correct and incorrect credentials
- Move scaling history OpenAPI generation from helpers to api and scalingengine directories - Add new internal-scaling-history-api.openapi.yaml for Scaling History API - Update Makefile to handle OpenAPI client and server generation in new locations - Add NewScalingEngineClient function in testhelpers
cee86b5
to
31ddfbb
Compare
Quality Gate failedFailed conditions |
func (t *TransportWithBasicAuth) RoundTrip(req *http.Request) (*http.Response, error) { | ||
credentials := t.Username + ":" + t.Password | ||
basicAuth := "Basic " + base64.StdEncoding.EncodeToString([]byte(credentials)) | ||
fmt.Println("banana TransportWithBasicAuth:credentials", credentials) |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 14 days ago
To fix the problem, we need to remove the logging of sensitive information. Specifically, we should remove the lines that print the credentials
and basicAuth
strings. This will ensure that sensitive information is not logged in clear text.
- Remove the logging statements that print the
credentials
andbasicAuth
strings. - Ensure that no sensitive information is logged in clear text.
-
Copy modified lines R33-R34
@@ -32,4 +32,4 @@ | ||
basicAuth := "Basic " + base64.StdEncoding.EncodeToString([]byte(credentials)) | ||
fmt.Println("banana TransportWithBasicAuth:credentials", credentials) | ||
fmt.Println("banana TransportWithBasicAuth:", basicAuth) | ||
// fmt.Println("banana TransportWithBasicAuth:credentials", credentials) | ||
// fmt.Println("banana TransportWithBasicAuth:", basicAuth) | ||
req.Header.Add("Authorization", basicAuth) |
…r and scalingengine packages
- Add a new template for autoscaler secrets (autoscaler-secrets.yml.tpl) - Update deploy-autoscaler.sh to interpolate secrets from the new template instead of fetching individually with credhub
• Consolidate health endpoint configuration into server_config and basic_auth sections for eventgenerator, golangapiserver, metricsforwarder, operator, and scalingengine jobs. • Enable TLS configuration within the server_config section when certificates are provided. • Update corresponding specs to reflect the new configuration structure and verify TLS settings and basic auth credentials.
bcce192
to
8034c1a
Compare
…ipts • Eliminate metrics forwarder host variable from deployment manifest and Makefile • Adjust default METRICSFORWARDER_HOST and add METRICSFORWARDER_MTLS_HOST in build-extension-file.sh • Update GO_INSTALL_PACKAGE_SPEC in mta.tpl.yaml to point to new publicapiserver path • Add publicapiserver-config resource with metrics forwarder URLs in build-extension-file.sh
- Replace `io.Reader` with `os` package for file handling - Introduce error variables for config file reading and missing server config - Change `PublicApiServer` struct field to `Server` - Add `defaultConfig` function for initializing default config values - Implement `loadYamlFile` and `loadPublicApiServerConfig` for config loading - Modify `LoadConfig` to use new helper functions and handle VCAP configuration - Update tests to reflect changes and use `testhelpers.BytesToFile` for file operations - Add new default JSON files for catalog, config, and info - Update build-extension-file.sh to include `skip_ssl_validation` in parameters
• Implement VCAP configuration reader for loading config • Streamline error handling for configuration and database initialization • Update references from conf.DB to conf.Db to match case changes • Modify PublicApiServer to use s.conf.Server instead of s.conf.PublicApiServer
b0fe2f0
to
0f2e62d
Compare
ed026f8
to
3a7f529
Compare
3a7f529
to
e6c2c4f
Compare
…ied server for CF in API tests • Extend generate_test_certs.sh to create and sign a certificate for the postgres database. • Modify API tests to support running in Cloud Foundry (CF) with a unified server, including environment setup and teardown. • Add scheduler configuration to default_config.json. • Refactor PublicApiServer to improve setup and routing, including health and MTLS server creation. • Update error message in config.go to correctly reference publicapiserver instead of metricsforwarder. • Introduce vcapPort in API tests for dynamic port assignment based on parallel test execution.
Quality Gate failedFailed conditions |
No description provided.