1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.hosted.controller.restapi.configserver;
import ai.vespa.http.HttpURL;
import com.yahoo.config.provision.zone.ZoneId;
import com.yahoo.config.provision.zone.ZoneList;
import com.yahoo.container.jdisc.HttpRequest;
import com.yahoo.container.jdisc.HttpResponse;
import com.yahoo.restapi.ErrorResponse;
import com.yahoo.restapi.Path;
import com.yahoo.restapi.SlimeJsonResponse;
import com.yahoo.slime.Cursor;
import com.yahoo.slime.Slime;
import com.yahoo.vespa.hosted.controller.Controller;
import com.yahoo.vespa.hosted.controller.api.integration.ServiceRegistry;
import com.yahoo.vespa.hosted.controller.api.integration.zone.ZoneRegistry;
import com.yahoo.vespa.hosted.controller.auditlog.AuditLoggingRequestHandler;
import com.yahoo.vespa.hosted.controller.proxy.ConfigServerRestExecutor;
import com.yahoo.vespa.hosted.controller.proxy.ProxyRequest;
import com.yahoo.vespa.hosted.controller.restapi.ErrorResponses;
import com.yahoo.yolean.Exceptions;
import java.net.URI;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import static ai.vespa.http.HttpURL.Path.parse;
/**
* REST API for proxying operator APIs to config servers in a given zone.
*
* @author freva
*/
@SuppressWarnings("unused")
public class ConfigServerApiHandler extends AuditLoggingRequestHandler {
private static final URI CONTROLLER_URI = URI.create("https://localhost:4443/");
private static final List<HttpURL.Path> WHITELISTED_APIS = List.of(parse("/flags/v1/"),
parse("/nodes/v2/"),
parse("/orchestrator/v1/"));
private final ZoneRegistry zoneRegistry;
private final ConfigServerRestExecutor proxy;
private final ZoneId controllerZone;
public ConfigServerApiHandler(Context parentCtx, ServiceRegistry serviceRegistry,
ConfigServerRestExecutor proxy, Controller controller) {
super(parentCtx, controller.auditLogger());
this.zoneRegistry = serviceRegistry.zoneRegistry();
this.controllerZone = zoneRegistry.systemZone().getVirtualId();
this.proxy = proxy;
}
@Override
public HttpResponse auditAndHandle(HttpRequest request) {
try {
switch (request.getMethod()) {
case GET:
return get(request);
case POST:
case PUT:
case DELETE:
case PATCH:
return proxy(request);
default:
return ErrorResponse.methodNotAllowed("Method '" + request.getMethod() + "' is unsupported");
}
} catch (IllegalArgumentException e) {
return ErrorResponse.badRequest(Exceptions.toMessageString(e));
} catch (RuntimeException e) {
return ErrorResponses.logThrowing(request, log, e);
}
}
private HttpResponse get(HttpRequest request) {
Path path = new Path(request.getUri());
if (path.matches("/configserver/v1")) {
return root(request);
}
return proxy(request);
}
private HttpResponse proxy(HttpRequest request) {
Path path = new Path(request.getUri());
if ( ! path.matches("/configserver/v1/{environment}/{region}/{*}")) {
return ErrorResponse.notFoundError("Nothing at " + path);
}
ZoneId zoneId = ZoneId.from(path.get("environment"), path.get("region"));
if ( ! zoneRegistry.hasZone(zoneId) && ! controllerZone.equals(zoneId)) {
throw new IllegalArgumentException("No such zone: " + zoneId.value());
}
if (path.getRest().length() < 2 || ! WHITELISTED_APIS.contains(path.getRest().head(2).withTrailingSlash())) {
return ErrorResponse.forbidden("Cannot access " + path.getRest() +
" through /configserver/v1, following APIs are permitted: " + WHITELISTED_APIS.stream()
.map(p -> "/" + String.join("/", p.segments()) + "/")
.collect(Collectors.joining(", ")));
}
return proxy.handle(ProxyRequest.tryOne(getEndpoint(zoneId), path.getRest(), request));
}
private HttpResponse root(HttpRequest request) {
Slime slime = new Slime();
Cursor root = slime.setObject();
ZoneList zoneList = zoneRegistry.zones().reachable();
Cursor zones = root.setArray("zones");
Stream.concat(Stream.of(controllerZone), zoneRegistry.zones().reachable().ids().stream())
.forEach(zone -> {
Cursor object = zones.addObject();
object.setString("environment", zone.environment().value());
object.setString("region", zone.region().value());
object.setString("uri", request.getUri().resolve(
"/configserver/v1/" + zone.environment().value() + "/" + zone.region().value()).toString());
});
return new SlimeJsonResponse(slime);
}
private HttpResponse notFound(Path path) {
return ErrorResponse.notFoundError("Nothing at " + path);
}
private URI getEndpoint(ZoneId zoneId) {
return controllerZone.equals(zoneId) ? CONTROLLER_URI : zoneRegistry.getConfigServerVipUri(zoneId);
}
}
|
