knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kris...@apache.org
Subject [knox] branch master updated: KNOX-1814 - Moving conf/data folder checking to Java layer from bash (#68)
Date Tue, 12 Mar 2019 13:30:30 GMT
This is an automated email from the ASF dual-hosted git repository.

krisden pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git


The following commit(s) were added to refs/heads/master by this push:
     new 984b0e9  KNOX-1814 - Moving conf/data folder checking to Java layer from bash (#68)
984b0e9 is described below

commit 984b0e950da0fcf56610f03edaf05dc7e31c6f30
Author: Sandor Molnar <smolnar@apache.org>
AuthorDate: Tue Mar 12 14:30:09 2019 +0100

    KNOX-1814 - Moving conf/data folder checking to Java layer from bash (#68)
---
 gateway-release/home/bin/gateway.sh                |  3 +-
 .../org/apache/knox/gateway/GatewayServer.java     | 49 ++++++++++++++++++----
 2 files changed, 41 insertions(+), 11 deletions(-)

diff --git a/gateway-release/home/bin/gateway.sh b/gateway-release/home/bin/gateway.sh
index 8f0ba34..bbefe46 100755
--- a/gateway-release/home/bin/gateway.sh
+++ b/gateway-release/home/bin/gateway.sh
@@ -294,8 +294,7 @@ function checkEnv {
         echo "This command $0 must not be run as root."
         exit 1
     fi
-    checkReadDir $APP_CONF_DIR
-    checkWriteDir $APP_DATA_DIR
+
     checkWriteDir $APP_LOG_DIR
     checkWriteDir $APP_PID_DIR
 }
diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/GatewayServer.java b/gateway-server/src/main/java/org/apache/knox/gateway/GatewayServer.java
index e13c14c..1578d50 100644
--- a/gateway-server/src/main/java/org/apache/knox/gateway/GatewayServer.java
+++ b/gateway-server/src/main/java/org/apache/knox/gateway/GatewayServer.java
@@ -98,6 +98,7 @@ import java.net.URL;
 import java.net.URLClassLoader;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
+import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
@@ -155,7 +156,8 @@ public class GatewayServer {
         if (services == null) {
           log.failedToInstantiateGatewayServices();
         }
-        GatewayConfig config = new GatewayConfigImpl();
+        final GatewayConfig config = new GatewayConfigImpl();
+        validateConfigurableGatewayDirectories(config);
         if (config.isHadoopKerberosSecured()) {
           validateKerberosConfig(config);
           configureKerberosSecurity( config );
@@ -250,17 +252,25 @@ public class GatewayServer {
     setSystemProperty(GatewayConfig.KRB5_USE_SUBJECT_CREDS_ONLY,  "false");
   }
 
+  private static void validateConfigurableGatewayDirectories(GatewayConfig config) throws
GatewayConfigurationException {
+    final Set<String> errors = new HashSet<>();
+    checkIfDirectoryExistsAndCanBeRead(Paths.get(config.getGatewayConfDir()), GatewayConfig.GATEWAY_CONF_HOME_VAR,
errors);
+    checkIfDirectoryExistsAndCanBeWritten(Paths.get(config.getGatewayDataDir()), GatewayConfig.GATEWAY_DATA_HOME_VAR,
errors);
+
+    if (!errors.isEmpty()) {
+      throw new GatewayConfigurationException(errors);
+    }
+  }
+
   private static void validateKerberosConfig(GatewayConfig config) throws GatewayConfigurationException
{
     final Set<String> errors = new HashSet<>();
     if (config.isHadoopKerberosSecured()) {
       if (config.getKerberosConfig() != null) {
-        final File krb5ConfFile = Paths.get(config.getKerberosConfig()).toFile();
-        checkIfFileExistsAndCanBeRead(krb5ConfFile, GatewayConfig.KRB5_CONFIG, errors);
+        checkIfFileExistsAndCanBeRead(Paths.get(config.getKerberosConfig()), GatewayConfig.KRB5_CONFIG,
errors);
       }
 
       if (config.getKerberosLoginConfig() != null) {
-        final File loginConfigFile = Paths.get(config.getKerberosLoginConfig()).toFile();
-        checkIfFileExistsAndCanBeRead(loginConfigFile, GatewayConfig.KRB5_LOGIN_CONFIG, errors);
+        checkIfFileExistsAndCanBeRead(Paths.get(config.getKerberosLoginConfig()), GatewayConfig.KRB5_LOGIN_CONFIG,
errors);
       }
     }
     if (!errors.isEmpty()) {
@@ -268,11 +278,32 @@ public class GatewayServer {
     }
   }
 
-  private static void checkIfFileExistsAndCanBeRead(File fileToBeChecked, String propertyName,
Set<String> errors) {
+  private static void checkIfFileExistsAndCanBeRead(Path toBeChecked, String propertyName,
Set<String> errors) {
+    checkIfFileExistsAndCanBeReadOrWrite(toBeChecked, propertyName, errors, false, false);
+  }
+
+  private static void checkIfDirectoryExistsAndCanBeRead(Path toBeChecked, String propertyName,
Set<String> errors) {
+    checkIfFileExistsAndCanBeReadOrWrite(toBeChecked, propertyName, errors, false, true);
+  }
+
+  private static void checkIfDirectoryExistsAndCanBeWritten(Path toBeChecked, String propertyName,
Set<String> errors) {
+    checkIfFileExistsAndCanBeReadOrWrite(toBeChecked, propertyName, errors, true, true);
+  }
+
+  private static void checkIfFileExistsAndCanBeReadOrWrite(Path toBeChecked, String propertyName,
Set<String> errors, boolean checkForWritePermission, boolean directory) {
+    final File fileToBeChecked = toBeChecked.toFile();
     if (!fileToBeChecked.exists()) {
-      errors.add(propertyName + " is set to a non-existing file: " + fileToBeChecked);
-    } else if (!fileToBeChecked.canRead()) {
-      errors.add(propertyName + " is set to a non-readable file: " + fileToBeChecked);
+      errors.add(propertyName + " is set to a non-existing " + (directory ? "directory: "
: "file: ") + fileToBeChecked);
+    } else {
+      if (!fileToBeChecked.canRead()) {
+        errors.add(propertyName + " is set to a non-readable " + (directory ? "directory:
" : "file: ") + fileToBeChecked);
+      }
+      if (checkForWritePermission && !fileToBeChecked.canWrite()) {
+        errors.add(propertyName + " is set to a non-writeable " + (directory ? "directory:
" : "file: ") + fileToBeChecked);
+      }
+      if (directory && !fileToBeChecked.isDirectory()) {
+        errors.add(propertyName + " is not a directory: " + fileToBeChecked);
+      }
     }
   }
 


Mime
View raw message