bosh-monitor 1.2989.0 → 1.2992.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 662d0c42ef02320624ca88219a0824de74e466c9
-  data.tar.gz: 34e785eaacdb4a4c25de72d69a6e2345d94c71e6
+  metadata.gz: 5f229ffb0bccb50c4d7ae7a472c345ae04719415
+  data.tar.gz: a8bb9421c24077f30ab27fc67b6887b1e51313d6
 SHA512:
-  metadata.gz: 12e9c7e6642d15c99744652fe45d97354309e163104c1851cc164dbc0bc8c95c37a3370352054be4c87da6bc10509b20b712d9672b4d5fcf9d0dc1fbf86fdd64
-  data.tar.gz: dcbdac0db73a12eeef94ec2391ded58d70222d3ab23655aa3f0225c6fb60cf440e368abb40431efc21a55f50df42767a5334d454861b9bcfe62810a280b0f699
+  metadata.gz: d0b59682c39188b6c79b039115d688ed5a5db8bc7b555d5a1dea2c0b3e683c7c2014fee5ba0679c469aa5742630f5f51cb56d49be092d2c0939cba541a204b97
+  data.tar.gz: a4360a766685fbef249ef7240ad7680e66e00a78f5dc36237fe1a4259fb416a67f85b832f2ce8fe947003578103a89e95df3f4f45d3fed78c9a609f285048473

data/lib/bosh/monitor.rb

@@ -31,6 +31,7 @@ require 'bosh/monitor/yaml_helper'
 
 # Basic blocks
 require 'bosh/monitor/agent'
+require 'bosh/monitor/auth_provider'
 require 'bosh/monitor/config'
 require 'bosh/monitor/core_ext'
 require 'bosh/monitor/director'

data/lib/bosh/monitor/auth_provider.rb

@@ -0,0 +1,81 @@
+require 'uaa'
+
+module Bosh::Monitor
+  class AuthProvider
+    def initialize(auth_info, config, logger)
+      @auth_info = auth_info.fetch('user_authentication', {})
+
+      @user = config['user'].to_s
+      @password = config['password'].to_s
+      @client_id = config['client_id'].to_s
+      @client_secret = config['client_secret'].to_s
+      @ca_cert = config['ca_cert'].to_s
+
+      @logger = logger
+    end
+
+    def auth_header
+      if @auth_info.fetch('type', 'local') == 'uaa'
+        uaa_url = @auth_info.fetch('options', {}).fetch('url')
+        return uaa_token_header(uaa_url)
+      end
+
+      [@user, @password]
+    end
+
+    private
+
+    def uaa_token_header(uaa_url)
+      @uaa_token ||= UAAToken.new(@client_id, @client_secret, uaa_url, @ca_cert, @logger)
+      @uaa_token.auth_header
+    end
+  end
+
+  private
+
+  class UAAToken
+    EXPIRATION_DEADLINE_IN_SECONDS = 60
+
+    def initialize(client_id, client_secret, uaa_url, ca_cert, logger)
+      @uaa_token_issuer = CF::UAA::TokenIssuer.new(
+        uaa_url,
+        client_id,
+        client_secret,
+        {ssl_ca_file: ca_cert}
+      )
+      @logger = logger
+    end
+
+    def auth_header
+      if @uaa_token && !expires_soon?
+        return @uaa_token.auth_header
+      end
+
+      fetch
+
+      @uaa_token ? @uaa_token.auth_header : nil
+    end
+
+    private
+
+    def expires_soon?
+      expiration = @token_data[:exp] || @token_data['exp']
+      (Time.at(expiration).to_i - Time.now.to_i) < EXPIRATION_DEADLINE_IN_SECONDS
+    end 
+
+    def fetch
+      @uaa_token = @uaa_token_issuer.client_credentials_grant
+      @token_data = decode
+    rescue => e
+      @logger.error("Failed to obtain token from UAA: #{e.inspect}")
+    end
+
+    def decode
+      access_token = @uaa_token.info['access_token'] || @uaa_token.info[:access_token]
+      CF::UAA::TokenCoder.decode(
+        access_token,
+        {verify: false},
+        nil, nil)
+    end
+  end
+end

data/lib/bosh/monitor/config.rb

@@ -21,7 +21,7 @@ module Bosh::Monitor
 
       @logger = Logging.logger(config["logfile"] || STDOUT)
       @intervals = OpenStruct.new(config["intervals"])
-      @director = Director.new(config["director"])
+      @director = Director.new(config["director"], @logger)
       @mbus = OpenStruct.new(config["mbus"])
 
       @event_processor = EventProcessor.new

data/lib/bosh/monitor/director.rb

@@ -1,19 +1,18 @@
 module Bosh::Monitor
   class Director
 
-    def initialize(options)
-      @endpoint = options["endpoint"].to_s
-      @user     = options["user"].to_s
-      @password = options["password"].to_s
+    def initialize(options, logger)
+      @options = options
+      @logger = logger
     end
 
     def get_deployments
-      http = perform_request(:get, "/deployments")
+      http = perform_request(:get, '/deployments')
 
       body   = http.response
       status = http.response_header.http_status
 
-      if status != "200"
+      if status != '200'
         raise DirectorError, "Cannot get deployments from director at #{http.uri}: #{status} #{body}"
       end
 
@@ -26,7 +25,7 @@ module Bosh::Monitor
       body   = http.response
       status = http.response_header.http_status
 
-      if status != "200"
+      if status != '200'
         raise DirectorError, "Cannot get deployment `#{name}' from director at #{http.uri}: #{status} #{body}"
       end
 
@@ -35,6 +34,10 @@ module Bosh::Monitor
 
     private
 
+    def endpoint
+      @options['endpoint'].to_s
+    end
+
     def parse_json(json, expected_type = nil)
       result = Yajl::Parser.parse(json)
 
@@ -52,14 +55,15 @@ module Bosh::Monitor
     # This is a very bad thing to do on eventmachine because it will block the single
     # event loop. This code should be removed and all requests converted
     # to "the eventmachine way".
-    def perform_request(method, uri)
+    def perform_request(method, uri, options={})
       f = Fiber.current
 
-      target_uri = @endpoint + uri
+      target_uri = endpoint + uri
 
-      headers = {
-        "authorization" => [@user, @password]
-      }
+      headers = {}
+      unless options.fetch(:no_login, false)
+        headers['authorization'] = auth_provider.auth_header
+      end
 
       http = EM::HttpRequest.new(target_uri).send(method.to_sym, :head => headers)
 
@@ -68,9 +72,25 @@ module Bosh::Monitor
 
       Fiber.yield
 
-    rescue URI::Error => e
+    rescue URI::Error
       raise DirectorError, "Invalid URI: #{target_uri}"
     end
 
+    def get_info
+      http = perform_request(:get, '/info', no_login: true)
+
+      body   = http.response
+      status = http.response_header.http_status
+
+      if status != '200'
+        raise DirectorError, "Cannot get status from director at #{http.uri}: #{status} #{body}"
+      end
+
+      parse_json(body, Hash)
+    end
+
+    def auth_provider
+      @auth_provider ||= AuthProvider.new(get_info, @options, @logger)
+    end
   end
 end

data/lib/bosh/monitor/plugins/http_request_helper.rb

@@ -1,3 +1,5 @@
+require 'httpclient'
+
 module Bosh::Monitor::Plugins
   module HttpRequestHelper
     def send_http_post_request(uri, request)
@@ -8,6 +10,12 @@ module Bosh::Monitor::Plugins
       send_http_request(:put, uri, request)
     end
 
+    def send_http_get_request(uri)
+      # we are interested in response, so send sync request
+      logger.debug("Sending GET request to #{uri}")
+      sync_client.get(uri)
+    end
+
     def send_http_request(method, uri, request)
       name = self.class.name
       logger.debug("sending HTTP #{method.to_s.upcase} to: #{uri}")
@@ -21,5 +29,13 @@ module Bosh::Monitor::Plugins
         logger.error("Failed to send #{name} event: #{e.error}")
       end
     end
+
+    private
+
+    def sync_client
+      client = HTTPClient.new
+      client.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      client
+    end
   end
 end

data/lib/bosh/monitor/plugins/resurrector.rb

@@ -13,11 +13,10 @@ module Bosh::Monitor
         director = @options['director']
         raise ArgumentError 'director options not set' unless director
 
-        @url           = URI(director['endpoint'])
-        @user          = director['user']
-        @password      = director['password']
-        @processor     = Bhm.event_processor
-        @alert_tracker = ResurrectorHelper::AlertTracker.new(@options)
+        @url              = URI(director['endpoint'])
+        @director_options = director
+        @processor        = Bhm.event_processor
+        @alert_tracker    = ResurrectorHelper::AlertTracker.new(@options)
       end
 
       def run
@@ -41,10 +40,16 @@ module Bosh::Monitor
           @alert_tracker.record(agent_key, alert.created_at)
 
           payload = {'jobs' => {job => [index]}}
+
+          unless director_info
+            logger.error("(Resurrector) director is not responding with the status")
+            return
+          end
+
           request = {
               head: {
                   'Content-Type' => 'application/json',
-                  'authorization' => [@user, @password]
+                  'authorization' => auth_provider(director_info).auth_header
               },
               body: Yajl::Encoder.encode(payload)
           }
@@ -70,12 +75,27 @@ module Bosh::Monitor
             send_http_put_request(url.to_s, request)
           end
 
-
         else
           logger.warn("(Resurrector) event did not have deployment, job and index: #{alert}")
         end
       end
 
+      private
+
+      def auth_provider(director_info)
+        @auth_provider ||= AuthProvider.new(director_info, @director_options, logger)
+      end
+
+      def director_info
+        return @director_info if @director_info
+
+        director_info_url = @url.dup
+        director_info_url.path = '/info'
+        response = send_http_get_request(director_info_url.to_s)
+        return nil if response.status_code != 200
+
+        @director_info = Yajl::Parser.parse(response.body)
+      end
     end
   end
 end

data/lib/bosh/monitor/version.rb

@@ -1,5 +1,5 @@
 module Bosh
   module Monitor
-    VERSION = '1.2989.0'
+    VERSION = '1.2992.0'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bosh-monitor
 version: !ruby/object:Gem::Version
-  version: 1.2989.0
+  version: 1.2992.0
 platform: ruby
 authors:
 - VMware
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-06-16 00:00:00.000000000 Z
+date: 2015-06-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: eventmachine
@@ -136,6 +136,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 1.6.0
+- !ruby/object:Gem::Dependency
+  name: cf-uaa-lib
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.2.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.2.1
+- !ruby/object:Gem::Dependency
+  name: httpclient
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.4.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.4.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -180,7 +208,7 @@ dependencies:
         version: '0'
 description: |-
   BOSH Health Monitor
-  0c4ecd
+  2996bb
 email: support@cloudfoundry.com
 executables:
 - bosh-monitor-console
@@ -197,6 +225,7 @@ files:
 - lib/bosh/monitor/agent.rb
 - lib/bosh/monitor/agent_manager.rb
 - lib/bosh/monitor/api_controller.rb
+- lib/bosh/monitor/auth_provider.rb
 - lib/bosh/monitor/config.rb
 - lib/bosh/monitor/core_ext.rb
 - lib/bosh/monitor/director.rb