Skip to content

Add CloudFoundry EndpointHandlerMapping #7108

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
9 tasks done
philwebb opened this issue Oct 5, 2016 · 0 comments
Closed
9 tasks done

Add CloudFoundry EndpointHandlerMapping #7108

philwebb opened this issue Oct 5, 2016 · 0 comments
Assignees
@mbhave
Labels
type: enhancement A general enhancement
Milestone
1.5.0 RC1

Comments

@philwebb
Copy link
Member

philwebb commented Oct 5, 2016
edited
Loading

We need a variant of EndpointHandlerMapping that exposes actuator endpoints for Cloud Foundry to use.

The endpoints should be exposed under /cloudfoundryapplication and should be present regardless of user endpoint settings. In addition the mapping must handle security.

Tasks

  • Add new endpoint handler mapping
  • Add HAL like endpoint for discoverability
  • Add CF security
    • Extract UAA url from CC's /info
    • Validate UAA token - get public keys from /token_keys, validate signature, issuer and expiry
    • Validate UAA token - validateAudience
    • Cache response to save multiple calls
  • Make HealthMvcEndpoint show full details when accessed via /cloudfoundryapplication
  • Enable by default
  • Limit HAL based on ROLE
@philwebb philwebb added the type: enhancement A general enhancement label Oct 5, 2016
@philwebb philwebb added this to the 1.5.0 M1 milestone Oct 5, 2016
@philwebb philwebb mentioned this issue Oct 12, 2016
Closed
philwebb pushed a commit that referenced this issue Oct 12, 2016
@mbhave @philwebb
Add EndpointHandlerMapping.getEndpoints(Class)
0be8a30 
Add an additional method to EndpointHandlerMapping which allows
endpoints of a specific type to be returned.

See gh-7108
philwebb pushed a commit that referenced this issue Oct 12, 2016
@mbhave @philwebb
Improve EndpointHandlerMapping subclassing support
7352d8e 
Update EndpointHandlerMapping so that it can be subclasses easily.
Subclasses can override the `path` that is used to map the endpoint,
allowing different mapping strategies to be used.

See gh-7108
philwebb pushed a commit that referenced this issue Oct 21, 2016
@mbhave @philwebb
Add CloudFoundry EndpointHandlerMapping
7afb161 
Add a CloudFoundryEndpointHandlerMapping that can expose actuator
endpoints for Cloud Foundry "appsmanager" to use.

See gh-7108
philwebb pushed a commit that referenced this issue Oct 21, 2016
@mbhave @philwebb
Add CloudFoundryDiscoveryMvcEndpoint
ab81d99 
Update Cloud Foundry support with a discovery endpoint that shows what
endpoints are available.

See gh-7108
mbhave added a commit that referenced this issue Oct 24, 2016
@mbhave
Move some tests to AbstractEndpointHandlerMapping
9bde1e8 
See gh-7108
philwebb pushed a commit to philwebb/spring-boot that referenced this issue Nov 4, 2016
@mbhave @philwebb
Add security for Cloud Foundry actuators
340f1d5 
Add security to Cloud Foundry actuator endpoints. Security is enforced
by a `HanderInterceptor` on `CloudFoundryEndpointHandlerMapping`. Each
endpoint call expects an 'Authorization' header containing a bearer
token. The token signature is checked against the UAA public keys then
passed to the Cloud Controller to obtain an ultimate access level.

The client may either have 'RESTRICTED' or FULL' access, with the latter
only providing access to a limited set of endpoints.

See spring-projectsgh-7108
philwebb pushed a commit to philwebb/spring-boot that referenced this issue Nov 4, 2016
@mbhave @philwebb
Update discovery endpoint to respect AccessLevel
1005feb 
Change `CloudFoundryDiscoveryMvcEndpoint` so that `AccessLevel` rights
are consulted so that only accessible links are returned.

See spring-projectsgh-7108
philwebb pushed a commit to philwebb/spring-boot that referenced this issue Nov 4, 2016
@mbhave @philwebb
Add POST to allowed CORS methods for CF actuators
862a06e 
Update CORS configuration to support POST.

See spring-projectsgh-7108
philwebb pushed a commit to philwebb/spring-boot that referenced this issue Nov 4, 2016
@mbhave @philwebb
Skip SSL validation when calling Cloud Foundry
5abca14 
Update CloudFoundrySecurityService so that SSL validation is not
required. We're unlikely to have configured public keys for the
REST endpoints we need to call. Since the endpoints are provided via
environment variables we can implicitly trust them.

See spring-projectsgh-7108
philwebb added a commit to philwebb/spring-boot that referenced this issue Nov 4, 2016
@philwebb
Default management.cloudfoundry.enabled to true
cab6c15 
Update `CloudFoundryActuatorAutoConfiguration` so that it is enabled
when `management.cloudfoundry.enabled` is missing.

See spring-projectsgh-7108
philwebb pushed a commit that referenced this issue Nov 5, 2016
@mbhave @philwebb
Skip SSL validation when calling Cloud Foundry
a77cfc3 
Update CloudFoundrySecurityService so that SSL validation is not
required. We're unlikely to have configured public keys for the
REST endpoints we need to call. Since the endpoints are provided via
environment variables we can implicitly trust them.

See gh-7108
philwebb added a commit that referenced this issue Nov 5, 2016
@philwebb
Default management.cloudfoundry.enabled to true
6c76353 
Update `CloudFoundryActuatorAutoConfiguration` so that it is enabled
when `management.cloudfoundry.enabled` is missing.

See gh-7108
mbhave added a commit that referenced this issue Nov 7, 2016
@mbhave
Add custom headers to allowed CORS headers for CF actuators
82f89b4 
Update CORS configuration to support Authorization and X-Cf-App-Instance.

See gh-7108
mbhave added a commit that referenced this issue Nov 9, 2016
@mbhave
Add message to response body for Cloud Foundry security error
a3bcb27 
See gh-7108
mbhave added a commit that referenced this issue Nov 9, 2016
@mbhave
Extend HealthMvcEndpoint for Cloud Foundry
af61278 
The CloudFoundryHealthMvcEndpoint does not perform additional
security checks since security is handled by the interceptor.

See gh-7108
mbhave added a commit that referenced this issue Nov 11, 2016
@mbhave
Add Content-Type to allowed headers for CloudFoundry actuators
2697bf2 
See gh-7108
mbhave added a commit that referenced this issue Nov 18, 2016
@mbhave
Add CORS interceptor for Cloud Foundry actuators
3a3228f 
This interceptor processes the response with CORS headers
and apepars before the Cloud Foundry security interceptor.

See gh-7108
@mbhave mbhave closed this as completed Dec 6, 2016
@mbhave mbhave mentioned this issue Dec 6, 2016
Closed
@philwebb philwebb mentioned this issue Jan 4, 2017
Closed
philwebb added a commit that referenced this issue Jan 4, 2017
@philwebb
Add management.cloudfoundry.* meta-data
2fe4d60 
Update configuration meta-data and appendix to include
`management.cloudfoundry.*` meta-data.

See gh-7108
philwebb added a commit that referenced this issue Jan 4, 2017
@philwebb
Document Cloud Foundry actuator endpoint support
7c51941 
Add a Cloud Foundry specific section to "Production Ready Features".

See gh-7108
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mbhave mbhave

Labels
type: enhancement A general enhancement
Projects
None yet
Milestone
1.5.0 RC1
Development

No branches or pull requests
2 participants
@philwebb @mbhave