Add credentials for remove REST API calls

The base URL and credentials used for REST API calls can now be defined in the [maxscale] section. This allows encrypted passwords to be used.
2018-08-22 17:19:27 +03:00
parent fe7d7475a4
commit a6bef0a80d
7 changed files with 79 additions and 12 deletions
--- a/server/core/config.cc
+++ b/server/core/config.cc
@ -52,6 +52,7 @@
 #include <maxscale/paths.h>
 #include <maxscale/pcre2.h>
 #include <maxscale/router.h>
+#include <maxscale/secrets.h>
 #include <maxscale/spinlock.h>
 #include <maxscale/utils.h>
 #include <maxscale/utils.hh>
@ -125,6 +126,9 @@ const char CN_OPTIONS[]                       = "options";
 const char CN_PARAMETERS[]                    = "parameters";
 const char CN_PASSIVE[]                       = "passive";
 const char CN_PASSWORD[]                      = "password";
+const char CN_PEER_HOSTS[]                    = "peer_hosts";
+const char CN_PEER_PASSWORD[]                 = "peer_password";
+const char CN_PEER_USER[]                     = "peer_user";
 const char CN_POLL_SLEEP[]                    = "poll_sleep";
 const char CN_PORT[]                          = "port";
 const char CN_PROTOCOL[]                      = "protocol";
@ -2439,6 +2443,28 @@ handle_global_item(const char *name, const char *value)
                      CN_DUMP_LAST_STATEMENTS);
        }
    }
+    else if (strcmp(name, CN_PEER_HOSTS) == 0)
+    {
+        if (strchr(value, ','))
+        {
+            MXS_ERROR("Only a single host in '%s' is currently supported", CN_PEER_HOSTS);
+            return 0;
+        }
+        else
+        {
+            strcpy(gateway.peer_hosts, value);
+        }
+    }
+    else if (strcmp(name, CN_PEER_USER) == 0)
+    {
+        strcpy(gateway.peer_user, value);
+    }
+    else if (strcmp(name, CN_PEER_PASSWORD) == 0)
+    {
+        char* pw = decrypt_password(value);
+        strcpy(gateway.peer_password, pw);
+        MXS_FREE(pw);
+    }
    else
    {
        bool found = false;
@ -2624,6 +2650,10 @@ void config_set_global_defaults()
    gateway.passive = false;
    gateway.promoted_at = 0;

+    gateway.peer_hosts[0] = '\0';
+    gateway.peer_user[0] = '\0';
+    gateway.peer_password[0] = '\0';
+
    // Note: This is not a valid cache value: it is used to detect that the default value is used
    gateway.qc_cache_properties.max_size = -1;

@ -4261,6 +4291,8 @@ json_t* config_maxscale_to_json(const char* host)
    json_object_set_new(param, CN_ADMIN_SSL_KEY, json_string(cnf->admin_ssl_key));
    json_object_set_new(param, CN_ADMIN_SSL_CERT, json_string(cnf->admin_ssl_cert));
    json_object_set_new(param, CN_ADMIN_SSL_CA_CERT, json_string(cnf->admin_ssl_ca_cert));
+    json_object_set_new(param, CN_PEER_HOSTS, json_string(cnf->peer_hosts));
+    json_object_set_new(param, CN_PEER_USER, json_string(cnf->peer_user));
    json_object_set_new(param, CN_PASSIVE, json_boolean(cnf->passive));

    json_object_set_new(param, CN_QUERY_CLASSIFIER, json_string(cnf->qc_name));
--- a/server/core/monitor.cc
+++ b/server/core/monitor.cc
@ -2869,7 +2869,8 @@ void MonitorInstance::run_one_tick()
 static bool remote_server_is_master(const std::string& url, std::string* host, int* port)
 {
    bool rval = false;
-    auto res = mxs::http::get(url);
+    auto res = mxs::http::get(url, config_get_global_options()->peer_user,
+                              config_get_global_options()->peer_password);
    json_t* state = mxs_json_pointer(res.body.get(), "data/attributes/state");
    json_t* json_host = mxs_json_pointer(res.body.get(), "data/attributes/parameters/address");
    json_t* json_port = mxs_json_pointer(res.body.get(), "data/attributes/parameters/port");
@ -2889,12 +2890,16 @@ static bool remote_server_is_master(const std::string& url, std::string* host, i
    return rval;
 }

-std::pair<std::string, int> mon_get_external_master(const std::string& url)
+std::pair<std::string, int> mon_get_external_master(const std::string& name)
 {
    std::string host;
    int port = 0;
+    std::string url = config_get_global_options()->peer_hosts;
+
+    auto res = mxs::http::get(url + "/v1/monitors/" + name,
+                              config_get_global_options()->peer_user,
+                              config_get_global_options()->peer_password);

-    auto res = mxs::http::get(url);
    json_t* remote = mxs_json_pointer(res.body.get(), "data/relationships/servers/links/self");
    json_t* arr = mxs_json_pointer(res.body.get(), "data/relationships/servers/data");

--- a/server/core/utils.cc
+++ b/server/core/utils.cc
@ -1255,7 +1255,7 @@ size_t header_callback(char *ptr, size_t size, size_t nmemb, void *userdata)
 namespace http
 {

-Result get(const std::string& url)
+Result get(const std::string& url, const std::string& user, const std::string& password)
 {
    Result res;
    char errbuf[CURL_ERROR_SIZE + 1] = "";
@ -1271,6 +1271,12 @@ Result get(const std::string& url)
    curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, header_callback);
    curl_easy_setopt(curl, CURLOPT_HEADERDATA, &res.headers);

+    if (!user.empty() && !password.empty())
+    {
+        curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
+        curl_easy_setopt(curl, CURLOPT_USERPWD, (user + ":" + password).c_str());
+    }
+
    long code = 0; // needs to be a long

    if (curl_easy_perform(curl) == CURLE_OK)