Commit Graph

80 Commits

Author SHA1 Message Date
81a3ff6c27 Fix REST API authentication errors
The authentication errors were not sent as the connection was closed
immediately. The reason for this was the fact that if a client request
uploaded data with bad credentials, MaxScale would not send a response if
the connection was kept open. Closing the socket solved the hang but
caused confusing errors on the client side.

The libmicrohttpd library appears to require full processing of any data
uploaded by a client request before a request can be sent. With this
change, the clients receive proper authentication errors in all cases.
2017-09-11 12:49:11 +03:00
828649ba99 MXS-1354: Add user authorization to maxadmin
All commands that modify the internal state of MaxScale now require admin
level authorization.
2017-08-18 10:28:21 +03:00
6ee7ed6a38 MXS-1354: Add creation of basic/admin users to maxctrl
The type of the created user can now be specified with the --type option.

Expanded tests that cover the user creation. Also added a test case that
checks that basic users are only allowed to read through the REST API.
2017-08-18 10:28:21 +03:00
a48758a9d8 MXS-1354: Take REST API authorization into use
GET requests are allowed for all users while POST, PATCH, DELETE and PUT
requests are reserved for administrative users.
2017-08-18 10:28:20 +03:00
e627740777 MXS-1354: Enable muting of admin interface authentication failures
The warnings generated by the admin interface can now be silenced.
2017-08-18 10:28:20 +03:00
cb066fd09a Fix memory leaks in REST API
The call to MHD_basic_auth_get_username_password allocates memory for both
the password and the username.

mxs_json_add_relation leaked a reference to a JSON object by using
json_array_append instead of json_array_append_new.
2017-08-09 11:39:24 +03:00
e4a004097e MXS-1220: Add support for PATCH
The PATCH method should now be used instead the PUT method to update
resources.  As PUT request bodies should represent complete resources, the
use of PUT to update resources is no longer supported.

Altered tests to use PATCH instead of PUT for updating resources.
2017-06-05 13:37:08 +03:00
19c4016e65 MXS-1220: Add to_string to HttpRequest
Allowing requests to be converted to raw HTTP requests allows them to be
propagated to other instances of MaxScale. This should allow multiple
MaxScales to perform the same action in a coherent manner.

A simple clustering mechanism needs to be added to make MaxScale aware of
other instances.
2017-06-02 12:52:33 +03:00
f546a17e77 Update change date of 2.2 2017-06-01 10:24:20 +03:00
4c2560b5a6 MXS-1220: Pretty-print by default
The REST API now pretty-prints by default. This is done to make it easier
to use the API with browsers that don't have an integrated REST API
client.
2017-05-29 19:27:45 +03:00
6b8b19b439 MXS-1220: Add PUT support for /maxscale/ resource
The /maxscale/ resource now supports PUT requests which modify core
parameters. As not all parameters can be changed at runtime, only
modifications to parameters that support runtime configuration are
allowed.
2017-05-24 15:05:11 +03:00
7fc2d25cf2 MXS-1220: Allow new REST API users to be created
The REST API now uses the same users as MaxAdmin network interface. This
allows them to be created with MaxAdmin.

The next step is to add user creation to the REST API.
2017-05-24 15:05:10 +03:00
551f635f50 MXS-1220: Make the http.hh header public
As it contains utility functions for formatting time_t values to HTTP-date
values, there's no real need to make it an internal header.
2017-05-17 10:14:56 +03:00
18c71a8ebd MXS-1220: Fix build failure with older GCC
Older GCC versions seem to have a bug where `struct sockaddr_in` pointers
cannot be accessed directly and need to be dereferenced first.
2017-05-14 10:07:16 +03:00
3e1ff70d7d MXS-1220: Respond with 200 OK to root level requests
If a request to the `/` resource is made, the API responds with an 200
OK. This is done to make it possible to use the HTTP health check
mechanism found in many cloud load balancers.
2017-05-09 15:32:42 +03:00
624434a6d4 MXS-1220: Compare headers case-insensitively
The header names are not case sensitive.
2017-05-09 15:32:41 +03:00
b2e94fc73c MXS-1220: Add versioned URLs
Added versioning to URLs. This should allow somewhat safe modification to
the API after it has been finished.
2017-05-09 15:32:41 +03:00
bf44cd0d14 MXS-1220: Add HTTPS support
The REST API now supports encryption. The user needs to configure
certificates for the REST API before encryption is used.
2017-05-04 09:17:51 +03:00
4ed4773d91 MXS-1220: Allow binding to a specific address
The admin interface can now bind to a specific network interface.
2017-05-04 09:17:50 +03:00
b736776c8f MXS-1220: Temporarily remove PATCH method
The PATCH method isn't supported in older versions of microhttpd. As this
functionality wasn't used, it can be removed until it is needed. The PUT
method already allows updates by defining complete resources so PATCH is
only an improvement, not a requirement.
2017-05-04 09:17:48 +03:00
bcc3f11c4b MXS-1220: Fix upload data processing
The uploaded data is not a null-terminated string.
2017-05-04 09:14:04 +03:00
c17c451fb5 MXS-1220: Move header generation back to HttpResponse
The actual list of headers is not known when the request is first
generated. This prevents the headers from being generated in admin.cc
which handles things on a lower level.

The moving of the header generation is done with the OPTIONS method in
mind. This header needs to be generated inside the RootResource class
which manages the navigation of the resources.
2017-05-04 09:14:03 +03:00
46344b204a MXS-1220: Properly handle request with data
The data was not processed correctly and instead an error was sent to the
client as soon as the request arrived.

Created a class that somewhat abstracts the internals of the client
request processing.
2017-05-04 09:14:03 +03:00
52e075963e MXS-1220: Reorganize request and response processing
The standard response headers are now generated at a higher level. This
reduces the scope of the HttpResponse class making it a leaner wrapper
around a few simple variables, namely the JSON body of the response.

The HttpRequest now exposes the Host header that the client sent. This
allows resource relations to be real links that work without modification.
2017-05-04 09:12:16 +03:00
52e0cc8e16 MXS-1220: Add HTTP BA authentication
The admin interface now supports Basic Access authentication. This is not
a secure method of authentication and it should not be used without
unencrypted connections.

Made the admin interface port, authentication, username and password
configurable.
2017-05-04 09:12:15 +03:00
d242203279 MXS-1220: Use libmicrohttpd for the HTTP handling
The HTTP side of the REST API is better handled with an actual
library. The libmicrohttpd library provides a convenient way of handling
the HTTP traffic between the clients and MaxScale.
2017-05-04 09:12:15 +03:00
caf2172677 MXS-1220: Fix minor problems with admin thread
The admin thread now uses blocking IO. This is not optimal but it
simplifies the code by some amount.

Fixed option processing removing one extra character from key name.

Use correct member variable when checking for the option map end.
2017-05-04 09:11:18 +03:00
9d0d394361 MXS-1220: Expand HttpResponse class
The class now generates default headers. The ETag and Last-Modified tags
do not represent any actual modification time or resource hash.

The basic functionality of the HTTP responses is tested by the core test
suite. More advanced testing of the whole REST API is still required.

Removed the static `create` functions as only the JSON parsing version
could generated errors and even then the errors were unlikely. By
replacing the static creator function with a normal constructor, the
HttpResponse class can now also be created on the stack making its use
easier.
2017-05-04 09:10:33 +03:00
e34b65658e MXS-1220: Simplify admin request handling
The admin requests are now processed in blocking mode. The timing out of
connecttions is handled by a specific timeout thread that checks the state
of each admin request.

The simplification will help with the JSON parsing with PUT/POST
commands. If non-blocking IO is used, the network reading code and JSON
parsing needs a lot more work to handle partial reads.

If the administrative interface requires higher performance and
concurrency, a multi-threaded solution could be created.
2017-05-04 09:10:32 +03:00
23b6fb3e6d MXS-1220: Create separate admin thread
When MaxScale is started, a separate thread for the administrative
interface is started. This allows the worker threads to handle client
requests while the administrative thread handles the lower priority
administrative requests.

The administrative interface responds to all request with a 200 OK HTTP
response. This allows the administrative interface itself to be tested.
2017-05-04 09:10:31 +03:00