/**
* Verify that a remote answering with '403 Forbidden' will not be auto-blocked with and without a
* local artifact cached.
*/
@Test
public void testNoAutoblockOn403() throws Exception {
stopProxy();
server = Server.withPort(proxyPort).start();
server.serve("/").withBehaviours(content("ok"));
server.serve("/remote/release-proxy-repo-1/nexus4593/*").withBehaviours(get(getTestFile("/")));
downloadArtifact(GavUtil.newGav("nexus4593", "artifact", "1.0.0"), "target");
assertThat(ProxyMode.valueOf(getStatus().getProxyMode()), is(ProxyMode.ALLOW));
server.serve("/*").withBehaviours(error(403));
// download will not fail because we have a local copy cached, but the remote will be hit b/c
// maxAge is set to 0
downloadArtifact(GavUtil.newGav("nexus4593", "artifact", "1.0.0"), "target");
assertThat(ProxyMode.valueOf(getStatus().getProxyMode()), is(ProxyMode.ALLOW));
try {
downloadArtifact(GavUtil.newGav("g", "a", "403"), "target");
assertThat("should fail b/c of 403", false);
} catch (IOException e) {
// expected, remote will answer with 403
}
assertThat(ProxyMode.valueOf(getStatus().getProxyMode()), is(ProxyMode.ALLOW));
}
public WLUpdatePropagationTest() throws Exception {
// fluke server to not have proxy autoblock, as remote connection refused IS a valid reason to
// auto block
this.server =
Server.withPort(0)
.serve("/")
.withBehaviours(Behaviours.error(404, "don't bother yourself"));
server.start();
this.remoteServerPort = server.getPort();
}
public RoutingAndProxyModeTest() throws Exception {
// one server serving up stuff for both proxies, it does have prefix file published but nothing
// else
// this only serves the purpose to not have repo autoblock
this.server =
Server.withPort(0)
.serve("/")
.withBehaviours(Behaviours.error(404, "don't bother yourself"))
.serve("/.meta/prefixes.txt")
.withBehaviours(Behaviours.content(prefixFile()));
server.start();
}
@Test(expected = InvalidInputException.class)
public void discoverBigPrefixFile() throws Exception {
server.stop();
server =
Server.withPort(remoteServerPort)
.serve("/.meta/prefixes.txt")
.withBehaviours(new GenerateRandomBehaviour(150 * 1024))
.start();
try {
final RemoteStrategy subject = lookup(RemoteStrategy.class, RemotePrefixFileStrategy.ID);
final StrategyResult result =
subject.discover(
getRepositoryRegistry()
.getRepositoryWithFacet(PROXY_REPO_ID, MavenProxyRepository.class));
} finally {
server.stop();
}
}
@Test(expected = InvalidInputException.class)
public void discoverLongLinesPrefixFile() throws Exception {
server.stop();
server =
Server.withPort(remoteServerPort)
.serve("/.meta/prefixes.txt")
.withBehaviours(Behaviours.content(prefixFile1(Strings.repeat("/12345677890", 25))))
.start();
try {
final RemoteStrategy subject = lookup(RemoteStrategy.class, RemotePrefixFileStrategy.ID);
final StrategyResult result =
subject.discover(
getRepositoryRegistry()
.getRepositoryWithFacet(PROXY_REPO_ID, MavenProxyRepository.class));
} finally {
server.stop();
}
}
@Test(expected = InvalidInputException.class)
public void discoverNonAsciiButHungarianPrefixFile() throws Exception {
server.stop();
server =
Server.withPort(remoteServerPort)
.serve("/.meta/prefixes.txt")
.withBehaviours(Behaviours.content(prefixFile1("/tamás/cservenák", "/kom/szonatájp")))
.start();
try {
final RemoteStrategy subject = lookup(RemoteStrategy.class, RemotePrefixFileStrategy.ID);
final StrategyResult result =
subject.discover(
getRepositoryRegistry()
.getRepositoryWithFacet(PROXY_REPO_ID, MavenProxyRepository.class));
} finally {
server.stop();
}
}
@Before
public void replaceServers() throws Exception {
final int proxyPort = proxyServer.getPort();
proxyServer.stop();
proxyServer = null;
server =
Server.withPort(proxyPort)
.serve("/")
.withBehaviours(Behaviours.pause(Time.days(1)))
.start();
}
@Test
public void smoke() throws Exception {
final WLManager wm = lookup(WLManager.class);
// deploy to hosted something
{
final MavenRepository mavenRepository =
getRepositoryRegistry().getRepositoryWithFacet(HOSTED_REPO_ID, MavenRepository.class);
mavenRepository.storeItemWithChecksums(
new ResourceStoreRequest("/com/sonatype/test/1.0/test-1.0.txt"),
new ByteArrayInputStream("Some fluke content".getBytes()),
null);
}
{
try {
server.start();
final PrefixSource hostedEntrySource =
wm.getPrefixSourceFor(
getRepositoryRegistry()
.getRepositoryWithFacet(HOSTED_REPO_ID, MavenRepository.class));
final PrefixSource proxyEntrySource =
wm.getPrefixSourceFor(
getRepositoryRegistry()
.getRepositoryWithFacet(PROXY_REPO_ID, MavenRepository.class));
final PrefixSource groupEntrySource =
wm.getPrefixSourceFor(
getRepositoryRegistry()
.getRepositoryWithFacet(GROUP_REPO_ID, MavenRepository.class));
assertThat("Hosted should have ES", hostedEntrySource.exists());
assertThat(
"Proxy should not have ES", !proxyEntrySource.exists()); // as we serve 404s for prefix
// file
assertThat(
"Group cannot have ES", !groupEntrySource.exists()); // as proxy member does not have WL
} finally {
server.stop();
}
}
{
server.stop();
server =
Server.withPort(remoteServerPort)
.serve("/.meta/prefixes.txt")
.withBehaviours(Behaviours.content(prefixFile1(true)));
try {
server.start();
final MavenProxyRepository mavenProxyRepository =
getRepositoryRegistry()
.getRepositoryWithFacet(PROXY_REPO_ID, MavenProxyRepository.class);
wm.updateWhitelist(mavenProxyRepository);
waitForWLBackgroundUpdates();
final PrefixSource hostedEntrySource =
wm.getPrefixSourceFor(
getRepositoryRegistry()
.getRepositoryWithFacet(HOSTED_REPO_ID, MavenRepository.class));
final PrefixSource proxyEntrySource =
wm.getPrefixSourceFor(
getRepositoryRegistry()
.getRepositoryWithFacet(PROXY_REPO_ID, MavenRepository.class));
final PrefixSource groupEntrySource =
wm.getPrefixSourceFor(
getRepositoryRegistry()
.getRepositoryWithFacet(GROUP_REPO_ID, MavenRepository.class));
assertThat("Hosted should have ES", hostedEntrySource.exists());
assertThat("Proxy should have ES", proxyEntrySource.exists()); // as we did serve file ok
assertThat(
"Group should have ES", groupEntrySource.exists()); // as all member should have it
// GROUP wl must have 4 entries: 1 from hosted (/com/sonatype) + 3 from proxied prefix file
final List<String> groupEntries = groupEntrySource.readEntries();
assertThat(groupEntries.size(), equalTo(4));
assertThat(groupEntries, hasItem("/com/sonatype"));
assertThat(groupEntries, hasItem("/org/sonatype"));
assertThat(groupEntries, hasItem("/org/apache/maven"));
assertThat(groupEntries, hasItem("/eu/flatwhite"));
} finally {
server.stop();
}
}
}
@AfterMethod
public void stopServer() throws Exception {
if (server != null) {
server.stop();
}
}
private void startErrorServer(final int code) throws Exception {
stopServer();
proxyServer.stop();
server = Server.withPort(proxyPort).serve("/*").withBehaviours(error(code)).start();
}
/**
* A proxy "transitions" from having prefixes file to not having prefixes file (and not being
* scraped either). The test does two passes of requests. In first pass (with WL), the proxy will
* forward only whitelisted requests to it's remote target. Then repository transitions into a
* state of not having WL (like remote prefix file removed and will not be scraped as test Jetty
* does not have index file), with nuked proxy caches same set of requests is repeated. This time,
* it is validated that all requests are forwared to remote target (pre-WL behaviour of Nexus).
* Simply put, proxy repository falls back to pre-WL (pre-2.4) behavior.
*
* @throws Exception
*/
@Test
public void proxyWithAndWithoutWL() throws Exception {
// where to put downloaded things
final File remoteRepoRoot = testData().resolveFile("remote-repo");
final File downloadsDir = testIndex().getDirectory("downloads");
// bring up remote server using Jetty
final PathRecorder recorder = new PathRecorder();
final PrefixesFile prefixesFile = new PrefixesFile();
// now set the prefixes file that contains /org/someorg prefix only, and repeat
prefixesFile.setContent(
Files.toString(testData().resolveFile("someorg-prefixes.txt"), Charset.forName("UTF-8")));
final Server server =
Server.withPort(0)
.serve("/*")
.withBehaviours(recorder, prefixesFile, Behaviours.get(remoteRepoRoot))
.start();
// create the proxy
final MavenProxyRepository proxyRepository =
repositories()
.create(MavenProxyRepository.class, repositoryIdForTest("someorgProxy1"))
.asProxyOf(server.getUrl().toExternalForm())
.doNotDownloadRemoteIndexes()
.save();
whitelistTest().waitForAllWhitelistUpdateJobToStop();
// waitForWLPublishingOutcomes( proxyRepository.id() );
client().getSubsystem(Scheduler.class).waitForAllTasksToStop();
try {
// clear recorder
recorder.clear();
// repeat the test with slightly different expectations
{
// check that newly added proxy is publishing whitelist
assertThat(
whitelist().getWhitelistStatus(proxyRepository.id()).getPublishedStatus(),
equalTo(Outcome.SUCCEEDED));
// nuke the repo cache
nukeProxyCaches(proxyRepository.id());
// and because we have WL, we cant fetch whatever we want (com and org)
// only WL-enlisted of these will go remotely
fetchAndAssert(downloadsDir, proxyRepository.id(), COM_SOMEORG_ARTIFACT_10_POM, false);
fetchAndAssert(downloadsDir, proxyRepository.id(), COM_SOMEORG_ARTIFACT_10_JAR, false);
fetchAndAssert(downloadsDir, proxyRepository.id(), ORG_SOMEORG_ARTIFACT_10_POM, true);
fetchAndAssert(downloadsDir, proxyRepository.id(), ORG_SOMEORG_ARTIFACT_10_JAR, true);
fetchAndAssert(downloadsDir, proxyRepository.id(), FLUKE_ARTIFACT_POM, false);
fetchAndAssert(downloadsDir, proxyRepository.id(), FLUKE_ARTIFACT_JAR, false);
// GET /org/someorg/artifact/1.0/artifact-1.0.jar.sha1,
// GET /org/someorg/artifact/1.0/artifact-1.0.jar,
// GET /org/someorg/artifact/1.0/artifact-1.0.pom.sha1,
// GET /org/someorg/artifact/1.0/artifact-1.0.pom,
final List<String> requests = recorder.getPathsForVerb("GET");
assertThat(requests.size(), is(4));
assertThat(
requests,
containsInAnyOrder(
ORG_SOMEORG_ARTIFACT_10_POM,
ORG_SOMEORG_ARTIFACT_10_POM + ".sha1",
ORG_SOMEORG_ARTIFACT_10_JAR,
ORG_SOMEORG_ARTIFACT_10_JAR + ".sha1"));
}
// now loose the prefixes file
prefixesFile.setContent(null);
// update the WL of proxy repo to have new prefixes file picked up
whitelist().updateWhitelist(proxyRepository.id());
// wait for update to finish since it's async op, client above returned immediately
// but update happens in a separate thread. Still this should be quick operation as prefix
// file is used
Status proxyStatus = whitelist().getWhitelistStatus(proxyRepository.id());
// sit and wait for remote discovery (or the timeout Junit @Rule will kill us)
while (proxyStatus.getPublishedStatus() != Outcome.FAILED) {
Thread.sleep(10000);
proxyStatus = whitelist().getWhitelistStatus(proxyRepository.id());
}
// clear recorder
recorder.clear();
// remote repo lives without prefix file
{
// check that newly added proxy is not publishing whitelist
assertThat(
whitelist().getWhitelistStatus(proxyRepository.id()).getPublishedStatus(),
equalTo(Outcome.FAILED));
// nuke the repo cache
nukeProxyCaches(proxyRepository.id());
// and because no WL, we can fetch whatever we want (com and org)
// all these will go remotely
fetchAndAssert(downloadsDir, proxyRepository.id(), COM_SOMEORG_ARTIFACT_10_POM, true);
fetchAndAssert(downloadsDir, proxyRepository.id(), COM_SOMEORG_ARTIFACT_10_JAR, true);
fetchAndAssert(downloadsDir, proxyRepository.id(), ORG_SOMEORG_ARTIFACT_10_POM, true);
fetchAndAssert(downloadsDir, proxyRepository.id(), ORG_SOMEORG_ARTIFACT_10_JAR, true);
fetchAndAssert(downloadsDir, proxyRepository.id(), FLUKE_ARTIFACT_POM, false);
fetchAndAssert(downloadsDir, proxyRepository.id(), FLUKE_ARTIFACT_JAR, false);
// note: sha1 is asked for existing files only
// GET /hu/fluke/artifact/1.0/artifact-1.0.jar,
// GET /hu/fluke/artifact/1.0/artifact-1.0.pom,
// GET /org/someorg/artifact/1.0/artifact-1.0.jar.sha1,
// GET /org/someorg/artifact/1.0/artifact-1.0.jar,
// GET /org/someorg/artifact/1.0/artifact-1.0.pom.sha1,
// GET /org/someorg/artifact/1.0/artifact-1.0.pom,
// GET /com/someorg/artifact/1.0/artifact-1.0.jar.sha1,
// GET /com/someorg/artifact/1.0/artifact-1.0.jar,
// GET /com/someorg/artifact/1.0/artifact-1.0.pom.sha1,
// GET /com/someorg/artifact/1.0/artifact-1.0.pom,
final List<String> requests = recorder.getPathsForVerb("GET");
assertThat(requests.size(), is(10));
assertThat(
requests,
containsInAnyOrder(
COM_SOMEORG_ARTIFACT_10_POM,
COM_SOMEORG_ARTIFACT_10_POM + ".sha1",
COM_SOMEORG_ARTIFACT_10_JAR,
COM_SOMEORG_ARTIFACT_10_JAR + ".sha1",
ORG_SOMEORG_ARTIFACT_10_POM,
ORG_SOMEORG_ARTIFACT_10_POM + ".sha1",
ORG_SOMEORG_ARTIFACT_10_JAR,
ORG_SOMEORG_ARTIFACT_10_JAR + ".sha1",
FLUKE_ARTIFACT_POM,
FLUKE_ARTIFACT_JAR));
}
} finally {
server.stop();
}
}
@Override
public void setUp() throws Exception {
this.server =
Server.withPort(remoteServerPort).serve("/").withBehaviours(Behaviours.error(404)).start();
super.setUp();
}