WFLY-3884 Integrate mod_cluster subsystem with Elytron security subsy…

…stem for SSL configuration

mod_cluster/extension/src/main/java/org/wildfly/extension/mod_cluster/Attribute.java

@@ -49,6 +49,7 @@ enum Attribute {
     AUTO_ENABLE_CONTEXTS(CommonAttributes.AUTO_ENABLE_CONTEXTS),
     STOP_CONTEXT_TIMEOUT(CommonAttributes.STOP_CONTEXT_TIMEOUT),
     SOCKET_TIMEOUT(CommonAttributes.SOCKET_TIMEOUT),
+    SSL_CONTEXT(CommonAttributes.SSL_CONTEXT),
     CONNECTOR(CommonAttributes.CONNECTOR),
     STATUS_INTERVAL(CommonAttributes.STATUS_INTERVAL),
 

mod_cluster/extension/src/main/java/org/wildfly/extension/mod_cluster/CommonAttributes.java

@@ -42,6 +42,7 @@ interface CommonAttributes {
     String AUTO_ENABLE_CONTEXTS = "auto-enable-contexts";
     String STOP_CONTEXT_TIMEOUT = "stop-context-timeout";
     String SOCKET_TIMEOUT = "socket-timeout";
+    String SSL_CONTEXT = "ssl-context";
     String CONNECTOR = "connector";
     String SESSION_DRAINING_STRATEGY = "session-draining-strategy";
     String STATUS_INTERVAL = "status-interval";

mod_cluster/extension/src/main/java/org/wildfly/extension/mod_cluster/ContainerEventHandlerService.java

@@ -23,33 +23,17 @@
 
 import static org.wildfly.extension.mod_cluster.ModClusterLogger.ROOT_LOGGER;
 
-import java.net.InetSocketAddress;
-import java.net.NetworkInterface;
-import java.net.SocketException;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
-
-import org.jboss.as.network.OutboundSocketBinding;
-import org.jboss.as.network.SocketBinding;
-import org.jboss.as.network.SocketBindingManager;
 import org.jboss.modcluster.ModClusterService;
-import org.jboss.modcluster.config.ProxyConfiguration;
-import org.jboss.modcluster.config.impl.ModClusterConfig;
+import org.jboss.modcluster.config.ModClusterConfiguration;
 import org.jboss.modcluster.load.LoadBalanceFactorProvider;
-import org.jboss.msc.inject.Injector;
-import org.jboss.msc.inject.MapInjector;
 import org.jboss.msc.service.Service;
 import org.jboss.msc.service.ServiceName;
 import org.jboss.msc.service.StartContext;
 import org.jboss.msc.service.StopContext;
-import org.jboss.msc.value.InjectedValue;
 import org.jboss.msc.value.Value;
 
 /**
- * Service configuring and starting mod_cluster.
+ * Service starting mod_cluster service.
  *
  * @author Jean-Frederic Clere
  * @author Radoslav Husar
@@ -60,18 +44,12 @@ public class ContainerEventHandlerService implements Service<ModClusterService>
     public static final ServiceName CONFIG_SERVICE_NAME = SERVICE_NAME.append("config");
 
     private LoadBalanceFactorProvider load;
-    private ModClusterConfig config;
-
-    private final Value<SocketBindingManager> bindingManager;
-    private final InjectedValue<SocketBinding> binding = new InjectedValue<>();
-    private final Map<String, OutboundSocketBinding> outboundSocketBindings = new HashMap<>();
-
+    private Value<ModClusterConfiguration> configurationValue;
     private volatile ModClusterService eventHandler;
 
-    ContainerEventHandlerService(ModClusterConfig config, LoadBalanceFactorProvider load, Value<SocketBindingManager> bindingManager) {
-        this.config = config;
-        this.load = load;
-        this.bindingManager = bindingManager;
+    ContainerEventHandlerService(Value<ModClusterConfiguration> configurationValue, LoadBalanceFactorProvider factorProvider) {
+        this.configurationValue = configurationValue;
+        this.load = factorProvider;
     }
 
     @Override
@@ -83,77 +61,12 @@ public ModClusterService getValue() throws IllegalStateException, IllegalArgumen
     public void start(StartContext context) {
         ROOT_LOGGER.debugf("Starting mod_cluster extension");
 
-        // Resolve and configure proxies
-        if (outboundSocketBindings.size() > 0) {
-            List<ProxyConfiguration> proxies = new LinkedList<>();
-            for (final OutboundSocketBinding binding : outboundSocketBindings.values()) {
-                proxies.add(new ProxyConfiguration() {
-
-                    @Override
-                    public InetSocketAddress getRemoteAddress() {
-                        // Both host and port may not be null in the model, no need to validate here
-                        // Don't do resolving here, let mod_cluster deal with it
-                        return new InetSocketAddress(binding.getUnresolvedDestinationAddress(), binding.getDestinationPort());
-                    }
-
-                    @Override
-                    public InetSocketAddress getLocalAddress() {
-                        if (binding.getOptionalSourceAddress() != null) {
-                            return new InetSocketAddress(binding.getOptionalSourceAddress(), binding.getAbsoluteSourcePort() == null ? 0 : binding.getAbsoluteSourcePort());
-                        } else if (binding.getAbsoluteSourcePort() != null) {
-                            // Bind to port only if source address is not configured
-                            return new InetSocketAddress(binding.getAbsoluteSourcePort());
-                        }
-                        // No binding configured so don't bind
-                        return null;
-                    }
-
-                });
-            }
-            config.setProxyConfigurations(proxies);
-        }
-
-        // Read node to set configuration.
-        if (config.getAdvertise()) {
-            // There should be a socket-binding.... Well no it needs an advertise socket :-(
-            final SocketBinding binding = this.binding.getOptionalValue();
-            if (binding != null) {
-                config.setAdvertiseSocketAddress(binding.getMulticastSocketAddress());
-                config.setAdvertiseInterface(binding.getSocketAddress().getAddress());
-                if (!isMulticastEnabled(bindingManager.getValue().getDefaultInterfaceBinding().getNetworkInterfaces())) {
-                    ROOT_LOGGER.multicastInterfaceNotAvailable();
-                }
-            }
-        }
-
-        this.eventHandler = new ModClusterService(config, load);
-    }
-
-    private boolean isMulticastEnabled(Collection<NetworkInterface> ifaces) {
-        for (NetworkInterface iface : ifaces) {
-            try {
-                if (iface.isUp() && (iface.supportsMulticast() || iface.isLoopback())) {
-                    return true;
-                }
-            } catch (SocketException e) {
-                // Ignore
-            }
-        }
-        return false;
+        this.eventHandler = new ModClusterService(configurationValue.getValue(), load);
     }
 
     @Override
     public void stop(StopContext context) {
         this.eventHandler.shutdown();
         this.eventHandler = null;
     }
-
-    Injector<SocketBinding> getSocketBindingInjector() {
-        return this.binding;
-    }
-
-    Injector<OutboundSocketBinding> getOutboundSocketBindingInjector(String name) {
-        return new MapInjector<>(outboundSocketBindings, name);
-    }
-
 }

mod_cluster/extension/src/main/java/org/wildfly/extension/mod_cluster/ModClusterConfigResourceDefinition.java

@@ -22,6 +22,10 @@
 
 package org.wildfly.extension.mod_cluster;
 
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
 import org.jboss.as.controller.AttributeDefinition;
 import org.jboss.as.controller.AttributeMarshaller;
 import org.jboss.as.controller.ModelVersion;
@@ -36,10 +40,13 @@
 import org.jboss.as.controller.SimpleResourceDefinition;
 import org.jboss.as.controller.StringListAttributeDefinition;
 import org.jboss.as.controller.access.management.SensitiveTargetAccessConstraintDefinition;
+import org.jboss.as.controller.capability.RuntimeCapability;
 import org.jboss.as.controller.client.helpers.MeasurementUnit;
 import org.jboss.as.controller.descriptions.ResourceDescriptionResolver;
 import org.jboss.as.controller.operations.validation.EnumValidator;
 import org.jboss.as.controller.operations.validation.IntRangeValidator;
+import org.jboss.as.controller.operations.validation.StringLengthValidator;
+import org.jboss.as.controller.registry.AttributeAccess;
 import org.jboss.as.controller.registry.ManagementResourceRegistration;
 import org.jboss.as.controller.transform.TransformationContext;
 import org.jboss.as.controller.transform.description.AttributeConverter;
@@ -50,10 +57,6 @@
 import org.jboss.dmr.ModelType;
 import org.jboss.modcluster.config.impl.SessionDrainingStrategyEnum;
 
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-
 /**
  * {@link org.jboss.as.controller.ResourceDefinition} implementation for the core mod-cluster configuration resource.
  *
@@ -62,6 +65,11 @@
  */
 class ModClusterConfigResourceDefinition extends SimpleResourceDefinition {
 
+    public static final String MOD_CLUSTER_CAPABILITY_NAME = "org.wildfly.mod_cluster";
+    public static final RuntimeCapability<Void> MOD_CLUSTER_CAPABILITY = RuntimeCapability.Builder.of(MOD_CLUSTER_CAPABILITY_NAME, false).build();
+
+    public static final String SSL_CONTEXT_CAPABILITY_NAME = "org.wildfly.security.ssl-context";
+
     static final PathElement PATH = PathElement.pathElement(CommonAttributes.MOD_CLUSTER_CONFIG, CommonAttributes.CONFIGURATION);
 
     static final SimpleAttributeDefinition ADVERTISE_SOCKET = SimpleAttributeDefinitionBuilder.create(CommonAttributes.ADVERTISE_SOCKET, ModelType.STRING, true)
@@ -157,6 +165,12 @@ class ModClusterConfigResourceDefinition extends SimpleResourceDefinition {
             .setRestartAllServices()
             .build();
 
+    static final SimpleAttributeDefinition SSL_CONTEXT = new SimpleAttributeDefinitionBuilder(CommonAttributes.SSL_CONTEXT, ModelType.STRING, true)
+            .setCapabilityReference(SSL_CONTEXT_CAPABILITY_NAME, MOD_CLUSTER_CAPABILITY_NAME, false)
+            .setFlags(AttributeAccess.Flag.RESTART_ALL_SERVICES)
+            .setValidator(new StringLengthValidator(1))
+            .build();
+
     static final SimpleAttributeDefinition STICKY_SESSION = SimpleAttributeDefinitionBuilder.create(CommonAttributes.STICKY_SESSION, ModelType.BOOLEAN, true)
             .setAllowExpression(true)
             .setDefaultValue(new ModelNode(true))
@@ -285,6 +299,7 @@ class ModClusterConfigResourceDefinition extends SimpleResourceDefinition {
             CONNECTOR, // not in the 1.0 xsd
             SESSION_DRAINING_STRATEGY, // not in the 1.1 xsd
             STATUS_INTERVAL, // since 2.0 xsd
+            SSL_CONTEXT, // since 3.0 xsd
     };
 
 
@@ -301,6 +316,13 @@ class ModClusterConfigResourceDefinition extends SimpleResourceDefinition {
     public static void buildTransformation(ModelVersion version, ResourceTransformationDescriptionBuilder parent) {
         ResourceTransformationDescriptionBuilder builder = parent.addChildResource(PATH);
 
+        if (ModClusterModel.VERSION_4_1_0.requiresTransformation(version)) {
+            builder.getAttributeBuilder()
+                    .setDiscard(DiscardAttributeChecker.UNDEFINED, SSL_CONTEXT)
+                    .addRejectCheck(RejectAttributeChecker.DEFINED, SSL_CONTEXT)
+                    .end();
+        }
+
         if (ModClusterModel.VERSION_4_0_0.requiresTransformation(version)) {
             builder.getAttributeBuilder()
                     .setValueConverter(new AttributeConverter.DefaultAttributeConverter() {
@@ -339,10 +361,11 @@ protected void convertAttribute(PathAddress address, String attributeName, Model
     }
 
     public ModClusterConfigResourceDefinition() {
-        super(PATH,
-                ModClusterExtension.getResourceDescriptionResolver(CommonAttributes.CONFIGURATION),
-                ModClusterConfigAdd.INSTANCE,
-                new ReloadRequiredRemoveStepHandler());
+        super(new Parameters(PATH, ModClusterExtension.getResourceDescriptionResolver(CommonAttributes.CONFIGURATION))
+                .setAddHandler(ModClusterConfigAdd.INSTANCE)
+                .setRemoveHandler(new ReloadRequiredRemoveStepHandler())
+                .setCapabilities(MOD_CLUSTER_CAPABILITY)
+        );
     }
 
     @Override