Fix timeout typo for CloudianClient connections

- The timeout parameter was using the port so instead of timing
  out in 10 seconds, it was using 19443 seconds.
- Added tests to use real connections instead of mocking and
  added line tests to try catch other issues.
- Noticed that HyperStore and AWS IAM services use return
  different errorcodes. This will be fixed in HyperStore so
  handle both errorcodes.

Author: tpodowd

plugins/storage/object/cloudian/pom.xml

@@ -60,5 +60,11 @@
             <groupId>com.amazonaws</groupId>
             <artifactId>aws-java-sdk-s3</artifactId>
         </dependency>
+        <dependency>
+            <groupId>com.github.tomakehurst</groupId>
+            <artifactId>wiremock-standalone</artifactId>
+            <version>${cs.wiremock.version}</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 </project>

plugins/storage/object/cloudian/src/main/java/org/apache/cloudstack/storage/datastore/util/CloudianHyperStoreUtil.java

@@ -65,7 +65,7 @@ public class CloudianHyperStoreUtil {
     public static final String KEY_IAM_SECRET_KEY     = "hs_IAMSecretKey";
 
     public static final int DEFAULT_ADMIN_PORT = 19443;
-    public static final int DEFAULT_ADMIN_TIMEOUT = 10;
+    public static final int DEFAULT_ADMIN_TIMEOUT_SECONDS = 10;
 
     public static final String IAM_USER_USERNAME = "CloudStack";
     public static final String IAM_USER_POLICY_NAME = "CloudStackPolicy";
@@ -97,6 +97,15 @@ public class CloudianHyperStoreUtil {
         IAM_USER_POLICY = sb.toString();
     }
 
+    /**
+     * This method is solely for test purposes so that we can mock the timeout.
+     *
+     * @returns the timeout in seconds
+     */
+    protected static int getAdminTimeoutSeconds() {
+        return DEFAULT_ADMIN_TIMEOUT_SECONDS;
+    }
+
     /**
      * Get a connection to the Cloudian HyperStore ADMIN API Service.
      * @param url the url of the ADMIN API service
@@ -115,7 +124,7 @@ public static CloudianClient getCloudianClient(String url, String user, String p
             if (port == -1) {
                 port = DEFAULT_ADMIN_PORT;
             }
-            return new CloudianClient(host, port, scheme, user, pass, validateSSL, DEFAULT_ADMIN_PORT);
+            return new CloudianClient(host, port, scheme, user, pass, validateSSL, getAdminTimeoutSeconds());
         } catch (MalformedURLException e) {
             throw new CloudRuntimeException(e);
         } catch (KeyStoreException | NoSuchAlgorithmException | KeyManagementException e) {
@@ -194,8 +203,8 @@ public static void validateS3Url(String s3Url) {
      * Test the IAMUrl to confirm it behaves like an IAM Service.
      *
      * The method uses bad credentials and looks for the particular error from IAM
-     * that says InvalidAccessKeyId was used. The method quietly returns if
-     * we connect and get the expected error back.
+     * that says InvalidAccessKeyId or InvalidClientTokenId was used. The method quietly
+     * returns if we connect and get the expected error back.
      *
      * @param iamUrl the url to check
      *
@@ -206,7 +215,7 @@ public static void validateIAMUrl(String iamUrl) {
             AmazonIdentityManagement iamClient = CloudianHyperStoreUtil.getIAMClient(iamUrl, "unknown", "unknown");
             iamClient.listAccessKeys();
         } catch (AmazonServiceException e) {
-            if (StringUtils.compareIgnoreCase(e.getErrorCode(), "InvalidAccessKeyId") != 0) {
+            if (! StringUtils.equalsAnyIgnoreCase(e.getErrorCode(), "InvalidAccessKeyId", "InvalidClientTokenId")) {
                 throw new CloudRuntimeException("Unexpected response from IAM Endpoint.", e);
             }
         }

plugins/storage/object/cloudian/src/test/java/org/apache/cloudstack/storage/datastore/util/CloudianHyperStoreUtilTest.java

@@ -0,0 +1,227 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+// SPDX-License-Identifier: Apache-2.0
+package org.apache.cloudstack.storage.datastore.util;
+
+import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
+import static com.github.tomakehurst.wiremock.client.WireMock.get;
+import static com.github.tomakehurst.wiremock.client.WireMock.post;
+import static com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertThrows;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.ArgumentMatchers.anyString;
+
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.cloudian.client.CloudianClient;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.mockito.MockedStatic;
+import org.mockito.Mockito;
+import org.mockito.MockitoAnnotations;
+
+import com.cloud.utils.exception.CloudRuntimeException;
+import com.github.tomakehurst.wiremock.junit.WireMockRule;
+
+public class CloudianHyperStoreUtilTest {
+    private final int port = 18081;
+
+    @Rule
+    public WireMockRule wireMockRule = new WireMockRule(port);
+
+    private AutoCloseable closeable;
+
+    @Before
+    public void setUp() {
+        closeable = MockitoAnnotations.openMocks(this);
+    }
+
+    @After
+    public void tearDown() throws Exception {
+        closeable.close();
+    }
+
+    @Test
+    public void testGetCloudianClientBadUrl() {
+        String url = "bad://bad-url";
+        CloudRuntimeException thrown = assertThrows(CloudRuntimeException.class, () -> CloudianHyperStoreUtil.getCloudianClient(url, "", "", false));
+        assertNotNull(thrown);
+        assertTrue(thrown.getMessage().contains("unknown protocol"));
+    }
+
+    @Test
+    public void testGetCloudianClient() {
+        String url = "https://localhost:98765";
+        CloudianClient cc = CloudianHyperStoreUtil.getCloudianClient(url, "", "", false);
+        assertNotNull(cc);
+    }
+
+    @Test
+    public void testGetCloudianClientNoPort() {
+        String url = "https://localhost";
+        CloudianClient cc = CloudianHyperStoreUtil.getCloudianClient(url, "", "", false);
+        assertNotNull(cc);
+    }
+
+    @Test
+    public void testGetCloudianClientToGetServerVersion() {
+        final String expect = "8.1 Compiled: 2023-11-11 16:30";
+        wireMockRule.stubFor(get(urlEqualTo("/system/version"))
+                .willReturn(aResponse()
+                        .withStatus(200)
+                        .withBody(expect)));
+
+        // Get a connection and try using it
+        String url = String.format("http://localhost:%d", port);
+        CloudianClient cc = CloudianHyperStoreUtil.getCloudianClient(url, "u", "p", false);
+        String version = cc.getServerVersion();
+        assertEquals(expect, version);
+    }
+
+    @Test
+    public void testGetCloudianClientShortenedTimeout() {
+        // Response delayed 3 seconds. We should never get it.
+        final String expect = "8.1 Compiled: 2023-11-11 16:30";
+        wireMockRule.stubFor(get(urlEqualTo("/system/version"))
+                .willReturn(aResponse()
+                        .withStatus(200)
+                        .withFixedDelay(3000)  // 3 second delay.
+                        .withBody(expect)));
+
+        try (MockedStatic<CloudianHyperStoreUtil> mockStatic = Mockito.mockStatic(CloudianHyperStoreUtil.class)) {
+            // Force a shorter 1 second timeout for testing so as not to hold up unit tests.
+            mockStatic.when(() -> CloudianHyperStoreUtil.getAdminTimeoutSeconds()).thenReturn(1);
+            mockStatic.when(() -> CloudianHyperStoreUtil.getCloudianClient(anyString(), anyString(), anyString(), anyBoolean())).thenCallRealMethod();
+
+            // Get a connection and try using it but it should timeout
+            String url = String.format("http://localhost:%d", port);
+            CloudianClient cc = CloudianHyperStoreUtil.getCloudianClient(url, "u", "p", false);
+            long before = System.currentTimeMillis();
+            ServerApiException thrown = assertThrows(ServerApiException.class, () -> cc.getServerVersion());
+            long after = System.currentTimeMillis();
+            assertNotNull(thrown);
+            assertEquals(ApiErrorCode.RESOURCE_UNAVAILABLE_ERROR, thrown.getErrorCode());
+            assertTrue((after - before) >= 1000); // should timeout after 1 second.
+        }
+    }
+
+    @Test
+    public void testValidateS3UrlGood() {
+        // Mock an AWS S3 invalid access key response.
+        StringBuilder ERR_XML = new StringBuilder("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n");
+        ERR_XML.append("<Error>\n");
+        ERR_XML.append("  <Code>InvalidAccessKeyId</Code>\n");
+        ERR_XML.append("  <Message>The AWS Access Key Id you provided does not exist in our records.</Message>\n");
+        ERR_XML.append("  <AWSAccessKeyId>unknown</AWSAccessKeyId>\n");
+        ERR_XML.append("  <HostId>12345=</HostId>\n");
+        ERR_XML.append("</Error>\n");
+
+        wireMockRule.stubFor(get(urlEqualTo("/"))
+                .willReturn(aResponse()
+                        .withStatus(403)
+                        .withHeader("content-type", "application/xml")
+                        .withBody(ERR_XML.toString())));
+
+        // Test: validates the AmazonS3 client returned by CloudianHyperStoreUtil.getS3Client()
+        // which is called indirectly via the validateS3Url() method can connect to the
+        // remote port and handles the access key error as the expected s3 response.
+        String url = String.format("http://localhost:%d", port);
+        CloudianHyperStoreUtil.validateS3Url(url);
+    }
+
+    @Test
+    public void testValidateS3UrlBadRequest() {
+        wireMockRule.stubFor(get(urlEqualTo("/"))
+                .willReturn(aResponse()
+                        .withStatus(400)
+                        .withHeader("content-type", "text/html")
+                        .withBody("<html><body>400 Bad Request</body></html>")));
+
+        String url = String.format("http://localhost:%d", port);
+        CloudRuntimeException thrown = assertThrows(CloudRuntimeException.class, () -> CloudianHyperStoreUtil.validateS3Url(url));
+        assertNotNull(thrown);
+    }
+
+    @Test
+    public void testValidateIAMUrlGoodInvalidClientTokenId() {
+        // Mock an AWS IAM invalid access key response.
+        StringBuilder ERR_XML = new StringBuilder();
+        ERR_XML.append("<ErrorResponse xmlns=\"https://iam.amazonaws.com/doc/2010-05-08/\">\n");
+        ERR_XML.append("  <Error>\n");
+        ERR_XML.append("    <Type>Sender</Type>\n");
+        ERR_XML.append("    <Code>InvalidClientTokenId</Code>\n");
+        ERR_XML.append("    <Message>The security token included in the request is invalid.</Message>\n");
+        ERR_XML.append("  </Error>\n");
+        ERR_XML.append("  <RequestId>a2c47f7e-0196-4b45-af18-a9e99e4d9ed5</RequestId>\n");
+        ERR_XML.append("</ErrorResponse>\n");
+
+        wireMockRule.stubFor(post(urlEqualTo("/"))
+                .willReturn(aResponse()
+                        .withStatus(403)
+                        .withHeader("content-type", "text/xml")
+                        .withBody(ERR_XML.toString())));
+
+        // Test: validates the AmazonIdentityManagement client returned by CloudianHyperStoreUtil.getIAMClient()
+        // which is called indirectly via the validateIAMUrl() method can connect to the
+        // remote port and handles the access key error as the expected s3 response.
+        String url = String.format("http://localhost:%d", port);
+        CloudianHyperStoreUtil.validateIAMUrl(url);
+    }
+
+    @Test
+    public void testValidateIAMUrlGoodInvalidAccessKeyId() {
+        // Mock HyperStore IAM invalid access key current response.
+        StringBuilder ERR_XML = new StringBuilder("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n");
+        ERR_XML.append("<ErrorResponse xmlns=\"https://iam.amazonaws.com/doc/2010-05-08/\">\n");
+        ERR_XML.append("  <Error>\n");
+        ERR_XML.append("    <Code>InvalidAccessKeyId</Code>\n");
+        ERR_XML.append("    <Message>The Access Key Id you provided does not exist in our records.</Message>\n");
+        ERR_XML.append("  </Error>\n");
+        ERR_XML.append("  <RequestId>a2c47f7e-0196-4b45-af18-a9e99e4d9ed5</RequestId>\n");
+        ERR_XML.append("</ErrorResponse>\n");
+
+        wireMockRule.stubFor(post(urlEqualTo("/"))
+                .willReturn(aResponse()
+                        .withStatus(403)
+                        .withHeader("content-type", "application/xml;charset=UTF-8")
+                        .withBody(ERR_XML.toString())));
+
+        // Test: validates the AmazonIdentityManagement client returned by CloudianHyperStoreUtil.getIAMClient()
+        // which is called indirectly via the validateIAMUrl() method can connect to the
+        // remote port and handles the access key error as the expected s3 response.
+        String url = String.format("http://localhost:%d", port);
+        CloudianHyperStoreUtil.validateIAMUrl(url);
+    }
+
+    @Test
+    public void testValidateIAMUrlBadRequest() {
+        wireMockRule.stubFor(post(urlEqualTo("/"))
+                .willReturn(aResponse()
+                        .withStatus(400)
+                        .withHeader("content-type", "text/html")
+                        .withBody("<html><body>400 Bad Request</body></html>")));
+
+        String url = String.format("http://localhost:%d", port);
+        CloudRuntimeException thrown = assertThrows(CloudRuntimeException.class, () -> CloudianHyperStoreUtil.validateIAMUrl(url));
+        assertNotNull(thrown);
+    }
+}