add option to insert XML snippet into web.xml (#2881)

fixes #2877

Author: Vladimir Kotal

opengrok-tools/src/main/python/opengrok_tools/deploy.py

@@ -18,7 +18,7 @@
 # CDDL HEADER END
 
 #
-# Copyright (c) 2008, 2018, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2008, 2019, Oracle and/or its affiliates. All rights reserved.
 # Portions Copyright (c) 2017-2018, Chris Fraire <[email protected]>.
 #
 
@@ -31,73 +31,95 @@
 from .utils.log import get_console_logger, get_class_basename, \
     fatal
 from .utils.parsers import get_baseparser
+from .utils.xml import insert_file, XMLProcessingException
+
+WEB_XML = 'WEB-INF/web.xml'
+DEFAULT_CONFIG_FILE = '/var/opengrok/etc/configuration.xml'
 
 """
  deploy war file
 
 """
 
 
-def repack_war(logger, sourceWar, targetWar, configFile, defaultConfigFile):
+def repack_war(logger, source_war, target_war, default_config_file,
+               config_file=None, insert_path=None):
     """
-    Repack sourceWar into targetWar, performing substitution of configFile
-    in the process.
+    Repack source_war into target_war, performing substitution of config_file
+    and/or inserting XML snippet to the 'web.xml' file in the process.
+
+    :param logger: logger object
+    :param source_war: path to the original WAR file
+    :param target_war: path to the destination WAR file
+    :param default_config_file: path to default configuration file
+    :param config_file: path to new configuration file
+    :param insert_path: path to XML file to insert
     """
 
-    WEB_XML = 'WEB-INF/web.xml'
-
-    with ZipFile(sourceWar, 'r') as infile, ZipFile(targetWar, 'w') as outfile:
+    with ZipFile(source_war, 'r') as infile, \
+            ZipFile(target_war, 'w') as outfile:
         for item in infile.infolist():
             data = infile.read(item.filename)
+
             if item.filename == WEB_XML:
-                logger.debug("Performing substitution of '{}' with '{}'".
-                             format(defaultConfigFile, configFile))
-                defaultConfigFile = defaultConfigFile.encode()
-                configFile = configFile.encode()
-                data = data.replace(defaultConfigFile, configFile)
+                if config_file:
+                    logger.debug("Performing substitution of '{}' with '{}'".
+                                 format(default_config_file, config_file))
+                    default_config_file = default_config_file.encode()
+                    config_file = config_file.encode()
+                    data = data.replace(default_config_file, config_file)
+
+                if insert_path:
+                    logger.debug("Inserting contents of file '{}'".
+                                 format(insert_path))
+                    data = insert_file(data, insert_path)
+
             outfile.writestr(item, data)
 
 
-def deploy_war(logger, sourceWar, targetWar, configFile=None):
+def deploy_war(logger, source_war, target_war, config_file=None,
+               insert_path=None):
     """
     Copy warSource to warTarget (checking existence of both), optionally
     repacking the warTarget archive if configuration file resides in
     non-default location.
     """
 
-    if not os.path.isfile(sourceWar):
-        logger.error("{} is not a file".format(sourceWar))
+    if not os.path.isfile(source_war):
+        logger.error("{} is not a file".format(source_war))
 
-    if os.path.isdir(targetWar):
-        orig = targetWar
-        targetWar = os.path.join(targetWar, os.path.basename(sourceWar))
+    if os.path.isdir(target_war):
+        orig = target_war
+        target_war = os.path.join(target_war, os.path.basename(source_war))
         logger.debug("Target {} is directory, will use {}".
-                     format(orig, targetWar))
+                     format(orig, target_war))
 
     # If user does not use default configuration file location then attempt to
     # extract WEB-INF/web.xml from the war file using jar or zip utility,
     # update the hardcoded values and then update source.war with the new
     # WEB-INF/web.xml.
-    tmpWar = None
-    DEFAULT_CONFIG_FILE = '/var/opengrok/etc/configuration.xml'
-    if configFile and configFile != DEFAULT_CONFIG_FILE:
+    tmp_war = None
+
+    if (config_file and config_file != DEFAULT_CONFIG_FILE) or insert_path:
+
         # Resolve the path to be absolute so that webapp can find the file.
-        configFile = os.path.abspath(configFile)
+        if config_file:
+            config_file = os.path.abspath(config_file)
 
         with tempfile.NamedTemporaryFile(prefix='OpenGroktmpWar',
                                          suffix='.war',
-                                         delete=False) as tmpWar:
+                                         delete=False) as tmp_war:
             logger.info('Repacking {} with custom configuration path to {}'.
-                        format(sourceWar, tmpWar.name))
-            repack_war(logger, sourceWar, tmpWar.name, configFile,
-                       DEFAULT_CONFIG_FILE)
-            sourceWar = tmpWar.name
+                        format(source_war, tmp_war.name))
+            repack_war(logger, source_war, tmp_war.name, DEFAULT_CONFIG_FILE,
+                       config_file, insert_path)
+            source_war = tmp_war.name
 
-    logger.info("Installing {} to {}".format(sourceWar, targetWar))
-    copyfile(sourceWar, targetWar)
+    logger.info("Installing {} to {}".format(source_war, target_war))
+    copyfile(source_war, target_war)
 
-    if tmpWar:
-        os.remove(tmpWar.name)
+    if tmp_war:
+        os.remove(tmp_war.name)
 
 
 def main():
@@ -106,6 +128,9 @@ def main():
 
     parser.add_argument('-c', '--config',
                         help='Path to OpenGrok configuration file')
+    parser.add_argument('-i', '--insert',
+                        help='Path to XML file to insert into the {} file'.
+                        format(WEB_XML))
     parser.add_argument('source_war', nargs=1,
                         help='Path to war file to deploy')
     parser.add_argument('target_war', nargs=1,
@@ -118,7 +143,14 @@ def main():
 
     logger = get_console_logger(get_class_basename(), args.loglevel)
 
-    deploy_war(logger, args.source_war[0], args.target_war[0], args.config)
+    if args.insert and not os.path.isfile(args.insert):
+        fatal("File '{}' does not exist".format(args.insert))
+
+    try:
+        deploy_war(logger, args.source_war[0], args.target_war[0], args.config,
+                   args.insert)
+    except XMLProcessingException as e:
+        fatal(e)
 
     print("Start your application server (if it is not already running) "
           "or wait until it loads the just installed web application.\n"

opengrok-tools/src/main/python/opengrok_tools/utils/xml.py

@@ -0,0 +1,57 @@
+#!/usr/bin/env python3
+
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# See LICENSE.txt included in this distribution for the specific
+# language governing permissions and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at LICENSE.txt.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+
+#
+# Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+#
+
+import xml.etree.ElementTree as ET
+
+
+class XMLProcessingException(Exception):
+    pass
+
+
+def insert_file(input_xml, insert_xml_file):
+    """
+    inserts sub-root elements of XML file under root of input XML
+    :param input_xml: input XML string
+    :param insert_xml_file: path to file to insert
+    :return: string with resulting XML
+    """
+
+    # This avoids resulting XML to have namespace prefixes in elements.
+    ET.register_namespace('', "http://xmlns.jcp.org/xml/ns/javaee")
+
+    root = ET.fromstring(input_xml)
+    try:
+        insert_tree = ET.parse(insert_xml_file)
+    except ET.ParseError as e:
+        raise XMLProcessingException("Cannot parse file '{}' as XML".
+                                     format(insert_xml_file)) from e
+    except (PermissionError, IOError) as e:
+        raise XMLProcessingException("Cannot read file '{}'".
+                                     format(insert_xml_file)) from e
+
+    insert_root = insert_tree.getroot()
+
+    for elem in list(insert_root.findall('.')):
+        root.extend(list(elem))
+
+    return ET.tostring(root, encoding="utf8", method='xml').decode("utf-8")

opengrok-tools/src/test/python/insert.xml

@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app>
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>API endpoints are checked separately by the web app</web-resource-name>
+            <url-pattern>/api/*</url-pattern>
+        </web-resource-collection>
+    </security-constraint>
+
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>In general everything needs to be authenticated</web-resource-name>
+            <url-pattern>/api/v1/search</url-pattern> <!-- protect search endpoint whitelisted above -->
+            <url-pattern>/api/v1/suggest/*</url-pattern> <!-- protect suggest endpoint whitelisted above -->
+            <url-pattern>/*</url-pattern> <!-- protect the whole application -->
+        </web-resource-collection>
+
+        <auth-constraint>
+            <role-name>*</role-name>
+        </auth-constraint>
+
+        <user-data-constraint>
+            <transport-guarantee>NONE</transport-guarantee>
+        </user-data-constraint>
+    </security-constraint>
+
+    <security-role>
+        <role-name>*</role-name>
+    </security-role>
+
+    <login-config>
+        <auth-method>BASIC</auth-method>
+    </login-config>
+
+</web-app>

opengrok-tools/src/test/python/invalid.xml

@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app>
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>API endpoints are checked separately by the web app</web-resource-name>
+            <url-pattern>/api/*</url-pattern>
+        </web-resource-collection>
+    </security-constraint>
+
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>In general everything needs to be authenticated</web-resource-name>
+            <url-pattern>/*</url-pattern> <!-- protect the whole application -->
+        </web-resource-collection>
+
+        <auth-constraint>
+            <role-name>*</role-name>
+        </auth-constraint>
+
+        <user-data-constraint>
+            <transport-guarantee>NONE</transport-guarantee>
+        </user-data-constraint>
+    </security-constraint>
+
+    <security-role>
+        <role-name>*</role-name>
+    </security-role>
+
+    <login-config>
+        <auth-method>BASIC</auth-method>
+
+</web-app>

opengrok-tools/src/test/python/new.xml

@@ -0,0 +1,45 @@
+<?xml version='1.0' encoding='utf8'?>
+<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="3.1" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee          http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
+
+    <display-name>OpenGrok</display-name>
+    <description>A wicked fast source browser</description>
+    <context-param>
+        <description>Full path to the configuration file where OpenGrok can read its configuration</description>
+        <param-name>CONFIGURATION</param-name>
+        <param-value>/var/opengrok/etc/configuration.xml</param-value>
+    </context-param>
+
+
+<security-constraint>
+        <web-resource-collection>
+            <web-resource-name>API endpoints are checked separately by the web app</web-resource-name>
+            <url-pattern>/api/*</url-pattern>
+        </web-resource-collection>
+    </security-constraint>
+
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>In general everything needs to be authenticated</web-resource-name>
+            <url-pattern>/api/v1/search</url-pattern> 
+            <url-pattern>/api/v1/suggest/*</url-pattern> 
+            <url-pattern>/*</url-pattern> 
+        </web-resource-collection>
+
+        <auth-constraint>
+            <role-name>*</role-name>
+        </auth-constraint>
+
+        <user-data-constraint>
+            <transport-guarantee>NONE</transport-guarantee>
+        </user-data-constraint>
+    </security-constraint>
+
+    <security-role>
+        <role-name>*</role-name>
+    </security-role>
+
+    <login-config>
+        <auth-method>BASIC</auth-method>
+    </login-config>
+
+</web-app>

opengrok-tools/src/test/python/test_xml.py

@@ -0,0 +1,46 @@
+#!/usr/bin/env python3
+
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# See LICENSE.txt included in this distribution for the specific
+# language governing permissions and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at LICENSE.txt.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+#
+
+import os
+import pytest
+
+from opengrok_tools.utils.xml import insert_file, XMLProcessingException
+
+DIR_PATH = os.path.dirname(os.path.realpath(__file__))
+
+
+def test_xml_insert():
+    with open(os.path.join(DIR_PATH, "web.xml")) as base_xml:
+        out = insert_file(base_xml.read(),
+                          os.path.join(DIR_PATH, "insert.xml"))
+        with open(os.path.join(DIR_PATH, "new.xml")) as expected_xml:
+            assert out == expected_xml.read()
+
+
+def test_invalid_xml():
+    with open(os.path.join(DIR_PATH, "web.xml")) as base_xml:
+        with pytest.raises(XMLProcessingException):
+            insert_file(base_xml.read(),
+                        os.path.join(DIR_PATH, "invalid.xml"))