gh-1896 Shell: Add Proxy Support

* Add support for specifying an optional proxy server for the Shell
  - Allow to provide credentials (username/password)
  - Support SSL connectivity
* Update documentation
* Add basic tests

Author: ghillert

spring-cloud-dataflow-docs/src/main/asciidoc/shell.adoc

@@ -14,9 +14,9 @@ The shell is built upon the link:https://projects.spring.io/spring-shell/[Spring
 There are command line options generic to Spring Shell and some specific to Data Flow.
 The shell takes the following command line options
 
-[source,bash,options="nowrap"]
+[source,bash,options="nowrap",subs=attributes]
 ----
-unix:>java -jar spring-cloud-dataflow-shell-1.2.1.RELEASE.jar --help
+unix:>java -jar spring-cloud-dataflow-shell-{project-version}.jar --help
 Data Flow Options:
   --dataflow.uri=<uri>                              Address of the Data Flow Server [default: http://localhost:9393].
   --dataflow.username=<USER>                        Username of the Data Flow Server [no default].
@@ -25,6 +25,9 @@ Data Flow Options:
                                                     OAuth Bearer Token (Access Token prefixed with 'Bearer '),
                                                     e.g. 'Bearer 12345'), [no default].
   --dataflow.skip-ssl-validation=<true|false>       Accept any SSL certificate (even self-signed) [default: no].
+  --dataflow.proxy.uri=<PROXY-URI>                  Address of an optional proxy server to use [no default].
+  --dataflow.proxy.username=<PROXY-USERNAME>        Username of the proxy server (if required by proxy server) [no default].
+  --dataflow.proxy.password=<PROXY-PASSWORD>        Password of the proxy server (if required by proxy server) [no default].
   --spring.shell.historySize=<SIZE>                 Default size of the shell log file [default: 3000].
   --spring.shell.commandFile=<FILE>                 Data Flow Shell executes commands read from the file(s) and then exits.
   --help                                            This message.

spring-cloud-dataflow-rest-resource/src/main/java/org/springframework/cloud/dataflow/rest/util/HttpClientConfigurer.java

@@ -21,13 +21,16 @@
 import org.apache.http.HttpRequestInterceptor;
 import org.apache.http.auth.AuthScope;
 import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.client.CredentialsProvider;
 import org.apache.http.conn.ssl.NoopHostnameVerifier;
 import org.apache.http.impl.client.BasicCredentialsProvider;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.client.ProxyAuthenticationStrategy;
 
 import org.springframework.http.client.ClientHttpRequestFactory;
 import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
+import org.springframework.util.Assert;
 
 /**
  * Utility for configuring a {@link CloseableHttpClient}. This class allows for
@@ -66,6 +69,34 @@ public HttpClientConfigurer basicAuthCredentials(String username, String passwor
 		return this;
 	}
 
+	/**
+	 * Configures the {@link HttpClientBuilder} with a proxy host. If the
+	 * {@code proxyUsername} and {@code proxyPassword} are not {@code null}
+	 * then a {@link CredentialsProvider} is also configured for the proxy host.
+	 *
+	 * @param proxyUri Must not be null and must be configured with a scheme (http or https).
+	 * @param proxyUsername May be null
+	 * @param proxyPassword May be null
+	 * @return a reference to {@code this} to enable chained method invocation
+	 */
+	public HttpClientConfigurer withProxyCredentials(URI proxyUri, String proxyUsername, String proxyPassword) {
+
+		Assert.notNull(proxyUri, "The proxyUri must not be null.");
+		Assert.hasText(proxyUri.getScheme(), "The scheme component of the proxyUri must not be empty.");
+
+		httpClientBuilder
+			.setProxy(new HttpHost(proxyUri.getHost(), proxyUri.getPort(), proxyUri.getScheme()));
+		if (proxyUsername !=null && proxyPassword != null) {
+			final CredentialsProvider proxyCredsProvider = new BasicCredentialsProvider();
+			proxyCredsProvider.setCredentials(
+				new AuthScope(proxyUri.getHost(), proxyUri.getPort()),
+				new UsernamePasswordCredentials(proxyUsername, proxyPassword));
+			httpClientBuilder.setDefaultCredentialsProvider(proxyCredsProvider)
+				.setProxyAuthenticationStrategy(new ProxyAuthenticationStrategy());
+		}
+		return this;
+	}
+
 	/**
 	 * Sets the client's {@link javax.net.ssl.SSLContext} to use
 	 * {@link HttpUtils#buildCertificateIgnoringSslContext()}.

spring-cloud-dataflow-rest-resource/src/test/java/org/springframework/cloud/dataflow/rest/util/HttpClientConfigurerTests.java

@@ -0,0 +1,86 @@
+/*
+ * Copyright 2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.cloud.dataflow.rest.util;
+
+import java.net.URI;
+
+import org.apache.http.client.HttpClient;
+import org.junit.Assert;
+import org.junit.Test;
+
+import static org.junit.Assert.fail;
+
+/**
+ * @author Gunnar Hillert
+ * @since 1.4
+ */
+public class HttpClientConfigurerTests {
+
+	/**
+	 * Basic test ensuring that the {@link HttpClient} is built successfully.
+	 */
+	@Test
+	public void testThatHttpClientWithProxyIsCreated() {
+		final HttpClientConfigurer builder = HttpClientConfigurer.create();
+		builder.withProxyCredentials(URI.create("https://spring.io"), "spring", "cloud");
+		builder.buildHttpClient();
+	}
+
+	/**
+	 * Basic test ensuring that the {@link HttpClient} is built successfully with
+	 * null username and password.
+	 */
+	@Test
+	public void testThatHttpClientWithProxyIsCreatedWithNullUsernameAndPassword() {
+		final HttpClientConfigurer builder = HttpClientConfigurer.create();
+		builder.withProxyCredentials(URI.create("https://spring.io"), null, null);
+		builder.buildHttpClient();
+	}
+
+	/**
+	 * Basic test ensuring that an exception is thrown if the scheme of the proxy
+	 * Uri is not set.
+	 */
+	@Test
+	public void testHttpClientWithProxyCreationWithMissingScheme() {
+		final HttpClientConfigurer builder = HttpClientConfigurer.create();
+		try {
+			builder.withProxyCredentials(URI.create("spring"), "spring", "cloud");
+		}
+		catch (IllegalArgumentException e) {
+			Assert.assertEquals("The scheme component of the proxyUri must not be empty.", e.getMessage());
+			return;
+		}
+		fail("Expected an IllegalArgumentException to be thrown.");
+	}
+
+	/**
+	 * Basic test ensuring that an exception is thrown if the proxy
+	 * Uri is null.
+	 */
+	@Test
+	public void testHttpClientWithNullProxyUri() {
+		final HttpClientConfigurer builder = HttpClientConfigurer.create();
+		try {
+			builder.withProxyCredentials(null, null, null);
+		}
+		catch (IllegalArgumentException e) {
+			Assert.assertEquals("The proxyUri must not be null.", e.getMessage());
+			return;
+		}
+		fail("Expected an IllegalArgumentException to be thrown.");
+	}
+}

spring-cloud-dataflow-shell-core/pom.xml

@@ -86,5 +86,11 @@
 			<artifactId>spring-boot-configuration-processor</artifactId>
 			<optional>true</optional>
 		</dependency>
+		<dependency>
+			<groupId>org.littleshoot</groupId>
+			<artifactId>littleproxy</artifactId>
+			<version>1.1.2</version>
+			<scope>test</scope>
+		</dependency>
 	</dependencies>
 </project>

spring-cloud-dataflow-shell-core/src/main/java/org/springframework/cloud/dataflow/shell/Target.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2017 the original author or authors.
+ * Copyright 2016-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -50,6 +50,14 @@ public class Target {
 
 	public static final String DEFAULT_TARGET = DEFAULT_SCHEME + "://" + DEFAULT_HOST + ":" + DEFAULT_PORT + "/";
 
+	public static final String DEFAULT_PROXY_USERNAME = "";
+
+	public static final String DEFAULT_PROXY_SPECIFIED_PASSWORD = "";
+
+	public static final String DEFAULT_PROXY_UNSPECIFIED_PASSWORD = "__NULL__";
+
+	public static final String DEFAULT_PROXY_URI = "";
+
 	private final URI targetUri;
 
 	private final boolean skipSslValidation;

spring-cloud-dataflow-shell-core/src/main/java/org/springframework/cloud/dataflow/shell/command/common/ConfigCommands.java

@@ -18,6 +18,7 @@
 
 import java.io.PrintWriter;
 import java.io.StringWriter;
+import java.net.URI;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.LinkedHashMap;
@@ -122,6 +123,15 @@ public class ConfigCommands implements CommandMarker, InitializingBean, Applicat
 	@Value("${dataflow.skip-ssl-validation:" + Target.DEFAULT_UNSPECIFIED_SKIP_SSL_VALIDATION + "}")
 	private boolean skipSslValidation;
 
+	@Value("${dataflow.proxy.uri:" + Target.DEFAULT_PROXY_URI + "}")
+	private String proxyUri;
+
+	@Value("${dataflow.proxy.username:" + Target.DEFAULT_PROXY_USERNAME + "}")
+	private String proxyUsername;
+
+	@Value("${dataflow.proxy.password:" + Target.DEFAULT_PROXY_SPECIFIED_PASSWORD + "}")
+	private String proxyPassword;
+
 	@Value("${dataflow.credentials-provider-command:" + Target.DEFAULT_CREDENTIALS_PROVIDER_COMMAND + "}")
 	private String credentialsProviderCommand;
 
@@ -182,7 +192,16 @@ public String target(
 			@CliOption(mandatory = false, key = {
 					"credentials-provider-command" }, help = "a command to run that outputs the HTTP credentials used for authentication", unspecifiedDefaultValue = Target.DEFAULT_CREDENTIALS_PROVIDER_COMMAND) String credentialsProviderCommand,
 			@CliOption(mandatory = false, key = {
-					"skip-ssl-validation" }, help = "accept any SSL certificate (even self-signed)", specifiedDefaultValue = Target.DEFAULT_SPECIFIED_SKIP_SSL_VALIDATION, unspecifiedDefaultValue = Target.DEFAULT_UNSPECIFIED_SKIP_SSL_VALIDATION) boolean skipSslValidation) {
+					"skip-ssl-validation" }, help = "accept any SSL certificate (even self-signed)", specifiedDefaultValue = Target.DEFAULT_SPECIFIED_SKIP_SSL_VALIDATION, unspecifiedDefaultValue = Target.DEFAULT_UNSPECIFIED_SKIP_SSL_VALIDATION) boolean skipSslValidation,
+
+			@CliOption(mandatory = false, key = {
+					"proxy-uri" }, help = "the uri of the proxy server", specifiedDefaultValue = Target.DEFAULT_SPECIFIED_PASSWORD, unspecifiedDefaultValue = Target.DEFAULT_UNSPECIFIED_PASSWORD) String proxyUri,
+			@CliOption(mandatory = false, key = {
+					"proxy-username" }, help = "the username for authenticated access to the secured proxy server (valid only with a "
+					+ "username)", specifiedDefaultValue = Target.DEFAULT_SPECIFIED_PASSWORD, unspecifiedDefaultValue = Target.DEFAULT_UNSPECIFIED_PASSWORD) String proxyUsername,
+			@CliOption(mandatory = false, key = {
+					"proxy-password" }, help = "the password for authenticated access to the secured proxy server (valid only with a "
+					+ "username)", specifiedDefaultValue = Target.DEFAULT_SPECIFIED_PASSWORD, unspecifiedDefaultValue = Target.DEFAULT_UNSPECIFIED_PASSWORD) String proxyPassword) {
 		if (StringUtils.isEmpty(credentialsProviderCommand) &&
 				!StringUtils.isEmpty(targetPassword) && StringUtils.isEmpty(targetUsername)) {
 			return "A password may be specified only together with a username";
@@ -208,6 +227,13 @@ public String target(
 				final CheckableResource credentialsResource = new ProcessOutputResource(credentialsProviderCommand.split("\\s+"));
 				httpClientConfigurer.addInterceptor(new ResourceBasedAuthorizationInterceptor(credentialsResource));
 			}
+			if (StringUtils.hasText(proxyUri)) {
+				if (StringUtils.isEmpty(proxyPassword) && !StringUtils.isEmpty(proxyUsername)) {
+					// read password from the command line
+					proxyPassword = userInput.prompt("Proxy Server Password", "", false);
+				}
+				httpClientConfigurer.withProxyCredentials(URI.create(proxyUri), proxyUsername, proxyPassword);
+			}
 			this.restTemplate.setRequestFactory(httpClientConfigurer.buildClientHttpRequestFactory());
 
 			this.shell.setDataFlowOperations(
@@ -409,7 +435,16 @@ public void onApplicationEvent(ApplicationReadyEvent event) {
 		// Only invoke if the shell is executing in the same application context as the
 		// data flow server.
 		if (!initialized) {
-			target(this.serverUri, this.userName, this.password, this.credentialsProviderCommand, this.skipSslValidation);
+			target(
+				this.serverUri,
+				this.userName,
+				this.password,
+				this.credentialsProviderCommand,
+				this.skipSslValidation,
+				this.proxyUri,
+				this.proxyUsername,
+				this.proxyPassword
+			);
 		}
 	}
 
@@ -419,7 +454,16 @@ public void afterPropertiesSet() throws Exception {
 		// mode.
 		if (applicationContext != null && !applicationContext.containsBean("streamDefinitionRepository")) {
 			initialized = true;
-			target(this.serverUri, this.userName, this.password, this.credentialsProviderCommand, this.skipSslValidation);
+			target(
+				this.serverUri,
+				this.userName,
+				this.password,
+				this.credentialsProviderCommand,
+				this.skipSslValidation,
+				this.proxyUri,
+				this.proxyUsername,
+				this.proxyPassword
+			);
 		}
 	}
 

spring-cloud-dataflow-shell-core/src/main/resources/usage.txt

@@ -6,6 +6,9 @@ Data Flow Options:
                                                     OAuth Bearer Token (Access Token prefixed with 'Bearer '),
                                                     e.g. 'Bearer 12345'), [no default].
   --dataflow.skip-ssl-validation=<true|false>       Accept any SSL certificate (even self-signed) [default: no].
+  --dataflow.proxy.uri=<PROXY-URI>                  Address of an optional proxy server to use [no default].
+  --dataflow.proxy.username=<PROXY-USERNAME>        Username of the proxy server (if required by proxy server) [no default].
+  --dataflow.proxy.password=<PROXY-PASSWORD>        Password of the proxy server (if required by proxy server) [no default].
   --dataflow.mode=<MODE>                            Server DataFlow mode: 'classic' or 'skipper' modes. [default: classic].
   --spring.shell.historySize=<SIZE>                 Default size of the shell log file [default: 3000].
   --spring.shell.commandFile=<FILE>                 Data Flow Shell executes commands read from the file(s) and then exits.

spring-cloud-dataflow-shell-core/src/test/java/org/springframework/cloud/dataflow/shell/command/ConfigCommandTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2017 the original author or authors.
+ * Copyright 2016-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -120,7 +120,7 @@ public void testApiRevisionMismatch() {
 
 		configCommands.onApplicationEvent(null);
 
-		final String targetResult = configCommands.target("http://localhost:9393", null, null, null, false);
+		final String targetResult = configCommands.target("http://localhost:9393", null, null, null, false, null, null, null);
 		assertThat(targetResult, containsString("Incompatible version of Data Flow server detected"));
 	}
 
@@ -171,8 +171,15 @@ public void testDataFlowMode(DataFlowMode shellDataFlowMode, DataFlowMode server
 		securityInfoResource.setAuthenticationEnabled(false);
 		when(restTemplate.getForObject(Mockito.any(String.class), Mockito.eq(SecurityInfoResource.class))).thenReturn(securityInfoResource);
 
-		final String targetResult = configCommands.target(Target.DEFAULT_TARGET, Target.DEFAULT_USERNAME,
-				Target.DEFAULT_SPECIFIED_PASSWORD, Target.DEFAULT_CREDENTIALS_PROVIDER_COMMAND, true);
+		final String targetResult = configCommands.target(
+				Target.DEFAULT_TARGET,
+				Target.DEFAULT_USERNAME,
+				Target.DEFAULT_SPECIFIED_PASSWORD,
+				Target.DEFAULT_CREDENTIALS_PROVIDER_COMMAND,
+				true,
+				Target.DEFAULT_PROXY_URI,
+				Target.DEFAULT_PROXY_USERNAME,
+				Target.DEFAULT_PROXY_SPECIFIED_PASSWORD);
 
 		System.out.println(targetResult);