bug6203: compareServers now also supports the GET method

+import com.sap.sailing.server.gateway.interfaces.SailingServerFactory;

+import com.sap.sse.common.mail.MailException;

+import com.sap.sse.security.shared.HasPermissions.Action;

+import com.sap.sse.security.shared.impl.User;

+

+ /**

+ * @param subjectMessageKey

+ * must have a single placeholder argument representing the name of the replica set

+ * @param bodyMessageKey

+ * must have a single placeholder argument representing the name of the replica set

+ * @param alsoSendToAllUsersWithThisPermissionOnReplicaSet

+ * when not empty, all users that have permission to this {@link SecuredSecurityTypes#SERVER SERVER}

+ * action on the {@code replicaSet} will receive the e-mail in addition to the server owner. No user

+ * will receive the e-mail twice.

+ */

+ void sendMailToReplicaSetOwner(

+ AwsApplicationReplicaSet<String, SailingAnalyticsMetrics, SailingAnalyticsProcess<String>> replicaSet,

+ String subjectMessageKey, String bodyMessageKey,

+ Optional<Action> alsoSendToAllUsersWithThisPermissionOnReplicaSet) throws MailException;

+

+ void sendMailToCurrentUser(String messageSubjectKey, String messageBodyKey, String... messageParameters)

+ throws MailException;

+

+ void sendMailToUser(User user, String messageSubjectKey, String messageBodyKey, String... messageParameters)

+ throws MailException;

+

+ SailingServerFactory getSailingServerFactory();

+import java.net.URL;

+import com.sap.sailing.landscape.LandscapeService;

+import com.sap.sailing.server.gateway.interfaces.CompareServersResult;

+import com.sap.sailing.server.gateway.interfaces.SailingServer;

+import com.sap.sse.common.mail.MailException;

+import com.sap.sse.security.shared.impl.User;

+ void setLastFailureMessage(String lastFailureMessage);

+ String getLastFailureMessage();

+ private String lastFailureMessage;

+

+ @Override

+ public String getLastFailureMessage() {

+ return lastFailureMessage;

+ }

+

+ @Override

+ public void setLastFailureMessage(String lastFailureMessage) {

+ this.lastFailureMessage = lastFailureMessage;

+ }

+ private final static Duration SERVER_COMPARISON_TIMEOUT = Duration.ONE_MINUTE.times(10); // good for two or three attempts, usually

+ private final static Duration DELAY_BETWEEN_COMPARISON_CHECKS = Duration.ONE_MINUTE;

+

+ /**

+ * The user on whose behalf the monitoring is performed; this is used for sending notifications about the monitoring

+ * result to the user and for performing the monitoring with the same permissions as the user (e.g. when accessing

+ * the candidate's REST API)

+ */

+ private final User currentUser;

+ private final String candidateHostname;

+ private final LandscapeService landscapeService;

+

+ /**

+ * A bearer token expected to authenticate the {@link #currentUser} against the candidate and production ARCHIVE

+ * servers

+ */

+ private final String effectiveBearerToken;

+

+

+

+ public ArchiveCandidateMonitoringBackgroundTask(User currentUser, LandscapeService landscapeService,

+ String optionalKeyName,

+ byte[] privateKeyEncryptionPassphrase, ScheduledExecutorService executor, String effectiveBearerToken) {

+ this.currentUser = currentUser;

+ this.landscapeService = landscapeService;

+ this.candidateHostname = candidateHostname;

+ this.effectiveBearerToken = effectiveBearerToken;

+ new CompareServersWithRestAPI());

+ logger.info("Done with all checks; candidate is ready for production.");

+ notifyProcessOwnerCandidateIsReadyForProduction(); // this ends the re-scheduling loop

+ currentCheck.setLastFailureMessage(e.getMessage());

+ private void rescheduleCurrentCheckAfterFailureOrTimeout() throws MailException {

+ if (currentCheck.hasTimedOut()) {

+ logger.severe("Check "+currentCheck+" failed and has timed out; giving up on candidate "+replicaSet.getMaster().getHost().getHostname());

+ notifyProcessOwnerCandidateFailedToBecomeReadyForProduction(); // this ends the re-scheduling loop

+ } else {

+ logger.info("Check "+currentCheck+" failed but has not yet timed out; re-scheduling to check again after "+currentCheck.getDelayAfterFailure());

+ executor.schedule(this, currentCheck.getDelayAfterFailure().asMillis(), TimeUnit.MILLISECONDS);

+ }

+ final boolean result = replicaSet.getMaster().isReady(Landscape.WAIT_FOR_PROCESS_TIMEOUT);

+ if (!result) {

+ setLastFailureMessage("Candidate is not ready yet");

+ }

+ return result;

+ final double lastMinuteSystemLoadAverage = replicaSet.getMaster().getLastMinuteSystemLoadAverage(Landscape.WAIT_FOR_PROCESS_TIMEOUT);

+ final boolean result = lastMinuteSystemLoadAverage < MAXIMUM_ONE_MINUTE_SYSTEM_LOAD_AVERAGE;

+ if (!result) {

+ setLastFailureMessage("Candidate has too high system load average of "+lastMinuteSystemLoadAverage+

+ " which is still above the maximum of "+MAXIMUM_ONE_MINUTE_SYSTEM_LOAD_AVERAGE);

+ }

+ return result;

+ final int defaultBackgroundThreadPoolExecutorQueueSize = replicaSet.getMaster().getDefaultBackgroundThreadPoolExecutorQueueSize(Landscape.WAIT_FOR_PROCESS_TIMEOUT);

+ final boolean result = defaultBackgroundThreadPoolExecutorQueueSize < MAXIMUM_THREAD_POOL_QUEUE_SIZE;

+ if (!result) {

+ setLastFailureMessage("Candidate has too many tasks in default background thread pool executor queue: "+defaultBackgroundThreadPoolExecutorQueueSize+

+ " which is still above the maximum of "+MAXIMUM_THREAD_POOL_QUEUE_SIZE);

+ }

+ return result;

+ final int defaultForegroundThreadPoolExecutorQueueSize = replicaSet.getMaster().getDefaultForegroundThreadPoolExecutorQueueSize(Landscape.WAIT_FOR_PROCESS_TIMEOUT);

+ final boolean result = defaultForegroundThreadPoolExecutorQueueSize < MAXIMUM_THREAD_POOL_QUEUE_SIZE;

+ if (!result) {

+ setLastFailureMessage("Candidate has too many tasks in default foreground thread pool executor queue: "+defaultForegroundThreadPoolExecutorQueueSize+

+ " which is still above the maximum of "+MAXIMUM_THREAD_POOL_QUEUE_SIZE);

+ }

+ return result;

+ super("compare servers with REST API", SERVER_COMPARISON_TIMEOUT, DELAY_BETWEEN_COMPARISON_CHECKS);

+ final SailingServer productionServer = landscapeService.getSailingServerFactory().getSailingServer(new URL("https", replicaSet.getHostname(), "/"), effectiveBearerToken);

+ final SailingServer candidateServer = landscapeService.getSailingServerFactory().getSailingServer(new URL("https", candidateHostname, "/"), effectiveBearerToken);

+ final CompareServersResult comparisonResult = candidateServer.compareServers(Optional.empty(), productionServer, Optional.empty());

+ if (comparisonResult.hasDiffs()) {

+ setLastFailureMessage(

+ "Candidate server does not match production server according to REST API comparison."

+ + "\nDifferences on candidate side: " + comparisonResult.getADiffs()

+ + "\nDifferences on production side: " + comparisonResult.getBDiffs()

+ + "\nNot proceeding further. You need to resolve the issues manually."); // TODO add link to running REST API comparison in browser

+ }

+ return !comparisonResult.hasDiffs();

+ private void notifyProcessOwnerCandidateFailedToBecomeReadyForProduction() throws MailException {

+ landscapeService.sendMailToUser(currentUser, "NewArchiveCandidateFailedSubject",

+ "NewArchiveCandidateFailedBody", replicaSet.getServerName(), currentCheck.getName(),

+ currentCheck.getLastFailureMessage());

+ }

+ private void notifyProcessOwnerCandidateIsReadyForProduction() throws MailException {

+ // TODO send a mail to the process owner that the candidate is ready for production, comparisons were OK, remaining is an optional spot-checke (human in the loop). Include links for spot-checking and triggering the rotation

+ }

+ private void sendMailAboutNewArchiveCandidate() throws MailException {

+ landscapeService.sendMailToUser(currentUser, "StartingNewArchiveCandidateSubject", "StartingNewArchiveCandidateBody", replicaSet.getServerName());

+ landscapeService.sendMailToReplicaSetOwner(replicaSet, "RefrainFromArchivingSubject", "RefrainFromArchivingBody", Optional.empty());

+ public static final String STRING_MESSAGES_BASE_NAME = "stringmessages/SailingLandscape_StringMessages";

+ assert getSecurityService().getCurrentUser() != null;

+ final String candidateHostname = getHostname(SharedLandscapeConstants.ARCHIVE_CANDIDATE_SUBDOMAIN, optionalDomainName);

+ final Iterable<ResourceRecordSet> existingDNSRulesForHostname = landscape.getResourceRecordSets(candidateHostname);

+ throw new IllegalArgumentException("DNS record for "+candidateHostname+" already exists");

+ logger.info("Adding reverse proxy rule for archive candidate with hostname "+ candidateHostname + " and private ip address " + privateIpAdress);

+ reverseProxyCluster.setPlainRedirect(candidateHostname, master, Optional.ofNullable(optionalKeyName), privateKeyEncryptionPassphrase);

+ getSecurityService().getCurrentUser(), this, replicaSet, candidateHostname, reverseProxyCluster, optionalKeyName,

+ privateKeyEncryptionPassphrase, monitorTaskExecutor, bearerTokenUsedByReplicas);

+ sendMailToCurrentUser("StartingNewArchiveCandidateSubject", "StartingNewArchiveCandidateBody", replicaSet.getServerName());

+ sendMailToReplicaSetOwner(replicaSet, "RefrainFromArchivingSubject", "RefrainFromArchivingBody", Optional.empty());

+ }

+

+ @Override

+ public void sendMailToCurrentUser(String messageSubjectKey, String messageBodyKey, String... messageParameters) throws MailException {

+ sendMailToUser(currentUser, messageSubjectKey, messageBodyKey, messageParameters);

+ }

+

+ @Override

+ public void sendMailToUser(final User user, String messageSubjectKey, String messageBodyKey,

+ String... messageParameters) throws MailException {

+ final ResourceBundleStringMessages stringMessages = ResourceBundleStringMessages.create(STRING_MESSAGES_BASE_NAME, getClass().getClassLoader(), StandardCharsets.UTF_8.name());

+ if (user != null && user.isEmailValidated()) {

+ final String subject = stringMessages.get(user.getLocaleOrDefault(), messageSubjectKey, messageParameters);

+ final String body = stringMessages.get(user.getLocaleOrDefault(), messageBodyKey, messageParameters);

+ getSecurityService().sendMail(user.getName(), subject, body);

+ (user == null ? "" : user.getName()+" ")+"is not validated");

+ @Override

+ public void sendMailToReplicaSetOwner(

+

+ /**

+ * This is to be called after the rotation of candidate/production/failover ARCHIVE has happend, to inform

+ */

+ private void sendMailAboutNewArchiveServerLive(

+ AwsApplicationReplicaSet<String, SailingAnalyticsMetrics, SailingAnalyticsProcess<String>> replicaSet,

+ Optional<Action> alsoSendToAllUsersWithThisPermissionOnReplicaSet) throws MailException {

+ sendMailToReplicaSetOwner(replicaSet, "NewArchiveServerLiveSubject", "NewArchiveServerLiveBody",

+ alsoSendToAllUsersWithThisPermissionOnReplicaSet);

+ }

+

+ @Override

+ public SailingServerFactory getSailingServerFactory() {

+ return sailingServerFactoryTracker.getService();

+ }

+import javax.ws.rs.GET;

+import javax.ws.rs.QueryParam;

+ * Forwards to the POST method; user authentication is taken from the request's authentication. Therefore, no

+ * separate authentications for the two servers to compare can be provided. The server receiving this request will

+ * act as the default for "server1". This is a convenience method for quick comparisons of two

+ * servers without needing to provide authentication information, assuming that the server receiving this request

+ * shares its security service with the server specified as "server2" through replication, and that the user

+ * authenticated for this request has access to both servers. For more complex use cases, use the POST method

+ * directly.

+ */

+ @GET

+ @Produces("application/json;charset=UTF-8")

+ public Response compareServersGet(

+ @QueryParam(SERVER1_FORM_PARAM) String server1,

+ @QueryParam(SERVER2_FORM_PARAM) String server2,

+ @QueryParam(LEADERBOARDGROUP_UUID_FORM_PARAM) Set<String> uuidset) throws MalformedURLException {

+ return compareServers(server1, server2, uuidset, /* user1 */ null, /* user2 */ null, /* password1 */ null,

+ /* password2 */ null, /* bearer1 */ null, /* bearer2 */ null);

+ }

+

+ /**

+ final JSONObject json = new JSONObject();

+ <td>Mandatory form parameters:</td>

+ <tr>

+ <td>Webservice Type:</td>

+ <td>GET</td>

+ </tr>

+ <tr>

+ <td>Output format:</td>

+ <td>json</td>

+ </tr>

+ <tr>

+ <td>Mandatory query parameters:</td>

+ <td>

+ <div>server2, the hostname for the second server.</div>

+ </td>

+ </tr>

+ <tr>

+ <td>Optional query parameters:</td>

+ <td>

+ <div><tt>server1</tt>, the hostname for the first server. Defaults to the target of your request</div>

+ <div><tt>leaderboardgroupUUID[]</tt>, the leaderboardgroup UUID you want to compare.

+ Use multiple times if you need to compare more than one leaderboardgroup. Don't specify if you'd like

+ to compare <em>all</em> leaderboard groups of both servers with each other.</div>

+ </td>

+ The GET method can easily be used from a Browser UI. It uses any session/cookie credentials or may be used

+ with basic authentication. No authentication information can be provided as query parameters with the GET method.

+ </tr>

+ <tr>

+ <td>Request method:</td>

+ <td>GET</td>

+ </tr>

+ <tr>

+ <td>Example:</td>

+ <td>curl http://127.0.0.1:8888/sailingserver/api/v1/compareservers?server2=127.0.0.1:8889&leaderboardgroupUUID[]=0334e85e-ebc9-4835-b44d-5db71245b9e9&leaderboardgroupUUID[]=78476ac8-5519-4c3f-9c6d-670468edf4fc" -H "Authorization: Basic YWRtaW46YWRtaW4="<br>

+ produces output:<pre>

+ {

+ 127.0.0.1:8889 []

+ 127.0.0.1:8888 []

+ }

+ </pre>

+ </td>

+ </tr>

+ </td>

+ </tr>