summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Timoney <dtimoney@att.com>2019-10-31 12:57:33 +0000
committerGerrit Code Review <gerrit@onap.org>2019-10-31 12:57:33 +0000
commit9fe840e96ce51f7204fb03e7bbb4820d4b88f309 (patch)
treeec14e1bd43090eb069b423aa50cb3acc8836e272
parente875f21826bd1ff4964d06deba7784587b4f95b6 (diff)
parenta5ceb2485df10aa4987c64975d7200ff090c5890 (diff)
Merge "Py executor grpc TLS server authentication."
-rwxr-xr-xms/blueprintsprocessor/application/src/main/dc/docker-compose.yaml6
-rw-r--r--ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/grpc/service/BluePrintGrpcServerTest.kt10
-rw-r--r--ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/grpc/service/MockTLSBluePrintProcessingServer.kt4
-rw-r--r--ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/my-private-key.pem52
-rw-r--r--ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/my-public-key-cert.pem27
-rw-r--r--ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/py-executor-chain.pem27
-rw-r--r--ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/py-executor-key.pem52
-rw-r--r--ms/py-executor/README5
-rw-r--r--ms/py-executor/client.py67
-rw-r--r--ms/py-executor/configuration.ini7
-rwxr-xr-xms/py-executor/dc/docker-compose.yaml6
-rwxr-xr-xms/py-executor/docker/distribution.xml3
-rw-r--r--ms/py-executor/py-executor-chain.pem27
-rw-r--r--ms/py-executor/py-executor-key.pem52
-rw-r--r--ms/py-executor/server.py44
15 files changed, 292 insertions, 97 deletions
diff --git a/ms/blueprintsprocessor/application/src/main/dc/docker-compose.yaml b/ms/blueprintsprocessor/application/src/main/dc/docker-compose.yaml
index e4bb00773..27f72b59b 100755
--- a/ms/blueprintsprocessor/application/src/main/dc/docker-compose.yaml
+++ b/ms/blueprintsprocessor/application/src/main/dc/docker-compose.yaml
@@ -58,7 +58,11 @@ services:
STICKYSELECTORKEY:
ENVCONTEXT: dev
APP_PORT: 50052
- BASIC_AUTH: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
+ #AUTH_TYPE: basic-auth
+ #AUTH_TOKEN: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
+ AUTH_TYPE: tls-auth
+ AUTH_CERT_CHAIN: /opt/app/onap/python/py-executor-chain.pem
+ AUTH_PRIVATE_KEY: /opt/app/onap/python/py-executor-key.pem
LOG_FILE: /opt/app/onap/logs/application.log
volumes:
diff --git a/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/grpc/service/BluePrintGrpcServerTest.kt b/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/grpc/service/BluePrintGrpcServerTest.kt
index a08425048..8154d3747 100644
--- a/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/grpc/service/BluePrintGrpcServerTest.kt
+++ b/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/grpc/service/BluePrintGrpcServerTest.kt
@@ -27,6 +27,7 @@ import org.onap.ccsdk.cds.blueprintsprocessor.grpc.TLSAuthGrpcClientProperties
import org.onap.ccsdk.cds.blueprintsprocessor.grpc.TLSAuthGrpcServerProperties
import org.onap.ccsdk.cds.controllerblueprints.common.api.ActionIdentifiers
import org.onap.ccsdk.cds.controllerblueprints.common.api.CommonHeader
+import org.onap.ccsdk.cds.controllerblueprints.common.api.EventType
import org.onap.ccsdk.cds.controllerblueprints.processing.api.BluePrintProcessingServiceGrpc
import org.onap.ccsdk.cds.controllerblueprints.processing.api.ExecutionServiceInput
import java.util.*
@@ -38,15 +39,15 @@ class BluePrintGrpcServerTest {
private val tlsAuthGrpcServerProperties = TLSAuthGrpcServerProperties().apply {
port = 50052
type = GRPCLibConstants.TYPE_TLS_AUTH
- certChain = "src/test/resources/tls-manual/my-public-key-cert.pem"
- privateKey = "src/test/resources/tls-manual/my-private-key.pem"
+ certChain = "src/test/resources/tls-manual/py-executor-chain.pem"
+ privateKey = "src/test/resources/tls-manual/py-executor-key.pem"
}
private val tlsAuthGrpcClientProperties = TLSAuthGrpcClientProperties().apply {
host = "localhost"
port = 50052
type = GRPCLibConstants.TYPE_TLS_AUTH
- trustCertCollection = "src/test/resources/tls-manual/my-public-key-cert.pem"
+ trustCertCollection = "src/test/resources/tls-manual/py-executor-chain.pem"
}
@Test
@@ -72,6 +73,9 @@ class BluePrintGrpcServerTest {
launch {
resChannel.consumeEach {
log.info("Received Response")
+ if (it.status.eventType == EventType.EVENT_COMPONENT_EXECUTED) {
+ resChannel.cancel()
+ }
}
}
val request = getRequest("12345")
diff --git a/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/grpc/service/MockTLSBluePrintProcessingServer.kt b/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/grpc/service/MockTLSBluePrintProcessingServer.kt
index c6991af9b..d5bc70c48 100644
--- a/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/grpc/service/MockTLSBluePrintProcessingServer.kt
+++ b/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/grpc/service/MockTLSBluePrintProcessingServer.kt
@@ -36,8 +36,8 @@ fun main() {
val tlsAuthGrpcServerProperties = TLSAuthGrpcServerProperties().apply {
port = 50052
type = GRPCLibConstants.TYPE_TLS_AUTH
- certChain = "src/test/resources/tls-manual/my-public-key-cert.pem"
- privateKey = "src/test/resources/tls-manual/my-private-key.pem"
+ certChain = "src/test/resources/tls-manual/py-executor-chain.pem"
+ privateKey = "src/test/resources/tls-manual/py-executor-key.pem"
}
val server = TLSAuthGrpcServerService(tlsAuthGrpcServerProperties).serverBuilder()
.intercept(GrpcServerLoggingInterceptor())
diff --git a/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/my-private-key.pem b/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/my-private-key.pem
deleted file mode 100644
index a7849ae7c..000000000
--- a/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/my-private-key.pem
+++ /dev/null
@@ -1,52 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDED3IZY6mBMXiD
-T9aW/VxH5JD91BwkS6ya98ZfQnoqmsi4tzDth+cBlA+L8TsfpMqVmYcI3ZUz83uH
-ThQh/4jMisqHbHcT777cqkdO2PT7NHFPn+YY6hjkUZnA2ajFJpfKeo9mimM6NAc1
-g7U4XfYLIUX1ZbmHKXkyUjDv4OxnWQkLaL8AuHJozoOBRbr4cdvwNqfy8YMLxe6i
-RuWzguyzM5DLpP6EqiIVkUDlzQ3reTzLHD84USB5ygIvqAB9/5MxTT2w1/uiwMH4
-i1WH0c4+xA6VFVIJkZ8EGxJhXo2kNixMOXhXcXb9sTg4NvMU/e0X7cRHQ7fhdYEO
-QjZhAwdMrQFdcOdMRh55RV3bLGSaBPu0LYgM/8ys2n3y9ohDph9BcAlIJHsjU3zh
-kpyKB78dtVA2NGyMyMp0izlDRCRgJWppvpJwHCHy2sKhmlLeJs5dPr65E7qaT8Hz
-EvRxr/6NKRKuseV9DMflwT8edXNYqKY9UeiqY8aOcYPoYCnsdKA3ZyYm075I4OcA
-sFu9sYKMiL0goGNjxkNk2N22cGBMBthGjW+9jwEHC/HjZwVTf7o/2HIOfFcKkssH
-dEhmDWsAddMN2UNbwdWr/Le1qf/mlOBImQtXBJLtyxfSMey7BQusdgCYKvhq8Fn6
-/xPlyVcIrYyOw6XkMklqftLJJzhk7QIDAQABAoICAF/MBD4vmiUMHQxcOEfyZ+Kg
-5c+AkneRmjbmFkF5Y+PpWWYX7IpDOzZkN+xy5CakCHBsYbSNQFfwAk2sct3h09/N
-eQQOlWhiXmnHsavvClSr3SnAwVcvGxaEYJIASBx8rPI8TFEYET/hKByXzDZMguoR
-SfOLzskiFJvn2Q18Y0ZkFK1Ecv9RIGXhchP6FE9MouCOdCWaqCNahS05YwcBU9KD
-wZ4fclU0JA9Rt9oRBVonFPNRS/qieTHI6KSMfCEUfcE7Mod0IPn3IU/mFNaWRyYX
-+eASWNFgG8iPyb1Vy/OOnLpp4kknobJ3ozakcsWxBOYKQTto9THuji5/X76rEicj
-koF5Cmid80H6mto+WDSNpJKh+G5LVTxkG6XnZ4v22qfwjQHwBiiNIX8IadJ3epnN
-10wr8Urm2C+NaD6lOVWC0qBL2y/P7T5ttj8cDFf/Q8BlCYApomqDS6oGyFyPkjef
-FICLKWjvNQedG/rlseJ/Ue57om1s1L1fPk571dYyPjaXnM4DEQ1awy29epmRPn3g
-4tbBZdmq3sgVlxXhOOepUNuJZs1VstB3FEdGgi/mS8Ro11vXV+1OKj6HlamfPbB5
-wCOQC22m9XDxw7EuQfeJ6pOggpE8ASvbsEktC1xZ2CEHR2ZsNWpa8OVBbR8lX5t0
-PyzRFckPEQNpEZqL41opAoIBAQDuFpEKLoNxBn+asUOHHXhIqOQaG969WlzTlm0B
-a1O2mGcDQNBgefJMzLd9FdkdMlYzJbZFPudLpng5UeCpIVuwzuzE4e+GVmEsDsbo
-qXUbTd9mpToNOb5mqglsEBhWobOwrQJrtMrlDCX24xXaCh6evqFaCPceQ3p/Qs+F
-tza1g86XcWEpxNhPuZ20VSWFbnKKjw7dIByU++VKMHXJBpkRzPtB4PKqioPNDrpi
-8Cz58Z3x1AmZXmBW4JOhHrTKhihH5/MI0wDe+KmBirZosNL3XIl5JF9O9Jd3MabM
-dCsIwhID9UHRELBPKps/4dCGmRO3GdYTw1hkV7fsQTxCcrF3AoIBAQDSz3LqFqSI
-07wYGKfAwmZclpqeyk5NrLDQTTaYeiRoiuh4OUAZg1p5rkKo8B2VRaJMawwZmfcY
-eyeOti/DxJcnRHeRNJcSoQDk8qcMEWcIj9wX0Q5wDuNhM5AoanQ+PTa1M85lvKWd
-aavJf9U8q3/mqVmBY1RNgVVfmw2tBVAakJhIu1SjgZ1eqevH+pQMWxmIwD5m9BN2
-WSR7IPw34n5ykdW1vPJpy0j7iSOnQTaB+yLU0scA55ViNo3330EC4SMj65sbyYMc
-huTHqX71sA00YtAYpEN19oifTVb0riFlWPIeMcsS9pgjdBfbkrdOKwsTn3+GNnik
-kGJ3if2arhW7AoIBAQDrhQtJJSYFYsZMAlqoiDB6wAeVBEjcy0zUShPeuYsAL9aH
-U1BOf5N/AWvpovk5dpfq1L1v1n/7R9vZ5/Lzm/oV9zwkrtPA8iYB7UQ615buwaPi
-6EN63cpJyJ61dV5+JEua1Cp23UtwNQpBJfZx0Fzl7/GxHPlHyLyeszqSLeFCwfZV
-vWS+aukIRLeKskgBrHZGNqofeCqN/nidYT7C83HsN/e8/YdPyOIEsTMTuD7lqWvy
-0ywDuWZXyqR/V97EEN4782lpK0HLT/RuHwe+nFy1MacUXTSi6DYFROqZibkgWspz
-e+P1qiqexaj6Eqmy3C6yjC5HMpB4AoYAga/Yk5iVAoIBAFgbihzab9QcIq4zh9Fh
-rqSd8WvShB2kwpWc3+ekjRkAjZ7J1seTBbp7obK4ALVF0Ep+JyWAGy0pM+RKsvXw
-cXhg/lQ7FbUcg6Is5LJ/h3+lmMh/gLhHELOseGDb9U+aCAZ965LL4LBE3R6vhfEA
-gMloGFeiqzZlisgVpwachNlFe9BSM1LPNnW9MSV4zm3HmYl1R9+BvaymH0AzDhdR
-W6YI27hEi1C6PPucWsFp2R1EWE949OGk6OOOh5GExsgsTqKRs1dOxrSikHX+mmiX
-Nz2g2vahmOxxqLJkAabsLFsObMs/5m87j2Sp/dqwnFpYVR3TeNogZBXrnqv1iYAf
-qEcCggEAGJ4xggvYP4P03wmaEZvSr9fqN3fHFbz3qQc1UVDqRZ0FNDQCOIjIeJRZ
-Wz4pfM+W655+kLug+N5hJVqD6eXV1aINZICMc07M3XdEQ+d+QRc64b60vP+D/fPB
-LAjw99tANu5A8//abryQ6S0g0a3cjRd/1Ub7LDVihpt6roDnaPMu4CCcRs8r5TQf
-Kb7utvYrgdB+iIb0vo1cH6ynji7/G0yEhxmMl8Dqc3DCDYbPmwS8TBSjDVPA+Osx
-nCCQIpsnUIUVIynVVW8IFK3uE+W3cmdeAGgbctRfiyEf30sciLtnbtbMB9/+NaaP
-y5k17ZEpVCGQySIFFfQux9v0R2Lxzw==
------END PRIVATE KEY-----
diff --git a/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/my-public-key-cert.pem b/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/my-public-key-cert.pem
deleted file mode 100644
index b3888850f..000000000
--- a/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/my-public-key-cert.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEpDCCAowCCQDElilolKhFszANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAls
-b2NhbGhvc3QwHhcNMTkxMDIyMTczODI0WhcNMjkxMDE5MTczODI0WjAUMRIwEAYD
-VQQDDAlsb2NhbGhvc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDE
-D3IZY6mBMXiDT9aW/VxH5JD91BwkS6ya98ZfQnoqmsi4tzDth+cBlA+L8TsfpMqV
-mYcI3ZUz83uHThQh/4jMisqHbHcT777cqkdO2PT7NHFPn+YY6hjkUZnA2ajFJpfK
-eo9mimM6NAc1g7U4XfYLIUX1ZbmHKXkyUjDv4OxnWQkLaL8AuHJozoOBRbr4cdvw
-Nqfy8YMLxe6iRuWzguyzM5DLpP6EqiIVkUDlzQ3reTzLHD84USB5ygIvqAB9/5Mx
-TT2w1/uiwMH4i1WH0c4+xA6VFVIJkZ8EGxJhXo2kNixMOXhXcXb9sTg4NvMU/e0X
-7cRHQ7fhdYEOQjZhAwdMrQFdcOdMRh55RV3bLGSaBPu0LYgM/8ys2n3y9ohDph9B
-cAlIJHsjU3zhkpyKB78dtVA2NGyMyMp0izlDRCRgJWppvpJwHCHy2sKhmlLeJs5d
-Pr65E7qaT8HzEvRxr/6NKRKuseV9DMflwT8edXNYqKY9UeiqY8aOcYPoYCnsdKA3
-ZyYm075I4OcAsFu9sYKMiL0goGNjxkNk2N22cGBMBthGjW+9jwEHC/HjZwVTf7o/
-2HIOfFcKkssHdEhmDWsAddMN2UNbwdWr/Le1qf/mlOBImQtXBJLtyxfSMey7BQus
-dgCYKvhq8Fn6/xPlyVcIrYyOw6XkMklqftLJJzhk7QIDAQABMA0GCSqGSIb3DQEB
-CwUAA4ICAQCGIXVox06XxEHhVTC+XUsPHQppQPI4tibUAijTaM6jgibZeo4zWDQe
-y8LGpvpNVA8KuRBGnjp1bSdOnmymFSnWIf/3ihKjI0NtG8huadcq+KOkbEQAMq7Z
-KrGhRMMgfSdBz/y8IBE3K6O9RlSP2pbjZ3gZnbSL4a9qMXzCYRxsVvqHsuOnT5/F
-gUBDZQD76NzeIv/WU9YpRo0cR7AWZ6b0a8+7CI7nvXUIIsobrfmbomw4ThFBSJes
-EnFUNCLczvItzTkIImofnMSHf1uE0oNHSZfGPo75ZkoIyJqz1QeEtr3DBluq7Yhd
-EwhcG0YZHgySL912dPQ8YeXcSV/c/JH6mf4LBFlDuR85wWcumUnvuHdWWfXT+nrI
-kVsykuLtN8vpwrPX65oNOJlG6q3L6GRX7TXcsSFYR0obpkgXHo8/QEzlNLpDh4wi
-mlMxOUn6PojbuMDAVK8FXBnEXMbwS7fR086UhF7Zfrvcqu2qWKXOuTxQiW3GZxDX
-KhaKv3AL73yocC/uy3Ou7p7VQOcpz3EkzBY4Ac+1S4OAi+HdL/x9XD15sXalP2nz
-eGqwc+jzII4lp66pwsgFVdBsSe1gPHgdL8h9SirlqHkeHZAp1TeT/ZFBb5VndX0j
-XppSbJQNC/OSjlxlduPvaHWOQO0gsZ+iufs0fZfP5B2GZxGT0Ho0Ew==
------END CERTIFICATE-----
diff --git a/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/py-executor-chain.pem b/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/py-executor-chain.pem
new file mode 100644
index 000000000..30f09dfea
--- /dev/null
+++ b/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/py-executor-chain.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEpDCCAowCCQDyhR+GR2RUiTANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAls
+b2NhbGhvc3QwHhcNMTkxMDIzMDAwMTA0WhcNMjkxMDIwMDAwMTA0WjAUMRIwEAYD
+VQQDDAlsb2NhbGhvc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCs
+c4d6qfbW+GSMp+XURoLXtSAbbehoBXL2beSzqQNW6e+Q9IVtSPZst8VRjUXelFzM
+m7VpS9jhiXOPZ5KKUOD0GVuNQc54VpwtHt7t9L5wS9OvdnLijnMIkc0iUvC6+Rcq
+HSfbNC2Tb+a8jLwojmtRCeY/MyCnmqYpD+U3b6Eue89VpMOIfmDuTqSRRBYNVO72
+hq7FI3UD8+zREg7htfzjJjG14Ec5iVMDxJA1FlwtXFnZxDHgbLjEVjTTR/9Wm1eU
+aJ4oWRt3gG/vnJNa+GwN4w/My+j/5/n/YpNh6GeQrHxBl/SL/SAFBshlwozr4K4K
+av5MqRKyhCACV4SsdhKJUEDtvrtukJvh/ZDW8jdNbFJAljm8UucZGbJrZl6G7XB3
+WteI7rezo0mL0NMBZIT3nQSMEpefKUFZFiE5lYvIk3UuChqIM0xdgV4INwLRHZdc
+1TtiGaBJV05y3Klo5gaUgNGbHP26zfub5TydiMrOA5W2mUvMkG2oit9aqnbaZBLD
+t17cCKzpzcVF5uNUng3j6sQvpTt3S4L28TvKUMAfpecQqvxMoxG0/9HZuv2z+U+L
+LVVsS07yJPIGMLcq1LMM++8LwD1MupcoShjNOq/lUOL6hIMfLOIfxt8Kv8WykVzv
+6yjKEIurjkwMipq4kvr9J7FFi54kGr7uvXWQRHDFJwIDAQABMA0GCSqGSIb3DQEB
+CwUAA4ICAQB7gJzvaOIP3/S2jrObz67g0jiz1cfb4I9KQwpwb6JUWbYm1QjBcGm4
+IhNbdPMD6dpwBc/A4JctA5E+/fArvl14UtK1jkaaE/GCumL0VUSZeAM6CK/63brt
+LplqCunv8ePHmiwjJBnhu+ewe1+mDMVDMw0iot/q+pOM3vqNS1Fipja+xFK1JQZx
+JmkjW/Ug3NHk/SSTfO+VNmlI5bBBApMqKmd9picsyDZ7dTBtZvbqV5eQsPZvv14G
+oEvWnvvom+D5GojroSO+OMHNDR3bzK6p0Cu8AiTy9Ls6J2e4GXJz3Cg/kuF9tNlR
+3X62zDT+CUipuYyTvmjbSyNMGwU7BIZTKFPuTtjh7EwT2g6S8RV9PmT98CQW6kTT
+RJbL7nMIOF0WusysAT5wj1HJ0QKBQCXK+L6WTKTTovaEE7JSVrYe7wVF8Q9SyBIM
+4CPVZt+GMyQKJ9SRnVgTDEMb7sj9HPaoVeDc6LQTv8Q//wFeTdZIWXQhpVJCQCEG
+qkRk9r3isF60ISOXXIYhqE+hx3QXY9M2UyHDtKXPZ7X370vADi2ebBMF8MpIZYl5
+628dME9JhOhLhD5qPJeva2Nq4gLpK+rO6t7ML0Us4edoKyoScowXAh80q1GW3EO3
+IxTK123651C/S0kDqLqZ9rknEdpwSujrT2UW95jUlfo5OKDrPpdOBw==
+-----END CERTIFICATE-----
diff --git a/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/py-executor-key.pem b/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/py-executor-key.pem
new file mode 100644
index 000000000..830a3ae21
--- /dev/null
+++ b/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/py-executor-key.pem
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCsc4d6qfbW+GSM
+p+XURoLXtSAbbehoBXL2beSzqQNW6e+Q9IVtSPZst8VRjUXelFzMm7VpS9jhiXOP
+Z5KKUOD0GVuNQc54VpwtHt7t9L5wS9OvdnLijnMIkc0iUvC6+RcqHSfbNC2Tb+a8
+jLwojmtRCeY/MyCnmqYpD+U3b6Eue89VpMOIfmDuTqSRRBYNVO72hq7FI3UD8+zR
+Eg7htfzjJjG14Ec5iVMDxJA1FlwtXFnZxDHgbLjEVjTTR/9Wm1eUaJ4oWRt3gG/v
+nJNa+GwN4w/My+j/5/n/YpNh6GeQrHxBl/SL/SAFBshlwozr4K4Kav5MqRKyhCAC
+V4SsdhKJUEDtvrtukJvh/ZDW8jdNbFJAljm8UucZGbJrZl6G7XB3WteI7rezo0mL
+0NMBZIT3nQSMEpefKUFZFiE5lYvIk3UuChqIM0xdgV4INwLRHZdc1TtiGaBJV05y
+3Klo5gaUgNGbHP26zfub5TydiMrOA5W2mUvMkG2oit9aqnbaZBLDt17cCKzpzcVF
+5uNUng3j6sQvpTt3S4L28TvKUMAfpecQqvxMoxG0/9HZuv2z+U+LLVVsS07yJPIG
+MLcq1LMM++8LwD1MupcoShjNOq/lUOL6hIMfLOIfxt8Kv8WykVzv6yjKEIurjkwM
+ipq4kvr9J7FFi54kGr7uvXWQRHDFJwIDAQABAoICADepPmRAMbTnDYU8t/jRHXBE
+PO29htL0V0vk4nl+pt5JuZJe6iYA89DZa+3LnG6gEmfUJjSrT4BUXiE+O9U7D7CZ
+8qvgPqUmx1fk6+2AHmuefd/XanNnqQduD/jxLlQbC/gC2xdsev1ok9/tyNmKRmcs
+u81QUkzmpJUCVWiUNkELozswaBBJQj4I0iM1B60b6dlWVVi5/g3dkGVW38jIdaxX
+apoansKaaVoA+s63vd7CPRoFsleOoAB3FqvPREIO97CmJ848HJpwsTB0qDcnkbDV
+xgbDFhxrIozko09ptOvEUILXag45EDmvG8WEivmjVml0aUoTFD7cWHyJBQCpR4fU
+5W9mYd4Rrzbmpb+LGYdNyrp3wo3C7dJ7/ffBMQxmXTdMZkcxorxj4BRG3oACRQ1u
+Ff1iUruZzIIDtEkrC9hc5QpLlDf9b1obm8L9sxf1QmTt59o5oFG40GPwPP19GXwE
+l2faHwho2jYLM9rhuSsK/5sSmUshPNQYmfMnbWzTtghMPE/g0Cfpt8qbspq+G1bk
+z3M97JlFMF83ccRotDElX9E/ttjU7Lehoz+1sOyHiVW1E4oqKer4t+nI2bp6VYZm
+W94qptW7kb4o0DsvPCaoTPBxLJ1ag2WBlqoFkVI0YaxZiZ8OTR55Ovi4z5xWBO1q
+NkCKgdAUQvQVzVtASVGBAoIBAQDSw2nvPFN4gGZ6OI+8j2gWtPcsrhSHS9ykxBeB
+mB/HExYIe8k3EvClf2rnfwzuKgKyVMp7Ev7nH2jS/PGZq37QyXrw0NBGRnvJY0Ez
+YB1KTgf9xaHMGMut5efNvv/cPwYriqosgJ0pdt0vvUAIQ6EBv+iDXXqJ1lQUSRYk
+wKjFABi6TeJY4t9vC474KoXTDaHlwn9+TwnuRBk85wrZzlhK90J0iVa9/Eqeddsc
+Z3CuTlc+NmcP3qvniYODq8nyVc0pKw+28AVYYEd3aJfgm+dpcB21L0oz7CaxH/Rz
+FNONuQRaOzJrcuJsde/KG2X+MHs6hVMXXXWciPrJ2l+Cq7dnAoIBAQDRdwZDcgem
+tJHLihCRzUl9PKip4ZA5757ZyTy6WMLR3wMS2cNTK8+bTrUa0SSC4WSI28pybFA7
+QdSR08c5Nd7jXcIrtqspgZKhb0E60i8VQHhh6ba/kyQjsEz9c/G1WquPK13j2vZ0
+79bomDwFJPsFzABU+sC0/F42ZVQzy9qXkjngjtmaGfrCc7X+pV28nEGtyxHci3L4
+XXfE2dOb+GBVZPLBVXwcthdRYsFuU9GMy2GH0zVtWPOcGRnlpx53Tqg7NIeR0Nm1
+K35EaK8PH92PsAr0Xza7vQHY4cPRz+RhDzjyGQtnhKf96U6gzzt4ZVbQ/UuzDBcL
+PQ2DvUH+sqxBAoIBAEW5kiUsDu0xhTVv2tVll+jTK2ZjnLT5ut/jY2djHTgtrz9V
+PEb1BBmsIoC9PljYGxZGCMpYiW2KrZIHTiIpYwXNcdeTLSPik3cXV+2YIXiAghJJ
+PHKZzWAVS+97/YcubmsfL5cTYWrjQN9XO4TAYtaCV3iGB1DsT9p6J1I3Tl4F3yhb
+NcN0IrjI2R5uauFchC/PfYAaw81ISBUm1iciJYF/dUO6X7DwcvsjQD6QVe3ESwZw
+1v2gC7zIeHKp9WAvVHUHIubBVvNavqnZN01+JjtydNGI+IJe4Jn+WU9tF2OuTqtP
+JCn50sBQ7+gr0j0aatn8W3XCXHNRua3niWtgRYcCggEAT7OzfWxhPuyMYV9qiKAN
+a4ruPp3mjDUCQ6pP4jQuBT+PYtfbe8U63MSpIsgb1XVAFNdVBA70xGd7I/XqY3l9
+ExS08n8yR7vW+Hhl4KTjZ3m9lLwiXmj1omLOGM7KVRBoITUGJ9JEXyB3rM9oXyjA
+H2eNZMh5FSTGEHqj/IV/6paoUSrp37os8VqoEHoJ3d+zGhcf98RT/e9KyGt+GmX6
++eNMf4YwkJg07THfmkRoguNMfCtAtBfZsjbW5MyfShRy7PxC7ZgDju06wXr3yZB9
+dNQuhufH4s27azQUl7w8ETaCm5QuA7i1V2c0FPpljZ052JHZAQsDpbIYd11HREvm
+QQKCAQEA0W7xNYoFvnyikdG0t266LLv1EkWDFdgkelGx/eGe/JZ+au3uTM94EssC
+ni64XX2P8vK/te+c3jItYO4MRgnDJ7GW+bRnJFu2kBE0W4chx7vga0XApVCP+Ugg
+owv5yf9cOAHFulvPefsU0snYStD3gNq77XDg0CwoyUkpeq+GiupoQ8tquMSsrEwp
+ve5DtDip3cLHz2oVLB3mR4kKVwVwmOgO5RKq6N/H6Jxtf/Zk1I260dKr+Dv2MnDh
+dysO4zH5YEt2ML3oY4zY8lu+I5bHCBR1updSny0B31WrXAJyfZpMx+HOwETFKa3B
+v9AGKz0Jc2GOIRKHrCQ/WkZePetaYQ==
+-----END PRIVATE KEY-----
diff --git a/ms/py-executor/README b/ms/py-executor/README
new file mode 100644
index 000000000..919795a3c
--- /dev/null
+++ b/ms/py-executor/README
@@ -0,0 +1,5 @@
+
+Generate Server Certificates
+------------------------------
+
+openssl req -x509 -newkey rsa:4096 -keyout py-executor-key.pem -out py-executor-chain.pem -days 3650 -nodes -subj '/CN=localhost' \ No newline at end of file
diff --git a/ms/py-executor/client.py b/ms/py-executor/client.py
new file mode 100644
index 000000000..c5bdc43c8
--- /dev/null
+++ b/ms/py-executor/client.py
@@ -0,0 +1,67 @@
+# Copyright © 2018-2019 AT&T Intellectual Property.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import grpc
+from blueprints_grpc.proto.BluePrintProcessing_pb2_grpc import BluePrintProcessingServiceStub
+from blueprints_grpc.proto.BluePrintProcessing_pb2 import ExecutionServiceInput
+from blueprints_grpc.proto.BluePrintCommon_pb2 import CommonHeader, ActionIdentifiers
+
+
+def generate_messages():
+ commonHeader = CommonHeader()
+ commonHeader.requestId = "1234"
+ commonHeader.subRequestId = "1234-1"
+ commonHeader.originatorId = "CDS"
+
+ actionIdentifiers = ActionIdentifiers()
+ actionIdentifiers.blueprintName = "sample-cba"
+ actionIdentifiers.blueprintVersion = "1.0.0"
+ actionIdentifiers.actionName = "SampleScript"
+
+ input = ExecutionServiceInput(commonHeader=commonHeader, actionIdentifiers=actionIdentifiers)
+
+ commonHeader2 = CommonHeader()
+ commonHeader2.requestId = "1235"
+ commonHeader2.subRequestId = "1234-2"
+ commonHeader2.originatorId = "CDS"
+ input2 = ExecutionServiceInput(commonHeader=commonHeader2, actionIdentifiers=actionIdentifiers)
+
+ inputs = [input, input2]
+ for input in inputs:
+ print(input)
+ yield input
+
+
+if __name__ == '__main__':
+ with open('py-executor-chain.pem', 'rb') as f:
+ creds = grpc.ssl_channel_credentials(f.read())
+ channel = grpc.secure_channel('localhost:50052', creds)
+ stub = BluePrintProcessingServiceStub(channel)
+
+ messages = generate_messages()
+ responses = stub.process(messages)
+ for response in responses:
+ print(response)
diff --git a/ms/py-executor/configuration.ini b/ms/py-executor/configuration.ini
index 8c36dd04f..5688f39bd 100644
--- a/ms/py-executor/configuration.ini
+++ b/ms/py-executor/configuration.ini
@@ -1,6 +1,11 @@
[scriptExecutor]
port=%(APP_PORT)s
-auth=%(BASIC_AUTH)s
+authType=%(AUTH_TYPE)s
+# For Token Auth
+token=%(AUTH_TOKEN)s
+# For TLS Auth
+certChain=%(AUTH_CERT_CHAIN)s
+privateKey=%(AUTH_PRIVATE_KEY)s
logFile=%(LOG_FILE)s
maxWorkers=20
diff --git a/ms/py-executor/dc/docker-compose.yaml b/ms/py-executor/dc/docker-compose.yaml
index 76009411b..30298e3c0 100755
--- a/ms/py-executor/dc/docker-compose.yaml
+++ b/ms/py-executor/dc/docker-compose.yaml
@@ -16,7 +16,11 @@ services:
STICKYSELECTORKEY:
ENVCONTEXT: dev
APP_PORT: 50052
- BASIC_AUTH: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
+ #AUTH_TYPE: basic-auth
+ #AUTH_TOKEN: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
+ AUTH_TYPE: tls-auth
+ AUTH_CERT_CHAIN: /opt/app/onap/python/py-executor-chain.pem
+ AUTH_PRIVATE_KEY: /opt/app/onap/python/py-executor-key.pem
LOG_FILE: /opt/app/onap/logs/application.log
volumes:
diff --git a/ms/py-executor/docker/distribution.xml b/ms/py-executor/docker/distribution.xml
index 6235a7b8a..bb7a8d20a 100755
--- a/ms/py-executor/docker/distribution.xml
+++ b/ms/py-executor/docker/distribution.xml
@@ -38,6 +38,9 @@
<includes>
<include>requirements.txt</include>
<include>configuration.ini</include>
+ <include>*.crt</include>
+ <include>*.key</include>
+ <include>*.pem</include>
</includes>
<useDefaultExcludes>true</useDefaultExcludes>
<fileMode>0666</fileMode>
diff --git a/ms/py-executor/py-executor-chain.pem b/ms/py-executor/py-executor-chain.pem
new file mode 100644
index 000000000..30f09dfea
--- /dev/null
+++ b/ms/py-executor/py-executor-chain.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEpDCCAowCCQDyhR+GR2RUiTANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAls
+b2NhbGhvc3QwHhcNMTkxMDIzMDAwMTA0WhcNMjkxMDIwMDAwMTA0WjAUMRIwEAYD
+VQQDDAlsb2NhbGhvc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCs
+c4d6qfbW+GSMp+XURoLXtSAbbehoBXL2beSzqQNW6e+Q9IVtSPZst8VRjUXelFzM
+m7VpS9jhiXOPZ5KKUOD0GVuNQc54VpwtHt7t9L5wS9OvdnLijnMIkc0iUvC6+Rcq
+HSfbNC2Tb+a8jLwojmtRCeY/MyCnmqYpD+U3b6Eue89VpMOIfmDuTqSRRBYNVO72
+hq7FI3UD8+zREg7htfzjJjG14Ec5iVMDxJA1FlwtXFnZxDHgbLjEVjTTR/9Wm1eU
+aJ4oWRt3gG/vnJNa+GwN4w/My+j/5/n/YpNh6GeQrHxBl/SL/SAFBshlwozr4K4K
+av5MqRKyhCACV4SsdhKJUEDtvrtukJvh/ZDW8jdNbFJAljm8UucZGbJrZl6G7XB3
+WteI7rezo0mL0NMBZIT3nQSMEpefKUFZFiE5lYvIk3UuChqIM0xdgV4INwLRHZdc
+1TtiGaBJV05y3Klo5gaUgNGbHP26zfub5TydiMrOA5W2mUvMkG2oit9aqnbaZBLD
+t17cCKzpzcVF5uNUng3j6sQvpTt3S4L28TvKUMAfpecQqvxMoxG0/9HZuv2z+U+L
+LVVsS07yJPIGMLcq1LMM++8LwD1MupcoShjNOq/lUOL6hIMfLOIfxt8Kv8WykVzv
+6yjKEIurjkwMipq4kvr9J7FFi54kGr7uvXWQRHDFJwIDAQABMA0GCSqGSIb3DQEB
+CwUAA4ICAQB7gJzvaOIP3/S2jrObz67g0jiz1cfb4I9KQwpwb6JUWbYm1QjBcGm4
+IhNbdPMD6dpwBc/A4JctA5E+/fArvl14UtK1jkaaE/GCumL0VUSZeAM6CK/63brt
+LplqCunv8ePHmiwjJBnhu+ewe1+mDMVDMw0iot/q+pOM3vqNS1Fipja+xFK1JQZx
+JmkjW/Ug3NHk/SSTfO+VNmlI5bBBApMqKmd9picsyDZ7dTBtZvbqV5eQsPZvv14G
+oEvWnvvom+D5GojroSO+OMHNDR3bzK6p0Cu8AiTy9Ls6J2e4GXJz3Cg/kuF9tNlR
+3X62zDT+CUipuYyTvmjbSyNMGwU7BIZTKFPuTtjh7EwT2g6S8RV9PmT98CQW6kTT
+RJbL7nMIOF0WusysAT5wj1HJ0QKBQCXK+L6WTKTTovaEE7JSVrYe7wVF8Q9SyBIM
+4CPVZt+GMyQKJ9SRnVgTDEMb7sj9HPaoVeDc6LQTv8Q//wFeTdZIWXQhpVJCQCEG
+qkRk9r3isF60ISOXXIYhqE+hx3QXY9M2UyHDtKXPZ7X370vADi2ebBMF8MpIZYl5
+628dME9JhOhLhD5qPJeva2Nq4gLpK+rO6t7ML0Us4edoKyoScowXAh80q1GW3EO3
+IxTK123651C/S0kDqLqZ9rknEdpwSujrT2UW95jUlfo5OKDrPpdOBw==
+-----END CERTIFICATE-----
diff --git a/ms/py-executor/py-executor-key.pem b/ms/py-executor/py-executor-key.pem
new file mode 100644
index 000000000..830a3ae21
--- /dev/null
+++ b/ms/py-executor/py-executor-key.pem
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCsc4d6qfbW+GSM
+p+XURoLXtSAbbehoBXL2beSzqQNW6e+Q9IVtSPZst8VRjUXelFzMm7VpS9jhiXOP
+Z5KKUOD0GVuNQc54VpwtHt7t9L5wS9OvdnLijnMIkc0iUvC6+RcqHSfbNC2Tb+a8
+jLwojmtRCeY/MyCnmqYpD+U3b6Eue89VpMOIfmDuTqSRRBYNVO72hq7FI3UD8+zR
+Eg7htfzjJjG14Ec5iVMDxJA1FlwtXFnZxDHgbLjEVjTTR/9Wm1eUaJ4oWRt3gG/v
+nJNa+GwN4w/My+j/5/n/YpNh6GeQrHxBl/SL/SAFBshlwozr4K4Kav5MqRKyhCAC
+V4SsdhKJUEDtvrtukJvh/ZDW8jdNbFJAljm8UucZGbJrZl6G7XB3WteI7rezo0mL
+0NMBZIT3nQSMEpefKUFZFiE5lYvIk3UuChqIM0xdgV4INwLRHZdc1TtiGaBJV05y
+3Klo5gaUgNGbHP26zfub5TydiMrOA5W2mUvMkG2oit9aqnbaZBLDt17cCKzpzcVF
+5uNUng3j6sQvpTt3S4L28TvKUMAfpecQqvxMoxG0/9HZuv2z+U+LLVVsS07yJPIG
+MLcq1LMM++8LwD1MupcoShjNOq/lUOL6hIMfLOIfxt8Kv8WykVzv6yjKEIurjkwM
+ipq4kvr9J7FFi54kGr7uvXWQRHDFJwIDAQABAoICADepPmRAMbTnDYU8t/jRHXBE
+PO29htL0V0vk4nl+pt5JuZJe6iYA89DZa+3LnG6gEmfUJjSrT4BUXiE+O9U7D7CZ
+8qvgPqUmx1fk6+2AHmuefd/XanNnqQduD/jxLlQbC/gC2xdsev1ok9/tyNmKRmcs
+u81QUkzmpJUCVWiUNkELozswaBBJQj4I0iM1B60b6dlWVVi5/g3dkGVW38jIdaxX
+apoansKaaVoA+s63vd7CPRoFsleOoAB3FqvPREIO97CmJ848HJpwsTB0qDcnkbDV
+xgbDFhxrIozko09ptOvEUILXag45EDmvG8WEivmjVml0aUoTFD7cWHyJBQCpR4fU
+5W9mYd4Rrzbmpb+LGYdNyrp3wo3C7dJ7/ffBMQxmXTdMZkcxorxj4BRG3oACRQ1u
+Ff1iUruZzIIDtEkrC9hc5QpLlDf9b1obm8L9sxf1QmTt59o5oFG40GPwPP19GXwE
+l2faHwho2jYLM9rhuSsK/5sSmUshPNQYmfMnbWzTtghMPE/g0Cfpt8qbspq+G1bk
+z3M97JlFMF83ccRotDElX9E/ttjU7Lehoz+1sOyHiVW1E4oqKer4t+nI2bp6VYZm
+W94qptW7kb4o0DsvPCaoTPBxLJ1ag2WBlqoFkVI0YaxZiZ8OTR55Ovi4z5xWBO1q
+NkCKgdAUQvQVzVtASVGBAoIBAQDSw2nvPFN4gGZ6OI+8j2gWtPcsrhSHS9ykxBeB
+mB/HExYIe8k3EvClf2rnfwzuKgKyVMp7Ev7nH2jS/PGZq37QyXrw0NBGRnvJY0Ez
+YB1KTgf9xaHMGMut5efNvv/cPwYriqosgJ0pdt0vvUAIQ6EBv+iDXXqJ1lQUSRYk
+wKjFABi6TeJY4t9vC474KoXTDaHlwn9+TwnuRBk85wrZzlhK90J0iVa9/Eqeddsc
+Z3CuTlc+NmcP3qvniYODq8nyVc0pKw+28AVYYEd3aJfgm+dpcB21L0oz7CaxH/Rz
+FNONuQRaOzJrcuJsde/KG2X+MHs6hVMXXXWciPrJ2l+Cq7dnAoIBAQDRdwZDcgem
+tJHLihCRzUl9PKip4ZA5757ZyTy6WMLR3wMS2cNTK8+bTrUa0SSC4WSI28pybFA7
+QdSR08c5Nd7jXcIrtqspgZKhb0E60i8VQHhh6ba/kyQjsEz9c/G1WquPK13j2vZ0
+79bomDwFJPsFzABU+sC0/F42ZVQzy9qXkjngjtmaGfrCc7X+pV28nEGtyxHci3L4
+XXfE2dOb+GBVZPLBVXwcthdRYsFuU9GMy2GH0zVtWPOcGRnlpx53Tqg7NIeR0Nm1
+K35EaK8PH92PsAr0Xza7vQHY4cPRz+RhDzjyGQtnhKf96U6gzzt4ZVbQ/UuzDBcL
+PQ2DvUH+sqxBAoIBAEW5kiUsDu0xhTVv2tVll+jTK2ZjnLT5ut/jY2djHTgtrz9V
+PEb1BBmsIoC9PljYGxZGCMpYiW2KrZIHTiIpYwXNcdeTLSPik3cXV+2YIXiAghJJ
+PHKZzWAVS+97/YcubmsfL5cTYWrjQN9XO4TAYtaCV3iGB1DsT9p6J1I3Tl4F3yhb
+NcN0IrjI2R5uauFchC/PfYAaw81ISBUm1iciJYF/dUO6X7DwcvsjQD6QVe3ESwZw
+1v2gC7zIeHKp9WAvVHUHIubBVvNavqnZN01+JjtydNGI+IJe4Jn+WU9tF2OuTqtP
+JCn50sBQ7+gr0j0aatn8W3XCXHNRua3niWtgRYcCggEAT7OzfWxhPuyMYV9qiKAN
+a4ruPp3mjDUCQ6pP4jQuBT+PYtfbe8U63MSpIsgb1XVAFNdVBA70xGd7I/XqY3l9
+ExS08n8yR7vW+Hhl4KTjZ3m9lLwiXmj1omLOGM7KVRBoITUGJ9JEXyB3rM9oXyjA
+H2eNZMh5FSTGEHqj/IV/6paoUSrp37os8VqoEHoJ3d+zGhcf98RT/e9KyGt+GmX6
++eNMf4YwkJg07THfmkRoguNMfCtAtBfZsjbW5MyfShRy7PxC7ZgDju06wXr3yZB9
+dNQuhufH4s27azQUl7w8ETaCm5QuA7i1V2c0FPpljZ052JHZAQsDpbIYd11HREvm
+QQKCAQEA0W7xNYoFvnyikdG0t266LLv1EkWDFdgkelGx/eGe/JZ+au3uTM94EssC
+ni64XX2P8vK/te+c3jItYO4MRgnDJ7GW+bRnJFu2kBE0W4chx7vga0XApVCP+Ugg
+owv5yf9cOAHFulvPefsU0snYStD3gNq77XDg0CwoyUkpeq+GiupoQ8tquMSsrEwp
+ve5DtDip3cLHz2oVLB3mR4kKVwVwmOgO5RKq6N/H6Jxtf/Zk1I260dKr+Dv2MnDh
+dysO4zH5YEt2ML3oY4zY8lu+I5bHCBR1updSny0B31WrXAJyfZpMx+HOwETFKa3B
+v9AGKz0Jc2GOIRKHrCQ/WkZePetaYQ==
+-----END PRIVATE KEY-----
diff --git a/ms/py-executor/server.py b/ms/py-executor/server.py
index 5c149d96b..f506e9446 100644
--- a/ms/py-executor/server.py
+++ b/ms/py-executor/server.py
@@ -33,21 +33,45 @@ _ONE_DAY_IN_SECONDS = 60 * 60 * 24
def serve(configuration: ScriptExecutorConfiguration):
port = configuration.script_executor_property('port')
- basic_auth = configuration.script_executor_property('auth')
+ authType = configuration.script_executor_property('authType')
maxWorkers = configuration.script_executor_property('maxWorkers')
- header_validator = RequestHeaderValidatorInterceptor(
- 'authorization', basic_auth, grpc.StatusCode.UNAUTHENTICATED,
- 'Access denied!')
+ if authType == 'tls-auth':
+ cert_chain_file = configuration.script_executor_property('certChain')
+ private_key_file = configuration.script_executor_property('privateKey')
+ logger.info("Setting GRPC server TLS authentication, cert file(%s) private key file(%s)", cert_chain_file,
+ private_key_file)
+ # read in key and certificate
+ with open(cert_chain_file, 'rb') as f:
+ certificate_chain = f.read()
+ with open(private_key_file, 'rb') as f:
+ private_key = f.read()
- server = grpc.server(futures.ThreadPoolExecutor(max_workers=int(maxWorkers)),
- interceptors=(header_validator,))
+ # create server credentials
+ server_credentials = grpc.ssl_server_credentials(((private_key, certificate_chain),))
- BluePrintProcessing_pb2_grpc.add_BluePrintProcessingServiceServicer_to_server(
- BluePrintProcessingServer(configuration), server)
+ # create server
+ server = grpc.server(futures.ThreadPoolExecutor(max_workers=int(maxWorkers)))
+ BluePrintProcessing_pb2_grpc.add_BluePrintProcessingServiceServicer_to_server(
+ BluePrintProcessingServer(configuration), server)
- server.add_insecure_port('[::]:' + port)
- server.start()
+ # add secure port using credentials
+ server.add_secure_port('[::]:' + port, server_credentials)
+ server.start()
+ else:
+ logger.info("Setting GRPC server base authentication")
+ basic_auth = configuration.script_executor_property('token')
+ header_validator = RequestHeaderValidatorInterceptor(
+ 'authorization', basic_auth, grpc.StatusCode.UNAUTHENTICATED,
+ 'Access denied!')
+ # create server with token authentication interceptors
+ server = grpc.server(futures.ThreadPoolExecutor(max_workers=int(maxWorkers)),
+ interceptors=(header_validator,))
+ BluePrintProcessing_pb2_grpc.add_BluePrintProcessingServiceServicer_to_server(
+ BluePrintProcessingServer(configuration), server)
+
+ server.add_insecure_port('[::]:' + port)
+ server.start()
logger.info("Command Executor Server started on %s" % port)