diff options
| author |   Dan Timoney <dtimoney@att.com> | 2019-10-31 12:57:33 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <gerrit@onap.org> | 2019-10-31 12:57:33 +0000 |
| commit | 9fe840e96ce51f7204fb03e7bbb4820d4b88f309 (patch) | |
| tree | ec14e1bd43090eb069b423aa50cb3acc8836e272 /ms/py-executor/server.py | |
| parent | e875f21826bd1ff4964d06deba7784587b4f95b6 (diff) | |
| parent | a5ceb2485df10aa4987c64975d7200ff090c5890 (diff) | |
Merge "Py executor grpc TLS server authentication."
Diffstat (limited to 'ms/py-executor/server.py')
| -rw-r--r-- | ms/py-executor/server.py | 44 |
1 files changed, 34 insertions, 10 deletions
diff --git a/ms/py-executor/server.py b/ms/py-executor/server.py index 5c149d96b..f506e9446 100644 --- a/ms/py-executor/server.py +++ b/ms/py-executor/server.py @@ -33,21 +33,45 @@ _ONE_DAY_IN_SECONDS = 60 * 60 * 24 def serve(configuration: ScriptExecutorConfiguration): port = configuration.script_executor_property('port') - basic_auth = configuration.script_executor_property('auth') + authType = configuration.script_executor_property('authType') maxWorkers = configuration.script_executor_property('maxWorkers') - header_validator = RequestHeaderValidatorInterceptor( - 'authorization', basic_auth, grpc.StatusCode.UNAUTHENTICATED, - 'Access denied!') + if authType == 'tls-auth': + cert_chain_file = configuration.script_executor_property('certChain') + private_key_file = configuration.script_executor_property('privateKey') + logger.info("Setting GRPC server TLS authentication, cert file(%s) private key file(%s)", cert_chain_file, + private_key_file) + # read in key and certificate + with open(cert_chain_file, 'rb') as f: + certificate_chain = f.read() + with open(private_key_file, 'rb') as f: + private_key = f.read() - server = grpc.server(futures.ThreadPoolExecutor(max_workers=int(maxWorkers)), - interceptors=(header_validator,)) + # create server credentials + server_credentials = grpc.ssl_server_credentials(((private_key, certificate_chain),)) - BluePrintProcessing_pb2_grpc.add_BluePrintProcessingServiceServicer_to_server( - BluePrintProcessingServer(configuration), server) + # create server + server = grpc.server(futures.ThreadPoolExecutor(max_workers=int(maxWorkers))) + BluePrintProcessing_pb2_grpc.add_BluePrintProcessingServiceServicer_to_server( + BluePrintProcessingServer(configuration), server) - server.add_insecure_port('[::]:' + port) - server.start() + # add secure port using credentials + server.add_secure_port('[::]:' + port, server_credentials) + server.start() + else: + logger.info("Setting GRPC server base authentication") + basic_auth = configuration.script_executor_property('token') + header_validator = RequestHeaderValidatorInterceptor( + 'authorization', basic_auth, grpc.StatusCode.UNAUTHENTICATED, + 'Access denied!') + # create server with token authentication interceptors + server = grpc.server(futures.ThreadPoolExecutor(max_workers=int(maxWorkers)), + interceptors=(header_validator,)) + BluePrintProcessing_pb2_grpc.add_BluePrintProcessingServiceServicer_to_server( + BluePrintProcessingServer(configuration), server) + + server.add_insecure_port('[::]:' + port) + server.start() logger.info("Command Executor Server started on %s" % port) |