summaryrefslogtreecommitdiffstats
path: root/ms/py-executor/server.py
diff options
context:
space:
mode:
authorBrinda Santh <bs2796@att.com>2019-10-22 20:47:12 -0400
committerBrinda Santh <bs2796@att.com>2019-10-22 20:47:12 -0400
commita5ceb2485df10aa4987c64975d7200ff090c5890 (patch)
tree15b22424eccfd78996d717873a6a1517e2820a4e /ms/py-executor/server.py
parent910fa69e65b3d151ef2bdbbf90fdcc31cfa01008 (diff)
Py executor grpc TLS server authentication.
Issue-ID: CCSDK-1854 Signed-off-by: Brinda Santh <bs2796@att.com> Change-Id: I72b3deb7976e7d3e44478c497a46b9b4ac428623
Diffstat (limited to 'ms/py-executor/server.py')
-rw-r--r--ms/py-executor/server.py44
1 files changed, 34 insertions, 10 deletions
diff --git a/ms/py-executor/server.py b/ms/py-executor/server.py
index 5c149d96b..f506e9446 100644
--- a/ms/py-executor/server.py
+++ b/ms/py-executor/server.py
@@ -33,21 +33,45 @@ _ONE_DAY_IN_SECONDS = 60 * 60 * 24
def serve(configuration: ScriptExecutorConfiguration):
port = configuration.script_executor_property('port')
- basic_auth = configuration.script_executor_property('auth')
+ authType = configuration.script_executor_property('authType')
maxWorkers = configuration.script_executor_property('maxWorkers')
- header_validator = RequestHeaderValidatorInterceptor(
- 'authorization', basic_auth, grpc.StatusCode.UNAUTHENTICATED,
- 'Access denied!')
+ if authType == 'tls-auth':
+ cert_chain_file = configuration.script_executor_property('certChain')
+ private_key_file = configuration.script_executor_property('privateKey')
+ logger.info("Setting GRPC server TLS authentication, cert file(%s) private key file(%s)", cert_chain_file,
+ private_key_file)
+ # read in key and certificate
+ with open(cert_chain_file, 'rb') as f:
+ certificate_chain = f.read()
+ with open(private_key_file, 'rb') as f:
+ private_key = f.read()
- server = grpc.server(futures.ThreadPoolExecutor(max_workers=int(maxWorkers)),
- interceptors=(header_validator,))
+ # create server credentials
+ server_credentials = grpc.ssl_server_credentials(((private_key, certificate_chain),))
- BluePrintProcessing_pb2_grpc.add_BluePrintProcessingServiceServicer_to_server(
- BluePrintProcessingServer(configuration), server)
+ # create server
+ server = grpc.server(futures.ThreadPoolExecutor(max_workers=int(maxWorkers)))
+ BluePrintProcessing_pb2_grpc.add_BluePrintProcessingServiceServicer_to_server(
+ BluePrintProcessingServer(configuration), server)
- server.add_insecure_port('[::]:' + port)
- server.start()
+ # add secure port using credentials
+ server.add_secure_port('[::]:' + port, server_credentials)
+ server.start()
+ else:
+ logger.info("Setting GRPC server base authentication")
+ basic_auth = configuration.script_executor_property('token')
+ header_validator = RequestHeaderValidatorInterceptor(
+ 'authorization', basic_auth, grpc.StatusCode.UNAUTHENTICATED,
+ 'Access denied!')
+ # create server with token authentication interceptors
+ server = grpc.server(futures.ThreadPoolExecutor(max_workers=int(maxWorkers)),
+ interceptors=(header_validator,))
+ BluePrintProcessing_pb2_grpc.add_BluePrintProcessingServiceServicer_to_server(
+ BluePrintProcessingServer(configuration), server)
+
+ server.add_insecure_port('[::]:' + port)
+ server.start()
logger.info("Command Executor Server started on %s" % port)