From a5ceb2485df10aa4987c64975d7200ff090c5890 Mon Sep 17 00:00:00 2001 From: Brinda Santh Date: Tue, 22 Oct 2019 20:47:12 -0400 Subject: Py executor grpc TLS server authentication. Issue-ID: CCSDK-1854 Signed-off-by: Brinda Santh Change-Id: I72b3deb7976e7d3e44478c497a46b9b4ac428623 --- .../application/src/main/dc/docker-compose.yaml | 6 +- .../grpc/service/BluePrintGrpcServerTest.kt | 10 +++- .../service/MockTLSBluePrintProcessingServer.kt | 4 +- .../test/resources/tls-manual/my-private-key.pem | 52 ----------------- .../resources/tls-manual/my-public-key-cert.pem | 27 --------- .../resources/tls-manual/py-executor-chain.pem | 27 +++++++++ .../test/resources/tls-manual/py-executor-key.pem | 52 +++++++++++++++++ ms/py-executor/README | 5 ++ ms/py-executor/client.py | 67 ++++++++++++++++++++++ ms/py-executor/configuration.ini | 7 ++- ms/py-executor/dc/docker-compose.yaml | 6 +- ms/py-executor/docker/distribution.xml | 3 + ms/py-executor/py-executor-chain.pem | 27 +++++++++ ms/py-executor/py-executor-key.pem | 52 +++++++++++++++++ ms/py-executor/server.py | 44 ++++++++++---- 15 files changed, 292 insertions(+), 97 deletions(-) delete mode 100644 ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/my-private-key.pem delete mode 100644 ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/my-public-key-cert.pem create mode 100644 ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/py-executor-chain.pem create mode 100644 ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/py-executor-key.pem create mode 100644 ms/py-executor/README create mode 100644 ms/py-executor/client.py create mode 100644 ms/py-executor/py-executor-chain.pem create mode 100644 ms/py-executor/py-executor-key.pem (limited to 'ms') diff --git a/ms/blueprintsprocessor/application/src/main/dc/docker-compose.yaml b/ms/blueprintsprocessor/application/src/main/dc/docker-compose.yaml index e4bb00773..27f72b59b 100755 --- a/ms/blueprintsprocessor/application/src/main/dc/docker-compose.yaml +++ b/ms/blueprintsprocessor/application/src/main/dc/docker-compose.yaml @@ -58,7 +58,11 @@ services: STICKYSELECTORKEY: ENVCONTEXT: dev APP_PORT: 50052 - BASIC_AUTH: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw== + #AUTH_TYPE: basic-auth + #AUTH_TOKEN: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw== + AUTH_TYPE: tls-auth + AUTH_CERT_CHAIN: /opt/app/onap/python/py-executor-chain.pem + AUTH_PRIVATE_KEY: /opt/app/onap/python/py-executor-key.pem LOG_FILE: /opt/app/onap/logs/application.log volumes: diff --git a/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/grpc/service/BluePrintGrpcServerTest.kt b/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/grpc/service/BluePrintGrpcServerTest.kt index a08425048..8154d3747 100644 --- a/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/grpc/service/BluePrintGrpcServerTest.kt +++ b/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/grpc/service/BluePrintGrpcServerTest.kt @@ -27,6 +27,7 @@ import org.onap.ccsdk.cds.blueprintsprocessor.grpc.TLSAuthGrpcClientProperties import org.onap.ccsdk.cds.blueprintsprocessor.grpc.TLSAuthGrpcServerProperties import org.onap.ccsdk.cds.controllerblueprints.common.api.ActionIdentifiers import org.onap.ccsdk.cds.controllerblueprints.common.api.CommonHeader +import org.onap.ccsdk.cds.controllerblueprints.common.api.EventType import org.onap.ccsdk.cds.controllerblueprints.processing.api.BluePrintProcessingServiceGrpc import org.onap.ccsdk.cds.controllerblueprints.processing.api.ExecutionServiceInput import java.util.* @@ -38,15 +39,15 @@ class BluePrintGrpcServerTest { private val tlsAuthGrpcServerProperties = TLSAuthGrpcServerProperties().apply { port = 50052 type = GRPCLibConstants.TYPE_TLS_AUTH - certChain = "src/test/resources/tls-manual/my-public-key-cert.pem" - privateKey = "src/test/resources/tls-manual/my-private-key.pem" + certChain = "src/test/resources/tls-manual/py-executor-chain.pem" + privateKey = "src/test/resources/tls-manual/py-executor-key.pem" } private val tlsAuthGrpcClientProperties = TLSAuthGrpcClientProperties().apply { host = "localhost" port = 50052 type = GRPCLibConstants.TYPE_TLS_AUTH - trustCertCollection = "src/test/resources/tls-manual/my-public-key-cert.pem" + trustCertCollection = "src/test/resources/tls-manual/py-executor-chain.pem" } @Test @@ -72,6 +73,9 @@ class BluePrintGrpcServerTest { launch { resChannel.consumeEach { log.info("Received Response") + if (it.status.eventType == EventType.EVENT_COMPONENT_EXECUTED) { + resChannel.cancel() + } } } val request = getRequest("12345") diff --git a/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/grpc/service/MockTLSBluePrintProcessingServer.kt b/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/grpc/service/MockTLSBluePrintProcessingServer.kt index c6991af9b..d5bc70c48 100644 --- a/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/grpc/service/MockTLSBluePrintProcessingServer.kt +++ b/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/grpc/service/MockTLSBluePrintProcessingServer.kt @@ -36,8 +36,8 @@ fun main() { val tlsAuthGrpcServerProperties = TLSAuthGrpcServerProperties().apply { port = 50052 type = GRPCLibConstants.TYPE_TLS_AUTH - certChain = "src/test/resources/tls-manual/my-public-key-cert.pem" - privateKey = "src/test/resources/tls-manual/my-private-key.pem" + certChain = "src/test/resources/tls-manual/py-executor-chain.pem" + privateKey = "src/test/resources/tls-manual/py-executor-key.pem" } val server = TLSAuthGrpcServerService(tlsAuthGrpcServerProperties).serverBuilder() .intercept(GrpcServerLoggingInterceptor()) diff --git a/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/my-private-key.pem b/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/my-private-key.pem deleted file mode 100644 index a7849ae7c..000000000 --- a/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/my-private-key.pem +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDED3IZY6mBMXiD -T9aW/VxH5JD91BwkS6ya98ZfQnoqmsi4tzDth+cBlA+L8TsfpMqVmYcI3ZUz83uH -ThQh/4jMisqHbHcT777cqkdO2PT7NHFPn+YY6hjkUZnA2ajFJpfKeo9mimM6NAc1 -g7U4XfYLIUX1ZbmHKXkyUjDv4OxnWQkLaL8AuHJozoOBRbr4cdvwNqfy8YMLxe6i -RuWzguyzM5DLpP6EqiIVkUDlzQ3reTzLHD84USB5ygIvqAB9/5MxTT2w1/uiwMH4 -i1WH0c4+xA6VFVIJkZ8EGxJhXo2kNixMOXhXcXb9sTg4NvMU/e0X7cRHQ7fhdYEO -QjZhAwdMrQFdcOdMRh55RV3bLGSaBPu0LYgM/8ys2n3y9ohDph9BcAlIJHsjU3zh -kpyKB78dtVA2NGyMyMp0izlDRCRgJWppvpJwHCHy2sKhmlLeJs5dPr65E7qaT8Hz -EvRxr/6NKRKuseV9DMflwT8edXNYqKY9UeiqY8aOcYPoYCnsdKA3ZyYm075I4OcA -sFu9sYKMiL0goGNjxkNk2N22cGBMBthGjW+9jwEHC/HjZwVTf7o/2HIOfFcKkssH -dEhmDWsAddMN2UNbwdWr/Le1qf/mlOBImQtXBJLtyxfSMey7BQusdgCYKvhq8Fn6 -/xPlyVcIrYyOw6XkMklqftLJJzhk7QIDAQABAoICAF/MBD4vmiUMHQxcOEfyZ+Kg -5c+AkneRmjbmFkF5Y+PpWWYX7IpDOzZkN+xy5CakCHBsYbSNQFfwAk2sct3h09/N -eQQOlWhiXmnHsavvClSr3SnAwVcvGxaEYJIASBx8rPI8TFEYET/hKByXzDZMguoR -SfOLzskiFJvn2Q18Y0ZkFK1Ecv9RIGXhchP6FE9MouCOdCWaqCNahS05YwcBU9KD -wZ4fclU0JA9Rt9oRBVonFPNRS/qieTHI6KSMfCEUfcE7Mod0IPn3IU/mFNaWRyYX -+eASWNFgG8iPyb1Vy/OOnLpp4kknobJ3ozakcsWxBOYKQTto9THuji5/X76rEicj -koF5Cmid80H6mto+WDSNpJKh+G5LVTxkG6XnZ4v22qfwjQHwBiiNIX8IadJ3epnN -10wr8Urm2C+NaD6lOVWC0qBL2y/P7T5ttj8cDFf/Q8BlCYApomqDS6oGyFyPkjef -FICLKWjvNQedG/rlseJ/Ue57om1s1L1fPk571dYyPjaXnM4DEQ1awy29epmRPn3g -4tbBZdmq3sgVlxXhOOepUNuJZs1VstB3FEdGgi/mS8Ro11vXV+1OKj6HlamfPbB5 -wCOQC22m9XDxw7EuQfeJ6pOggpE8ASvbsEktC1xZ2CEHR2ZsNWpa8OVBbR8lX5t0 -PyzRFckPEQNpEZqL41opAoIBAQDuFpEKLoNxBn+asUOHHXhIqOQaG969WlzTlm0B -a1O2mGcDQNBgefJMzLd9FdkdMlYzJbZFPudLpng5UeCpIVuwzuzE4e+GVmEsDsbo -qXUbTd9mpToNOb5mqglsEBhWobOwrQJrtMrlDCX24xXaCh6evqFaCPceQ3p/Qs+F -tza1g86XcWEpxNhPuZ20VSWFbnKKjw7dIByU++VKMHXJBpkRzPtB4PKqioPNDrpi -8Cz58Z3x1AmZXmBW4JOhHrTKhihH5/MI0wDe+KmBirZosNL3XIl5JF9O9Jd3MabM -dCsIwhID9UHRELBPKps/4dCGmRO3GdYTw1hkV7fsQTxCcrF3AoIBAQDSz3LqFqSI -07wYGKfAwmZclpqeyk5NrLDQTTaYeiRoiuh4OUAZg1p5rkKo8B2VRaJMawwZmfcY -eyeOti/DxJcnRHeRNJcSoQDk8qcMEWcIj9wX0Q5wDuNhM5AoanQ+PTa1M85lvKWd -aavJf9U8q3/mqVmBY1RNgVVfmw2tBVAakJhIu1SjgZ1eqevH+pQMWxmIwD5m9BN2 -WSR7IPw34n5ykdW1vPJpy0j7iSOnQTaB+yLU0scA55ViNo3330EC4SMj65sbyYMc -huTHqX71sA00YtAYpEN19oifTVb0riFlWPIeMcsS9pgjdBfbkrdOKwsTn3+GNnik -kGJ3if2arhW7AoIBAQDrhQtJJSYFYsZMAlqoiDB6wAeVBEjcy0zUShPeuYsAL9aH -U1BOf5N/AWvpovk5dpfq1L1v1n/7R9vZ5/Lzm/oV9zwkrtPA8iYB7UQ615buwaPi -6EN63cpJyJ61dV5+JEua1Cp23UtwNQpBJfZx0Fzl7/GxHPlHyLyeszqSLeFCwfZV -vWS+aukIRLeKskgBrHZGNqofeCqN/nidYT7C83HsN/e8/YdPyOIEsTMTuD7lqWvy -0ywDuWZXyqR/V97EEN4782lpK0HLT/RuHwe+nFy1MacUXTSi6DYFROqZibkgWspz -e+P1qiqexaj6Eqmy3C6yjC5HMpB4AoYAga/Yk5iVAoIBAFgbihzab9QcIq4zh9Fh -rqSd8WvShB2kwpWc3+ekjRkAjZ7J1seTBbp7obK4ALVF0Ep+JyWAGy0pM+RKsvXw -cXhg/lQ7FbUcg6Is5LJ/h3+lmMh/gLhHELOseGDb9U+aCAZ965LL4LBE3R6vhfEA -gMloGFeiqzZlisgVpwachNlFe9BSM1LPNnW9MSV4zm3HmYl1R9+BvaymH0AzDhdR -W6YI27hEi1C6PPucWsFp2R1EWE949OGk6OOOh5GExsgsTqKRs1dOxrSikHX+mmiX -Nz2g2vahmOxxqLJkAabsLFsObMs/5m87j2Sp/dqwnFpYVR3TeNogZBXrnqv1iYAf -qEcCggEAGJ4xggvYP4P03wmaEZvSr9fqN3fHFbz3qQc1UVDqRZ0FNDQCOIjIeJRZ -Wz4pfM+W655+kLug+N5hJVqD6eXV1aINZICMc07M3XdEQ+d+QRc64b60vP+D/fPB -LAjw99tANu5A8//abryQ6S0g0a3cjRd/1Ub7LDVihpt6roDnaPMu4CCcRs8r5TQf -Kb7utvYrgdB+iIb0vo1cH6ynji7/G0yEhxmMl8Dqc3DCDYbPmwS8TBSjDVPA+Osx -nCCQIpsnUIUVIynVVW8IFK3uE+W3cmdeAGgbctRfiyEf30sciLtnbtbMB9/+NaaP -y5k17ZEpVCGQySIFFfQux9v0R2Lxzw== ------END PRIVATE KEY----- diff --git a/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/my-public-key-cert.pem b/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/my-public-key-cert.pem deleted file mode 100644 index b3888850f..000000000 --- a/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/my-public-key-cert.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEpDCCAowCCQDElilolKhFszANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAls -b2NhbGhvc3QwHhcNMTkxMDIyMTczODI0WhcNMjkxMDE5MTczODI0WjAUMRIwEAYD -VQQDDAlsb2NhbGhvc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDE -D3IZY6mBMXiDT9aW/VxH5JD91BwkS6ya98ZfQnoqmsi4tzDth+cBlA+L8TsfpMqV -mYcI3ZUz83uHThQh/4jMisqHbHcT777cqkdO2PT7NHFPn+YY6hjkUZnA2ajFJpfK -eo9mimM6NAc1g7U4XfYLIUX1ZbmHKXkyUjDv4OxnWQkLaL8AuHJozoOBRbr4cdvw -Nqfy8YMLxe6iRuWzguyzM5DLpP6EqiIVkUDlzQ3reTzLHD84USB5ygIvqAB9/5Mx -TT2w1/uiwMH4i1WH0c4+xA6VFVIJkZ8EGxJhXo2kNixMOXhXcXb9sTg4NvMU/e0X -7cRHQ7fhdYEOQjZhAwdMrQFdcOdMRh55RV3bLGSaBPu0LYgM/8ys2n3y9ohDph9B -cAlIJHsjU3zhkpyKB78dtVA2NGyMyMp0izlDRCRgJWppvpJwHCHy2sKhmlLeJs5d -Pr65E7qaT8HzEvRxr/6NKRKuseV9DMflwT8edXNYqKY9UeiqY8aOcYPoYCnsdKA3 -ZyYm075I4OcAsFu9sYKMiL0goGNjxkNk2N22cGBMBthGjW+9jwEHC/HjZwVTf7o/ -2HIOfFcKkssHdEhmDWsAddMN2UNbwdWr/Le1qf/mlOBImQtXBJLtyxfSMey7BQus -dgCYKvhq8Fn6/xPlyVcIrYyOw6XkMklqftLJJzhk7QIDAQABMA0GCSqGSIb3DQEB -CwUAA4ICAQCGIXVox06XxEHhVTC+XUsPHQppQPI4tibUAijTaM6jgibZeo4zWDQe -y8LGpvpNVA8KuRBGnjp1bSdOnmymFSnWIf/3ihKjI0NtG8huadcq+KOkbEQAMq7Z -KrGhRMMgfSdBz/y8IBE3K6O9RlSP2pbjZ3gZnbSL4a9qMXzCYRxsVvqHsuOnT5/F -gUBDZQD76NzeIv/WU9YpRo0cR7AWZ6b0a8+7CI7nvXUIIsobrfmbomw4ThFBSJes -EnFUNCLczvItzTkIImofnMSHf1uE0oNHSZfGPo75ZkoIyJqz1QeEtr3DBluq7Yhd -EwhcG0YZHgySL912dPQ8YeXcSV/c/JH6mf4LBFlDuR85wWcumUnvuHdWWfXT+nrI -kVsykuLtN8vpwrPX65oNOJlG6q3L6GRX7TXcsSFYR0obpkgXHo8/QEzlNLpDh4wi -mlMxOUn6PojbuMDAVK8FXBnEXMbwS7fR086UhF7Zfrvcqu2qWKXOuTxQiW3GZxDX -KhaKv3AL73yocC/uy3Ou7p7VQOcpz3EkzBY4Ac+1S4OAi+HdL/x9XD15sXalP2nz -eGqwc+jzII4lp66pwsgFVdBsSe1gPHgdL8h9SirlqHkeHZAp1TeT/ZFBb5VndX0j -XppSbJQNC/OSjlxlduPvaHWOQO0gsZ+iufs0fZfP5B2GZxGT0Ho0Ew== ------END CERTIFICATE----- diff --git a/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/py-executor-chain.pem b/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/py-executor-chain.pem new file mode 100644 index 000000000..30f09dfea --- /dev/null +++ b/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/py-executor-chain.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEpDCCAowCCQDyhR+GR2RUiTANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAls +b2NhbGhvc3QwHhcNMTkxMDIzMDAwMTA0WhcNMjkxMDIwMDAwMTA0WjAUMRIwEAYD +VQQDDAlsb2NhbGhvc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCs +c4d6qfbW+GSMp+XURoLXtSAbbehoBXL2beSzqQNW6e+Q9IVtSPZst8VRjUXelFzM +m7VpS9jhiXOPZ5KKUOD0GVuNQc54VpwtHt7t9L5wS9OvdnLijnMIkc0iUvC6+Rcq +HSfbNC2Tb+a8jLwojmtRCeY/MyCnmqYpD+U3b6Eue89VpMOIfmDuTqSRRBYNVO72 +hq7FI3UD8+zREg7htfzjJjG14Ec5iVMDxJA1FlwtXFnZxDHgbLjEVjTTR/9Wm1eU +aJ4oWRt3gG/vnJNa+GwN4w/My+j/5/n/YpNh6GeQrHxBl/SL/SAFBshlwozr4K4K +av5MqRKyhCACV4SsdhKJUEDtvrtukJvh/ZDW8jdNbFJAljm8UucZGbJrZl6G7XB3 +WteI7rezo0mL0NMBZIT3nQSMEpefKUFZFiE5lYvIk3UuChqIM0xdgV4INwLRHZdc +1TtiGaBJV05y3Klo5gaUgNGbHP26zfub5TydiMrOA5W2mUvMkG2oit9aqnbaZBLD +t17cCKzpzcVF5uNUng3j6sQvpTt3S4L28TvKUMAfpecQqvxMoxG0/9HZuv2z+U+L +LVVsS07yJPIGMLcq1LMM++8LwD1MupcoShjNOq/lUOL6hIMfLOIfxt8Kv8WykVzv +6yjKEIurjkwMipq4kvr9J7FFi54kGr7uvXWQRHDFJwIDAQABMA0GCSqGSIb3DQEB +CwUAA4ICAQB7gJzvaOIP3/S2jrObz67g0jiz1cfb4I9KQwpwb6JUWbYm1QjBcGm4 +IhNbdPMD6dpwBc/A4JctA5E+/fArvl14UtK1jkaaE/GCumL0VUSZeAM6CK/63brt +LplqCunv8ePHmiwjJBnhu+ewe1+mDMVDMw0iot/q+pOM3vqNS1Fipja+xFK1JQZx +JmkjW/Ug3NHk/SSTfO+VNmlI5bBBApMqKmd9picsyDZ7dTBtZvbqV5eQsPZvv14G +oEvWnvvom+D5GojroSO+OMHNDR3bzK6p0Cu8AiTy9Ls6J2e4GXJz3Cg/kuF9tNlR +3X62zDT+CUipuYyTvmjbSyNMGwU7BIZTKFPuTtjh7EwT2g6S8RV9PmT98CQW6kTT +RJbL7nMIOF0WusysAT5wj1HJ0QKBQCXK+L6WTKTTovaEE7JSVrYe7wVF8Q9SyBIM +4CPVZt+GMyQKJ9SRnVgTDEMb7sj9HPaoVeDc6LQTv8Q//wFeTdZIWXQhpVJCQCEG +qkRk9r3isF60ISOXXIYhqE+hx3QXY9M2UyHDtKXPZ7X370vADi2ebBMF8MpIZYl5 +628dME9JhOhLhD5qPJeva2Nq4gLpK+rO6t7ML0Us4edoKyoScowXAh80q1GW3EO3 +IxTK123651C/S0kDqLqZ9rknEdpwSujrT2UW95jUlfo5OKDrPpdOBw== +-----END CERTIFICATE----- diff --git a/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/py-executor-key.pem b/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/py-executor-key.pem new file mode 100644 index 000000000..830a3ae21 --- /dev/null +++ b/ms/blueprintsprocessor/modules/commons/grpc-lib/src/test/resources/tls-manual/py-executor-key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCsc4d6qfbW+GSM +p+XURoLXtSAbbehoBXL2beSzqQNW6e+Q9IVtSPZst8VRjUXelFzMm7VpS9jhiXOP +Z5KKUOD0GVuNQc54VpwtHt7t9L5wS9OvdnLijnMIkc0iUvC6+RcqHSfbNC2Tb+a8 +jLwojmtRCeY/MyCnmqYpD+U3b6Eue89VpMOIfmDuTqSRRBYNVO72hq7FI3UD8+zR +Eg7htfzjJjG14Ec5iVMDxJA1FlwtXFnZxDHgbLjEVjTTR/9Wm1eUaJ4oWRt3gG/v +nJNa+GwN4w/My+j/5/n/YpNh6GeQrHxBl/SL/SAFBshlwozr4K4Kav5MqRKyhCAC +V4SsdhKJUEDtvrtukJvh/ZDW8jdNbFJAljm8UucZGbJrZl6G7XB3WteI7rezo0mL +0NMBZIT3nQSMEpefKUFZFiE5lYvIk3UuChqIM0xdgV4INwLRHZdc1TtiGaBJV05y +3Klo5gaUgNGbHP26zfub5TydiMrOA5W2mUvMkG2oit9aqnbaZBLDt17cCKzpzcVF +5uNUng3j6sQvpTt3S4L28TvKUMAfpecQqvxMoxG0/9HZuv2z+U+LLVVsS07yJPIG +MLcq1LMM++8LwD1MupcoShjNOq/lUOL6hIMfLOIfxt8Kv8WykVzv6yjKEIurjkwM +ipq4kvr9J7FFi54kGr7uvXWQRHDFJwIDAQABAoICADepPmRAMbTnDYU8t/jRHXBE +PO29htL0V0vk4nl+pt5JuZJe6iYA89DZa+3LnG6gEmfUJjSrT4BUXiE+O9U7D7CZ +8qvgPqUmx1fk6+2AHmuefd/XanNnqQduD/jxLlQbC/gC2xdsev1ok9/tyNmKRmcs +u81QUkzmpJUCVWiUNkELozswaBBJQj4I0iM1B60b6dlWVVi5/g3dkGVW38jIdaxX +apoansKaaVoA+s63vd7CPRoFsleOoAB3FqvPREIO97CmJ848HJpwsTB0qDcnkbDV +xgbDFhxrIozko09ptOvEUILXag45EDmvG8WEivmjVml0aUoTFD7cWHyJBQCpR4fU +5W9mYd4Rrzbmpb+LGYdNyrp3wo3C7dJ7/ffBMQxmXTdMZkcxorxj4BRG3oACRQ1u +Ff1iUruZzIIDtEkrC9hc5QpLlDf9b1obm8L9sxf1QmTt59o5oFG40GPwPP19GXwE +l2faHwho2jYLM9rhuSsK/5sSmUshPNQYmfMnbWzTtghMPE/g0Cfpt8qbspq+G1bk +z3M97JlFMF83ccRotDElX9E/ttjU7Lehoz+1sOyHiVW1E4oqKer4t+nI2bp6VYZm +W94qptW7kb4o0DsvPCaoTPBxLJ1ag2WBlqoFkVI0YaxZiZ8OTR55Ovi4z5xWBO1q +NkCKgdAUQvQVzVtASVGBAoIBAQDSw2nvPFN4gGZ6OI+8j2gWtPcsrhSHS9ykxBeB +mB/HExYIe8k3EvClf2rnfwzuKgKyVMp7Ev7nH2jS/PGZq37QyXrw0NBGRnvJY0Ez +YB1KTgf9xaHMGMut5efNvv/cPwYriqosgJ0pdt0vvUAIQ6EBv+iDXXqJ1lQUSRYk +wKjFABi6TeJY4t9vC474KoXTDaHlwn9+TwnuRBk85wrZzlhK90J0iVa9/Eqeddsc +Z3CuTlc+NmcP3qvniYODq8nyVc0pKw+28AVYYEd3aJfgm+dpcB21L0oz7CaxH/Rz +FNONuQRaOzJrcuJsde/KG2X+MHs6hVMXXXWciPrJ2l+Cq7dnAoIBAQDRdwZDcgem +tJHLihCRzUl9PKip4ZA5757ZyTy6WMLR3wMS2cNTK8+bTrUa0SSC4WSI28pybFA7 +QdSR08c5Nd7jXcIrtqspgZKhb0E60i8VQHhh6ba/kyQjsEz9c/G1WquPK13j2vZ0 +79bomDwFJPsFzABU+sC0/F42ZVQzy9qXkjngjtmaGfrCc7X+pV28nEGtyxHci3L4 +XXfE2dOb+GBVZPLBVXwcthdRYsFuU9GMy2GH0zVtWPOcGRnlpx53Tqg7NIeR0Nm1 +K35EaK8PH92PsAr0Xza7vQHY4cPRz+RhDzjyGQtnhKf96U6gzzt4ZVbQ/UuzDBcL +PQ2DvUH+sqxBAoIBAEW5kiUsDu0xhTVv2tVll+jTK2ZjnLT5ut/jY2djHTgtrz9V +PEb1BBmsIoC9PljYGxZGCMpYiW2KrZIHTiIpYwXNcdeTLSPik3cXV+2YIXiAghJJ +PHKZzWAVS+97/YcubmsfL5cTYWrjQN9XO4TAYtaCV3iGB1DsT9p6J1I3Tl4F3yhb +NcN0IrjI2R5uauFchC/PfYAaw81ISBUm1iciJYF/dUO6X7DwcvsjQD6QVe3ESwZw +1v2gC7zIeHKp9WAvVHUHIubBVvNavqnZN01+JjtydNGI+IJe4Jn+WU9tF2OuTqtP +JCn50sBQ7+gr0j0aatn8W3XCXHNRua3niWtgRYcCggEAT7OzfWxhPuyMYV9qiKAN +a4ruPp3mjDUCQ6pP4jQuBT+PYtfbe8U63MSpIsgb1XVAFNdVBA70xGd7I/XqY3l9 +ExS08n8yR7vW+Hhl4KTjZ3m9lLwiXmj1omLOGM7KVRBoITUGJ9JEXyB3rM9oXyjA +H2eNZMh5FSTGEHqj/IV/6paoUSrp37os8VqoEHoJ3d+zGhcf98RT/e9KyGt+GmX6 ++eNMf4YwkJg07THfmkRoguNMfCtAtBfZsjbW5MyfShRy7PxC7ZgDju06wXr3yZB9 +dNQuhufH4s27azQUl7w8ETaCm5QuA7i1V2c0FPpljZ052JHZAQsDpbIYd11HREvm +QQKCAQEA0W7xNYoFvnyikdG0t266LLv1EkWDFdgkelGx/eGe/JZ+au3uTM94EssC +ni64XX2P8vK/te+c3jItYO4MRgnDJ7GW+bRnJFu2kBE0W4chx7vga0XApVCP+Ugg +owv5yf9cOAHFulvPefsU0snYStD3gNq77XDg0CwoyUkpeq+GiupoQ8tquMSsrEwp +ve5DtDip3cLHz2oVLB3mR4kKVwVwmOgO5RKq6N/H6Jxtf/Zk1I260dKr+Dv2MnDh +dysO4zH5YEt2ML3oY4zY8lu+I5bHCBR1updSny0B31WrXAJyfZpMx+HOwETFKa3B +v9AGKz0Jc2GOIRKHrCQ/WkZePetaYQ== +-----END PRIVATE KEY----- diff --git a/ms/py-executor/README b/ms/py-executor/README new file mode 100644 index 000000000..919795a3c --- /dev/null +++ b/ms/py-executor/README @@ -0,0 +1,5 @@ + +Generate Server Certificates +------------------------------ + +openssl req -x509 -newkey rsa:4096 -keyout py-executor-key.pem -out py-executor-chain.pem -days 3650 -nodes -subj '/CN=localhost' \ No newline at end of file diff --git a/ms/py-executor/client.py b/ms/py-executor/client.py new file mode 100644 index 000000000..c5bdc43c8 --- /dev/null +++ b/ms/py-executor/client.py @@ -0,0 +1,67 @@ +# Copyright © 2018-2019 AT&T Intellectual Property. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import grpc +from blueprints_grpc.proto.BluePrintProcessing_pb2_grpc import BluePrintProcessingServiceStub +from blueprints_grpc.proto.BluePrintProcessing_pb2 import ExecutionServiceInput +from blueprints_grpc.proto.BluePrintCommon_pb2 import CommonHeader, ActionIdentifiers + + +def generate_messages(): + commonHeader = CommonHeader() + commonHeader.requestId = "1234" + commonHeader.subRequestId = "1234-1" + commonHeader.originatorId = "CDS" + + actionIdentifiers = ActionIdentifiers() + actionIdentifiers.blueprintName = "sample-cba" + actionIdentifiers.blueprintVersion = "1.0.0" + actionIdentifiers.actionName = "SampleScript" + + input = ExecutionServiceInput(commonHeader=commonHeader, actionIdentifiers=actionIdentifiers) + + commonHeader2 = CommonHeader() + commonHeader2.requestId = "1235" + commonHeader2.subRequestId = "1234-2" + commonHeader2.originatorId = "CDS" + input2 = ExecutionServiceInput(commonHeader=commonHeader2, actionIdentifiers=actionIdentifiers) + + inputs = [input, input2] + for input in inputs: + print(input) + yield input + + +if __name__ == '__main__': + with open('py-executor-chain.pem', 'rb') as f: + creds = grpc.ssl_channel_credentials(f.read()) + channel = grpc.secure_channel('localhost:50052', creds) + stub = BluePrintProcessingServiceStub(channel) + + messages = generate_messages() + responses = stub.process(messages) + for response in responses: + print(response) diff --git a/ms/py-executor/configuration.ini b/ms/py-executor/configuration.ini index 8c36dd04f..5688f39bd 100644 --- a/ms/py-executor/configuration.ini +++ b/ms/py-executor/configuration.ini @@ -1,6 +1,11 @@ [scriptExecutor] port=%(APP_PORT)s -auth=%(BASIC_AUTH)s +authType=%(AUTH_TYPE)s +# For Token Auth +token=%(AUTH_TOKEN)s +# For TLS Auth +certChain=%(AUTH_CERT_CHAIN)s +privateKey=%(AUTH_PRIVATE_KEY)s logFile=%(LOG_FILE)s maxWorkers=20 diff --git a/ms/py-executor/dc/docker-compose.yaml b/ms/py-executor/dc/docker-compose.yaml index 76009411b..30298e3c0 100755 --- a/ms/py-executor/dc/docker-compose.yaml +++ b/ms/py-executor/dc/docker-compose.yaml @@ -16,7 +16,11 @@ services: STICKYSELECTORKEY: ENVCONTEXT: dev APP_PORT: 50052 - BASIC_AUTH: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw== + #AUTH_TYPE: basic-auth + #AUTH_TOKEN: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw== + AUTH_TYPE: tls-auth + AUTH_CERT_CHAIN: /opt/app/onap/python/py-executor-chain.pem + AUTH_PRIVATE_KEY: /opt/app/onap/python/py-executor-key.pem LOG_FILE: /opt/app/onap/logs/application.log volumes: diff --git a/ms/py-executor/docker/distribution.xml b/ms/py-executor/docker/distribution.xml index 6235a7b8a..bb7a8d20a 100755 --- a/ms/py-executor/docker/distribution.xml +++ b/ms/py-executor/docker/distribution.xml @@ -38,6 +38,9 @@ requirements.txt configuration.ini + *.crt + *.key + *.pem true 0666 diff --git a/ms/py-executor/py-executor-chain.pem b/ms/py-executor/py-executor-chain.pem new file mode 100644 index 000000000..30f09dfea --- /dev/null +++ b/ms/py-executor/py-executor-chain.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEpDCCAowCCQDyhR+GR2RUiTANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAls +b2NhbGhvc3QwHhcNMTkxMDIzMDAwMTA0WhcNMjkxMDIwMDAwMTA0WjAUMRIwEAYD +VQQDDAlsb2NhbGhvc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCs +c4d6qfbW+GSMp+XURoLXtSAbbehoBXL2beSzqQNW6e+Q9IVtSPZst8VRjUXelFzM +m7VpS9jhiXOPZ5KKUOD0GVuNQc54VpwtHt7t9L5wS9OvdnLijnMIkc0iUvC6+Rcq +HSfbNC2Tb+a8jLwojmtRCeY/MyCnmqYpD+U3b6Eue89VpMOIfmDuTqSRRBYNVO72 +hq7FI3UD8+zREg7htfzjJjG14Ec5iVMDxJA1FlwtXFnZxDHgbLjEVjTTR/9Wm1eU +aJ4oWRt3gG/vnJNa+GwN4w/My+j/5/n/YpNh6GeQrHxBl/SL/SAFBshlwozr4K4K +av5MqRKyhCACV4SsdhKJUEDtvrtukJvh/ZDW8jdNbFJAljm8UucZGbJrZl6G7XB3 +WteI7rezo0mL0NMBZIT3nQSMEpefKUFZFiE5lYvIk3UuChqIM0xdgV4INwLRHZdc +1TtiGaBJV05y3Klo5gaUgNGbHP26zfub5TydiMrOA5W2mUvMkG2oit9aqnbaZBLD +t17cCKzpzcVF5uNUng3j6sQvpTt3S4L28TvKUMAfpecQqvxMoxG0/9HZuv2z+U+L +LVVsS07yJPIGMLcq1LMM++8LwD1MupcoShjNOq/lUOL6hIMfLOIfxt8Kv8WykVzv +6yjKEIurjkwMipq4kvr9J7FFi54kGr7uvXWQRHDFJwIDAQABMA0GCSqGSIb3DQEB +CwUAA4ICAQB7gJzvaOIP3/S2jrObz67g0jiz1cfb4I9KQwpwb6JUWbYm1QjBcGm4 +IhNbdPMD6dpwBc/A4JctA5E+/fArvl14UtK1jkaaE/GCumL0VUSZeAM6CK/63brt +LplqCunv8ePHmiwjJBnhu+ewe1+mDMVDMw0iot/q+pOM3vqNS1Fipja+xFK1JQZx +JmkjW/Ug3NHk/SSTfO+VNmlI5bBBApMqKmd9picsyDZ7dTBtZvbqV5eQsPZvv14G +oEvWnvvom+D5GojroSO+OMHNDR3bzK6p0Cu8AiTy9Ls6J2e4GXJz3Cg/kuF9tNlR +3X62zDT+CUipuYyTvmjbSyNMGwU7BIZTKFPuTtjh7EwT2g6S8RV9PmT98CQW6kTT +RJbL7nMIOF0WusysAT5wj1HJ0QKBQCXK+L6WTKTTovaEE7JSVrYe7wVF8Q9SyBIM +4CPVZt+GMyQKJ9SRnVgTDEMb7sj9HPaoVeDc6LQTv8Q//wFeTdZIWXQhpVJCQCEG +qkRk9r3isF60ISOXXIYhqE+hx3QXY9M2UyHDtKXPZ7X370vADi2ebBMF8MpIZYl5 +628dME9JhOhLhD5qPJeva2Nq4gLpK+rO6t7ML0Us4edoKyoScowXAh80q1GW3EO3 +IxTK123651C/S0kDqLqZ9rknEdpwSujrT2UW95jUlfo5OKDrPpdOBw== +-----END CERTIFICATE----- diff --git a/ms/py-executor/py-executor-key.pem b/ms/py-executor/py-executor-key.pem new file mode 100644 index 000000000..830a3ae21 --- /dev/null +++ b/ms/py-executor/py-executor-key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCsc4d6qfbW+GSM +p+XURoLXtSAbbehoBXL2beSzqQNW6e+Q9IVtSPZst8VRjUXelFzMm7VpS9jhiXOP +Z5KKUOD0GVuNQc54VpwtHt7t9L5wS9OvdnLijnMIkc0iUvC6+RcqHSfbNC2Tb+a8 +jLwojmtRCeY/MyCnmqYpD+U3b6Eue89VpMOIfmDuTqSRRBYNVO72hq7FI3UD8+zR +Eg7htfzjJjG14Ec5iVMDxJA1FlwtXFnZxDHgbLjEVjTTR/9Wm1eUaJ4oWRt3gG/v +nJNa+GwN4w/My+j/5/n/YpNh6GeQrHxBl/SL/SAFBshlwozr4K4Kav5MqRKyhCAC +V4SsdhKJUEDtvrtukJvh/ZDW8jdNbFJAljm8UucZGbJrZl6G7XB3WteI7rezo0mL +0NMBZIT3nQSMEpefKUFZFiE5lYvIk3UuChqIM0xdgV4INwLRHZdc1TtiGaBJV05y +3Klo5gaUgNGbHP26zfub5TydiMrOA5W2mUvMkG2oit9aqnbaZBLDt17cCKzpzcVF +5uNUng3j6sQvpTt3S4L28TvKUMAfpecQqvxMoxG0/9HZuv2z+U+LLVVsS07yJPIG +MLcq1LMM++8LwD1MupcoShjNOq/lUOL6hIMfLOIfxt8Kv8WykVzv6yjKEIurjkwM +ipq4kvr9J7FFi54kGr7uvXWQRHDFJwIDAQABAoICADepPmRAMbTnDYU8t/jRHXBE +PO29htL0V0vk4nl+pt5JuZJe6iYA89DZa+3LnG6gEmfUJjSrT4BUXiE+O9U7D7CZ +8qvgPqUmx1fk6+2AHmuefd/XanNnqQduD/jxLlQbC/gC2xdsev1ok9/tyNmKRmcs +u81QUkzmpJUCVWiUNkELozswaBBJQj4I0iM1B60b6dlWVVi5/g3dkGVW38jIdaxX +apoansKaaVoA+s63vd7CPRoFsleOoAB3FqvPREIO97CmJ848HJpwsTB0qDcnkbDV +xgbDFhxrIozko09ptOvEUILXag45EDmvG8WEivmjVml0aUoTFD7cWHyJBQCpR4fU +5W9mYd4Rrzbmpb+LGYdNyrp3wo3C7dJ7/ffBMQxmXTdMZkcxorxj4BRG3oACRQ1u +Ff1iUruZzIIDtEkrC9hc5QpLlDf9b1obm8L9sxf1QmTt59o5oFG40GPwPP19GXwE +l2faHwho2jYLM9rhuSsK/5sSmUshPNQYmfMnbWzTtghMPE/g0Cfpt8qbspq+G1bk +z3M97JlFMF83ccRotDElX9E/ttjU7Lehoz+1sOyHiVW1E4oqKer4t+nI2bp6VYZm +W94qptW7kb4o0DsvPCaoTPBxLJ1ag2WBlqoFkVI0YaxZiZ8OTR55Ovi4z5xWBO1q +NkCKgdAUQvQVzVtASVGBAoIBAQDSw2nvPFN4gGZ6OI+8j2gWtPcsrhSHS9ykxBeB +mB/HExYIe8k3EvClf2rnfwzuKgKyVMp7Ev7nH2jS/PGZq37QyXrw0NBGRnvJY0Ez +YB1KTgf9xaHMGMut5efNvv/cPwYriqosgJ0pdt0vvUAIQ6EBv+iDXXqJ1lQUSRYk +wKjFABi6TeJY4t9vC474KoXTDaHlwn9+TwnuRBk85wrZzlhK90J0iVa9/Eqeddsc +Z3CuTlc+NmcP3qvniYODq8nyVc0pKw+28AVYYEd3aJfgm+dpcB21L0oz7CaxH/Rz +FNONuQRaOzJrcuJsde/KG2X+MHs6hVMXXXWciPrJ2l+Cq7dnAoIBAQDRdwZDcgem +tJHLihCRzUl9PKip4ZA5757ZyTy6WMLR3wMS2cNTK8+bTrUa0SSC4WSI28pybFA7 +QdSR08c5Nd7jXcIrtqspgZKhb0E60i8VQHhh6ba/kyQjsEz9c/G1WquPK13j2vZ0 +79bomDwFJPsFzABU+sC0/F42ZVQzy9qXkjngjtmaGfrCc7X+pV28nEGtyxHci3L4 +XXfE2dOb+GBVZPLBVXwcthdRYsFuU9GMy2GH0zVtWPOcGRnlpx53Tqg7NIeR0Nm1 +K35EaK8PH92PsAr0Xza7vQHY4cPRz+RhDzjyGQtnhKf96U6gzzt4ZVbQ/UuzDBcL +PQ2DvUH+sqxBAoIBAEW5kiUsDu0xhTVv2tVll+jTK2ZjnLT5ut/jY2djHTgtrz9V +PEb1BBmsIoC9PljYGxZGCMpYiW2KrZIHTiIpYwXNcdeTLSPik3cXV+2YIXiAghJJ +PHKZzWAVS+97/YcubmsfL5cTYWrjQN9XO4TAYtaCV3iGB1DsT9p6J1I3Tl4F3yhb +NcN0IrjI2R5uauFchC/PfYAaw81ISBUm1iciJYF/dUO6X7DwcvsjQD6QVe3ESwZw +1v2gC7zIeHKp9WAvVHUHIubBVvNavqnZN01+JjtydNGI+IJe4Jn+WU9tF2OuTqtP +JCn50sBQ7+gr0j0aatn8W3XCXHNRua3niWtgRYcCggEAT7OzfWxhPuyMYV9qiKAN +a4ruPp3mjDUCQ6pP4jQuBT+PYtfbe8U63MSpIsgb1XVAFNdVBA70xGd7I/XqY3l9 +ExS08n8yR7vW+Hhl4KTjZ3m9lLwiXmj1omLOGM7KVRBoITUGJ9JEXyB3rM9oXyjA +H2eNZMh5FSTGEHqj/IV/6paoUSrp37os8VqoEHoJ3d+zGhcf98RT/e9KyGt+GmX6 ++eNMf4YwkJg07THfmkRoguNMfCtAtBfZsjbW5MyfShRy7PxC7ZgDju06wXr3yZB9 +dNQuhufH4s27azQUl7w8ETaCm5QuA7i1V2c0FPpljZ052JHZAQsDpbIYd11HREvm +QQKCAQEA0W7xNYoFvnyikdG0t266LLv1EkWDFdgkelGx/eGe/JZ+au3uTM94EssC +ni64XX2P8vK/te+c3jItYO4MRgnDJ7GW+bRnJFu2kBE0W4chx7vga0XApVCP+Ugg +owv5yf9cOAHFulvPefsU0snYStD3gNq77XDg0CwoyUkpeq+GiupoQ8tquMSsrEwp +ve5DtDip3cLHz2oVLB3mR4kKVwVwmOgO5RKq6N/H6Jxtf/Zk1I260dKr+Dv2MnDh +dysO4zH5YEt2ML3oY4zY8lu+I5bHCBR1updSny0B31WrXAJyfZpMx+HOwETFKa3B +v9AGKz0Jc2GOIRKHrCQ/WkZePetaYQ== +-----END PRIVATE KEY----- diff --git a/ms/py-executor/server.py b/ms/py-executor/server.py index 5c149d96b..f506e9446 100644 --- a/ms/py-executor/server.py +++ b/ms/py-executor/server.py @@ -33,21 +33,45 @@ _ONE_DAY_IN_SECONDS = 60 * 60 * 24 def serve(configuration: ScriptExecutorConfiguration): port = configuration.script_executor_property('port') - basic_auth = configuration.script_executor_property('auth') + authType = configuration.script_executor_property('authType') maxWorkers = configuration.script_executor_property('maxWorkers') - header_validator = RequestHeaderValidatorInterceptor( - 'authorization', basic_auth, grpc.StatusCode.UNAUTHENTICATED, - 'Access denied!') + if authType == 'tls-auth': + cert_chain_file = configuration.script_executor_property('certChain') + private_key_file = configuration.script_executor_property('privateKey') + logger.info("Setting GRPC server TLS authentication, cert file(%s) private key file(%s)", cert_chain_file, + private_key_file) + # read in key and certificate + with open(cert_chain_file, 'rb') as f: + certificate_chain = f.read() + with open(private_key_file, 'rb') as f: + private_key = f.read() - server = grpc.server(futures.ThreadPoolExecutor(max_workers=int(maxWorkers)), - interceptors=(header_validator,)) + # create server credentials + server_credentials = grpc.ssl_server_credentials(((private_key, certificate_chain),)) - BluePrintProcessing_pb2_grpc.add_BluePrintProcessingServiceServicer_to_server( - BluePrintProcessingServer(configuration), server) + # create server + server = grpc.server(futures.ThreadPoolExecutor(max_workers=int(maxWorkers))) + BluePrintProcessing_pb2_grpc.add_BluePrintProcessingServiceServicer_to_server( + BluePrintProcessingServer(configuration), server) - server.add_insecure_port('[::]:' + port) - server.start() + # add secure port using credentials + server.add_secure_port('[::]:' + port, server_credentials) + server.start() + else: + logger.info("Setting GRPC server base authentication") + basic_auth = configuration.script_executor_property('token') + header_validator = RequestHeaderValidatorInterceptor( + 'authorization', basic_auth, grpc.StatusCode.UNAUTHENTICATED, + 'Access denied!') + # create server with token authentication interceptors + server = grpc.server(futures.ThreadPoolExecutor(max_workers=int(maxWorkers)), + interceptors=(header_validator,)) + BluePrintProcessing_pb2_grpc.add_BluePrintProcessingServiceServicer_to_server( + BluePrintProcessingServer(configuration), server) + + server.add_insecure_port('[::]:' + port) + server.start() logger.info("Command Executor Server started on %s" % port) -- cgit 1.2.3-korg