aboutsummaryrefslogtreecommitdiffstats
path: root/catalog-be/src
diff options
context:
space:
mode:
authorMichaelMorris <michael.morris@est.tech>2023-09-18 09:18:44 +0100
committerVasyl Razinkov <vasyl.razinkov@est.tech>2023-10-27 14:32:56 +0000
commit532abef3013434369b0d6a126b417db7b6134bd2 (patch)
treefd55c00a9c33bc1debfec3a6c2098264406f22ea /catalog-be/src
parentc6d49ae4af0b13bd0f75a878ffa88487ef38afc2 (diff)
TLS sdc-be-init: truststore & keystore handling
Issue-ID: SDC-4671 Change-Id: Iaa6e4810cb06cc44a393ca4fda561b24ec208711 Signed-off-by: MichaelMorris <michael.morris@est.tech>
Diffstat (limited to 'catalog-be/src')
-rw-r--r--catalog-be/src/main/resources/scripts/sdcBePy/common/healthCheck.py14
-rw-r--r--catalog-be/src/main/resources/scripts/sdcBePy/common/normative/toscaElements.py5
-rw-r--r--catalog-be/src/main/resources/scripts/sdcBePy/common/normative/toscaTypes.py5
-rwxr-xr-xcatalog-be/src/main/resources/scripts/sdcBePy/common/sdcBeProxy.py19
-rw-r--r--catalog-be/src/main/resources/scripts/sdcBePy/consumers/run.py8
-rw-r--r--catalog-be/src/main/resources/scripts/sdcBePy/tosca/imports/runGenericNormative.py4
-rw-r--r--catalog-be/src/main/resources/scripts/sdcBePy/tosca/imports/runNormativeElement.py4
-rw-r--r--catalog-be/src/main/resources/scripts/sdcBePy/tosca/imports/runNormativeType.py3
-rw-r--r--catalog-be/src/main/resources/scripts/sdcBePy/tosca/main.py14
-rwxr-xr-xcatalog-be/src/main/resources/scripts/sdcBePy/users/run.py10
10 files changed, 57 insertions, 29 deletions
diff --git a/catalog-be/src/main/resources/scripts/sdcBePy/common/healthCheck.py b/catalog-be/src/main/resources/scripts/sdcBePy/common/healthCheck.py
index a0acc90d44..8d63ef3d98 100644
--- a/catalog-be/src/main/resources/scripts/sdcBePy/common/healthCheck.py
+++ b/catalog-be/src/main/resources/scripts/sdcBePy/common/healthCheck.py
@@ -12,9 +12,9 @@ from sdcBePy.common.sdcBeProxy import SdcBeProxy
colors = BColors()
-def check_backend(sdc_be_proxy=None, reply_append_count=1, be_host=None, be_port=None, header=None, scheme=None, debug=False):
+def check_backend(sdc_be_proxy=None, reply_append_count=1, be_host=None, be_port=None, header=None, scheme=None, debug=False, ca_cert=None, tls_cert=None, tls_key=None, tls_key_pw=None):
if sdc_be_proxy is None:
- sdc_be_proxy = SdcBeProxy(be_host, be_port, header, scheme, debug=debug)
+ sdc_be_proxy = SdcBeProxy(be_host, be_port, header, scheme, tls_cert, tls_key, tls_key_pw, ca_cert, debug=debug)
for i in range(1, reply_append_count + 1):
if sdc_be_proxy.check_backend() == 200:
@@ -28,9 +28,9 @@ def check_backend(sdc_be_proxy=None, reply_append_count=1, be_host=None, be_port
return False
-def run(be_host, be_port, header, protocol):
+def run(be_host, be_port, header, protocol, tls_key, tls_cert, tls_key_pw, ca_cert):
if not check_backend(reply_append_count=properties.retry_attempts, be_host=be_host,
- be_port=be_port, header=header, scheme=protocol):
+ be_port=be_port, header=header, scheme=protocol, ca_cert=ca_cert, tls_cert=tls_cert, tls_key=tls_key, tls_key_pw=tls_key_pw):
print('[ERROR]: ' + time.strftime('%Y/%m/%d %H:%M:%S') + colors.FAIL + ' Backend is DOWN :-(' + colors.END_C)
sys.exit()
@@ -42,11 +42,15 @@ def get_args():
parser.add_argument('-p', '--port', required=True)
parser.add_argument('--header')
parser.add_argument('--https', action='store_true')
+ parser.add_argument('--tls_key')
+ parser.add_argument('--tls_cert')
+ parser.add_argument('--tls_key_pw')
+ parser.add_argument('--ca_cert')
args = parser.parse_args()
init_properties(10, 10)
- return [args.ip, args.port, args.header, 'https' if args.https else 'http']
+ return [args.ip, args.port, args.header, 'https' if args.https else 'http', args.tls_key, args.tls_cert, args.tls_key_pw, args.ca_cert]
def main():
diff --git a/catalog-be/src/main/resources/scripts/sdcBePy/common/normative/toscaElements.py b/catalog-be/src/main/resources/scripts/sdcBePy/common/normative/toscaElements.py
index ef23e3ff6d..50f4be2ee6 100644
--- a/catalog-be/src/main/resources/scripts/sdcBePy/common/normative/toscaElements.py
+++ b/catalog-be/src/main/resources/scripts/sdcBePy/common/normative/toscaElements.py
@@ -9,11 +9,12 @@ from sdcBePy.common.errors import ResourceCreationError
def process_and_create_normative_element(normative_element,
- scheme=None, be_host=None, be_port=None, header=None, admin_user=None, sdc_be_proxy=None,
+ scheme=None, be_host=None, be_port=None, header=None, admin_user=None,
+ tls_cert=None, tls_key=None, tls_key_pw=None, ca_cert=None, sdc_be_proxy=None,
model=None, debug=False,
exit_on_success=False):
if sdc_be_proxy is None:
- sdc_be_proxy = SdcBeProxy(be_host, be_port, header, scheme, admin_user, debug=debug)
+ sdc_be_proxy = SdcBeProxy(be_host, be_port, header, scheme, tls_cert, tls_key, tls_key_pw, ca_cert, admin_user, debug=debug)
file_dir, url_suffix, element_name, element_from_name, with_metadata = normative_element.get_parameters()
_create_normative_element(sdc_be_proxy,
diff --git a/catalog-be/src/main/resources/scripts/sdcBePy/common/normative/toscaTypes.py b/catalog-be/src/main/resources/scripts/sdcBePy/common/normative/toscaTypes.py
index fecc88a320..83b4a913c5 100644
--- a/catalog-be/src/main/resources/scripts/sdcBePy/common/normative/toscaTypes.py
+++ b/catalog-be/src/main/resources/scripts/sdcBePy/common/normative/toscaTypes.py
@@ -9,13 +9,14 @@ from sdcBePy.common.sdcBeProxy import SdcBeProxy
def process_and_create_normative_types(normative_type,
- scheme=None, be_host=None, be_port=None, header=None, admin_user=None,
+ scheme=None, be_host=None, be_port=None, header=None,
+ tls_cert=None, tls_key=None, tls_key_pw=None, ca_cert=None, admin_user=None,
sdc_be_proxy=None,
update_version=False,
debug=False,
exit_on_success=False):
if sdc_be_proxy is None:
- sdc_be_proxy = SdcBeProxy(be_host, be_port, header, scheme, admin_user, debug=debug)
+ sdc_be_proxy = SdcBeProxy(be_host, be_port, header, scheme, tls_cert, tls_key, tls_key_pw, ca_cert, admin_user, debug=debug)
file_dir, normative_type_list = normative_type.get_parameters()
diff --git a/catalog-be/src/main/resources/scripts/sdcBePy/common/sdcBeProxy.py b/catalog-be/src/main/resources/scripts/sdcBePy/common/sdcBeProxy.py
index ecd07264b4..2a1d310010 100755
--- a/catalog-be/src/main/resources/scripts/sdcBePy/common/sdcBeProxy.py
+++ b/catalog-be/src/main/resources/scripts/sdcBePy/common/sdcBeProxy.py
@@ -14,13 +14,13 @@ class SdcBeProxy:
BODY_SEPARATOR = "\r\n\r\n"
CHARTSET = 'UTF-8'
- def __init__(self, be_ip, be_port, header, scheme, user_id="jh0003",
+ def __init__(self, be_ip, be_port, header, scheme, tls_cert, tls_key, tls_key_pw, ca_cert, user_id="jh0003",
debug=False, connector=None):
if not check_arguments_not_none(be_ip, be_port, scheme, user_id):
raise AttributeError("The be_host, be_port, scheme or admin_user are missing")
url = get_url(be_ip, be_port, scheme)
self.con = connector if connector \
- else CurlConnector(url, user_id, header, protocol=scheme, debug=debug)
+ else CurlConnector(url, user_id, header, tls_cert, tls_key, tls_key_pw, ca_cert, protocol=scheme, debug=debug)
def check_backend(self):
return self.con.get('/sdc2/rest/v1/user/jh0003')
@@ -75,9 +75,13 @@ class CurlConnector:
CONTENT_TYPE_HEADER = "Content-Type: application/json"
ACCEPT_HEADER = "Accept: application/json; charset=UTF-8"
- def __init__(self, url, user_id_header, header, buffer=None, protocol="http", debug=False):
+ def __init__(self, url, user_id_header, header, tls_cert, tls_key, tls_key_pw, ca_cert, buffer=None, protocol="http", debug=False):
self.__debug = debug
self.__protocol = protocol
+ self.__tls_cert = tls_cert
+ self.__tls_key = tls_key
+ self.__tls_key_pw = tls_key_pw
+ self.__ca_cert = ca_cert
self.c = self.__build_default_curl()
self.user_header = "USER_ID: " + user_id_header
@@ -172,6 +176,15 @@ class CurlConnector:
if self.__protocol == 'https':
curl.setopt(pycurl.SSL_VERIFYPEER, 0)
curl.setopt(pycurl.SSL_VERIFYHOST, 0)
+ if self.__tls_cert is not None and self.__tls_key is not None:
+ curl.setopt(curl.SSLCERT, self.__tls_cert)
+ curl.setopt(curl.SSLKEY, self.__tls_key)
+ if self.__tls_key_pw is not None:
+ curl.setopt(curl.KEYPASSWD, self.__tls_key_pw)
+ if self.__ca_cert is not None:
+ curl.setopt(pycurl.SSL_VERIFYPEER, 1)
+ curl.setopt(pycurl.SSL_VERIFYHOST, 2)
+ curl.setopt(curl.CAINFO, self.__ca_cert)
curl.setopt(pycurl.HEADER, True)
return curl
diff --git a/catalog-be/src/main/resources/scripts/sdcBePy/consumers/run.py b/catalog-be/src/main/resources/scripts/sdcBePy/consumers/run.py
index 8ea1d1cf64..6f5cbe76d0 100644
--- a/catalog-be/src/main/resources/scripts/sdcBePy/consumers/run.py
+++ b/catalog-be/src/main/resources/scripts/sdcBePy/consumers/run.py
@@ -7,8 +7,8 @@ from sdcBePy.consumers.models.consumerCandidateList import get_consumers
from sdcBePy.users.run import colors
-def be_consumers_init(be_ip, be_port, header, protocol, consumer_candidate_list):
- sdc_be_proxy = SdcBeProxy(be_ip, be_port, header, protocol)
+def be_consumers_init(be_ip, be_port, header, protocol, tls_cert, tls_key, tls_key_pw, ca_cert, consumer_candidate_list):
+ sdc_be_proxy = SdcBeProxy(be_ip, be_port, header, protocol, tls_cert, tls_key, tls_key_pw, ca_cert)
if check_backend(sdc_be_proxy, properties.retry_attempts):
for consumer in consumer_candidate_list:
if sdc_be_proxy.check_user(consumer.consumer_name) != 200:
@@ -28,8 +28,8 @@ def be_consumers_init(be_ip, be_port, header, protocol, consumer_candidate_list)
def main():
- be_ip, be_port, header, protocol = get_args()
- be_consumers_init(be_ip, be_port, header, protocol, get_consumers())
+ be_ip, be_port, header, protocol, tls_key, tls_cert, tls_key_pw, ca_cert = get_args()
+ be_consumers_init(be_ip, be_port, header, protocol, tls_cert, tls_key, tls_key_pw, ca_cert, get_consumers())
if __name__ == '__main__':
diff --git a/catalog-be/src/main/resources/scripts/sdcBePy/tosca/imports/runGenericNormative.py b/catalog-be/src/main/resources/scripts/sdcBePy/tosca/imports/runGenericNormative.py
index 424c0ca7c5..1353486bc2 100644
--- a/catalog-be/src/main/resources/scripts/sdcBePy/tosca/imports/runGenericNormative.py
+++ b/catalog-be/src/main/resources/scripts/sdcBePy/tosca/imports/runGenericNormative.py
@@ -20,12 +20,12 @@ def get_normative_prams():
def main():
- scheme, be_host, be_port, admin_user, _, debug = get_args()
+ scheme, be_host, be_port, admin_user, _, debug, tls_cert, tls_key, tls_key_pw, ca_cert = get_args()
candidate = NormativeTypeCandidate(*get_normative_prams())
try:
process_and_create_normative_types(candidate,
- scheme, be_host, be_port, admin_user,
+ scheme, be_host, be_port, admin_user, tls_cert, tls_key, tls_key_pw, ca_cert,
debug=debug,
exit_on_success=True)
except AttributeError:
diff --git a/catalog-be/src/main/resources/scripts/sdcBePy/tosca/imports/runNormativeElement.py b/catalog-be/src/main/resources/scripts/sdcBePy/tosca/imports/runNormativeElement.py
index ce5eca427a..81434a19cc 100644
--- a/catalog-be/src/main/resources/scripts/sdcBePy/tosca/imports/runNormativeElement.py
+++ b/catalog-be/src/main/resources/scripts/sdcBePy/tosca/imports/runNormativeElement.py
@@ -9,10 +9,10 @@ from sdcBePy.tosca.models.normativeElementsList import get_capability, get_data,
def run(candidate):
- scheme, be_host, be_port, header, admin_user, _, debug = get_args()
+ scheme, be_host, be_port, header, admin_user, _, debug, tls_cert, tls_key, tls_key_pw, ca_cert = get_args()
try:
process_and_create_normative_element(candidate,
- scheme, be_host, be_port, header, admin_user,
+ scheme, be_host, be_port, header, admin_user, tls_cert, tls_key, tls_key_pw, ca_cert,
debug=debug,
exit_on_success=True)
except AttributeError:
diff --git a/catalog-be/src/main/resources/scripts/sdcBePy/tosca/imports/runNormativeType.py b/catalog-be/src/main/resources/scripts/sdcBePy/tosca/imports/runNormativeType.py
index c2493b522d..b5e2f34928 100644
--- a/catalog-be/src/main/resources/scripts/sdcBePy/tosca/imports/runNormativeType.py
+++ b/catalog-be/src/main/resources/scripts/sdcBePy/tosca/imports/runNormativeType.py
@@ -8,13 +8,14 @@ from sdcBePy.tosca.models.normativeTypesList import get_normative, get_heat, get
def run(candidate, exit_on_success=True):
- scheme, be_host, be_port, admin_user, update_version, debug = get_args()
+ scheme, be_host, be_port, admin_user, update_version, debug, tls_cert, tls_key, tls_key_pw, ca_cert = get_args()
try:
process_and_create_normative_types(candidate,
scheme,
be_host,
be_port,
admin_user,
+ tls_cert, tls_key, tls_key_pw, ca_cert,
update_version=update_version,
debug=debug,
exit_on_success=exit_on_success)
diff --git a/catalog-be/src/main/resources/scripts/sdcBePy/tosca/main.py b/catalog-be/src/main/resources/scripts/sdcBePy/tosca/main.py
index b3cf8828ca..edd6496970 100644
--- a/catalog-be/src/main/resources/scripts/sdcBePy/tosca/main.py
+++ b/catalog-be/src/main/resources/scripts/sdcBePy/tosca/main.py
@@ -33,18 +33,22 @@ def parse_param():
parser.add_argument('--https', action='store_true')
parser.add_argument('--updateVersion', action='store_false')
parser.add_argument('--debug', action='store_true')
+ parser.add_argument('--tls_cert')
+ parser.add_argument('--tls_key')
+ parser.add_argument('--tls_key_pw')
+ parser.add_argument('--ca_cert')
args, _ = parser.parse_known_args()
return [args.conf, 'https' if args.https else 'http',
args.ip, args.port, args.header, args.adminUser, args.updateVersion,
- args.debug]
+ args.debug, args.tls_cert, args.tls_key, args.tls_key_pw, args.ca_cert]
def get_args():
print('Number of arguments:', len(sys.argv), 'arguments.')
- conf_path, scheme, be_host, be_port, header, admin_user, update_version, debug = parse_param()
+ conf_path, scheme, be_host, be_port, header, admin_user, update_version, debug, tls_cert, tls_key, tls_key_pw, ca_cert = parse_param()
defaults = load_be_config(conf_path)
# Use defaults if param not provided by the user
@@ -63,18 +67,18 @@ def get_args():
', debug =', debug, ', update_version =', update_version)
init_properties(defaults["retryTime"], defaults["retryAttempt"], defaults["resourceLen"])
- return scheme, be_host, be_port, header, admin_user, update_version, debug
+ return scheme, be_host, be_port, header, admin_user, update_version, debug, tls_cert, tls_key, tls_key_pw, ca_cert
def parse_and_create_proxy():
- scheme, be_host, be_port, header, admin_user, update_version, debug = get_args()
+ scheme, be_host, be_port, header, admin_user, update_version, debug, tls_cert, tls_key, tls_key_pw, ca_cert = get_args()
if debug is False:
print('Disabling debug mode')
logger.debugFlag = debug
try:
- sdc_be_proxy = SdcBeProxy(be_host, be_port, header, scheme, admin_user, debug=debug)
+ sdc_be_proxy = SdcBeProxy(be_host, be_port, header, scheme, tls_cert, tls_key, tls_key_pw, ca_cert, admin_user, debug=debug)
except AttributeError:
usage()
sys.exit(3)
diff --git a/catalog-be/src/main/resources/scripts/sdcBePy/users/run.py b/catalog-be/src/main/resources/scripts/sdcBePy/users/run.py
index 2dbd941cc3..35b9be77a3 100755
--- a/catalog-be/src/main/resources/scripts/sdcBePy/users/run.py
+++ b/catalog-be/src/main/resources/scripts/sdcBePy/users/run.py
@@ -19,8 +19,8 @@ def load_users(conf_path):
return json.load(f)
-def be_user_init(be_ip, be_port, header, protocol, conf_path):
- sdc_be_proxy = SdcBeProxy(be_ip, be_port, header, protocol)
+def be_user_init(be_ip, be_port, header, protocol, conf_path, tls_cert, tls_key, tls_key_pw, ca_cert):
+ sdc_be_proxy = SdcBeProxy(be_ip, be_port, header, protocol, tls_cert, tls_key, tls_key_pw, ca_cert)
if check_backend(sdc_be_proxy, properties.retry_attempts):
users = load_users(conf_path)
for user in users:
@@ -53,11 +53,15 @@ def get_args():
parser.add_argument('--https', action='store_true')
path = os.path.dirname(__file__)
parser.add_argument('--conf', default=os.path.join(path, 'data', 'users.json'))
+ parser.add_argument('--tls_cert')
+ parser.add_argument('--tls_key')
+ parser.add_argument('--tls_key_pw')
+ parser.add_argument('--ca_cert')
args = parser.parse_args()
init_properties(10, 10)
- return [args.ip, args.port, args.header, 'https' if args.https else 'http', args.conf]
+ return [args.ip, args.port, args.header, 'https' if args.https else 'http', args.conf, args.tls_cert, args.tls_key, args.tls_key_pw, args.ca_cert]
def main():