From d38c4f362eb4b4479c7f7fa2bddaac182d0d6424 Mon Sep 17 00:00:00 2001 From: agelostsal Date: Tue, 27 Oct 2020 13:22:36 +0200 Subject: [PATCH 1/6] ARGO-2677 Push server outgoing http requests should use cert/key --- api/v1/grpc/server.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/api/v1/grpc/server.go b/api/v1/grpc/server.go index 76572c2..ef71626 100644 --- a/api/v1/grpc/server.go +++ b/api/v1/grpc/server.go @@ -52,7 +52,14 @@ func NewPushService(cfg *config.Config) *PushService { // build the client transCfg := &http.Transport{ TLSClientConfig: &tls.Config{ - InsecureSkipVerify: !ps.Cfg.VerifySSL}, + InsecureSkipVerify: !ps.Cfg.VerifySSL, + }, + } + + // if tls is enabled for the server + // use the cert/key for outgoing http requests as well + if ps.Cfg.TLSEnabled { + transCfg.TLSClientConfig.Certificates = ps.Cfg.GetTLSConfig().Certificates } client := &http.Client{ From 2b240329b15d2fd555a081d020476fd5fe8b5266 Mon Sep 17 00:00:00 2001 From: agelostsal Date: Fri, 30 Oct 2020 12:55:31 +0200 Subject: [PATCH 2/6] ARGO-2669 Make syslog logging configurable for Ams push server --- README.md | 5 ++++- conf/ams-push-server-config.template | 3 ++- config/config.go | 11 +++++++++++ config/config_test.go | 5 ++++- main.go | 9 --------- 5 files changed, 21 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index d0201d1..83a86d4 100644 --- a/README.md +++ b/README.md @@ -68,7 +68,8 @@ Before you start, you need to issue a valid certificate. "trust_unknown_cas": false, "log_level": "INFO", "skip_subs_load": false, - "acl": ["OU=my.local,O=mkcert development certificate"] + "acl": ["OU=my.local,O=mkcert development certificate"], + "syslog_enabled": false } ``` - `service_port:` The port that the service will bind to. @@ -101,6 +102,8 @@ Before you start, you need to issue a valid certificate. `ams_token`). You can control this behavior and decide whether or not to pre-load any already active subscriptions. - `acl`: List of certificate DNs which are allowed to access the service. + + - `syslog_enabled`: Direct logging of the service to the syslog socket You can find the configuration template at `conf/ams-push-server-config.template`. ## Managing the protocol buffers and gRPC definitions diff --git a/conf/ams-push-server-config.template b/conf/ams-push-server-config.template index 33f8fef..ac6d237 100644 --- a/conf/ams-push-server-config.template +++ b/conf/ams-push-server-config.template @@ -11,5 +11,6 @@ "trust_unknown_cas": false, "log_level": "INFO", "skip_subs_load": false, - "acl": ["OU=my.local,O=mkcert development certificate"] + "acl": ["OU=my.local,O=mkcert development certificate"], + "syslog_enabled": false } diff --git a/config/config.go b/config/config.go index c8e6855..5378af8 100644 --- a/config/config.go +++ b/config/config.go @@ -6,8 +6,10 @@ import ( "encoding/json" "github.com/pkg/errors" log "github.com/sirupsen/logrus" + lSyslog "github.com/sirupsen/logrus/hooks/syslog" "io" "io/ioutil" + "log/syslog" "os" "path/filepath" "reflect" @@ -44,6 +46,8 @@ type Config struct { tlsConfig *tls.Config // list of certificate DNs that should be allowed to access the service ACL []string `json:"acl"` + // Enable direct logging of the service to the syslog facility + SyslogEnabled bool `json:"syslog_enabled"` } var logLevels = map[string]log.Level{ @@ -109,6 +113,13 @@ func (cfg *Config) LoadFromJson(from io.Reader) error { continue } + if cfg.SyslogEnabled { + hook, err := lSyslog.NewSyslogHook("", "", syslog.LOG_INFO, "") + if err == nil { + log.AddHook(hook) + } + } + log.WithFields( log.Fields{ "type": "service_log", diff --git a/config/config_test.go b/config/config_test.go index 1fd7d00..8997946 100644 --- a/config/config_test.go +++ b/config/config_test.go @@ -36,6 +36,7 @@ func (suite *ConfigTestSuite) TestValidateRequired() { LogLevel: "INFO", SkipSubsLoad: true, ACL: []string{"OU=my.local,O=mkcert development certificate"}, + SyslogEnabled: true, } // test the case where where everything is set properly @@ -59,7 +60,8 @@ func (suite *ConfigTestSuite) TestLoadFromJson() { "trust_unknown_cas": true, "log_level": "INFO", "skip_subs_load": true, - "acl": ["OU=my.local,O=mkcert development certificate"] + "acl": ["OU=my.local,O=mkcert development certificate"], + "syslog_enabled": true } ` cfg := new(Config) @@ -79,6 +81,7 @@ func (suite *ConfigTestSuite) TestLoadFromJson() { suite.Equal("INFO", cfg.LogLevel) suite.Equal(true, cfg.SkipSubsLoad) suite.Equal([]string{"OU=my.local,O=mkcert development certificate"}, cfg.ACL) + suite.Equal(true, cfg.SyslogEnabled) suite.Nil(e1) diff --git a/main.go b/main.go index a71f220..d5c9e92 100644 --- a/main.go +++ b/main.go @@ -7,22 +7,13 @@ import ( amsgRPC "github.com/ARGOeu/ams-push-server/api/v1/grpc" "github.com/ARGOeu/ams-push-server/config" log "github.com/sirupsen/logrus" - lSyslog "github.com/sirupsen/logrus/hooks/syslog" "io/ioutil" - "log/syslog" "net" ) func init() { - fmter := &log.TextFormatter{FullTimestamp: true, DisableColors: true} - hook, err := lSyslog.NewSyslogHook("", "", syslog.LOG_DEBUG, "") - log.SetFormatter(fmter) - - if err == nil { - log.AddHook(hook) - } } func main() { From a453c0d38d72a30ad81f8dfad88df56b57067e5d Mon Sep 17 00:00:00 2001 From: agelostsal Date: Thu, 12 Nov 2020 16:25:07 +0200 Subject: [PATCH 3/6] ARGO-2686 ams: support header authentication on remote for push messages --- api/v1/grpc/proto/ams.pb.go | 79 +++++++++++++++++++++---------------- api/v1/grpc/proto/ams.proto | 2 + api/v1/grpc/server.go | 19 ++++++--- api/v1/grpc/server_test.go | 17 ++++++-- push/worker_test.go | 2 +- senders/httpsender.go | 11 ++++-- senders/httpsender_test.go | 15 +++---- senders/mock.go | 56 +++++++++++++++----------- senders/sender.go | 5 ++- senders/sender_test.go | 9 ++++- 10 files changed, 132 insertions(+), 83 deletions(-) diff --git a/api/v1/grpc/proto/ams.pb.go b/api/v1/grpc/proto/ams.pb.go index b682344..78825e8 100644 --- a/api/v1/grpc/proto/ams.pb.go +++ b/api/v1/grpc/proto/ams.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // source: ams.proto -package ams +package proto import ( context "context" @@ -398,10 +398,12 @@ type PushConfig struct { // Defaults to 1. How many messages should the push server consume and sent at once. MaxMessages int64 `protobuf:"varint,3,opt,name=max_messages,json=maxMessages,proto3" json:"max_messages,omitempty"` // Required. Retry policy. - RetryPolicy *RetryPolicy `protobuf:"bytes,2,opt,name=retry_policy,json=retryPolicy,proto3" json:"retry_policy,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + RetryPolicy *RetryPolicy `protobuf:"bytes,2,opt,name=retry_policy,json=retryPolicy,proto3" json:"retry_policy,omitempty"` + // Required. Authorization header that the sent messages should include into the request + AuthorizationHeader string `protobuf:"bytes,4,opt,name=authorization_header,json=authorizationHeader,proto3" json:"authorization_header,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *PushConfig) Reset() { *m = PushConfig{} } @@ -450,6 +452,13 @@ func (m *PushConfig) GetRetryPolicy() *RetryPolicy { return nil } +func (m *PushConfig) GetAuthorizationHeader() string { + if m != nil { + return m.AuthorizationHeader + } + return "" +} + // RetryPolicy holds information regarding the retry policy. type RetryPolicy struct { // Required. Type of the retry policy used (Only linear policy supported). @@ -517,35 +526,37 @@ func init() { func init() { proto.RegisterFile("ams.proto", fileDescriptor_85e4db6795b5b1aa) } var fileDescriptor_85e4db6795b5b1aa = []byte{ - // 444 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x54, 0xc1, 0x6e, 0xd4, 0x30, - 0x10, 0x4d, 0xda, 0x6a, 0x61, 0xc7, 0x49, 0x8b, 0x46, 0xa8, 0x0a, 0xd9, 0x6e, 0x29, 0xe6, 0x52, - 0x09, 0x64, 0xc4, 0xc2, 0xa1, 0x20, 0x2e, 0x15, 0x70, 0x04, 0x56, 0x59, 0x38, 0x71, 0x88, 0xdc, - 0xd4, 0x6d, 0x2d, 0x6d, 0x62, 0x13, 0x3b, 0xd5, 0xee, 0x07, 0xf0, 0x5d, 0xfc, 0x1a, 0x8a, 0xc9, - 0xb6, 0x09, 0xec, 0x46, 0xa8, 0x37, 0xcf, 0x9b, 0x79, 0x7e, 0x33, 0xf1, 0xbc, 0xc0, 0x90, 0xe7, - 0x86, 0xe9, 0x52, 0x59, 0x45, 0x4f, 0xe0, 0xd1, 0xac, 0x3a, 0x33, 0x59, 0x29, 0xb5, 0x95, 0xaa, - 0x98, 0x59, 0x6e, 0x2b, 0x93, 0x88, 0x1f, 0x95, 0x30, 0x16, 0x47, 0x30, 0xbc, 0xa8, 0xe6, 0xf3, - 0xb4, 0xe0, 0xb9, 0x88, 0xfc, 0x23, 0xff, 0x78, 0x98, 0xdc, 0xaf, 0x81, 0xcf, 0x3c, 0x17, 0xf4, - 0x35, 0xc4, 0xeb, 0x98, 0x46, 0xab, 0xc2, 0x08, 0xdc, 0x87, 0x81, 0x71, 0x48, 0xc3, 0x6b, 0x22, - 0xba, 0x07, 0x61, 0x47, 0x83, 0x3e, 0x80, 0xdd, 0x2e, 0x95, 0xbe, 0x85, 0xc3, 0x0f, 0x82, 0x67, - 0x56, 0x5e, 0x73, 0x2b, 0xda, 0x12, 0x37, 0x97, 0x47, 0x70, 0x2f, 0x17, 0xc6, 0xf0, 0xcb, 0x55, - 0x57, 0xab, 0x90, 0xbe, 0x83, 0xf1, 0x26, 0xee, 0x7f, 0x8c, 0x74, 0x02, 0x07, 0xa7, 0x77, 0xd3, - 0x9d, 0xc2, 0xe8, 0xb4, 0x47, 0xf5, 0x25, 0x04, 0xa6, 0x05, 0x3b, 0x36, 0x99, 0x84, 0xac, 0x53, - 0xdb, 0x29, 0xa1, 0x0b, 0x08, 0xda, 0xd9, 0xde, 0xc6, 0x71, 0x0c, 0xe0, 0x92, 0x56, 0x69, 0x99, - 0x45, 0x5b, 0x2e, 0xeb, 0xca, 0xbf, 0xd6, 0x00, 0x3e, 0x07, 0xa2, 0x2b, 0x73, 0x95, 0x66, 0xaa, - 0xb8, 0x90, 0x97, 0xd1, 0x8e, 0x53, 0x27, 0x6c, 0x5a, 0x99, 0xab, 0xf7, 0x0e, 0x4a, 0x40, 0xdf, - 0x9c, 0xe9, 0x4f, 0x1f, 0xe0, 0x36, 0x85, 0x4f, 0x21, 0x74, 0x64, 0x51, 0x9c, 0x6b, 0x25, 0x0b, - 0xdb, 0x88, 0x07, 0x35, 0xf8, 0xb1, 0xc1, 0xf0, 0x09, 0x04, 0x39, 0x5f, 0xa4, 0xcd, 0xe7, 0x30, - 0xd1, 0xf6, 0x91, 0x7f, 0xbc, 0x9d, 0x90, 0x9c, 0x2f, 0x3e, 0x35, 0x10, 0xbe, 0x80, 0xa0, 0x14, - 0xb6, 0x5c, 0xa6, 0x5a, 0xcd, 0x65, 0xb6, 0x74, 0x5d, 0x92, 0x49, 0xc0, 0x92, 0x1a, 0x9c, 0x3a, - 0x2c, 0x21, 0xe5, 0x6d, 0x40, 0xdf, 0x00, 0x69, 0xe5, 0x10, 0x61, 0xc7, 0x2e, 0xf5, 0x6a, 0x76, - 0x77, 0xae, 0xb7, 0x4c, 0x8b, 0x52, 0xaa, 0x73, 0x77, 0x5b, 0x98, 0x34, 0xd1, 0xe4, 0xd7, 0x16, - 0x90, 0x7a, 0x84, 0x99, 0x28, 0xaf, 0x65, 0x26, 0xf0, 0x1b, 0x3c, 0x5c, 0xf7, 0x3c, 0x78, 0xc0, - 0x7a, 0x5e, 0x2d, 0x1e, 0xb3, 0xbe, 0x6d, 0xa0, 0x1e, 0x7e, 0x87, 0xfd, 0xf5, 0xdb, 0x86, 0x87, - 0xac, 0x77, 0x0d, 0xe3, 0xc7, 0xac, 0x7f, 0xc5, 0xa9, 0x87, 0xcf, 0x60, 0xf0, 0xc7, 0x18, 0xb8, - 0xcb, 0x3a, 0x96, 0x89, 0xf7, 0xd8, 0x5f, 0x8e, 0xf1, 0xf0, 0x0b, 0xe0, 0xbf, 0x66, 0xc4, 0x98, - 0x6d, 0xf4, 0x76, 0x3c, 0x62, 0x9b, 0xdd, 0x4b, 0xbd, 0xb3, 0x81, 0xfb, 0x3d, 0xbc, 0xfa, 0x1d, - 0x00, 0x00, 0xff, 0xff, 0x09, 0x3c, 0xc8, 0x85, 0x2b, 0x04, 0x00, 0x00, + // 472 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x54, 0x41, 0x6f, 0xd3, 0x30, + 0x14, 0x6e, 0xb7, 0xa9, 0xd0, 0x97, 0x74, 0x43, 0x8f, 0x69, 0x0a, 0xe9, 0x3a, 0x86, 0xb9, 0x4c, + 0x02, 0x19, 0xad, 0x70, 0x18, 0x88, 0xcb, 0x04, 0x48, 0x5c, 0x80, 0xca, 0x85, 0x13, 0x87, 0xc8, + 0x4b, 0xbd, 0xd5, 0x52, 0x13, 0x1b, 0xdb, 0x99, 0x5a, 0x7e, 0x19, 0x37, 0xfe, 0x1a, 0x8a, 0x49, + 0xb7, 0x06, 0xda, 0x08, 0x71, 0xf3, 0xfb, 0x9e, 0x3f, 0x7f, 0xcf, 0xcf, 0xef, 0x33, 0x74, 0x79, + 0x66, 0xa9, 0x36, 0xca, 0x29, 0x72, 0x06, 0x0f, 0xc6, 0xc5, 0x85, 0x4d, 0x8d, 0xd4, 0x4e, 0xaa, + 0x7c, 0xec, 0xb8, 0x2b, 0x2c, 0x13, 0xdf, 0x0a, 0x61, 0x1d, 0xf6, 0xa1, 0x7b, 0x59, 0xcc, 0x66, + 0x49, 0xce, 0x33, 0x11, 0xb5, 0x8f, 0xdb, 0x27, 0x5d, 0x76, 0xb7, 0x04, 0x3e, 0xf2, 0x4c, 0x90, + 0x17, 0x10, 0xaf, 0x63, 0x5a, 0xad, 0x72, 0x2b, 0xf0, 0x00, 0x3a, 0xd6, 0x23, 0x15, 0xaf, 0x8a, + 0xc8, 0x1e, 0xf4, 0x6a, 0x1a, 0xe4, 0x1e, 0xec, 0xd6, 0xa9, 0xe4, 0x15, 0x1c, 0xbd, 0x15, 0x3c, + 0x75, 0xf2, 0x9a, 0x3b, 0xb1, 0x2a, 0x71, 0x73, 0x78, 0x04, 0x77, 0x32, 0x61, 0x2d, 0xbf, 0x5a, + 0x56, 0xb5, 0x0c, 0xc9, 0x6b, 0x18, 0x6c, 0xe2, 0xfe, 0xc3, 0x95, 0xce, 0xe0, 0xf0, 0xfc, 0xff, + 0x74, 0x47, 0xd0, 0x3f, 0x6f, 0x50, 0x3d, 0x85, 0xd0, 0xae, 0xc0, 0x9e, 0x1d, 0x0c, 0x7b, 0xb4, + 0xb6, 0xb7, 0xb6, 0x85, 0xcc, 0x21, 0x5c, 0xcd, 0x36, 0x16, 0x8e, 0x03, 0x00, 0x9f, 0x74, 0x4a, + 0xcb, 0x34, 0xda, 0xf2, 0x59, 0xbf, 0xfd, 0x73, 0x09, 0xe0, 0x53, 0x08, 0x74, 0x61, 0xa7, 0x49, + 0xaa, 0xf2, 0x4b, 0x79, 0x15, 0xed, 0x78, 0xf5, 0x80, 0x8e, 0x0a, 0x3b, 0x7d, 0xe3, 0x21, 0x06, + 0xfa, 0x66, 0x4d, 0x7e, 0xb4, 0x01, 0x6e, 0x53, 0xf8, 0x18, 0x7a, 0x9e, 0x2c, 0xf2, 0x89, 0x56, + 0x32, 0x77, 0x95, 0x78, 0x58, 0x82, 0xef, 0x2a, 0x0c, 0x1f, 0x41, 0x98, 0xf1, 0x79, 0x52, 0xb5, + 0xc3, 0x46, 0xdb, 0xc7, 0xed, 0x93, 0x6d, 0x16, 0x64, 0x7c, 0xfe, 0xa1, 0x82, 0xf0, 0x19, 0x84, + 0x46, 0x38, 0xb3, 0x48, 0xb4, 0x9a, 0xc9, 0x74, 0xe1, 0xab, 0x0c, 0x86, 0x21, 0x65, 0x25, 0x38, + 0xf2, 0x18, 0x0b, 0xcc, 0x6d, 0x80, 0xa7, 0xb0, 0xcf, 0x0b, 0x37, 0x55, 0x46, 0x7e, 0xe7, 0x65, + 0x0b, 0x92, 0xa9, 0xe0, 0x13, 0x61, 0x7c, 0xf9, 0x5d, 0x76, 0xbf, 0x96, 0x7b, 0xef, 0x53, 0xe4, + 0x25, 0x04, 0x2b, 0xc7, 0x21, 0xc2, 0x8e, 0x5b, 0xe8, 0x65, 0xbb, 0xfc, 0xba, 0x1c, 0x4c, 0x2d, + 0x8c, 0x54, 0x13, 0x5f, 0x40, 0x8f, 0x55, 0xd1, 0xf0, 0xe7, 0x16, 0x04, 0xe5, 0xad, 0xc7, 0xc2, + 0x5c, 0xcb, 0x54, 0xe0, 0x17, 0xd8, 0x5f, 0xf7, 0xa2, 0x78, 0x48, 0x1b, 0x1e, 0x3a, 0x1e, 0xd0, + 0xa6, 0x01, 0x22, 0x2d, 0xfc, 0x0a, 0x07, 0xeb, 0x07, 0x14, 0x8f, 0x68, 0xe3, 0xe4, 0xc6, 0x0f, + 0x69, 0xb3, 0x2b, 0x48, 0x0b, 0x9f, 0x40, 0xe7, 0xb7, 0x97, 0x70, 0x97, 0xd6, 0x5c, 0x16, 0xef, + 0xd1, 0x3f, 0x4c, 0xd6, 0xc2, 0x4f, 0x80, 0x7f, 0xfb, 0x17, 0x63, 0xba, 0xf1, 0x3b, 0x88, 0xfb, + 0x74, 0xb3, 0xe1, 0x49, 0xeb, 0xa2, 0xe3, 0x7f, 0x94, 0xe7, 0xbf, 0x02, 0x00, 0x00, 0xff, 0xff, + 0x9c, 0x92, 0xc0, 0xda, 0x5e, 0x04, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. diff --git a/api/v1/grpc/proto/ams.proto b/api/v1/grpc/proto/ams.proto index 16178e8..7849a7d 100644 --- a/api/v1/grpc/proto/ams.proto +++ b/api/v1/grpc/proto/ams.proto @@ -75,6 +75,8 @@ message PushConfig { int64 max_messages = 3; // Required. Retry policy. RetryPolicy retry_policy = 2; + // Required. Authorization header that the sent messages should include into the request + string authorization_header = 4; } // RetryPolicy holds information regarding the retry policy. diff --git a/api/v1/grpc/server.go b/api/v1/grpc/server.go index ef71626..b6884b8 100644 --- a/api/v1/grpc/server.go +++ b/api/v1/grpc/server.go @@ -151,7 +151,7 @@ func (ps *PushService) ActivateSubscription(ctx context.Context, r *amsPb.Activa c, _ := consumers.New(consumers.AmsHttpConsumerType, r.Subscription.FullName, ps.Cfg, ps.Client) // choose a sender - s, _ := senders.New(senders.HttpSenderType, r.Subscription.PushConfig.PushEndpoint, ps.Client) + s, _ := senders.New(senders.HttpSenderType, *r.Subscription.PushConfig, ps.Client) worker, err := push.New(r.Subscription, c, s, ps.deactivateChan) if err != nil { @@ -305,8 +305,9 @@ func (ps *PushService) loadSubscriptions() { FullName: sub.FullName, FullTopic: sub.FullTopic, PushConfig: &amsPb.PushConfig{ - PushEndpoint: sub.PushCfg.Pend, - MaxMessages: sub.PushCfg.MaxMessages, + PushEndpoint: sub.PushCfg.Pend, + AuthorizationHeader: sub.PushCfg.AuthorizationHeader.Value, + MaxMessages: sub.PushCfg.MaxMessages, RetryPolicy: &amsPb.RetryPolicy{ Period: sub.PushCfg.RetPol.Period, Type: sub.PushCfg.RetPol.PolicyType, @@ -443,9 +444,15 @@ type Subscription struct { // PushConfig holds optional configuration for push operations type PushConfig struct { - Pend string `json:"pushEndpoint"` - MaxMessages int64 `json:"maxMessages"` - RetPol RetryPolicy `json:"retryPolicy"` + Pend string `json:"pushEndpoint"` + AuthorizationHeader AuthorizationHeader `json:"authorization_header"` + MaxMessages int64 `json:"maxMessages"` + RetPol RetryPolicy `json:"retryPolicy"` +} + +// AuthorizationHeader holds an optional value to be supplied as an Authorization header to push requests +type AuthorizationHeader struct { + Value string `json:"value"` } // RetryPolicy holds information on retry policies diff --git a/api/v1/grpc/server_test.go b/api/v1/grpc/server_test.go index a48aabe..9200755 100644 --- a/api/v1/grpc/server_test.go +++ b/api/v1/grpc/server_test.go @@ -288,9 +288,14 @@ func (suite *ServerTestSuite) TestGetSubscription() { Period: 300, } + authz := AuthorizationHeader{ + Value: "auth-header-1", + } + pc := PushConfig{ - Pend: "example.com:9999", - RetPol: rp, + Pend: "example.com:9999", + AuthorizationHeader: authz, + RetPol: rp, } expectedSub := Subscription{ @@ -397,10 +402,14 @@ func (m *MockRoundTripper) RoundTrip(r *http.Request) (*http.Response, error) { PolicyType: "linear", Period: 300, } + authz := AuthorizationHeader{ + Value: "auth-header-1", + } pc := PushConfig{ - Pend: "example.com:9999", - RetPol: rp, + Pend: "example.com:9999", + AuthorizationHeader: authz, + RetPol: rp, } s := Subscription{ diff --git a/push/worker_test.go b/push/worker_test.go index 2ca7333..d551ebe 100644 --- a/push/worker_test.go +++ b/push/worker_test.go @@ -21,7 +21,7 @@ type WorkerTestSuite struct { func (suite *WorkerTestSuite) TestNew() { c := consumers.NewAmsHttpConsumer("", "", "", &http.Client{}) - s := senders.NewHttpSender("", &http.Client{}) + s := senders.NewHttpSender("", "", &http.Client{}) sub := &amsPb.Subscription{ PushConfig: &amsPb.PushConfig{ MaxMessages: 1, diff --git a/senders/httpsender.go b/senders/httpsender.go index b541c43..fef6b2f 100644 --- a/senders/httpsender.go +++ b/senders/httpsender.go @@ -14,15 +14,17 @@ const ApplicationJson = "application/json" // HttpSender delivers data to any http endpoint type HttpSender struct { - client *http.Client - endpoint string + client *http.Client + endpoint string + authZHeader string } // NewHttpSender initialises and returns a new http sender -func NewHttpSender(endpoint string, client *http.Client) *HttpSender { +func NewHttpSender(endpoint, authz string, client *http.Client) *HttpSender { s := new(HttpSender) s.client = client s.endpoint = endpoint + s.authZHeader = authz return s } @@ -50,6 +52,9 @@ func (s *HttpSender) Send(ctx context.Context, msgs PushMsgs, format pushMessage } req.Header.Set("Content-Type", ApplicationJson) + if s.authZHeader != "" { + req.Header.Set("Authorization", s.authZHeader) + } log.WithFields( log.Fields{ diff --git a/senders/httpsender_test.go b/senders/httpsender_test.go index 9569d9b..582ff90 100644 --- a/senders/httpsender_test.go +++ b/senders/httpsender_test.go @@ -17,9 +17,10 @@ type HttpSenderTestSuite struct { // TestNewHttpSender tests the proper initialisation of an http sender func (suite *HttpSenderTestSuite) TestNewHttpSender() { - s := NewHttpSender("example.com:443", new(http.Client)) + s := NewHttpSender("example.com:443", "auth-header-1", new(http.Client)) suite.Equal("example.com:443", s.endpoint) + suite.Equal("auth-header-1", s.authZHeader) suite.Equal(new(http.Client), s.client) } @@ -33,7 +34,7 @@ func (suite *HttpSenderTestSuite) TestSend() { } // test the normal case of 200 - s1 := NewHttpSender("https://example.com:8080/receive_here_200", client) + s1 := NewHttpSender("https://example.com:8080/receive_here_200", "auth-header-1", client) m1 := PushMsg{Sub: "sub"} m1s := PushMsgs{Messages: []PushMsg{m1}} e1 := s1.Send(context.Background(), m1s, MultipleMessageFormat) @@ -60,22 +61,22 @@ func (suite *HttpSenderTestSuite) TestSend() { suite.False(ok) // test the normal case of 201 - s2 := NewHttpSender("https://example.com:8080/receive_here_201", client) + s2 := NewHttpSender("https://example.com:8080/receive_here_201", "", client) e2 := s2.Send(context.Background(), PushMsgs{}, MultipleMessageFormat) suite.Nil(e2) // test the normal case of 204 - s3 := NewHttpSender("https://example.com:8080/receive_here_204", client) + s3 := NewHttpSender("https://example.com:8080/receive_here_204", "auth-header-1", client) e3 := s3.Send(context.Background(), PushMsgs{}, MultipleMessageFormat) suite.Nil(e3) // test the normal case of 102 - s4 := NewHttpSender("https://example.com:8080/receive_here_102", client) + s4 := NewHttpSender("https://example.com:8080/receive_here_102", "auth-header-1", client) e4 := s4.Send(context.Background(), PushMsgs{}, MultipleMessageFormat) suite.Nil(e4) // test the error case - s5 := NewHttpSender("https://example.com:8080/receive_here_error", client) + s5 := NewHttpSender("https://example.com:8080/receive_here_error", "", client) e5 := s5.Send(context.Background(), PushMsgs{}, MultipleMessageFormat) expOut := `{ @@ -90,7 +91,7 @@ func (suite *HttpSenderTestSuite) TestSend() { } func (suite *HttpSenderTestSuite) TestDestination() { - s := NewHttpSender("example.com:443", nil) + s := NewHttpSender("example.com:443", "auth-header-1", nil) suite.Equal("example.com:443", s.Destination()) } diff --git a/senders/mock.go b/senders/mock.go index 9b10af9..8b19957 100644 --- a/senders/mock.go +++ b/senders/mock.go @@ -52,36 +52,44 @@ func (m *MockSenderRoundTripper) RoundTrip(r *http.Request) (*http.Response, err switch r.URL.Path { case "/receive_here_200": - resp = &http.Response{ - StatusCode: 200, - // Send response to be tested - Body: ioutil.NopCloser(strings.NewReader("")), - // Must be set to non-nil value or it panics - Header: header, + if r.Header.Get("authorization") == "auth-header-1" { + resp = &http.Response{ + StatusCode: 200, + // Send response to be tested + Body: ioutil.NopCloser(strings.NewReader("")), + // Must be set to non-nil value or it panics + Header: header, + } } case "/receive_here_201": - resp = &http.Response{ - StatusCode: 201, - // Send response to be tested - Body: ioutil.NopCloser(strings.NewReader("")), - // Must be set to non-nil value or it panics - Header: header, + if r.Header.Get("authorization") == "" { + resp = &http.Response{ + StatusCode: 201, + // Send response to be tested + Body: ioutil.NopCloser(strings.NewReader("")), + // Must be set to non-nil value or it panics + Header: header, + } } case "/receive_here_204": - resp = &http.Response{ - StatusCode: 204, - // Send response to be tested - Body: ioutil.NopCloser(strings.NewReader("")), - // Must be set to non-nil value or it panics - Header: header, + if r.Header.Get("authorization") == "auth-header-1" { + resp = &http.Response{ + StatusCode: 204, + // Send response to be tested + Body: ioutil.NopCloser(strings.NewReader("")), + // Must be set to non-nil value or it panics + Header: header, + } } case "/receive_here_102": - resp = &http.Response{ - StatusCode: 102, - // Send response to be tested - Body: ioutil.NopCloser(strings.NewReader("")), - // Must be set to non-nil value or it panics - Header: header, + if r.Header.Get("authorization") == "auth-header-1" { + resp = &http.Response{ + StatusCode: 102, + // Send response to be tested + Body: ioutil.NopCloser(strings.NewReader("")), + // Must be set to non-nil value or it panics + Header: header, + } } case "/receive_here_error": diff --git a/senders/sender.go b/senders/sender.go index f738d9c..c0415d8 100644 --- a/senders/sender.go +++ b/senders/sender.go @@ -3,6 +3,7 @@ package senders import ( "context" "fmt" + amsPb "github.com/ARGOeu/ams-push-server/api/v1/grpc/proto" "github.com/ARGOeu/ams-push-server/consumers" "net/http" ) @@ -26,11 +27,11 @@ type Sender interface { } // New acts as a sender factory, creates and returns a new sender based on the provided type -func New(sType senderType, endpoint string, client *http.Client) (Sender, error) { +func New(sType senderType, cfg amsPb.PushConfig, client *http.Client) (Sender, error) { switch sType { case HttpSenderType: - return NewHttpSender(endpoint, client), nil + return NewHttpSender(cfg.PushEndpoint, cfg.AuthorizationHeader, client), nil } return nil, fmt.Errorf("sender %v not yet implemented", sType) diff --git a/senders/sender_test.go b/senders/sender_test.go index f6693e0..d2e9497 100644 --- a/senders/sender_test.go +++ b/senders/sender_test.go @@ -1,6 +1,7 @@ package senders import ( + "github.com/ARGOeu/ams-push-server/api/v1/grpc/proto" "github.com/stretchr/testify/suite" "net/http" "testing" @@ -14,12 +15,16 @@ type SenderTestSuite struct { func (suite *SenderTestSuite) TestNew() { // normal creation - s1, e1 := New(HttpSenderType, "example.com", &http.Client{}) + pushCFG := proto.PushConfig{ + PushEndpoint: "example.com", + AuthorizationHeader: "auth-header-1", + } + s1, e1 := New(HttpSenderType, pushCFG, &http.Client{}) suite.IsType(&HttpSender{}, s1) suite.Nil(e1) // unimplemented sender - _, e2 := New("unknown", "", nil) + _, e2 := New("unknown", pushCFG, nil) suite.Equal("sender unknown not yet implemented", e2.Error()) } From 06a991b36e1304a83df2dd02425dcba9ca3149fd Mon Sep 17 00:00:00 2001 From: agelostsal Date: Tue, 5 Oct 2021 12:36:45 +0300 Subject: [PATCH 4/6] AM-37 ams-push-server: remove cert/key from outgoing http requests --- api/v1/grpc/server.go | 6 ------ 1 file changed, 6 deletions(-) diff --git a/api/v1/grpc/server.go b/api/v1/grpc/server.go index b6884b8..8324395 100644 --- a/api/v1/grpc/server.go +++ b/api/v1/grpc/server.go @@ -56,12 +56,6 @@ func NewPushService(cfg *config.Config) *PushService { }, } - // if tls is enabled for the server - // use the cert/key for outgoing http requests as well - if ps.Cfg.TLSEnabled { - transCfg.TLSClientConfig.Certificates = ps.Cfg.GetTLSConfig().Certificates - } - client := &http.Client{ Transport: transCfg, Timeout: time.Duration(30 * time.Second), From d1e1c0b3f571fc965e972b203c2d071ad5c6e388 Mon Sep 17 00:00:00 2001 From: agelostsal Date: Tue, 5 Oct 2021 12:55:18 +0300 Subject: [PATCH 5/6] AMS Push Server Release 1.0.1 --- ams-push-server.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ams-push-server.spec b/ams-push-server.spec index d336673..2e9bf5e 100644 --- a/ams-push-server.spec +++ b/ams-push-server.spec @@ -3,7 +3,7 @@ Name: ams-push-server Summary: ARGO Ams Push Server. -Version: 1.0.0 +Version: 1.0.1 Release: 1%{?dist} License: ASL 2.0 Buildroot: %{_tmppath}/%{name}-buildroot @@ -57,5 +57,7 @@ go clean %attr(0644,root,root) /usr/lib/systemd/system/ams-push-server.service %changelog +* Tue Oct 5 2021 Agelos Tsalapatis 1.0.1-1%{?dist} +- Release of ams-push-server 1.0.1 * Wed May 27 2020 Agelos Tsalapatis 1.0.0-1%{?dist} - Release of ams-push-server 1.0.0 From 10bd705b1df0ae96b40b24dc28b44f3ea393f883 Mon Sep 17 00:00:00 2001 From: Kostas Evangelou Date: Fri, 8 Oct 2021 12:26:42 +0300 Subject: [PATCH 6/6] Remove unused downstream job --- Jenkinsfile | 3 --- 1 file changed, 3 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 7e48f15..d2c717e 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -63,9 +63,6 @@ pipeline { } success { script{ - if ( env.BRANCH_NAME == 'devel' ) { - build job: '/ARGO-utils/argo-swagger-docs', propagate: false - } if ( env.BRANCH_NAME == 'master' || env.BRANCH_NAME == 'devel' ) { slackSend( message: ":rocket: New version for <$BUILD_URL|$PROJECT_DIR>:$BRANCH_NAME Job: $JOB_NAME !") }