#!/usr/bin/python # # Copyright (C) 2019 Bell Canada. # Modifications Copyright © 2018-2019 AT&T Intellectual Property. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. from builtins import KeyboardInterrupt from concurrent import futures import logging import time import grpc from pathlib import Path, PurePath from blueprints_grpc import BluePrintProcessing_pb2_grpc from blueprints_grpc.request_header_validator_interceptor import RequestHeaderValidatorInterceptor from blueprints_grpc.blueprint_processing_server import BluePrintProcessingServer from blueprints_grpc import ScriptExecutorConfiguration logger = logging.getLogger("Server") _ONE_DAY_IN_SECONDS = 60 * 60 * 24 def serve(configuration: ScriptExecutorConfiguration): port = configuration.script_executor_property('port') authType = configuration.script_executor_property('authType') maxWorkers = configuration.script_executor_property('maxWorkers') if authType == 'tls-auth': cert_chain_file = configuration.script_executor_property('certChain') private_key_file = configuration.script_executor_property('privateKey') logger.info("Setting GRPC server TLS authentication, cert file(%s) private key file(%s)", cert_chain_file, private_key_file) # read in key and certificate with open(cert_chain_file, 'rb') as f: certificate_chain = f.read() with open(private_key_file, 'rb') as f: private_key = f.read() # create server credentials server_credentials = grpc.ssl_server_credentials(((private_key, certificate_chain),)) # create server server = grpc.server(futures.ThreadPoolExecutor(max_workers=int(maxWorkers))) BluePrintProcessing_pb2_grpc.add_BluePrintProcessingServiceServicer_to_server( BluePrintProcessingServer(configuration), server) # add secure port using credentials server.add_secure_port('[::]:' + port, server_credentials) server.start() else: logger.info("Setting GRPC server base authentication") basic_auth = configuration.script_executor_property('token') header_validator = RequestHeaderValidatorInterceptor( 'authorization', basic_auth, grpc.StatusCode.UNAUTHENTICATED, 'Access denied!') # create server with token authentication interceptors server = grpc.server(futures.ThreadPoolExecutor(max_workers=int(maxWorkers)), interceptors=(header_validator,)) BluePrintProcessing_pb2_grpc.add_BluePrintProcessingServiceServicer_to_server( BluePrintProcessingServer(configuration), server) server.add_insecure_port('[::]:' + port) server.start() logger.info("Command Executor Server started on %s" % port) try: while True: time.sleep(_ONE_DAY_IN_SECONDS) except KeyboardInterrupt: server.stop(0) if __name__ == '__main__': config_file = str(PurePath(Path().absolute())) + '/configuration.ini' configuration = ScriptExecutorConfiguration(config_file) logging_formater = '%(asctime)s - %(name)s - %(threadName)s - %(levelname)s - %(message)s' logging.basicConfig(filename=configuration.script_executor_property('logFile'), level=logging.DEBUG, format=logging_formater) console = logging.StreamHandler() console.setLevel(logging.INFO) formatter = logging.Formatter(logging_formater) console.setFormatter(formatter) logging.getLogger('').addHandler(console) serve(configuration)