Merge branch 'staging' into... (c98cdcf1) · Commits · OCF / capif

helm/vault-job/vault-job.yaml

+5 −5

Original line number	Diff line number	Diff line
		@@ -25,10 +25,10 @@ data:
		# to execute the next commands in vault
		# otherwise, if use the vault as dev's mode. Just
		# type the token's dev.
		export VAULT_TOKEN="hvs.mn50Q8kpMuxsPUsCNlwQekCd"
		export DOMAIN1=*.pre-prod.int
		export DOMAIN2=*.staging.int
		export DOMAIN3=*.developer.int
		export VAULT_TOKEN=""
		export DOMAIN1=*.ocf.pre-production
		export DOMAIN2=*.ocf.validation
		export DOMAIN3=*.ocf.develop

		# local domains
		# export DOMAIN4=*.pre-prod.svc.cluster.local
		@@ -175,7 +175,7 @@ data:

		openssl x509 -pubkey -noout -in server_certificate.crt.pem > server_certificate_pub.pem

		#vault kv put secret/ca ca=@root_ca.crt.pem root_2023_ca.crt
		#vault kv put secret/ca ca=@root_helm.pem root_2023_ca.crt

		#cat root_2023_ca.crt root_2023_ca.crt > ca.crt

services/register/register_service/app.py

+4 −1

Original line number	Diff line number	Diff line
		@@ -7,7 +7,7 @@ import requests
		import json
		from config import Config
		from db.db import MongoDatabse

		import logging

		app = Flask(__name__)

		@@ -77,6 +77,7 @@ key_data = json.loads(response.text)["data"]["data"]["key"]
		# Create an Admin in the Admin Collection
		client = MongoDatabse()
		if not client.get_col_by_name(client.capif_admins).find_one({"admin_name": config["register"]["admin_users"]["admin_user"], "admin_pass": config["register"]["admin_users"]["admin_pass"]}):
		print(f'Inserting Initial Admin admin_name: {config["register"]["admin_users"]["admin_user"]}, admin_pass: {config["register"]["admin_users"]["admin_pass"]}')
		client.get_col_by_name(client.capif_admins).insert_one({"admin_name": config["register"]["admin_users"]["admin_user"], "admin_pass": config["register"]["admin_users"]["admin_pass"]})


		@@ -84,4 +85,6 @@ app.config['JWT_ALGORITHM'] = 'RS256'
		app.config['JWT_PRIVATE_KEY'] = key_data
		app.config['REGISTRE_SECRET_KEY'] = config["register"]["register_uuid"]

		app.logger.setLevel(logging.DEBUG)

		app.register_blueprint(register_routes)
		No newline at end of file

services/register/register_service/controllers/register_controller.py

+20 −2

Original line number	Diff line number	Diff line
		@@ -21,6 +21,7 @@ register_operation = RegisterOperations()

		# Function to generate access tokens and refresh tokens
		def generate_tokens(username):
		current_app.logger.debug(f"generating admin tokens...")
		access_payload = {
		'username': username,
		'exp': datetime.now() + timedelta(minutes=config["register"]["token_expiration"])
		@@ -31,18 +32,22 @@ def generate_tokens(username):
		}
		access_token = jwt.encode(access_payload, current_app.config['REGISTRE_SECRET_KEY'], algorithm='HS256')
		refresh_token = jwt.encode(refresh_payload, current_app.config['REGISTRE_SECRET_KEY'], algorithm='HS256')
		current_app.logger.debug(f"Access token : {access_token}\nRefresh token : {refresh_token}")
		return access_token, refresh_token

		# Function in charge of verifying the basic auth
		@auth.verify_password
		def verify_password(username, password):
		current_app.logger.debug("Checking user credentials...")
		users = register_operation.get_users()[0].json["users"]
		client = MongoDatabse()
		admin = client.get_col_by_name(client.capif_admins).find_one({"admin_name": username, "admin_pass": password})
		if admin:
		current_app.logger.debug(f"Verified admin {username}")
		return username, "admin"
		for user in users:
		if user["username"] == username and user["password"]==password:
		current_app.logger.debug(f"Verified user {username}")
		return username, "client"

		# Function responsible for verifying the token
		@@ -50,15 +55,18 @@ def admin_required():
		def decorator(f):
		@wraps(f)
		def decorated(args, *kwargs):

		current_app.logger.debug("Checking admin token...")
		token = request.headers.get('Authorization')
		if not token:
		current_app.logger.debug("Token is missing.")
		return jsonify({'message': 'Token is missing'}), 401

		if token.startswith('Bearer '):
		current_app.logger.debug("Token is missing.")
		token = token.split('Bearer ')[1]

		if not token:
		current_app.logger.debug("Token is missing.")
		return jsonify({'message': 'Token is missing'}), 401

		try:
		@@ -66,6 +74,7 @@ def admin_required():
		username = data['username']
		return f(username, args, *kwargs)
		except Exception as e:
		current_app.logger.debug(f"Error: {str(e)}.")
		return jsonify({'message': str(e)}), 401

		return decorated
		@@ -76,6 +85,7 @@ def admin_required():
		def login():
		username, rol = auth.current_user()
		if rol != "admin":
		current_app.logger.debug(f"User {username} trying to log in as admin")
		return jsonify(message="Unauthorized. Administrator privileges required."), 401
		access_token, refresh_token = generate_tokens(username)
		return jsonify({'access_token': access_token, 'refresh_token': refresh_token})
		@@ -83,12 +93,14 @@ def login():
		@register_routes.route('/refresh', methods=['POST'])
		@admin_required()
		def refresh_token(username):
		current_app.logger.debug(f"Refreshing token for admin {username}")
		access_token, _ = generate_tokens(username)
		return jsonify({'access_token': access_token})

		@register_routes.route("/createUser", methods=["POST"])
		@admin_required()
		def register(username):
		current_app.logger.debug(f"Admin {username} creating a user...")
		required_fields = {
		"username": str,
		"password": str,
		@@ -105,21 +117,24 @@ def register(username):
		}

		user_info = request.get_json()

		current_app.logger.debug(f"User Info: {user_info}")
		missing_fields = []
		for field, field_type in required_fields.items():
		if field not in user_info:
		missing_fields.append(field)
		elif not isinstance(user_info[field], field_type):
		current_app.logger.debug(f"Error: Field {field} must be of type {field_type.__name__}")
		return jsonify({"error": f"Field '{field}' must be of type {field_type.__name__}"}), 400

		for field, field_type in optional_fields.items():
		if field in user_info and not isinstance(user_info[field], field_type):
		current_app.logger.debug(f"Error: Field {field} must be of type {field_type.__name__}")
		return jsonify({"error": f"Optional field '{field}' must be of type {field_type.__name__}"}), 400
		if field not in user_info:
		user_info[field] = None

		if missing_fields:
		current_app.logger.debug(f"Error: missing requuired fields : {missing_fields}")
		return jsonify({"error": "Missing required fields", "fields": missing_fields}), 400

		return register_operation.register_user(user_info)
		@@ -128,15 +143,18 @@ def register(username):
		@auth.login_required
		def getauth():
		username, _ = auth.current_user()
		current_app.logger.debug(f"Obtaining authorization for the user {username}")
		return register_operation.get_auth(username)

		@register_routes.route("/deleteUser/<uuid>", methods=["DELETE"])
		@admin_required()
		def remove(username, uuid):
		current_app.logger.debug(f"Deleting user with id {uuid} by admin {username}")
		return register_operation.remove_user(uuid)


		@register_routes.route("/getUsers", methods=["GET"])
		@admin_required()
		def getUsers(username):
		current_app.logger.debug(f"Returning list of users to admin {username}")
		return register_operation.get_users()

services/register/register_service/core/register_operations.py

+10 −2

Original line number	Diff line number	Diff line
		@@ -19,15 +19,19 @@ class RegisterOperations:
		mycol = self.db.get_col_by_name(self.db.capif_users)
		exist_user = mycol.find_one({"username": user_info["username"]})
		if exist_user:
		current_app.logger.debug(f"User already exists : {user_info["username"]}")
		return jsonify("user already exists"), 409

		name_space = uuid.UUID(self.config["register"]["register_uuid"])
		user_uuid = str(uuid.uuid5(name_space,user_info["username"]))
		current_app.logger.debug(f"User uuid : {user_uuid}")

		user_info["uuid"] = user_uuid
		user_info["onboarding_date"]=datetime.now()
		mycol.insert_one(user_info)

		current_app.logger.debug(f"User with uuid {user_uuid} and username {user_info["username"]} registered successfully")

		return jsonify(message="User registered successfully", uuid=user_uuid), 201

		def get_auth(self, username):
		@@ -39,14 +43,18 @@ class RegisterOperations:
		exist_user = mycol.find_one({"username": username})

		if exist_user is None:
		return jsonify("Not existing user with this credentials"), 400
		current_app.logger.debug(f"Not exister user with this credentials : {username}")
		return jsonify("Not exister user with this credentials"), 400

		access_token = create_access_token(identity=(username + " " + exist_user["uuid"]))
		current_app.logger.debug(f"Access token generated for user {username} : {access_token}")

		cert_file = open("certs/ca_root.crt", 'rb')
		ca_root = cert_file.read()
		cert_file.close()

		current_app.logger.debug(f"Returning the requested information...")

		return jsonify(message="Token and CA root returned successfully",
		access_token=access_token,
		ca_root=ca_root.decode("utf-8"),
		@@ -68,7 +76,7 @@ class RegisterOperations:
		requests.delete(url, cert=("certs/superadmin.crt", "certs/superadmin.key"), verify="certs/ca_root.crt")

		mycol.delete_one({"uuid": uuid})

		current_app.logger.debug(f"User with uuid {uuid} removed successfully")
		return jsonify(message="User removed successfully"), 204
		except Exception as e:
		return jsonify(message=f"Errors when try remove user: {e}"), 500

helm/capif/values.yaml

+1 −1

File changed.

Contains only whitespace changes.