From 06fceaa4d657c921f98d6f9ff1a8f6be2177d727 Mon Sep 17 00:00:00 2001 From: Pelayo Torres Date: Wed, 19 Jun 2024 08:50:10 +0200 Subject: [PATCH 1/3] Register Logs --- services/helper/helper_service/__main__.py | 10 +++++++++ .../register/register_service/__main__.py | 16 ++++++++++++++ .../controllers/register_controller.py | 22 +++++++++++++++++-- .../core/register_operations.py | 10 ++++++++- 4 files changed, 55 insertions(+), 3 deletions(-) diff --git a/services/helper/helper_service/__main__.py b/services/helper/helper_service/__main__.py index 69411aa..3712422 100644 --- a/services/helper/helper_service/__main__.py +++ b/services/helper/helper_service/__main__.py @@ -9,6 +9,8 @@ import requests app = Flask(__name__) config = Config().get_config() +print(f"Creating superadmin CSR and keys...") + # Create a superadmin CSR and keys key = PKey() key.generate_key(TYPE_RSA, 2048) @@ -30,6 +32,8 @@ key_file = open("helper_service/certs/superadmin.key", 'wb+') key_file.write(bytes(private_key)) key_file.close() +print(f"Requesting superadmin certificate...") + # Request superadmin certificate url = 'http://{}:{}/v1/pki_int/sign/my-ca'.format(config["ca_factory"]["url"], config["ca_factory"]["port"]) headers = {'X-Vault-Token': f"{config["ca_factory"]["token"]}"} @@ -48,6 +52,8 @@ cert_file = open("helper_service/certs/superadmin.crt", 'wb') cert_file.write(bytes(superadmin_cert, 'utf-8')) cert_file.close() +print(f"Requesting ca_root certificate...") + url = f"http://{config['ca_factory']['url']}:{config['ca_factory']['port']}/v1/secret/data/ca" headers = { @@ -60,8 +66,12 @@ cert_file = open("helper_service/certs/ca_root.crt", 'wb') cert_file.write(bytes(ca_root, 'utf-8')) cert_file.close() +print(f"Registering blueprint...") + app.register_blueprint(helper_routes) app.logger.setLevel(logging.DEBUG) +print(f"Starting helper!") + if __name__ == '__main__': app.run(host='0.0.0.0', port=8080, debug=True) \ No newline at end of file diff --git a/services/register/register_service/__main__.py b/services/register/register_service/__main__.py index aeab955..0ccd973 100644 --- a/services/register/register_service/__main__.py +++ b/services/register/register_service/__main__.py @@ -3,6 +3,7 @@ from .controllers.register_controller import register_routes from flask_jwt_extended import JWTManager from OpenSSL.crypto import PKey, TYPE_RSA, X509Req, dump_certificate_request, FILETYPE_PEM, dump_privatekey import requests +import logging import json from .config import Config from .db.db import MongoDatabse @@ -14,6 +15,8 @@ jwt_manager = JWTManager(app) config = Config().get_config() +print(f"Creating superadmin CSR and keys...") + # Create a superadmin CSR and keys key = PKey() key.generate_key(TYPE_RSA, 2048) @@ -35,6 +38,8 @@ key_file = open("register_service/certs/superadmin.key", 'wb+') key_file.write(bytes(private_key)) key_file.close() +print(f"Requesting superadmin certificate...") + # Request superadmin certificate url = 'http://{}:{}/v1/pki_int/sign/my-ca'.format(config["ca_factory"]["url"], config["ca_factory"]["port"]) headers = {'X-Vault-Token': f"{config["ca_factory"]["token"]}"} @@ -53,6 +58,8 @@ cert_file = open("register_service/certs/superadmin.crt", 'wb') cert_file.write(bytes(superadmin_cert, 'utf-8')) cert_file.close() +print(f"Requesting ca_root certificate...") + url = f"http://{config['ca_factory']['url']}:{config['ca_factory']['port']}/v1/secret/data/ca" headers = { @@ -65,6 +72,8 @@ cert_file = open("register_service/certs/ca_root.crt", 'wb') cert_file.write(bytes(ca_root, 'utf-8')) cert_file.close() +print(f"Requesting CAPIF private key...") + # Request CAPIF private key to encode the CAPIF token url = 'http://{}:{}/v1/secret/data/server_cert/private'.format(config["ca_factory"]["url"], config["ca_factory"]["port"]) headers = {'X-Vault-Token': f"{config["ca_factory"]["token"]}"} @@ -72,9 +81,11 @@ response = requests.request("GET", url, headers=headers, verify = False) key_data = json.loads(response.text)["data"]["data"]["key"] +print(f"Checking initial administrator...") # Create an Admin in the Admin Collection client = MongoDatabse() if not client.get_col_by_name(client.capif_admins).find_one({"admin_name": config["register"]["admin_users"]["admin_user"], "admin_pass": config["register"]["admin_users"]["admin_pass"]}): + print(f"\nInitial administrato not found, registering: ({config["register"]["admin_users"]["admin_user"]}, {config["register"]["admin_users"]["admin_pass"]})\n") client.get_col_by_name(client.capif_admins).insert_one({"admin_name": config["register"]["admin_users"]["admin_user"], "admin_pass": config["register"]["admin_users"]["admin_pass"]}) @@ -82,7 +93,12 @@ app.config['JWT_ALGORITHM'] = 'RS256' app.config['JWT_PRIVATE_KEY'] = key_data app.config['REGISTRE_SECRET_KEY'] = config["register"]["register_uuid"] +print(f"Registering blueprint...") + app.register_blueprint(register_routes) +app.logger.setLevel(logging.DEBUG) + +print(f"Starting Register!") #---------------------------------------- # launch diff --git a/services/register/register_service/controllers/register_controller.py b/services/register/register_service/controllers/register_controller.py index ded8e8b..29cad57 100644 --- a/services/register/register_service/controllers/register_controller.py +++ b/services/register/register_service/controllers/register_controller.py @@ -19,6 +19,7 @@ register_operation = RegisterOperations() # Function to generate access tokens and refresh tokens def generate_tokens(username): + current_app.logger.debug(f"generating admin tokens...") access_payload = { 'username': username, 'exp': datetime.now() + timedelta(minutes=config["register"]["token_expiration"]) @@ -29,18 +30,22 @@ def generate_tokens(username): } access_token = jwt.encode(access_payload, current_app.config['REGISTRE_SECRET_KEY'], algorithm='HS256') refresh_token = jwt.encode(refresh_payload, current_app.config['REGISTRE_SECRET_KEY'], algorithm='HS256') + current_app.logger.debug(f"Access token : {access_token}\nRefresh token : {refresh_token}") return access_token, refresh_token # Function in charge of verifying the basic auth @auth.verify_password def verify_password(username, password): + current_app.logger.debug("Checking user credentials...") users = register_operation.get_users()[0].json["users"] client = MongoDatabse() admin = client.get_col_by_name(client.capif_admins).find_one({"admin_name": username, "admin_pass": password}) if admin: + current_app.logger.debug(f"Verified admin {username}") return username, "admin" for user in users: if user["username"] == username and user["password"]==password: + current_app.logger.debug(f"Verified user {username}") return username, "client" # Function responsible for verifying the token @@ -48,15 +53,18 @@ def admin_required(): def decorator(f): @wraps(f) def decorated(*args, **kwargs): - + current_app.logger.debug("Checking admin token...") token = request.headers.get('Authorization') if not token: + current_app.logger.debug("Token is missing.") return jsonify({'message': 'Token is missing'}), 401 if token.startswith('Bearer '): + current_app.logger.debug("Token is missing.") token = token.split('Bearer ')[1] if not token: + current_app.logger.debug("Token is missing.") return jsonify({'message': 'Token is missing'}), 401 try: @@ -64,6 +72,7 @@ def admin_required(): username = data['username'] return f(username, *args, **kwargs) except Exception as e: + current_app.logger.debug(f"Error: {str(e)}.") return jsonify({'message': str(e)}), 401 return decorated @@ -74,6 +83,7 @@ def admin_required(): def login(): username, rol = auth.current_user() if rol != "admin": + current_app.logger.debug(f"User {username} trying to log in as admin") return jsonify(message="Unauthorized. Administrator privileges required."), 401 access_token, refresh_token = generate_tokens(username) return jsonify({'access_token': access_token, 'refresh_token': refresh_token}) @@ -81,12 +91,14 @@ def login(): @register_routes.route('/refresh', methods=['POST']) @admin_required() def refresh_token(username): + current_app.logger.debug(f"Refreshing token for admin {username}") access_token, _ = generate_tokens(username) return jsonify({'access_token': access_token}) @register_routes.route("/createUser", methods=["POST"]) @admin_required() def register(username): + current_app.logger.debug(f"Admin {username} creating a user...") required_fields = { "username": str, "password": str, @@ -103,21 +115,24 @@ def register(username): } user_info = request.get_json() - + current_app.logger.debug(f"User Info: {user_info}") missing_fields = [] for field, field_type in required_fields.items(): if field not in user_info: missing_fields.append(field) elif not isinstance(user_info[field], field_type): + current_app.logger.debug(f"Error: Field {field} must be of type {field_type.__name__}") return jsonify({"error": f"Field '{field}' must be of type {field_type.__name__}"}), 400 for field, field_type in optional_fields.items(): if field in user_info and not isinstance(user_info[field], field_type): + current_app.logger.debug(f"Error: Field {field} must be of type {field_type.__name__}") return jsonify({"error": f"Optional field '{field}' must be of type {field_type.__name__}"}), 400 if field not in user_info: user_info[field] = None if missing_fields: + current_app.logger.debug(f"Error: missing requuired fields : {missing_fields}") return jsonify({"error": "Missing required fields", "fields": missing_fields}), 400 return register_operation.register_user(user_info) @@ -126,15 +141,18 @@ def register(username): @auth.login_required def getauth(): username, _ = auth.current_user() + current_app.logger.debug(f"Obtaining authorization for the user {username}") return register_operation.get_auth(username) @register_routes.route("/deleteUser/", methods=["DELETE"]) @admin_required() def remove(username, uuid): + current_app.logger.debug(f"Deleting user with id {uuid} by admin {username}") return register_operation.remove_user(uuid) @register_routes.route("/getUsers", methods=["GET"]) @admin_required() def getUsers(username): + current_app.logger.debug(f"Returning list of users to admin {username}") return register_operation.get_users() diff --git a/services/register/register_service/core/register_operations.py b/services/register/register_service/core/register_operations.py index 5082d51..edf201e 100644 --- a/services/register/register_service/core/register_operations.py +++ b/services/register/register_service/core/register_operations.py @@ -18,15 +18,19 @@ class RegisterOperations: mycol = self.db.get_col_by_name(self.db.capif_users) exist_user = mycol.find_one({"username": user_info["username"]}) if exist_user: + current_app.logger.debug(f"User already exists : {user_info["username"]}") return jsonify("user already exists"), 409 name_space = uuid.UUID(self.config["register"]["register_uuid"]) user_uuid = str(uuid.uuid5(name_space,user_info["username"])) + current_app.logger.debug(f"User uuid : {user_uuid}") user_info["uuid"] = user_uuid user_info["onboarding_date"]=datetime.now() obj = mycol.insert_one(user_info) + current_app.logger.debug(f"User with uuid {user_uuid} and username {user_info["username"]} registered successfully") + return jsonify(message="User registered successfully", uuid=user_uuid), 201 def get_auth(self, username): @@ -38,14 +42,18 @@ class RegisterOperations: exist_user = mycol.find_one({"username": username}) if exist_user is None: + current_app.logger.debug(f"Not exister user with this credentials : {username}") return jsonify("Not exister user with this credentials"), 400 access_token = create_access_token(identity=(username + " " + exist_user["uuid"])) + current_app.logger.debug(f"Access token generated for user {username} : {access_token}") cert_file = open("register_service/certs/ca_root.crt", 'rb') ca_root = cert_file.read() cert_file.close() + current_app.logger.debug(f"Returning the requested information...") + return jsonify(message="Token and CA root returned successfully", access_token=access_token, ca_root=ca_root.decode("utf-8"), @@ -67,7 +75,7 @@ class RegisterOperations: requests.delete(url, cert=("register_service/certs/superadmin.crt", "register_service/certs/superadmin.key"), verify="register_service/certs/ca_root.crt") mycol.delete_one({"uuid": uuid}) - + current_app.logger.debug(f"User with uuid {uuid} removed successfully") return jsonify(message="User removed successfully"), 204 except Exception as e: return jsonify(message=f"Errors when try remove user: {e}"), 500 -- GitLab From 737cb243588adeca2b2638797d687a8435fed64e Mon Sep 17 00:00:00 2001 From: Pelayo Torres Date: Tue, 25 Jun 2024 14:06:21 +0200 Subject: [PATCH 2/3] fix logs --- services/register/register_service/app.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/services/register/register_service/app.py b/services/register/register_service/app.py index 4dc2ded..1e38eda 100644 --- a/services/register/register_service/app.py +++ b/services/register/register_service/app.py @@ -7,7 +7,7 @@ import requests import json from config import Config from db.db import MongoDatabse - +import logging app = Flask(__name__) @@ -77,6 +77,7 @@ key_data = json.loads(response.text)["data"]["data"]["key"] # Create an Admin in the Admin Collection client = MongoDatabse() if not client.get_col_by_name(client.capif_admins).find_one({"admin_name": config["register"]["admin_users"]["admin_user"], "admin_pass": config["register"]["admin_users"]["admin_pass"]}): + print(f'Inserting Initial Admin admin_name: {config["register"]["admin_users"]["admin_user"]}, admin_pass: {config["register"]["admin_users"]["admin_pass"]}') client.get_col_by_name(client.capif_admins).insert_one({"admin_name": config["register"]["admin_users"]["admin_user"], "admin_pass": config["register"]["admin_users"]["admin_pass"]}) @@ -84,4 +85,6 @@ app.config['JWT_ALGORITHM'] = 'RS256' app.config['JWT_PRIVATE_KEY'] = key_data app.config['REGISTRE_SECRET_KEY'] = config["register"]["register_uuid"] +app.logger.setLevel(logging.DEBUG) + app.register_blueprint(register_routes) \ No newline at end of file -- GitLab From 66714ee527bb561b4965573d887466f44dfe05b8 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 26 Jun 2024 14:03:22 +0200 Subject: [PATCH 3/3] ocf.develop and ocf.validation --- helm/capif/values.yaml | 2 +- helm/vault-job/vault-job.yaml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/helm/capif/values.yaml b/helm/capif/values.yaml index b90d7b2..9ecc11e 100644 --- a/helm/capif/values.yaml +++ b/helm/capif/values.yaml @@ -44,4 +44,4 @@ mongo-register-express: # -- With mock-server.enabled: false. It won't be deployed mock-server: - enabled: false \ No newline at end of file + enabled: false diff --git a/helm/vault-job/vault-job.yaml b/helm/vault-job/vault-job.yaml index e30a394..84b247f 100644 --- a/helm/vault-job/vault-job.yaml +++ b/helm/vault-job/vault-job.yaml @@ -25,10 +25,10 @@ data: # to execute the next commands in vault # otherwise, if use the vault as dev's mode. Just # type the token's dev. - export VAULT_TOKEN="hvs.mn50Q8kpMuxsPUsCNlwQekCd" - export DOMAIN1=*.pre-prod.int - export DOMAIN2=*.staging.int - export DOMAIN3=*.developer.int + export VAULT_TOKEN="" + export DOMAIN1=*.ocf.pre-production + export DOMAIN2=*.ocf.validation + export DOMAIN3=*.ocf.develop # local domains # export DOMAIN4=*.pre-prod.svc.cluster.local @@ -175,7 +175,7 @@ data: openssl x509 -pubkey -noout -in server_certificate.crt.pem > server_certificate_pub.pem - #vault kv put secret/ca ca=@root_ca.crt.pem root_2023_ca.crt + #vault kv put secret/ca ca=@root_helm.pem root_2023_ca.crt #cat root_2023_ca.crt root_2023_ca.crt > ca.crt -- GitLab