diff --git a/.github/workflows/container_creation.yml b/.github/workflows/container_creation.yml index f746f9a..2a9b42e 100755 --- a/.github/workflows/container_creation.yml +++ b/.github/workflows/container_creation.yml @@ -1,6 +1,6 @@ # This is a basic workflow to help you get started with Actions -name: PEP Engine BB Workflow +name: PEP Container Creation # Controls when the action will run. on: push @@ -27,14 +27,14 @@ jobs: with: python-version: 3.6.9 # Runs a set of commands using the runners shell - - name: Testing - run: | - sudo apt-get install jq python3-venv - pip install -r ./src/requirements.txt + # - name: Testing + # run: | + # sudo apt-get install jq python3-venv + # pip install -r ./src/requirements.txt # python3 ./src/main.py # Uncomment below if wanted Dockerhub Publication - # - name: Container Creation and Publishing - # run: ./gh_actions/containerCreation.sh um-pep-engine + - name: Container Creation + run: ./gh_actions/containerCreation.sh um-pep-engine # - name: Smoke and Acceptance Test # run: ./gh_actions/acceptanceTest.sh um-pep-engine 8080 7000 # - name: Release Container diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml index c465d5f..b8faef1 100755 --- a/.github/workflows/documentation.yml +++ b/.github/workflows/documentation.yml @@ -1,6 +1,6 @@ # This is a basic workflow to help you get started with Actions -name: PDP Engine Documentation +name: PEP Engine Documentation # Controls when the action will run. on: push diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 30e345d..953026e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,6 +1,6 @@ # This is a basic workflow to help you get started with Actions -name: CI +name: Sonar Scanner # Controls when the action will run. on: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index fe963c6..afc4dd5 100755 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,6 +1,6 @@ # This is a basic workflow to help you get started with Actions -name: PDP Engine Test Workflow +name: PEP Engine Test Workflow # Controls when the action will run. on: push @@ -32,12 +32,16 @@ jobs: - name: Create python env run: python3 -m venv env - name: Activate environment + run: source env/bin/activate + - name: Install requirements + run: pip3 install -r src/requirements.txt + - name: Run mongo container + run: sudo docker run -p 27017:27017 -d mongo + - name: Run main run: | - source env/bin/activate - pip install -r src/requirements.txt - # - name: Run main - # run: python src/main.py - # - name: Run tests Database - # run: python tests/test_database.py - # - name: Run tests PDP - # run: python tests/um_pdp_test.py + nohup python3 src/main.py & + sleep 1 + - name: Run tests Database + run: python tests/testMongo.py + # - name: Run tests PEP + # run: python tests/testPEPResources.py diff --git a/gh_actions/containerCreation.sh b/gh_actions/containerCreation.sh index cfd5f00..18d5676 100755 --- a/gh_actions/containerCreation.sh +++ b/gh_actions/containerCreation.sh @@ -13,7 +13,7 @@ buildTag=travis_$TRAVIS_BUILD_NUMBER # We use a temporary build number for taggi docker build -t eoepca/$1 . docker tag eoepca/$1 eoepca/$1:$buildTag -echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin +# echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin -docker push eoepca/$1:$buildTag # defaults to docker hub EOEPCA repo +# docker push eoepca/$1:$buildTag # defaults to docker hub EOEPCA repo diff --git a/src/blueprints/resources.py b/src/blueprints/resources.py index 4d4da7c..d12c51b 100644 --- a/src/blueprints/resources.py +++ b/src/blueprints/resources.py @@ -19,6 +19,8 @@ def get_resource_list(): logger.debug("Retrieving all registered resources...") #gets all resources registered on local DB custom_mongo = Mongo_Handler("resource_db", "resources") + + logger.info("==========No entiendo==========") resources = custom_mongo.get_all_resources() rpt = request.headers.get('Authorization') @@ -28,6 +30,7 @@ def get_resource_list(): uid = None try: head_protected = str(request.headers) + headers_protected = head_protected.split() uid = oidc_client.verify_uid_headers(headers_protected, "sub") if "NO TOKEN FOUND" in uid: @@ -42,6 +45,9 @@ def get_resource_list(): response.headers["Error"] = str(e) activity = {"Description":"No token found/error reading token: "+str(e)} logger.info(log_handler.format_message(subcomponent="RESOURCES",action_id="HTTP",action_type=request.method,log_code=2001,activity=activity)) + + activity = {"Error While passing the token: "+str(uid)} + logger.info(log_handler.format_message(subcomponent="RESOURCES",action_id="HTTP",action_type=request.method,log_code=2001,activity=activity)) return response if not uid: @@ -80,14 +86,20 @@ def get_resource_list(): def resource_creation(): logger.debug("Processing " + request.method + " resource request...") response = Response() + + logger.info("==========No entiendo==========") + uid = None #Inspect JWT token (UMA) or query OIDC userinfo endpoint (OAuth) for user id try: head_protected = str(request.headers) + logger.info("==========1 "+ head_protected+"==========") headers_protected = head_protected.split() - logger.debug(head_protected) + logger.info("==========2 "+ str(headers_protected)+" ==========") + uid = oidc_client.verify_uid_headers(headers_protected, "sub") - logger.debug(uid) + + logger.info("==========2 "+ uid+"==========") if "NO TOKEN FOUND" in uid: response.status_code = 401 response.headers["Error"] = 'no token passed!' diff --git a/src/config.py b/src/config.py index bc4cf8b..6f26873 100644 --- a/src/config.py +++ b/src/config.py @@ -121,7 +121,7 @@ def get_config(config_path: str): g_config["client_id"] = new_client["client_id"] g_config["client_secret"] = new_client["client_secret"] if use_env_var is False: - save_config("config/config.json", g_config) + save_config(config_path, g_config) else: os.environ["PEP_CLIENT_ID"] = new_client["client_id"] os.environ["PEP_CLIENT_SECRET"] = new_client["client_secret"] @@ -139,11 +139,13 @@ def get_default_resources(path: str): Loads Charts configuration file in addition with the alredy existent on the source path """ #Sets logger + dir_path = os.path.dirname(os.path.realpath(__file__)) + logger = logging.getLogger("PEP_ENGINE") g_config = {} # Global config objects g_config = load_config(path) - l_config = load_config("config/default-resources.json") + l_config = load_config(dir_path+"/config/default-resources.json") for k in l_config['default_resources']: if not any(d['resource_uri'] == k['resource_uri'] for d in g_config['default_resources']): g_config['default_resources'].append(k) diff --git a/src/config/config.json b/src/config/config.json index 18a81ea..dfba29b 100644 --- a/src/config/config.json +++ b/src/config/config.json @@ -1 +1 @@ -{"realm": "eoepca", "auth_server_url": "https://test.eoepca.org", "service_host": "0.0.0.0", "proxy_service_port": 5566, "resources_service_port": 5576, "s_margin_rpt_valid": 5, "check_ssl_certs": false, "use_threads": true, "debug_mode": true, "resource_server_endpoint": "http://eoepca-ades-core", "api_rpt_uma_validation": true, "rpt_limit_uses": 5, "pdp_url": "http://test.eoepca.org", "pdp_port": 5567, "pdp_policy_endpoint": "/policy/", "verify_signature": false} +{"realm": "eoepca", "auth_server_url": "https://test.185.52.193.87.nip.io/", "service_host": "0.0.0.0", "proxy_service_port": 5566, "resources_service_port": 5576, "s_margin_rpt_valid": 5, "check_ssl_certs": false, "use_threads": true, "debug_mode": true, "resource_server_endpoint": "http://eoepca-ades-core", "api_rpt_uma_validation": true, "rpt_limit_uses": 5, "pdp_url": "http://test.eoepca.org", "pdp_port": 5567, "pdp_policy_endpoint": "/policy/", "verify_signature": false, "default_resource_path": "config/default-resources.json", "client_id": "7a08eb39-5866-4a61-9f4e-a621a6e5bc33", "client_secret": "58fa394d-5bde-43e0-a1da-5dbfdd71f769"} \ No newline at end of file diff --git a/src/config/default-resources.json b/src/config/default-resources.json index 929bb6a..6226488 100644 --- a/src/config/default-resources.json +++ b/src/config/default-resources.json @@ -1,3 +1,5 @@ { - "default_resources": [] + "default_resources": [ + {"name": "Base Path", "description": "Base path for Open Access to PEP", "resource_uri": "/", "scopes": "public_access", "default_owner": "0000000000000"} + ] } diff --git a/src/handlers/oidc_handler.py b/src/handlers/oidc_handler.py index 40b25c5..412d704 100644 --- a/src/handlers/oidc_handler.py +++ b/src/handlers/oidc_handler.py @@ -7,6 +7,7 @@ from handlers.uma_handler import UMA_Handler, resource from handlers.uma_handler import rpt as class_rpt from config import load_config +import os, sys import logging import base64 import json @@ -50,6 +51,8 @@ def get_new_pat(self): def verify_JWT_token(self, token, key): try: + + self.logger.info("pues JWT decoding") header = str(token).split(".")[0] paddedHeader = header + '=' * (4 - len(header) % 4) decodedHeader = base64.b64decode(paddedHeader) @@ -64,12 +67,16 @@ def verify_JWT_token(self, token, key): decoded = decoded.decode('utf-8') decoded_str = json.loads(decoded) + self.logger.info("pues JWT decoding segundo check") if self.getVerificationConfig() == True: + self.logger.info("TRUE") if decoded_str_header['kid'] != "RSA1": + self.logger.info("TRUE2") verificator = JWT_Verification() result = verificator.verify_signature_JWT(token) else: #validate signature for rpt + self.logger.info("FALSE 2") rsajwk = RSAKey(kid="RSA1", key=import_rsa_key_from_file("config/public.pem")) dict_rpt_values = JWS().verify_compact(token, keys=[rsajwk], sigalg="RS256") @@ -83,7 +90,8 @@ def verify_JWT_token(self, token, key): raise Exception else: self.logger.debug("Signature verification is correct!") - + + self.logger.info("FALSE") user_value = None if decoded_str.get(key): user_value = decoded_str[key] @@ -114,6 +122,8 @@ def verify_OAuth_token(self, token, key): def verify_uid_headers(self, headers_protected, key): value = None token_protected = None + self.logger.info("entiendo? creo? wth") + #Retrieve the token from the headers for i in headers_protected: if 'Bearer' in str(i): @@ -122,8 +132,10 @@ def verify_uid_headers(self, headers_protected, key): if token_protected: #Compares between JWT id_token and OAuth access token to retrieve the requested key-value if len(str(token_protected))>40: + self.logger.info(str(token_protected)) value=self.verify_JWT_token(token_protected, key) else: + self.logger.info("entiendo? creo? what the fuuuck locl") value=self.verify_OAuth_token(token_protected, key) return value @@ -131,6 +143,10 @@ def verify_uid_headers(self, headers_protected, key): return 'NO TOKEN FOUND' def getVerificationConfig(self): - g_config = load_config("config/config.json") + self.logger.info("esto es el verify: ") + + dir_path = os.path.dirname(os.path.realpath(__file__)) + g_config = load_config(dir_path+"/../config/config.json") + self.logger.info("esto es el verify: "+ str(g_config['verify_signature'])) return g_config['verify_signature'] \ No newline at end of file diff --git a/src/main.py b/src/main.py index 5bfd9cb..e2a0193 100644 --- a/src/main.py +++ b/src/main.py @@ -32,15 +32,19 @@ import logging from handlers.log_handler import LogHandler +dir_path = os.path.dirname(os.path.realpath(__file__)) log_handler = LogHandler -log_handler.load_config("PEP", "./config/log_config.yaml") +log_handler.load_config("PEP", dir_path+"/config/log_config.yaml") logger = logging.getLogger("PEP_ENGINE") logger.info("==========Starting load config==========") ### INITIAL SETUP -g_config, g_wkh = get_config("config/config.json") +print(dir_path+"/config/config.json") +for x in os.listdir(dir_path+'/config/'): + print(x) +g_config, g_wkh = get_config(dir_path+"/config/config.json") #Load HTTP verb mapping -g_config = get_verb_config("config/verb_config.json", g_config) +g_config = get_verb_config(dir_path+"/config/verb_config.json", g_config) oidc_client = OIDCHandler(g_wkh, client_id = g_config["client_id"], @@ -55,7 +59,7 @@ #Default behavior is open_access #Creation of default resources try: - path = g_config["default_resource_path"] + path = dir_path+"/"+ g_config["default_resource_path"] kube_resources= get_default_resources(path) for k in kube_resources['default_resources']: id_res="" @@ -82,11 +86,11 @@ def generateRSAKeyPair(): private_key = _rsakey.exportKey() public_key = _rsakey.publickey().exportKey() - file_out = open("config/private.pem", "wb+") + file_out = open(dir_path+"/config/private.pem", "wb+") file_out.write(private_key) file_out.close() - file_out = open("config/public.pem", "wb+") + file_out = open(dir_path+"/config/public.pem", "wb+") file_out.write(public_key) file_out.close() @@ -104,8 +108,8 @@ def generateRSAKeyPair(): # SWAGGER initiation SWAGGER_URL = '/swagger-ui' # URL for exposing Swagger UI (without trailing '/') API_URL = "" # Our local swagger resource for PEP. Not used here as 'spec' parameter is used in config -SWAGGER_SPEC_PROXY = json.load(open("./static/swagger_pep_proxy_ui.json")) -SWAGGER_SPEC_RESOURCES = json.load(open("./static/swagger_pep_resources_ui.json")) +SWAGGER_SPEC_PROXY = json.load(open(dir_path+"/static/swagger_pep_proxy_ui.json")) +SWAGGER_SPEC_RESOURCES = json.load(open(dir_path+"/static/swagger_pep_resources_ui.json")) SWAGGER_APP_NAME = "Policy Enforcement Point Interfaces" swaggerui_proxy_blueprint = get_swaggerui_blueprint( diff --git a/src/requirements.txt b/src/requirements.txt index 67770e4..97573e4 100644 --- a/src/requirements.txt +++ b/src/requirements.txt @@ -6,7 +6,9 @@ requests==2.23.0 Flask==1.1.2 pyjwkest==1.4.2 pycrypto==2.6.1 +PyCryptodome pymongo mock +pytest==6.2.4 flask-swagger-ui==3.36.0 pyyaml \ No newline at end of file diff --git a/tests/testMongo.py b/tests/testMongo.py index e6c147d..01875ae 100644 --- a/tests/testMongo.py +++ b/tests/testMongo.py @@ -1,7 +1,11 @@ #!/usr/bin/env python3 import pymongo from pymongo import MongoClient -from src.handlers.mongo_handler import Mongo_Handler +import os, sys +sys.path.insert(0, '../src') +dir_path = os.path.dirname(os.path.realpath(__file__)) +sys.path.append(dir_path+'/../src/') +from handlers.mongo_handler import Mongo_Handler import pytest import unittest import mock @@ -55,7 +59,7 @@ def test_mongo(self, mock_test,raise_for_status=None): if raise_for_status: mock_resp.raise_for_status.side_effect = raise_for_status mongo = Mongo_Handler("resource_db", "resources") - self.assertEqual(str(mongo)[:-16], '