Skip to content

Commit

Permalink
Merge pull request #516 from OpenC3/secrets_update
Browse files Browse the repository at this point in the history
Secrets update
  • Loading branch information
ryanmelt authored Feb 26, 2023
2 parents d0fb720 + 0d935dc commit a1e84e1
Show file tree
Hide file tree
Showing 15 changed files with 121 additions and 67 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -710,15 +710,20 @@ export default {
this.keyMap[indexString] = key
items.push([key, indexString])
})
OpenC3Auth.updateToken(OpenC3Auth.defaultMinValidity).then(() => {
this.subscription.perform('add', {
scope: window.openc3Scope,
token: localStorage.openc3Token,
items: items,
start_time: this.startDateTime,
end_time: this.endDateTime,
})
})
OpenC3Auth.updateToken(OpenC3Auth.defaultMinValidity).then(
(refreshed) => {
if (refreshed) {
OpenC3Auth.setTokens()
}
this.subscription.perform('add', {
scope: window.openc3Scope,
token: localStorage.openc3Token,
items: items,
start_time: this.startDateTime,
end_time: this.endDateTime,
})
}
)
},
received: function (data) {
this.cable.recordPing()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -437,16 +437,21 @@ export default {
}
return groups
}, {})
OpenC3Auth.updateToken(OpenC3Auth.defaultMinValidity).then(() => {
Object.keys(modeGroups).forEach((mode) => {
this.subscription.perform('add', {
scope: window.openc3Scope,
token: localStorage.openc3Token,
packets: modeGroups[mode].map(this.subscriptionKey),
...this.startEndTime,
OpenC3Auth.updateToken(OpenC3Auth.defaultMinValidity).then(
(refreshed) => {
if (refreshed) {
OpenC3Auth.setTokens()
}
Object.keys(modeGroups).forEach((mode) => {
this.subscription.perform('add', {
scope: window.openc3Scope,
token: localStorage.openc3Token,
packets: modeGroups[mode].map(this.subscriptionKey),
...this.startEndTime,
})
})
})
})
}
)
},
removePacketsFromSubscription: function (packets) {
packets = packets || this.allPackets
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1341,15 +1341,20 @@ export default {
theStartTime = this.graphStartDateTime
}
if (this.subscription) {
OpenC3Auth.updateToken(OpenC3Auth.defaultMinValidity).then(() => {
this.subscription.perform('add', {
scope: window.openc3Scope,
token: localStorage.openc3Token,
items: itemArray.map(this.subscriptionKey),
start_time: theStartTime,
end_time: this.graphEndDateTime,
})
})
OpenC3Auth.updateToken(OpenC3Auth.defaultMinValidity).then(
(refreshed) => {
if (refreshed) {
OpenC3Auth.setTokens()
}
this.subscription.perform('add', {
scope: window.openc3Scope,
token: localStorage.openc3Token,
items: itemArray.map(this.subscriptionKey),
start_time: theStartTime,
end_time: this.graphEndDateTime,
})
}
)
}
},
removeItems: function (itemArray) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
# All changes Copyright 2022, OpenC3, Inc.
# All Rights Reserved
#
# This file may also be used under the terms of a commercial license
# This file may also be used under the terms of a commercial license
# if purchased from OpenC3, Inc.
*/

Expand All @@ -29,7 +29,12 @@ const request = async function (
) {
if (!noAuth) {
try {
await OpenC3Auth.updateToken(OpenC3Auth.defaultMinValidity)
let refreshed = await OpenC3Auth.updateToken(
OpenC3Auth.defaultMinValidity
)
if (refreshed) {
OpenC3Auth.setTokens()
}
} catch (error) {
OpenC3Auth.login()
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
# All changes Copyright 2022, OpenC3, Inc.
# All Rights Reserved
#
# This file may also be used under the terms of a commercial license
# This file may also be used under the terms of a commercial license
# if purchased from OpenC3, Inc.
*/

Expand All @@ -36,7 +36,13 @@ axiosInstance.interceptors.response.use(
(error) => {
if (error.response) {
if (error.response.status === 401) {
OpenC3Auth.updateToken(OpenC3Auth.defaultMinValidity, true)
OpenC3Auth.updateToken(OpenC3Auth.defaultMinValidity, true).then(
function (refreshed) {
if (refreshed) {
OpenC3Auth.setTokens()
}
}
)
}
// Individual tools can set 'Ignore-Errors' to an error code
// they potentially expect, e.g. '500', in which case we ignore it
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,24 +33,29 @@ export default class Cable {
this._cable.disconnect()
}
createSubscription(channel, scope, callbacks = {}, additionalOptions = {}) {
return OpenC3Auth.updateToken(OpenC3Auth.defaultMinValidity).then(() => {
if (this._cable == null) {
let final_url =
this._url +
'?scope=' +
window.openc3Scope +
'&authorization=' +
localStorage.openc3Token
this._cable = ActionCable.createConsumer(final_url)
return OpenC3Auth.updateToken(OpenC3Auth.defaultMinValidity).then(
(refreshed) => {
if (refreshed) {
OpenC3Auth.setTokens()
}
if (this._cable == null) {
let final_url =
this._url +
'?scope=' +
window.openc3Scope +
'&authorization=' +
localStorage.openc3Token
this._cable = ActionCable.createConsumer(final_url)
}
return this._cable.subscriptions.create(
{
channel,
...additionalOptions,
},
callbacks
)
}
return this._cable.subscriptions.create(
{
channel,
...additionalOptions,
},
callbacks
)
})
)
}
recordPing() {
this._cable.connection.monitor.recordPing()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,10 +27,14 @@ export class OpenC3Api {

constructor() {}

// This is hacky Json-rpc for now. Should probably use a jsonrpc library.
async exec(method, params, kwparams = {}, headerOptions = {}) {
try {
await OpenC3Auth.updateToken(OpenC3Auth.defaultMinValidity)
let refreshed = await OpenC3Auth.updateToken(
OpenC3Auth.defaultMinValidity
)
if (refreshed) {
OpenC3Auth.setTokens()
}
} catch (error) {
OpenC3Auth.login()
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -227,7 +227,11 @@ export default {

// Check every minute if we need to update our token
setInterval(() => {
OpenC3Auth.updateToken(120)
OpenC3Auth.updateToken(120).then(function (refreshed) {
if (refreshed) {
OpenC3Auth.setTokens()
}
})
}, 60000)
}
)
Expand Down
4 changes: 4 additions & 0 deletions openc3/data/config/interface_modifiers.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -111,3 +111,7 @@ SECRET:
required: false
description: Interface option to pass the secret value
values: .*
- name: Secret Store Name
required: false
description: Name of the secret store for stores with multipart keys
values: .*
6 changes: 5 additions & 1 deletion openc3/data/config/microservice.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -102,10 +102,14 @@ MICROSERVICE:
required: true
description: The name of the secret to retrieve
values: .*
- name: Environment Variable of File Path
- name: Environment Variable or File Path
required: true
description: Environment variable name or file path to store secret
values: .*
- name: Secret Store Name
required: false
description: Name of the secret store for stores with multipart keys
values: .*
ROUTE_PREFIX:
summary: Prefix of route
description: Prefix of route to the microservice to expose externally with Traefik
Expand Down
7 changes: 5 additions & 2 deletions openc3/lib/openc3/models/interface_model.rb
Original file line number Diff line number Diff line change
Expand Up @@ -257,12 +257,15 @@ def handle_config(parser, keyword, parameters)
@log_raw = true

when 'SECRET'
parser.verify_num_parameters(3, 4, "#{keyword} <Secret Type: ENV or FILE> <Secret Name> <Environment Variable Name or File Path> <Option Name (Optional)>")
parser.verify_num_parameters(3, 5, "#{keyword} <Secret Type: ENV or FILE> <Secret Name> <Environment Variable Name or File Path> <Option Name (Optional)> <Secret Store Name (Optional)>")
@secrets << parameters[0..2]
if parameters[3]
if ConfigParser.handle_nil(parameters[3])
# Option Name, Secret Name
@secret_options << [parameters[3], parameters[1]]
end
if ConfigParser.handle_nil(parameters[4])
@secrets[-1] << parameters[4]
end

else
raise ConfigParser::Error.new(parser, "Unknown keyword and parameters for Interface/Router: #{keyword} #{parameters.join(" ")}")
Expand Down
8 changes: 6 additions & 2 deletions openc3/lib/openc3/models/microservice_model.rb
Original file line number Diff line number Diff line change
Expand Up @@ -192,8 +192,12 @@ def handle_config(parser, keyword, parameters)
parser.verify_num_parameters(1, 1, "#{keyword} <Container Image Name>")
@container = parameters[0]
when 'SECRET'
parser.verify_num_parameters(3, 3, "#{keyword} <Secret Type: ENV or FILE> <Secret Name> <Environment Variable Name or File Path>")
@secrets << parameters.dup
parser.verify_num_parameters(3, 4, "#{keyword} <Secret Type: ENV or FILE> <Secret Name> <Environment Variable Name or File Path> <Secret Store Name (Optional)>")
if ConfigParser.handle_nil(parameters[3])
@secrets << parameters.dup
else
@secrets << parameters[0..2]
end
when 'ROUTE_PREFIX'
parser.verify_num_parameters(1, 1, "#{keyword} <Route Prefix>")
@prefix = parameters[0]
Expand Down
4 changes: 2 additions & 2 deletions openc3/lib/openc3/operators/microservice_operator.rb
Original file line number Diff line number Diff line change
Expand Up @@ -60,8 +60,8 @@ def convert_microservice_to_process_definition(microservice_name, microservice_c
# Setup secrets for microservice
secrets = microservice_config["secrets"]
if secrets
secrets.each do |type, secret_name, env_name_or_path|
secret_value = @secrets.get(secret_name, scope: scope)
secrets.each do |type, secret_name, env_name_or_path, secret_store|
secret_value = @secrets.get(secret_name, secret_store: secret_store, scope: scope)
if secret_value
case type
when 'ENV'
Expand Down
8 changes: 4 additions & 4 deletions openc3/lib/openc3/utilities/redis_secrets.rb
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,11 @@

module OpenC3
class RedisSecrets < Secrets
def keys(scope:)
def keys(secret_store: nil, scope:)
SecretModel.names(scope: scope)
end

def get(key, scope:)
def get(key, secret_store: nil, scope:)
data = SecretModel.get(name: key, scope: scope)
if data
return data['value']
Expand All @@ -34,11 +34,11 @@ def get(key, scope:)
end
end

def set(key, value, scope:)
def set(key, value, secret_store: nil, scope:)
SecretModel.set( {name: key, value: value.to_s }, scope: scope)
end

def delete(key, scope:)
def delete(key, secret_store: nil, scope:)
model = SecretModel.get_model(name: key, scope: scope)
model.destroy if model
end
Expand Down
10 changes: 5 additions & 5 deletions openc3/lib/openc3/utilities/secrets.rb
Original file line number Diff line number Diff line change
Expand Up @@ -31,24 +31,24 @@ def self.getClient
klass.new
end

def keys(scope:)
def keys(secret_store: nil, scope:)
raise NotImplementedError, "#{self.class} has not implemented method '#{__method__}'"
end

def get(key, scope:)
def get(key, secret_store: nil, scope:)
return @local_secrets[key]
end

def set(key, value, scope:)
def set(key, value, secret_store: nil, scope:)
raise NotImplementedError, "#{self.class} has not implemented method '#{__method__}'"
end

def delete(key, scope:)
def delete(key, secret_store: nil, scope:)
raise NotImplementedError, "#{self.class} has not implemented method '#{__method__}'"
end

def setup(secrets)
secrets.each do |type, key, data|
secrets.each do |type, key, data, secret_store|
case type
when 'ENV'
@local_secrets[key] = ENV[data]
Expand Down

0 comments on commit a1e84e1

Please sign in to comment.