Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Auth Implementation #2926

Merged
merged 65 commits into from
Aug 23, 2022
Merged

New Auth Implementation #2926

merged 65 commits into from
Aug 23, 2022

Conversation

sgilbride
Copy link
Contributor

Description

These changes are the initial steps for decoupling auth features from the VOLTTRON platform. This would allow auth to be used when required, and remove the authentication/authorization layers from instances where they are not required.

In addition, auth is restructured to develop authorization and authentication base classes, with standardized APIs. This will help with future efforts to provide fully modular auth packages for specific message busses or use cases.

Type of change

  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How Has This Been Tested?

Testing is in progress

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

shwethanidd and others added 20 commits December 21, 2020 08:47
@shwethanidd
commented server, public and private key references
05a0e03
@shwethanidd
Merge branch 'develop' of https://github.com/VOLTTRON/volttron into n…
e7f84d2 
…on_auth_volttron
@shwethanidd
Fixed merge errors
65eb2f3
@shwethanidd
removed auth feature
e77a66f
Merge branch 'develop' of https://github.com/VOLTTRON/volttron into n…
f99941d 
…on_auth_volttron

# Conflicts:
#	volttron/platform/auth.py
#	volttron/platform/main.py
Resolved
@shwethanidd
Merge pull request #3 from sgilbride/non_auth_volttron
f39bcf1 
Updgrade Non-Auth VOLTTRON to 8.1.1
TEST_COMMIT auth and control refactor WIP
1ddeb02
Merge branch 'non_auth_volttron' of https://github.com/shwethanidd/vo…
63535bb 
…lttron into non_auth_volttron
WIP: Update to modular, simulation VOLTTRON
75078ce
moved list_agents around for debugging.
9778c2f
Modified list and status agents to properly use agent meta data for d…
de2fad4 
…isplay and not Agent instance.

Disabled auth subsystem in volttron agent.
Modified rpc subsystem to ignore auth requirements
b6269db
@shwethanidd
Adding multi threaded router
124ce3e
Moved key methods to zmq authorization
e2fabeb
Merge branch 'non_auth_volttron' of https://github.com/shwethanidd/vo…
df937a9 
…lttron into non_auth_volttron

Keeping main the same for now to avoid conflicts with multi-router.
Moved ZMQ Authorization functionality from core to ZMQAuthorization.
f7517d2 
TODO: Finish re-implementation of zap loop.
TODO: Update RMQ backwards compatibility with ZMQ through ZMQAuthorization
TODO: Rename auth_protocols
TODO: Read auth_enabled/version from config file correctly.
Added notes on changes to make.
e40b660
Began new client authentication implementation
a1544af
Merge branch 'develop' into non_auth_volttron
549dd03
Update to non-auth and modular auth for volttron.
c756037 
Added dataclasses for parameters.
Moved and restructured code to break out rmq and zmq, and provide standardized APIs where applicable.
@sgilbride sgilbride changed the title Non/Modular Auth Implementation New Auth Implementation Mar 16, 2022
@sgilbride sgilbride requested review from craig8, schandrika and shwethanidd and removed request for schandrika March 16, 2022 06:26
craig8
craig8 reviewed Mar 23, 2022
View reviewed changes
volttron/platform/auth/__init__.py Outdated
# PACIFIC NORTHWEST NATIONAL LABORATORY operated by
# BATTELLE for the UNITED STATES DEPARTMENT OF ENERGY
# under Contract DE-AC05-76RL01830
# }}}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider adding

# Only include things we want
___all__ = ["AuthEntry"]

# Don't expose where the "Real" class is located.
from volttron.platform.auth.auth_entry import AuthEntry

For all of these items.

gilb842 added 4 commits March 23, 2022 13:23
Added ZMQ/RMQ Client Authorization for Auth subsystem.
891ddc8 
Updated terminology in main/config.
Updated allow auth to be True by default.
Cleaned up some imports.
Merge remote-tracking branch 'upstream/develop' into non_auth_volttron
2d2034b
Updates to fix import issues.
31306ca
Removed initial non-auth tests.
35f3d0d 
Added handling for allow_auth and AUTH_ENABLED to manage use of auth in config file.
Minor code cleanup.
Removed deprecated connect_remote_platform from auth subsystem.
8bb0d26 
Added grequests.
Updated connection_params for build_remote_connection_params.
Fixed url_address missing from RMQConnectionAPI.
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 29, 2022
View reviewed changes
volttron/platform/auth/auth_protocols/auth_rmq.py
if cert_dir:
# remote cert file for agents will be in agent-data/remote-certs dir
certfile = os.path.join(cert_dir, os.path.basename(certfile))
_log.info("build_remote_connection_param: {}".format(certfile))

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

[Sensitive data (certificate)](1) is logged here. [Sensitive data (certificate)](2) is logged here. [Sensitive data (certificate)](3) is logged here. [Sensitive data (certificate)](2) is logged here.
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 8, 2022
View reviewed changes
volttron/platform/main.py Fixed Show fixed Hide fixed
@craig8 craig8 marked this pull request as ready for review August 8, 2022 17:27
@craig8 craig8 mentioned this pull request Aug 8, 2022
Closed
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 15, 2022
View reviewed changes
volttron/platform/vip/agent/core.py
destination_serverkey = serverkey

_log.debug(
"Connecting using: %s", get_fq_identity(self.identity)

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

[Sensitive data (password)](1) is logged here. [Sensitive data (password)](2) is logged here. [Sensitive data (password)](3) is logged here. [Sensitive data (password)](3) is logged here. [Sensitive data (password)](2) is logged here. [Sensitive data (password)](3) is logged here. [Sensitive data (password)](4) is logged here. [Sensitive data (password)](2) is logged here.
@craig8 craig8 merged commit 8dedf5d into VOLTTRON:develop Aug 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@craig8 craig8 craig8 left review comments

@shwethanidd shwethanidd Awaiting requested review from shwethanidd

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sgilbride @craig8 @shwethanidd @schandrika