-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secure communication with RE Manager using 0MQ API #147
Conversation
…Manager using ZMQ API
Any ideas on how to fix the linter?
|
@danielballan looked at this issue. His opinion was that it will be fixed at certain point and we should just run 'black' manually. |
It happens to all our projects that use 'black'. |
xref psf/black#2079 |
How about trying this solution meanwhile before the |
I agree with the majority of participants of the discussion at psf/black#2079 who are not planning to do any changes. There are no external contributors to this project yet. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like the idea of using a native encryption feature of 0MQ. I have concerns about passing the private key via CLI options but otherwise looks good.
Co-authored-by: Maksim Rakitin <mrakitin@users.noreply.github.com>
I think I applied all the recent suggestions in the latest commit. They are marked as outdated, but they are applied to the code. |
I also removed command-line options of setting encryption keys as potentially unsafe and also inconvenient. I also removed the description of the command-line options from the PR description. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. Suggested a few corrections, mostly in docstrings.
Co-authored-by: Maksim Rakitin <mrakitin@users.noreply.github.com>
Co-authored-by: Maksim Rakitin <mrakitin@users.noreply.github.com>
Co-authored-by: Maksim Rakitin <mrakitin@users.noreply.github.com>
Implementation of options to enable secure communication between clients and RE Manager via 0MQ channel. Security is enabled by turning on Curve-based encryption, which is built in 0MQ library.
A key pair may be generated by using CLI command
qserver-zmq-keys
to generate new keys:or a public key based on an existing private key:
Once the keys are generated, encryption may be enabled for RE Manager by setting the environment variable:
Encryption should be also enabled at the client side before client can communicate with RE Manager. All 0MQ API are now accepting the server public key as a parameter: constructors of classes
ZMQCommSendAsync
andZMQCommSendThreads
and functionzmq_single_request
accept additionalserver_public_key
parameter. The developer using API is responsible for passing the public key to API classes and functions.HTTP Server and
qserver
CLI clients are part ofbluesky-queueserver
package. Encryption for both clients can be enabled by settingQSERVER_ZMQ_PUBLIC_KEY
environment variable before starting HTTP server or runningqserver
CLI. For example, HTTP Server can be started asand
qserver
commands may be executed asThe PR addresses issue #146