Added env based support for HTTPS connection

chaoscenter/authentication/api/main.go

@@ -3,8 +3,10 @@ package main
 import (
 	"flag"
 	"fmt"
+	"google.golang.org/grpc/credentials"
 	"net"
 	"runtime"
+	"strconv"
 	"time"
 
 	grpcHandler "github.com/litmuschaos/litmus/chaoscenter/authentication/api/handlers/grpc"
@@ -114,7 +116,21 @@ func main() {
 
 	validatedAdminSetup(applicationService)
 
-	go runGrpcServer(applicationService)
+	enableHTTPSConnection, err := strconv.ParseBool(utils.EnableHTTPSConnection)
+	if err != nil {
+		log.Errorf("unable to parse boolean value %v", err)
+	}
+
+	if enableHTTPSConnection {
+		if utils.CustomTlsCert != "" && utils.TlSKey != "" {
+			go runGrpcServerWithTLS(applicationService)
+		} else {
+			log.Fatalf("Failure to start chaoscenter authentication REST server due to empty TLS cert file path and TLS key path")
+		}
+	} else {
+		go runGrpcServer(applicationService)
+	}
+
 	runRestServer(applicationService)
 }
 
@@ -172,10 +188,27 @@ func runRestServer(applicationService services.ApplicationService) {
 	routes.ProjectRouter(app, applicationService)
 	routes.CapabilitiesRouter(app)
 
-	log.Infof("Listening and serving HTTP on %s", utils.Port)
-	err := app.Run(utils.Port)
+	enableHTTPSConnection, err := strconv.ParseBool(utils.EnableHTTPSConnection)
 	if err != nil {
-		log.Fatalf("Failure to start litmus-portal authentication REST server due to %v", err)
+		log.Errorf("unable to parse boolean value %v", err)
+	}
+
+	if enableHTTPSConnection {
+		if utils.CustomTlsCert != "" && utils.TlSKey != "" {
+			log.Infof("Listening and serving HTTPS on %s", utils.Port)
+			err := app.RunTLS(utils.Port, utils.CustomTlsCert, utils.TlSKey)
+			if err != nil {
+				log.Fatalf("Failure to start litmus-portal authentication REST server due to %v", err)
+			}
+		} else {
+			log.Fatalf("Failure to start chaoscenter authentication REST server due to empty TLS cert file path and TLS key path")
+		}
+	} else {
+		log.Infof("Listening and serving HTTP on %s", utils.Port)
+		err := app.Run(utils.Port)
+		if err != nil {
+			log.Fatalf("Failure to start litmus-portal authentication REST server due to %v", err)
+		}
 	}
 }
 
@@ -195,3 +228,27 @@ func runGrpcServer(applicationService services.ApplicationService) {
 		log.Fatalf("Failure to start litmus-portal authentication GRPC server due to %v", err)
 	}
 }
+
+func runGrpcServerWithTLS(applicationService services.ApplicationService) {
+	// Starting gRPC server
+	lis, err := net.Listen("tcp", utils.GrpcPort)
+	if err != nil {
+		log.Fatalf("Failure to start litmus-portal authentication server due to %s", err)
+	}
+
+	// Load TLS credentials
+	creds, err := credentials.NewServerTLSFromFile(utils.CustomTlsCert, utils.TlSKey)
+	if err != nil {
+		log.Fatalf("failed to create credentials: %v", err)
+	}
+
+	grpcApplicationServer := grpcHandler.ServerGrpc{ApplicationService: applicationService}
+	grpcServer := grpc.NewServer(grpc.Creds(creds))
+	grpcPresenter.RegisterAuthRpcServiceServer(grpcServer, &grpcApplicationServer)
+
+	log.Infof("Listening and serving gRPC on %s with TLS", utils.GrpcPort)
+	err = grpcServer.Serve(lis)
+	if err != nil {
+		log.Fatalf("Failure to start litmus-portal authentication GRPC server due to %v", err)
+	}
+}

chaoscenter/authentication/pkg/utils/configs.go

@@ -21,6 +21,9 @@ var (
 	DexClientID                  = os.Getenv("DEX_OAUTH_CLIENT_ID")
 	DexClientSecret              = os.Getenv("DEX_OAUTH_CLIENT_SECRET")
 	DexOIDCIssuer                = os.Getenv("OIDC_ISSUER")
+	EnableHTTPSConnection        = os.Getenv("ENABLE_HTTPS_CONNECTION")
+	CustomTlsCert                = os.Getenv("CUSTOM_TLS_CERT")
+	TlSKey                       = os.Getenv("TLS_KEY")
 	DBName                       = "auth"
 	Port                         = ":3000"
 	GrpcPort                     = ":3030"

chaoscenter/graphql/server/pkg/grpc/auth_grpc_client.go

@@ -3,6 +3,8 @@ package grpc
 import (
 	"context"
 	"errors"
+	"google.golang.org/grpc/credentials"
+	"strconv"
 
 	"github.com/litmuschaos/litmus/chaoscenter/graphql/server/protos"
 	"github.com/litmuschaos/litmus/chaoscenter/graphql/server/utils"
@@ -13,10 +15,34 @@ import (
 
 // GetAuthGRPCSvcClient returns an RPC client for Authentication service
 func GetAuthGRPCSvcClient(conn *grpc.ClientConn) (protos.AuthRpcServiceClient, *grpc.ClientConn) {
-	conn, err := grpc.Dial(utils.Config.LitmusAuthGrpcEndpoint+utils.Config.LitmusAuthGrpcPort, grpc.WithBlock(), grpc.WithInsecure())
+
+	enableHTTPSConnection, err := strconv.ParseBool(utils.Config.EnableHTTPSConnection)
 	if err != nil {
-		logrus.Fatalf("did not connect: %s", err)
+		logrus.Errorf("unable to parse boolean value %v", err)
+	}
+
+	if enableHTTPSConnection {
+		if utils.Config.CustomTlsCert != "" {
+			// Create tls based credential.
+			creds, err := credentials.NewClientTLSFromFile(utils.Config.CustomTlsCert, "")
+			if err != nil {
+				logrus.Fatalf("failed to load credentials: %v", err)
+			}
+			// Set up a connection to the server.
+			conn, err = grpc.NewClient(utils.Config.LitmusAuthGrpcEndpoint+utils.Config.LitmusAuthGrpcPort, grpc.WithTransportCredentials(creds))
+			if err != nil {
+				logrus.Fatalf("did not connect: %v", err)
+			}
+		} else {
+			logrus.Fatalf("Failure to start chaoscenter authentication REST server due to empty TLS cert file path and TLS key path")
+		}
+	} else {
+		conn, err = grpc.Dial(utils.Config.LitmusAuthGrpcEndpoint+utils.Config.LitmusAuthGrpcPort, grpc.WithBlock(), grpc.WithInsecure())
+		if err != nil {
+			logrus.Fatalf("did not connect: %s", err)
+		}
 	}
+
 	return protos.NewAuthRpcServiceClient(conn), conn
 }
 

chaoscenter/graphql/server/server.go

@@ -1,6 +1,7 @@
 package main
 
 import (
+	"google.golang.org/grpc/credentials"
 	"strconv"
 
 	"github.com/gin-contrib/cors"
@@ -106,7 +107,21 @@ func main() {
 	if err := validateVersion(); err != nil {
 		log.Fatal(err)
 	}
-	go startGRPCServer(utils.Config.RpcPort, mongodbOperator) // start GRPC serve
+
+	enableHTTPSConnection, err := strconv.ParseBool(utils.Config.EnableHTTPSConnection)
+	if err != nil {
+		logrus.Errorf("unable to parse boolean value %v", err)
+	}
+
+	if enableHTTPSConnection {
+		if utils.Config.CustomTlsCert != "" && utils.Config.TlSKey != "" {
+			go startGRPCServer(utils.Config.RpcPort, mongodbOperator) // start GRPC serve
+		} else {
+			log.Fatalf("Failure to start chaoscenter authentication REST server due to empty TLS cert file path and TLS key path")
+		}
+	} else {
+		go startGRPCServerWithTLS(utils.Config.RpcPort, mongodbOperator) // start GRPC serve
+	}
 
 	srv := handler.New(generated.NewExecutableSchema(graph.NewConfig(mongodbOperator)))
 	srv.AddTransport(transport.POST{})
@@ -148,8 +163,15 @@ func main() {
 	projectEventChannel := make(chan string)
 	go projects.ProjectEvents(projectEventChannel, mongodb.MgoClient, mongodbOperator)
 
-	log.Infof("chaos manager running at http://localhost:%s", utils.Config.HttpPort)
-	log.Fatal(http.ListenAndServe(":"+utils.Config.HttpPort, router))
+	log.Infof("graphql server running at http://localhost:%s", utils.Config.HttpPort)
+	if enableHTTPSConnection {
+		if utils.Config.CustomTlsCert != "" && utils.Config.TlSKey != "" {
+			log.Fatal(http.ListenAndServeTLS(":"+utils.Config.HttpPort, utils.Config.CustomTlsCert, utils.Config.TlSKey, router))
+		}
+	} else {
+		log.Fatal(http.ListenAndServe(":"+utils.Config.HttpPort, router))
+	}
+
 }
 
 // startGRPCServer initializes, registers services to and starts the gRPC server for RPC calls
@@ -168,3 +190,26 @@ func startGRPCServer(port string, mongodbOperator mongodb.MongoOperator) {
 	log.Infof("GRPC server listening on %v", lis.Addr())
 	log.Fatal(grpcServer.Serve(lis))
 }
+
+// startGRPCServerWithTLS initializes, registers services to and starts the gRPC server for RPC calls
+func startGRPCServerWithTLS(port string, mongodbOperator mongodb.MongoOperator) {
+	lis, err := net.Listen("tcp", ":"+port)
+	if err != nil {
+		log.Fatal("failed to listen: %w", err)
+	}
+
+	// Load TLS credentials
+	creds, err := credentials.NewServerTLSFromFile(utils.Config.CustomTlsCert, utils.Config.TlSKey)
+	if err != nil {
+		log.Fatalf("failed to create credentials: %v", err)
+	}
+
+	grpcServer := grpc.NewServer(grpc.Creds(creds))
+
+	// Register services
+
+	pb.RegisterProjectServer(grpcServer, &projects.ProjectServer{Operator: mongodbOperator})
+
+	log.Infof("GRPC server listening on %v", lis.Addr())
+	log.Fatal(grpcServer.Serve(lis))
+}

chaoscenter/graphql/server/utils/variables.go

@@ -44,6 +44,9 @@ type Configuration struct {
 	CustomChaosHubPath          string `split_words:"true" default:"/tmp/"`
 	DefaultChaosHubPath         string `split_words:"true" default:"/tmp/default/"`
 	EnableGQLIntrospection      string `split_words:"true" default:"false"`
+	EnableHTTPSConnection       string `required:"true" split_words:"true" default:"false"`
+	CustomTlsCert               string `split_words:"true"`
+	TlSKey                      string `split_words:"true"`
 }
 
 var Config Configuration