Updated litmus installation yaml (#4757)

* Updated litmus installation yaml Signed-off-by: Saranya-jena <[email protected]> * Updated litmus installation yaml Signed-off-by: Saranya-jena <[email protected]> * Updated litmus installation yaml and envs Signed-off-by: Saranya-jena <[email protected]> * Update chaoscenter/manifests/litmus-installation.yaml Signed-off-by: Vedant Shrotria <[email protected]> * Update chaoscenter/manifests/litmus-installation.yaml Signed-off-by: Vedant Shrotria <[email protected]> * Updated tls logic Signed-off-by: Saranya-jena <[email protected]> * Updated tls logic Signed-off-by: Saranya-jena <[email protected]> * Updated tls logic Signed-off-by: Saranya-jena <[email protected]> * fixed tests Signed-off-by: Saranya-jena <[email protected]> * Updated litmus installation yaml and envs Signed-off-by: Saranya-jena <[email protected]> * Updated litmus installation yaml and envs Signed-off-by: Saranya-jena <[email protected]> --------- Signed-off-by: Saranya-jena <[email protected]> Signed-off-by: Vedant Shrotria <[email protected]> Co-authored-by: Vedant Shrotria <[email protected]>
litmuschaos · Jul 10, 2024 · b8de057 · b8de057
1 parent bd08cea
commit b8de057
Show file tree

Hide file tree

Showing 11 changed files with 605 additions and 160 deletions.
diff --git a/chaoscenter/authentication/api/handlers/rest/user_handlers_test.go b/chaoscenter/authentication/api/handlers/rest/user_handlers_test.go
@@ -511,8 +511,6 @@ func TestUpdatePassword(t *testing.T) {
 			c.Request.Header.Set("Content-Type", "application/json")
 			c.Set("username", tt.givenUsername)
 
-			utils.StrictPasswordPolicy = tt.givenStrictPassword
-
 			userPassword := entities.UserPassword{
 				Username:    tt.givenUsername,
 				OldPassword: "oldPass@123",

diff --git a/chaoscenter/authentication/api/main.go b/chaoscenter/authentication/api/main.go
@@ -133,13 +133,14 @@ func main() {
 
 	validatedAdminSetup(applicationService)
 
-	go runGrpcServer(applicationService)
 	if utils.EnableInternalTls {
-		if utils.CustomTlsCertPath != "" && utils.TlSKeyPath != "" {
+		if utils.TlsCertPath != "" && utils.TlSKeyPath != "" {
 			go runGrpcServerWithTLS(applicationService)
 		} else {
 			log.Fatalf("Failure to start chaoscenter authentication GRPC server due to empty TLS cert file path and TLS key path")
 		}
+	} else {
+		go runGrpcServer(applicationService)
 	}
 
 	runRestServer(applicationService)
@@ -196,33 +197,30 @@ func runRestServer(applicationService services.ApplicationService) {
 	routes.UserRouter(app, applicationService)
 	routes.ProjectRouter(app, applicationService)
 
-	log.Infof("Listening and serving HTTP on %s", utils.Port)
+	log.Infof("Listening and serving HTTP on %s", utils.RestPort)
 
 	if utils.EnableInternalTls {
-		log.Infof("Listening and serving HTTPS on %s", utils.PortHttps)
-		if utils.CustomTlsCertPath != "" && utils.TlSKeyPath != "" {
+		if utils.TlsCertPath != "" && utils.TlSKeyPath != "" {
 			conf := utils.GetTlsConfig()
-
 			server := http.Server{
-				Addr:      utils.PortHttps,
+				Addr:      utils.RestPort,
 				Handler:   app,
 				TLSConfig: conf,
 			}
-			log.Infof("Listening and serving HTTPS on %s", utils.Port)
-			go func() {
-				err := server.ListenAndServeTLS("", "")
-				if err != nil {
-					log.Fatalf("Failure to start litmus-portal authentication REST server due to %v", err)
-				}
-			}()
+			log.Infof("Listening and serving HTTPS on %s", utils.RestPort)
+			err := server.ListenAndServeTLS("", "")
+			if err != nil {
+				log.Fatalf("Failure to start litmus-portal authentication REST server due to %v", err)
+			}
 		} else {
 			log.Fatalf("Failure to start chaoscenter authentication REST server due to empty TLS cert file path and TLS key path")
 		}
-	}
-
-	err := app.Run(utils.Port)
-	if err != nil {
-		log.Fatalf("Failure to start litmus-portal authentication REST server due to %v", err)
+	} else {
+		log.Infof("Listening and serving HTTP on %s", utils.RestPort)
+		err := app.Run(utils.RestPort)
+		if err != nil {
+			log.Fatalf("Failure to start litmus-portal authentication REST server due to %v", err)
+		}
 	}
 }
 
@@ -246,7 +244,7 @@ func runGrpcServer(applicationService services.ApplicationService) {
 func runGrpcServerWithTLS(applicationService services.ApplicationService) {
 
 	// Starting gRPC server
-	lis, err := net.Listen("tcp", utils.GrpcPortHttps)
+	lis, err := net.Listen("tcp", utils.GrpcPort)
 	if err != nil {
 		log.Fatalf("Failure to start litmus-portal authentication server due to %s", err)
 	}

diff --git a/chaoscenter/authentication/pkg/utils/configs.go b/chaoscenter/authentication/pkg/utils/configs.go
@@ -18,21 +18,18 @@ var (
 	JWTExpiryDuration            = getEnvAsInt("JWT_EXPIRY_MINS", 1440)
 	OAuthJWTExpDuration          = getEnvAsInt("OAUTH_JWT_EXP_MINS", 5)
 	OAuthJwtSecret               = os.Getenv("OAUTH_SECRET")
-	StrictPasswordPolicy         = getEnvAsBool("STRICT_PASSWORD_POLICY", false)
 	DexEnabled                   = getEnvAsBool("DEX_ENABLED", false)
 	DexCallBackURL               = os.Getenv("DEX_OAUTH_CALLBACK_URL")
 	DexClientID                  = os.Getenv("DEX_OAUTH_CLIENT_ID")
 	DexClientSecret              = os.Getenv("DEX_OAUTH_CLIENT_SECRET")
 	DexOIDCIssuer                = os.Getenv("OIDC_ISSUER")
 	EnableInternalTls            = getEnvAsBool("ENABLE_INTERNAL_TLS", false)
-	CustomTlsCertPath            = os.Getenv("CUSTOM_TLS_CERT_PATH")
+	TlsCertPath                  = os.Getenv("TLS_CERT_PATH")
 	TlSKeyPath                   = os.Getenv("TLS_KEY_PATH")
-	CaCertPath                   = os.Getenv("CA_CERT_PATH")
+	CaCertPath                   = os.Getenv("CA_CERT_TLS_PATH")
+	RestPort                     = os.Getenv("REST_PORT")
+	GrpcPort                     = os.Getenv("GRPC_PORT")
 	DBName                       = "auth"
-	Port                         = ":3000"
-	PortHttps                    = ":3001"
-	GrpcPort                     = ":3030"
-	GrpcPortHttps                = ":3031"
 	UserCollection               = "users"
 	ProjectCollection            = "project"
 	AuthConfigCollection         = "auth-config"
@@ -77,7 +74,7 @@ func GetTlsConfig() *tls.Config {
 	}
 
 	// read server cert & key
-	serverCert, err := tls.LoadX509KeyPair(CustomTlsCertPath, TlSKeyPath)
+	serverCert, err := tls.LoadX509KeyPair(TlsCertPath, TlSKeyPath)
 	if err != nil {
 		log.Fatal(err)
 	}

diff --git a/chaoscenter/graphql/server/pkg/grpc/auth_grpc_client.go b/chaoscenter/graphql/server/pkg/grpc/auth_grpc_client.go
@@ -23,14 +23,14 @@ func GetAuthGRPCSvcClient(conn *grpc.ClientConn) (protos.AuthRpcServiceClient, *
 	}
 
 	if enableHTTPSConnection {
-		if utils.Config.ServerTlsCertPath != "" {
+		if utils.Config.TlsCertPath != "" && utils.Config.TlsKeyPath != "" {
 			// configuring TLS config based on provided certificates & keys
-			conf := utils.GetTlsConfig(utils.Config.ClientTlsCertPath, utils.Config.ClientTlsKeyPath, false)
+			conf := utils.GetTlsConfig(utils.Config.TlsCertPath, utils.Config.TlsKeyPath, false)
 
 			tlsCredential := credentials.NewTLS(conf)
 
 			// Set up a connection to the server.
-			conn, err = grpc.NewClient(utils.Config.LitmusAuthGrpcEndpoint+utils.Config.LitmusAuthGrpcPortHttps, grpc.WithTransportCredentials(tlsCredential))
+			conn, err = grpc.NewClient(utils.Config.LitmusAuthGrpcEndpoint+utils.Config.LitmusAuthGrpcPort, grpc.WithTransportCredentials(tlsCredential))
 			if err != nil {
 				logrus.Fatalf("did not connect: %v", err)
 			}

diff --git a/chaoscenter/graphql/server/server.go b/chaoscenter/graphql/server/server.go
@@ -109,13 +109,14 @@ func main() {
 		logrus.Errorf("unable to parse boolean value %v", err)
 	}
 
-	go startGRPCServer(utils.Config.RpcPort, mongodbOperator) // start GRPC serve
 	if enableHTTPSConnection {
-		if utils.Config.ServerTlsCertPath != "" && utils.Config.ServerTlsKeyPath != "" {
+		if utils.Config.TlsCertPath != "" && utils.Config.TlsKeyPath != "" {
 			go startGRPCServerWithTLS(mongodbOperator) // start GRPC serve
 		} else {
 			log.Fatalf("Failure to start chaoscenter authentication REST server due to empty TLS cert file path and TLS key path")
 		}
+	} else {
+		go startGRPCServer(utils.Config.GrpcPort, mongodbOperator) // start GRPC serve
 	}
 
 	srv := handler.New(generated.NewExecutableSchema(graph.NewConfig(mongodbOperator)))
@@ -169,28 +170,28 @@ func main() {
 	go projects.ProjectEvents(projectEventChannel, mongodb.MgoClient, mongodbOperator)
 
 	if enableHTTPSConnection {
-		log.Infof("graphql server running at https://localhost:%s", utils.Config.HttpsPort)
-		// configuring TLS config based on provided certificates & keys
-		conf := utils.GetTlsConfig(utils.Config.ServerTlsCertPath, utils.Config.ServerTlsKeyPath, true)
-
-		server := http.Server{
-			Addr:      ":" + utils.Config.HttpsPort,
-			Handler:   router,
-			TLSConfig: conf,
-		}
-		if utils.Config.ServerTlsCertPath != "" && utils.Config.ServerTlsKeyPath != "" {
-			go func() {
-				err := server.ListenAndServeTLS("", "")
-				if err != nil {
-					log.Fatalf("Failure to start litmus-portal graphql REST server due to %v", err)
-				}
-			}()
+		if utils.Config.TlsCertPath != "" && utils.Config.TlsKeyPath != "" {
+			log.Infof("graphql server running at https://localhost:%s", utils.Config.RestPort)
+			// configuring TLS config based on provided certificates & keys
+			conf := utils.GetTlsConfig(utils.Config.TlsCertPath, utils.Config.TlsKeyPath, true)
+
+			server := http.Server{
+				Addr:      ":" + utils.Config.RestPort,
+				Handler:   router,
+				TLSConfig: conf,
+			}
+			err := server.ListenAndServeTLS("", "")
+			if err != nil {
+				log.Fatalf("Failure to start litmus-portal graphql REST server due to %v", err)
+			}
+		} else {
+			log.Fatalf("Failure to start chaoscenter authentication GRPC server due to empty TLS cert file path and TLS key path")
 		}
+	} else {
+		log.Infof("graphql server running at http://localhost:%s", utils.Config.RestPort)
+		log.Fatal(http.ListenAndServe(":"+utils.Config.RestPort, router))
 	}
 
-	log.Infof("graphql server running at http://localhost:%s", utils.Config.HttpPort)
-	log.Fatal(http.ListenAndServe(":"+utils.Config.HttpPort, router))
-
 }
 
 // startGRPCServer initializes, registers services to and starts the gRPC server for RPC calls
@@ -213,13 +214,13 @@ func startGRPCServer(port string, mongodbOperator mongodb.MongoOperator) {
 // startGRPCServerWithTLS initializes, registers services to and starts the gRPC server for RPC calls
 func startGRPCServerWithTLS(mongodbOperator mongodb.MongoOperator) {
 
-	lis, err := net.Listen("tcp", ":"+utils.Config.RpcPortHttps)
+	lis, err := net.Listen("tcp", ":"+utils.Config.GrpcPort)
 	if err != nil {
 		log.Fatal("failed to listen: %w", err)
 	}
 
 	// configuring TLS config based on provided certificates & keys
-	conf := utils.GetTlsConfig(utils.Config.ServerTlsCertPath, utils.Config.ServerTlsKeyPath, true)
+	conf := utils.GetTlsConfig(utils.Config.TlsCertPath, utils.Config.TlsKeyPath, true)
 
 	// create tls credentials
 	tlsCredentials := credentials.NewTLS(conf)

diff --git a/chaoscenter/graphql/server/utils/config.go b/chaoscenter/graphql/server/utils/config.go
@@ -11,7 +11,7 @@ import (
 func GetTlsConfig(certPath string, keyPath string, isServerConfig bool) *tls.Config {
 
 	// read ca's cert, verify to client's certificate
-	caPem, err := os.ReadFile(Config.CaCertPath)
+	caPem, err := os.ReadFile(Config.CaCertTlsPath)
 	if err != nil {
 		log.Fatal(err)
 	}

diff --git a/chaoscenter/graphql/server/utils/variables.go b/chaoscenter/graphql/server/utils/variables.go
@@ -23,26 +23,21 @@ type Configuration struct {
 	TlsCertB64                  string   `split_words:"true"`
 	LitmusAuthGrpcEndpoint      string   `split_words:"true" default:"localhost"`
 	LitmusAuthGrpcPort          string   `split_words:"true" default:":3030"`
-	LitmusAuthGrpcPortHttps     string   `split_words:"true" default:":3031"`
 	KubeConfigFilePath          string   `split_words:"true"`
 	RemoteHubMaxSize            string   `split_words:"true"`
 	SkipSslVerify               string   `split_words:"true"`
-	HttpPort                    string   `split_words:"true" default:"8080"`
-	HttpsPort                   string   `split_words:"true" default:"8081"`
-	RpcPort                     string   `split_words:"true" default:"8000"`
-	RpcPortHttps                string   `split_words:"true" default:"8001"`
+	RestPort                    string   `split_words:"true" default:"8080"`
+	GrpcPort                    string   `split_words:"true" default:"8000"`
 	InfraCompatibleVersions     string   `required:"true" split_words:"true"`
 	DefaultHubGitURL            string   `required:"true" default:"https://github.com/litmuschaos/chaos-charts"`
 	DefaultHubBranchName        string   `required:"true" split_words:"true"`
 	CustomChaosHubPath          string   `split_words:"true" default:"/tmp/"`
 	DefaultChaosHubPath         string   `split_words:"true" default:"/tmp/default/"`
 	EnableGQLIntrospection      string   `split_words:"true" default:"false"`
 	EnableInternalTls           string   `split_words:"true" default:"false"`
-	ServerTlsCertPath           string   `split_words:"true"`
-	ServerTlsKeyPath            string   `split_words:"true"`
-	ClientTlsCertPath           string   `split_words:"true"`
-	ClientTlsKeyPath            string   `split_words:"true"`
-	CaCertPath                  string   `split_words:"true"`
+	TlsCertPath                 string   `split_words:"true"`
+	TlsKeyPath                  string   `split_words:"true"`
+	CaCertTlsPath               string   `split_words:"true"`
 	AllowedOrigins              []string `split_words:"true" default:"^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)localhost(:[0-9]+|)"`
 }