From 622b0c593248bc51a5966c2bbae7c8eccfc9244d Mon Sep 17 00:00:00 2001 From: Maia Iyer Date: Mon, 10 Jul 2023 13:42:30 -0400 Subject: [PATCH 1/3] Fix HTTP/HTTPs config errors Signed-off-by: Maia Iyer --- docs/conf/agent/base.conf | 5 ++--- docs/conf/agent/full.conf | 26 ++++++++------------------ docs/config-tornjak-server.md | 18 +++++------------- docs/quickstart/tornjak-configmap.yaml | 4 ++-- tornjak-backend/api/agent/server.go | 12 ++---------- tornjak-backend/api/agent/types.go | 4 ++-- 6 files changed, 21 insertions(+), 48 deletions(-) diff --git a/docs/conf/agent/base.conf b/docs/conf/agent/base.conf index d13163dc..23e0bf57 100644 --- a/docs/conf/agent/base.conf +++ b/docs/conf/agent/base.conf @@ -3,10 +3,9 @@ server { # here, set to default SPIRE socket path spire_socket_path = "unix:///tmp/spire-server/private/api.sock" - # configure HTTP connection to Tornjak server + # [required] configure HTTP connection to Tornjak server http { - enabled = true - port = 10000 # opens at port 10000 + port = 10080 # opens at port 10000 } } diff --git a/docs/conf/agent/full.conf b/docs/conf/agent/full.conf index 0489b055..c41e2ddd 100644 --- a/docs/conf/agent/full.conf +++ b/docs/conf/agent/full.conf @@ -8,27 +8,17 @@ server { # The server can open multiple if multiple sections included # The server only ends when all connections error - # configure HTTP connection to Tornjak server + # [required] configure HTTP connection to Tornjak server http { - enabled = true - port = 10000 # container port for HTTP connection + port = 10080 # container port for HTTP connection } - # configure TLS connection to Tornjak server - tls { - enabled = true - port = 20000 # container port for TLS connection - cert = "sample-keys/tls.pem" # TLS cert - key = "sample-keys/key.pem" # TLS key - } - - # configure mTLS connection to Tornjak server - mtls { - enabled = true - port = 30000 # container port for mTLS connection - cert = "sample-keys/tls.pem" # mTLS cert - key = "sample-keys/key.pem" # mTLS key - ca = "sample-keys/rootCA.pem" # mTLS CA + # [optional, recommended] configure HTTPS connection to Tornjak server + https { + port = 10443 # [required] container port for HTTPS connection + cert = "sample-keys/tls.pem" # [required] TLS cert + key = "sample-keys/key.pem" # [required] TLS key + ca = "sample-keys/rootCA.pem" # enables mTLS connection for HTTPS port } ### END SERVER CONNECTION CONFIGURATION ### diff --git a/docs/config-tornjak-server.md b/docs/config-tornjak-server.md index 64cb3a6a..354f96ff 100644 --- a/docs/config-tornjak-server.md +++ b/docs/config-tornjak-server.md @@ -41,25 +41,17 @@ server { spire_socket_path = "unix:///tmp/spire-server/private/api.sock" # socket to communicate with SPIRE server - http { - enabled = true # if true, opens HTTP. if false, no HTTP connection opened - port = "10000" # if HTTP enabled, opens HTTP listen port at container port 10000 + http { # required block + port = 10080 # if HTTP enabled, opens HTTP listen port at container port 10000 } - tls { - enabled = true # if true, opens TLS. if false, no TLS connection opened - port = "20000" # if enabled, opens TLS listen port at container port 20000 + https { + port = 10443 # if enabled, opens TLS listen port at container port 20000 cert = "sample-keys/tls.pem" # path of certificate for TLS key = "sample-keys/key.pem" # path of keys for TLS + ca = "sample-keys/rootCA.pem" } - mtls { - enabled = true # if true, opens mTLS. if false, no mTLS connection opened - port = "30000" # if enabled, opens mTLS listen port at container port 30000 - cert = "sample-keys/tls.pem" # path of certificate for mTLS - key = "sample-keys/key.pem" # path of keys for mTLS - ca = "sample-keys/rootCA.pem" # path of CA for mTLS - } } ``` diff --git a/docs/quickstart/tornjak-configmap.yaml b/docs/quickstart/tornjak-configmap.yaml index 23036d09..de47213a 100644 --- a/docs/quickstart/tornjak-configmap.yaml +++ b/docs/quickstart/tornjak-configmap.yaml @@ -13,9 +13,9 @@ data: # configure HTTP connection to Tornjak server http { - enabled = true - port = 10000 # opens at port 10000 + port = 10080 # opens at port 10000 } + } plugins { diff --git a/tornjak-backend/api/agent/server.go b/tornjak-backend/api/agent/server.go index 6fe7437e..16d3802f 100644 --- a/tornjak-backend/api/agent/server.go +++ b/tornjak-backend/api/agent/server.go @@ -622,8 +622,8 @@ func (s *Server) HandleRequests() { log.Print("WARNING: Please consider configuring HTTPS to ensure traffic is running on encrypted endpoint!") } + numPorts = 1 go func() { - numPorts += 1 addr := fmt.Sprintf(":%d", serverConfig.HTTPConfig.ListenPort) fmt.Printf("Starting to listen on %s...\n", addr) err := http.ListenAndServe(addr, httpHandler) @@ -633,8 +633,8 @@ func (s *Server) HandleRequests() { }() if serverConfig.HTTPSConfig != nil { + numPorts += 1 go func() { - numPorts += 1 if serverConfig.HTTPSConfig.ListenPort == 0 { serverConfig.HTTPSConfig.ListenPort = 443 } @@ -707,8 +707,6 @@ func NewAgentsDB(dbPlugin *ast.ObjectItem) (agentdb.AgentDB, error) { return nil, errors.New("Required DataStore plugin not configured") } - fmt.Printf("DATASTORE KEY AND DATA: %s , %+v\n", key, data) - switch key { case "sql": // check if data is defined @@ -822,11 +820,7 @@ func (s *Server) Configure() error { // iterate over plugin list - fmt.Printf("pluginlist: %+v\n", pluginList.Items) - for _, pluginObject := range pluginList.Items { - fmt.Printf("pluginItem: %+v\n", pluginObject) - if len(pluginObject.Keys) != 2 { return fmt.Errorf("plugin item expected to have two keys (type then name)") } @@ -836,8 +830,6 @@ func (s *Server) Configure() error { return fmt.Errorf("invalid plugin type key %q: %w", pluginObject.Keys[0].Token.Text, err) } - fmt.Printf("pluginType: %s\n", pluginType) - // create plugin component based on type switch pluginType { // configure datastore diff --git a/tornjak-backend/api/agent/types.go b/tornjak-backend/api/agent/types.go index e332ddb1..39acada2 100644 --- a/tornjak-backend/api/agent/types.go +++ b/tornjak-backend/api/agent/types.go @@ -38,8 +38,8 @@ type HTTPConfig struct { } type HTTPSConfig struct { - *HTTPConfig - TLS TLSConfig `hcl:"tls"` + ListenPort int `hcl:"port"` + TLS TLSConfig `hcl:"tls"` } type TLSConfig struct { From 9beb8558e7cb134a1f4bb67f98594977c7f97cd9 Mon Sep 17 00:00:00 2001 From: Maia Iyer Date: Mon, 10 Jul 2023 14:00:59 -0400 Subject: [PATCH 2/3] Apply suggestions from code review Signed-off-by: Maia Iyer Co-authored-by: Mariusz Sabath Signed-off-by: Maia Iyer --- docs/conf/agent/base.conf | 2 +- docs/config-tornjak-server.md | 6 +++--- docs/quickstart/tornjak-configmap.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/conf/agent/base.conf b/docs/conf/agent/base.conf index 23e0bf57..586d41b5 100644 --- a/docs/conf/agent/base.conf +++ b/docs/conf/agent/base.conf @@ -5,7 +5,7 @@ server { # [required] configure HTTP connection to Tornjak server http { - port = 10080 # opens at port 10000 + port = 10080 # opens at port 10080 } } diff --git a/docs/config-tornjak-server.md b/docs/config-tornjak-server.md index 354f96ff..c534f801 100644 --- a/docs/config-tornjak-server.md +++ b/docs/config-tornjak-server.md @@ -42,14 +42,14 @@ server { spire_socket_path = "unix:///tmp/spire-server/private/api.sock" # socket to communicate with SPIRE server http { # required block - port = 10080 # if HTTP enabled, opens HTTP listen port at container port 10000 + port = 10080 # if HTTP enabled, opens HTTP listen port at container port 10080 } https { - port = 10443 # if enabled, opens TLS listen port at container port 20000 + port = 10443 # if enabled, opens HTTPS listen port at container port 10443 cert = "sample-keys/tls.pem" # path of certificate for TLS key = "sample-keys/key.pem" # path of keys for TLS - ca = "sample-keys/rootCA.pem" + ca = "sample-keys/userCA.pem" # [optional, enables mTLS] User CA } } diff --git a/docs/quickstart/tornjak-configmap.yaml b/docs/quickstart/tornjak-configmap.yaml index de47213a..82c957c3 100644 --- a/docs/quickstart/tornjak-configmap.yaml +++ b/docs/quickstart/tornjak-configmap.yaml @@ -13,7 +13,7 @@ data: # configure HTTP connection to Tornjak server http { - port = 10080 # opens at port 10000 + port = 10080 # opens at port 10080 } } From 9b1054baa2ff7f29ed7713383a082234de20dff6 Mon Sep 17 00:00:00 2001 From: Maia Iyer Date: Mon, 10 Jul 2023 14:05:04 -0400 Subject: [PATCH 3/3] Apply suggestions from code review Co-authored-by: Mariusz Sabath Signed-off-by: Maia Iyer --- docs/conf/agent/full.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/conf/agent/full.conf b/docs/conf/agent/full.conf index c41e2ddd..c8d77799 100644 --- a/docs/conf/agent/full.conf +++ b/docs/conf/agent/full.conf @@ -15,9 +15,9 @@ server { # [optional, recommended] configure HTTPS connection to Tornjak server https { - port = 10443 # [required] container port for HTTPS connection - cert = "sample-keys/tls.pem" # [required] TLS cert - key = "sample-keys/key.pem" # [required] TLS key + port = 10443 # [required for HTTPS] container port for HTTPS connection + cert = "sample-keys/tls.pem" # [required for HTTPS] TLS cert + key = "sample-keys/key.pem" # [required for HTTPS] TLS key ca = "sample-keys/rootCA.pem" # enables mTLS connection for HTTPS port }