final iteration of the MEDINA security assessment

cmd/assessment/assessment.go

@@ -25,31 +25,23 @@
 //
 // This file is part of the MEDINA Framework.
 
-
 package main
 
 import (
 	"assessment"
 	"context"
-	"errors"
 	"fmt"
-	"net"
 	"net/http"
 	"os"
 
-	api_assessment "clouditor.io/clouditor/api/assessment"
 	"clouditor.io/clouditor/logging/formatter"
-	"clouditor.io/clouditor/rest"
-	"clouditor.io/clouditor/service"
+	server_clouditor "clouditor.io/clouditor/server"
+	"clouditor.io/clouditor/server/rest"
+
 	"golang.org/x/oauth2/clientcredentials"
 	"google.golang.org/grpc"
-	"google.golang.org/grpc/reflection"
 
 	service_assessment "clouditor.io/clouditor/service/assessment"
-	grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware"
-	grpc_auth "github.com/grpc-ecosystem/go-grpc-middleware/auth"
-	grpc_logrus "github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus"
-	grpc_ctxtags "github.com/grpc-ecosystem/go-grpc-middleware/tags"
 
 	"github.com/sirupsen/logrus"
 )
@@ -106,6 +98,10 @@ func init() {
 }
 
 func main() {
+	var (
+		err error
+	)
+
 	log.Logger.Formatter = formatter.CapitalizeFormatter{
 		Formatter: &logrus.TextFormatter{
 			ForceColors:   false,
@@ -128,30 +124,6 @@ func main() {
 	log.Infof("Orchestrator URL is set to %s", orchestratorUrl)
 	log.Infof("Evidence Store URL is set to %s", evidenceStoreUrl)
 
-	grpcLogger := logrus.New()
-	grpcLogger.Formatter = &formatter.GRPCFormatter{TextFormatter: logrus.TextFormatter{ForceColors: true}}
-	grpcLoggerEntry := grpcLogger.WithField("component", "grpc")
-
-	// create a new socket for gRPC communication
-	sock, err := net.Listen("tcp", fmt.Sprintf(":%d", grpcPort))
-	if err != nil {
-		log.Errorf("could not listen: %v", err)
-	}
-
-	authConfig := service.ConfigureAuth(service.WithJWKSURL(jwksURL))
-	defer authConfig.Jwks.EndBackground()
-
-	server = grpc.NewServer(
-		grpc_middleware.WithUnaryServerChain(
-			grpc_ctxtags.UnaryServerInterceptor(grpc_ctxtags.WithFieldExtractor(grpc_ctxtags.CodeGenRequestFieldExtractor)),
-			grpc_logrus.UnaryServerInterceptor(grpcLoggerEntry),
-			grpc_auth.UnaryServerInterceptor(authConfig.AuthFunc),
-		),
-		grpc_middleware.WithStreamServerChain(
-			grpc_ctxtags.StreamServerInterceptor(grpc_ctxtags.WithFieldExtractor(grpc_ctxtags.CodeGenRequestFieldExtractor)),
-			grpc_logrus.StreamServerInterceptor(grpcLoggerEntry),
-			grpc_auth.StreamServerInterceptor(authConfig.AuthFunc),
-		))
 	// Create security assessment service with orchestrator and evidence store URL
 	assessmentService = service_assessment.NewService(
 		service_assessment.WithOAuth2Authorizer(&config),
@@ -159,30 +131,37 @@ func main() {
 		service_assessment.WithEvidenceStoreAddress(evidenceStoreUrl),
 	)
 
-	log.Debugf("AssessmentService: %v", assessmentService)
-	api_assessment.RegisterAssessmentServer(server, assessmentService)
-
-	// enable reflection, primary for testing in early stages
-	reflection.Register(server)
-
-	// start the gRPC-HTTP gateway
-	go func() {
-		err = rest.RunServer(context.Background(), grpcPort, httpPort)
-		if errors.Is(err, http.ErrServerClosed) {
-			os.Exit(0)
-			return
-		}
+	log.Infof("Starting gRPC endpoint on :%d", grpcPort)
 
+	// Add grpc opts
+	grpcOpts := []grpc.ServerOption{
+		// Add max grpc message sizes
+		grpc.MaxRecvMsgSize(1024 * 1024 * 20),
+		grpc.MaxSendMsgSize(1024 * 1024 * 20)}
+
+	// Start the gRPC server
+	_, server, err = server_clouditor.StartGRPCServer(
+		fmt.Sprintf("0.0.0.0:%d", grpcPort),
+		server_clouditor.WithJWKS(jwksURL),
+		server_clouditor.WithAssessment(assessmentService),
+		server_clouditor.WithReflection(),
+		server_clouditor.WithAdditionalGRPCOpts(grpcOpts),
+	)
 	if err != nil {
-			log.Fatalf("failed to serve gRPC-HTTP gateway: %v", err)
+		log.Errorf("Failed to serve gRPC endpoint: %s", err)
+		return
 	}
-	}()
-
-	log.Infof("Starting gRPC endpoint on :%d", grpcPort)
 
-	// serve the gRPC socket
-	if err := server.Serve(sock); err != nil {
-		log.Infof("failed to serve gRPC endpoint: %s", err)
+	// Start the gRPC-HTTP gateway
+	err = rest.RunServer(context.Background(),
+		grpcPort,
+		httpPort,
+	)
+	if err != nil && err != http.ErrServerClosed {
+		log.Errorf("failed to serve gRPC-HTTP gateway: %v", err)
 		return
 	}
+
+	log.Infof("Stopping gRPC endpoint")
+	server.GracefulStop()
 }

go.mod

 module assessment
 
-go 1.18
+go 1.19
 
 require (
-	clouditor.io/clouditor v1.4.16-0.20220525122939-20845eab52da
-	github.com/grpc-ecosystem/go-grpc-middleware v1.3.0
-	github.com/sirupsen/logrus v1.8.1
-	golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5
-	google.golang.org/grpc v1.46.0
+	clouditor.io/clouditor v1.7.8-0.20230427074119-b75643ac8ace
+	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0
+	github.com/sirupsen/logrus v1.9.0
+	golang.org/x/oauth2 v0.7.0
+	google.golang.org/grpc v1.54.0
 )
 
 require (
-	cloud.google.com/go/compute v1.5.0 // indirect
-	github.com/MicahParks/keyfunc v1.1.0 // indirect
+	github.com/MicahParks/keyfunc v1.9.0 // indirect
+	github.com/MicahParks/keyfunc/v2 v2.0.1 // indirect
 	github.com/OneOfOne/xxhash v1.2.8 // indirect
+	github.com/agnivade/levenshtein v1.1.1 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/bmatcuk/doublestar/v4 v4.6.0 // indirect
+	github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 // indirect
+	github.com/cenkalti/backoff/v4 v4.2.0 // indirect
+	github.com/cespare/xxhash v1.1.0 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/containerd/containerd v1.6.19 // indirect
+	github.com/dgraph-io/badger/v3 v3.2103.5 // indirect
+	github.com/dgraph-io/ristretto v0.1.1 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/envoyproxy/protoc-gen-validate v1.0.0 // indirect
+	github.com/fatih/structtag v1.2.0 // indirect
+	github.com/felixge/httpsnoop v1.0.3 // indirect
+	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/ghodss/yaml v1.0.0 // indirect
+	github.com/go-ini/ini v1.67.0 // indirect
+	github.com/go-logr/logr v1.2.4 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
-	github.com/golang-jwt/jwt/v4 v4.4.1 // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+	github.com/golang-jwt/jwt/v5 v5.0.0 // indirect
+	github.com/golang/glog v1.1.1 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/golang/snappy v0.0.4 // indirect
+	github.com/google/addlicense v1.1.1 // indirect
+	github.com/google/flatbuffers v1.12.1 // indirect
+	github.com/google/gnostic v0.6.9 // indirect
 	github.com/google/uuid v1.3.0 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.10.0 // indirect
-	github.com/jackc/chunkreader/v2 v2.0.1 // indirect
-	github.com/jackc/pgconn v1.10.1 // indirect
-	github.com/jackc/pgio v1.0.0 // indirect
-	github.com/jackc/pgpassfile v1.0.0 // indirect
-	github.com/jackc/pgproto3/v2 v2.2.0 // indirect
-	github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b // indirect
-	github.com/jackc/pgtype v1.9.1 // indirect
-	github.com/jackc/pgx/v4 v4.14.1 // indirect
-	github.com/jinzhu/inflection v1.0.0 // indirect
-	github.com/jinzhu/now v1.1.4 // indirect
+	github.com/gorilla/mux v1.8.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.15.2 // indirect
+	github.com/iancoleman/strcase v0.2.0 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/klauspost/compress v1.13.6 // indirect
+	github.com/kr/pretty v0.3.1 // indirect
+	github.com/kr/text v0.2.0 // indirect
 	github.com/logrusorgru/aurora/v3 v3.0.0 // indirect
-	github.com/mattn/go-sqlite3 v1.14.9 // indirect
-	github.com/open-policy-agent/opa v0.40.0 // indirect
-	github.com/oxisto/oauth2go v0.5.12 // indirect
+	github.com/lyft/protoc-gen-star v0.6.2 // indirect
+	github.com/lyft/protoc-gen-star/v2 v2.0.3 // indirect
+	github.com/mattn/go-runewidth v0.0.9 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
+	github.com/moby/locker v1.0.1 // indirect
+	github.com/olekukonko/tablewriter v0.0.5 // indirect
+	github.com/open-policy-agent/opa v0.52.0 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/opencontainers/image-spec v1.1.0-rc2 // indirect
+	github.com/oxisto/oauth2go v0.9.0 // indirect
+	github.com/peterh/liner v1.2.2 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
+	github.com/prometheus/client_golang v1.15.0 // indirect
+	github.com/prometheus/client_model v0.3.0 // indirect
+	github.com/prometheus/common v0.42.0 // indirect
+	github.com/prometheus/procfs v0.9.0 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
+	github.com/rogpeppe/go-internal v1.9.0 // indirect
+	github.com/spf13/afero v1.9.5 // indirect
+	github.com/spf13/cobra v1.7.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/srikrsna/protoc-gen-gotag v0.6.2 // indirect
+	github.com/tchap/go-patricia/v2 v2.3.1 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/yashtewari/glob-intersection v0.1.0 // indirect
-	golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 // indirect
-	golang.org/x/exp v0.0.0-20220414153411-bcd21879b8fd // indirect
-	golang.org/x/net v0.0.0-20220412020605-290c469a71a5 // indirect
-	golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect
-	golang.org/x/text v0.3.7 // indirect
-	golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f // indirect
+	go.opencensus.io v0.23.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.37.0 // indirect
+	go.opentelemetry.io/otel v1.14.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.14.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.14.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.14.0 // indirect
+	go.opentelemetry.io/otel/metric v0.34.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.14.0 // indirect
+	go.opentelemetry.io/otel/trace v1.14.0 // indirect
+	go.opentelemetry.io/proto/otlp v0.19.0 // indirect
+	go.uber.org/automaxprocs v1.5.2 // indirect
+	golang.org/x/crypto v0.8.0 // indirect
+	golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53 // indirect
+	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect
+	golang.org/x/mod v0.10.0 // indirect
+	golang.org/x/net v0.9.0 // indirect
+	golang.org/x/sync v0.1.0 // indirect
+	golang.org/x/sys v0.7.0 // indirect
+	golang.org/x/text v0.9.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
+	golang.org/x/tools v0.8.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac // indirect
-	google.golang.org/protobuf v1.28.0 // indirect
+	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
+	google.golang.org/protobuf v1.30.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	gorm.io/driver/postgres v1.3.1 // indirect
-	gorm.io/driver/sqlite v1.3.1 // indirect
-	gorm.io/gorm v1.23.2 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	oras.land/oras-go/v2 v2.0.2 // indirect
 )