Skip to content
Snippets Groups Projects
Commit 57b0767b authored by Kunz, Immanuel's avatar Kunz, Immanuel
Browse files

final iteration of the MEDINA security assessment

parent c61730b5
No related branches found
No related tags found
No related merge requests found
......@@ -25,31 +25,23 @@
//
// This file is part of the MEDINA Framework.
package main
import (
"assessment"
"context"
"errors"
"fmt"
"net"
"net/http"
"os"
api_assessment "clouditor.io/clouditor/api/assessment"
"clouditor.io/clouditor/logging/formatter"
"clouditor.io/clouditor/rest"
"clouditor.io/clouditor/service"
server_clouditor "clouditor.io/clouditor/server"
"clouditor.io/clouditor/server/rest"
"golang.org/x/oauth2/clientcredentials"
"google.golang.org/grpc"
"google.golang.org/grpc/reflection"
service_assessment "clouditor.io/clouditor/service/assessment"
grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware"
grpc_auth "github.com/grpc-ecosystem/go-grpc-middleware/auth"
grpc_logrus "github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus"
grpc_ctxtags "github.com/grpc-ecosystem/go-grpc-middleware/tags"
"github.com/sirupsen/logrus"
)
......@@ -106,6 +98,10 @@ func init() {
}
func main() {
var (
err error
)
log.Logger.Formatter = formatter.CapitalizeFormatter{
Formatter: &logrus.TextFormatter{
ForceColors: false,
......@@ -128,30 +124,6 @@ func main() {
log.Infof("Orchestrator URL is set to %s", orchestratorUrl)
log.Infof("Evidence Store URL is set to %s", evidenceStoreUrl)
grpcLogger := logrus.New()
grpcLogger.Formatter = &formatter.GRPCFormatter{TextFormatter: logrus.TextFormatter{ForceColors: true}}
grpcLoggerEntry := grpcLogger.WithField("component", "grpc")
// create a new socket for gRPC communication
sock, err := net.Listen("tcp", fmt.Sprintf(":%d", grpcPort))
if err != nil {
log.Errorf("could not listen: %v", err)
}
authConfig := service.ConfigureAuth(service.WithJWKSURL(jwksURL))
defer authConfig.Jwks.EndBackground()
server = grpc.NewServer(
grpc_middleware.WithUnaryServerChain(
grpc_ctxtags.UnaryServerInterceptor(grpc_ctxtags.WithFieldExtractor(grpc_ctxtags.CodeGenRequestFieldExtractor)),
grpc_logrus.UnaryServerInterceptor(grpcLoggerEntry),
grpc_auth.UnaryServerInterceptor(authConfig.AuthFunc),
),
grpc_middleware.WithStreamServerChain(
grpc_ctxtags.StreamServerInterceptor(grpc_ctxtags.WithFieldExtractor(grpc_ctxtags.CodeGenRequestFieldExtractor)),
grpc_logrus.StreamServerInterceptor(grpcLoggerEntry),
grpc_auth.StreamServerInterceptor(authConfig.AuthFunc),
))
// Create security assessment service with orchestrator and evidence store URL
assessmentService = service_assessment.NewService(
service_assessment.WithOAuth2Authorizer(&config),
......@@ -159,30 +131,37 @@ func main() {
service_assessment.WithEvidenceStoreAddress(evidenceStoreUrl),
)
log.Debugf("AssessmentService: %v", assessmentService)
api_assessment.RegisterAssessmentServer(server, assessmentService)
// enable reflection, primary for testing in early stages
reflection.Register(server)
// start the gRPC-HTTP gateway
go func() {
err = rest.RunServer(context.Background(), grpcPort, httpPort)
if errors.Is(err, http.ErrServerClosed) {
os.Exit(0)
return
}
log.Infof("Starting gRPC endpoint on :%d", grpcPort)
// Add grpc opts
grpcOpts := []grpc.ServerOption{
// Add max grpc message sizes
grpc.MaxRecvMsgSize(1024 * 1024 * 20),
grpc.MaxSendMsgSize(1024 * 1024 * 20)}
// Start the gRPC server
_, server, err = server_clouditor.StartGRPCServer(
fmt.Sprintf("0.0.0.0:%d", grpcPort),
server_clouditor.WithJWKS(jwksURL),
server_clouditor.WithAssessment(assessmentService),
server_clouditor.WithReflection(),
server_clouditor.WithAdditionalGRPCOpts(grpcOpts),
)
if err != nil {
log.Fatalf("failed to serve gRPC-HTTP gateway: %v", err)
log.Errorf("Failed to serve gRPC endpoint: %s", err)
return
}
}()
log.Infof("Starting gRPC endpoint on :%d", grpcPort)
// serve the gRPC socket
if err := server.Serve(sock); err != nil {
log.Infof("failed to serve gRPC endpoint: %s", err)
// Start the gRPC-HTTP gateway
err = rest.RunServer(context.Background(),
grpcPort,
httpPort,
)
if err != nil && err != http.ErrServerClosed {
log.Errorf("failed to serve gRPC-HTTP gateway: %v", err)
return
}
log.Infof("Stopping gRPC endpoint")
server.GracefulStop()
}
module assessment
go 1.18
go 1.19
require (
clouditor.io/clouditor v1.4.16-0.20220525122939-20845eab52da
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0
github.com/sirupsen/logrus v1.8.1
golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5
google.golang.org/grpc v1.46.0
clouditor.io/clouditor v1.7.8-0.20230427074119-b75643ac8ace
github.com/grpc-ecosystem/go-grpc-middleware v1.4.0
github.com/sirupsen/logrus v1.9.0
golang.org/x/oauth2 v0.7.0
google.golang.org/grpc v1.54.0
)
require (
cloud.google.com/go/compute v1.5.0 // indirect
github.com/MicahParks/keyfunc v1.1.0 // indirect
github.com/MicahParks/keyfunc v1.9.0 // indirect
github.com/MicahParks/keyfunc/v2 v2.0.1 // indirect
github.com/OneOfOne/xxhash v1.2.8 // indirect
github.com/agnivade/levenshtein v1.1.1 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/bmatcuk/doublestar/v4 v4.6.0 // indirect
github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 // indirect
github.com/cenkalti/backoff/v4 v4.2.0 // indirect
github.com/cespare/xxhash v1.1.0 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/containerd/containerd v1.6.19 // indirect
github.com/dgraph-io/badger/v3 v3.2103.5 // indirect
github.com/dgraph-io/ristretto v0.1.1 // indirect
github.com/dustin/go-humanize v1.0.1 // indirect
github.com/envoyproxy/protoc-gen-validate v1.0.0 // indirect
github.com/fatih/structtag v1.2.0 // indirect
github.com/felixge/httpsnoop v1.0.3 // indirect
github.com/fsnotify/fsnotify v1.6.0 // indirect
github.com/ghodss/yaml v1.0.0 // indirect
github.com/go-ini/ini v1.67.0 // indirect
github.com/go-logr/logr v1.2.4 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/gobwas/glob v0.2.3 // indirect
github.com/golang-jwt/jwt/v4 v4.4.1 // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
github.com/golang-jwt/jwt/v5 v5.0.0 // indirect
github.com/golang/glog v1.1.1 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/golang/snappy v0.0.4 // indirect
github.com/google/addlicense v1.1.1 // indirect
github.com/google/flatbuffers v1.12.1 // indirect
github.com/google/gnostic v0.6.9 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.10.0 // indirect
github.com/jackc/chunkreader/v2 v2.0.1 // indirect
github.com/jackc/pgconn v1.10.1 // indirect
github.com/jackc/pgio v1.0.0 // indirect
github.com/jackc/pgpassfile v1.0.0 // indirect
github.com/jackc/pgproto3/v2 v2.2.0 // indirect
github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b // indirect
github.com/jackc/pgtype v1.9.1 // indirect
github.com/jackc/pgx/v4 v4.14.1 // indirect
github.com/jinzhu/inflection v1.0.0 // indirect
github.com/jinzhu/now v1.1.4 // indirect
github.com/gorilla/mux v1.8.0 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.15.2 // indirect
github.com/iancoleman/strcase v0.2.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/klauspost/compress v1.13.6 // indirect
github.com/kr/pretty v0.3.1 // indirect
github.com/kr/text v0.2.0 // indirect
github.com/logrusorgru/aurora/v3 v3.0.0 // indirect
github.com/mattn/go-sqlite3 v1.14.9 // indirect
github.com/open-policy-agent/opa v0.40.0 // indirect
github.com/oxisto/oauth2go v0.5.12 // indirect
github.com/lyft/protoc-gen-star v0.6.2 // indirect
github.com/lyft/protoc-gen-star/v2 v2.0.3 // indirect
github.com/mattn/go-runewidth v0.0.9 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
github.com/moby/locker v1.0.1 // indirect
github.com/olekukonko/tablewriter v0.0.5 // indirect
github.com/open-policy-agent/opa v0.52.0 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.0-rc2 // indirect
github.com/oxisto/oauth2go v0.9.0 // indirect
github.com/peterh/liner v1.2.2 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/prometheus/client_golang v1.15.0 // indirect
github.com/prometheus/client_model v0.3.0 // indirect
github.com/prometheus/common v0.42.0 // indirect
github.com/prometheus/procfs v0.9.0 // indirect
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
github.com/rogpeppe/go-internal v1.9.0 // indirect
github.com/spf13/afero v1.9.5 // indirect
github.com/spf13/cobra v1.7.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/srikrsna/protoc-gen-gotag v0.6.2 // indirect
github.com/tchap/go-patricia/v2 v2.3.1 // indirect
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
github.com/yashtewari/glob-intersection v0.1.0 // indirect
golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 // indirect
golang.org/x/exp v0.0.0-20220414153411-bcd21879b8fd // indirect
golang.org/x/net v0.0.0-20220412020605-290c469a71a5 // indirect
golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect
golang.org/x/text v0.3.7 // indirect
golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f // indirect
go.opencensus.io v0.23.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.37.0 // indirect
go.opentelemetry.io/otel v1.14.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.14.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.14.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.14.0 // indirect
go.opentelemetry.io/otel/metric v0.34.0 // indirect
go.opentelemetry.io/otel/sdk v1.14.0 // indirect
go.opentelemetry.io/otel/trace v1.14.0 // indirect
go.opentelemetry.io/proto/otlp v0.19.0 // indirect
go.uber.org/automaxprocs v1.5.2 // indirect
golang.org/x/crypto v0.8.0 // indirect
golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53 // indirect
golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect
golang.org/x/mod v0.10.0 // indirect
golang.org/x/net v0.9.0 // indirect
golang.org/x/sync v0.1.0 // indirect
golang.org/x/sys v0.7.0 // indirect
golang.org/x/text v0.9.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.8.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac // indirect
google.golang.org/protobuf v1.28.0 // indirect
google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
google.golang.org/protobuf v1.30.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gorm.io/driver/postgres v1.3.1 // indirect
gorm.io/driver/sqlite v1.3.1 // indirect
gorm.io/gorm v1.23.2 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
oras.land/oras-go/v2 v2.0.2 // indirect
)
This diff is collapsed.
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment