def main(): # pragma: no cover get_env('INFRABOX_VERSION') get_env('INFRABOX_DATABASE_HOST') get_env('INFRABOX_DATABASE_USER') get_env('INFRABOX_DATABASE_PASSWORD') get_env('INFRABOX_DATABASE_PORT') get_env('INFRABOX_DATABASE_DB') get_env('INFRABOX_OPA_HOST') get_env('INFRABOX_OPA_PORT') get_env('INFRABOX_OPA_PUSH_INTERVAL') conn = connect_db() opa_start_push_loop() wsgi.server(eventlet.listen(('0.0.0.0', 8081)), app)
def main(): # pragma: no cover get_env('INFRABOX_VERSION') get_env('INFRABOX_DATABASE_HOST') get_env('INFRABOX_DATABASE_USER') get_env('INFRABOX_DATABASE_PASSWORD') get_env('INFRABOX_DATABASE_PORT') get_env('INFRABOX_DATABASE_DB') get_env('INFRABOX_GENERAL_REPORT_ISSUE_URL') if get_env('INFRABOX_STORAGE_GCS_ENABLED') == 'true': get_env('GOOGLE_APPLICATION_CREDENTIALS') get_env('INFRABOX_STORAGE_GCS_BUCKET') if get_env('INFRABOX_STORAGE_S3_ENABLED') == 'true': get_env('INFRABOX_STORAGE_S3_BUCKET') get_env('INFRABOX_STORAGE_S3_REGION') app.config['MAX_CONTENT_LENGTH'] = 1024 * 1024 * 1024 * 4 client_manager = ClientManager() sio = flask_socketio.SocketIO(app, path='/api/v1/socket.io', async_mode='eventlet', client_manager=client_manager) urllib3.disable_warnings() @sio.on('listen:jobs') def __listen_jobs(project_id): logger.debug('listen:jobs for %s', project_id) if not project_id: logger.debug('project_id not set') return flask_socketio.disconnect() if not sio_is_authorized(["listen:jobs", project_id]): return flask_socketio.disconnect() flask_socketio.join_room(project_id) @sio.on('listen:build') def __listen_build(build_id): logger.debug('listen:build for %s', build_id) if not build_id: logger.debug('build_id not set') return flask_socketio.disconnect() try: uuid.UUID(build_id) except: logger.debug('build_id not a uuid') return flask_socketio.disconnect() if not sio_is_authorized(['listen:build', build_id]): return flask_socketio.disconnect() conn = dbpool.get() try: token = normalize_token(get_token()) project_id = token['project']['id'] build = conn.execute_one( ''' SELECT id FROM build WHERE project_id = %s AND id = %s ''', [project_id, build_id]) if not build: logger.debug('build does not belong to project') return flask_socketio.disconnect() except: logger.exception("Exception occured") return flask_socketio.disconnect() finally: dbpool.put(conn) flask_socketio.join_room(build_id) @sio.on('listen:console') def __listen_console(job_id): logger.debug('listen:console for %s', job_id) if not job_id: logger.debug('job_id not set') return flask_socketio.disconnect() try: uuid.UUID(job_id) except: logger.debug('job_id not a uuid') return flask_socketio.disconnect() if not sio_is_authorized(['listen:console', job_id]): return flask_socketio.disconnect() token = normalize_token(get_token()) conn = dbpool.get() try: project_id = token['project']['id'] build = conn.execute_one( ''' SELECT id FROM job WHERE project_id = %s AND id = %s ''', [project_id, job_id]) if not build: logger.debug('job does not belong to project') return flask_socketio.disconnect() except: logger.exception("Exception occured") return flask_socketio.disconnect() finally: dbpool.put(conn) flask_socketio.join_room(job_id) @sio.on('listen:dashboard-console') def __listen_dashboard_console(job_id): logger.debug('listen:dashboard-console for %s', job_id) if not job_id: logger.debug('job_id not set') return flask_socketio.disconnect() try: uuid.UUID(job_id) except: logger.debug('job_id not a uuid') return flask_socketio.disconnect() conn = dbpool.get() try: u = conn.execute_one_dict( ''' SELECT p.public, j.project_id FROM project p INNER JOIN job j ON j.project_id = p.id AND j.id = %s ''', [job_id]) if not u: logger.warn('job not found') return flask_socketio.disconnect() if not sio_is_authorized( ['listen:dashboard-console', u['project_id'], job_id]): return flask_socketio.disconnect() except: logger.exception("Exception occured") return flask_socketio.disconnect() finally: dbpool.put(conn) flask_socketio.join_room(job_id) def sio_is_authorized(path): g.db = dbpool.get() try: # Assemble Input Data for Open Policy Agent opa_input = { "input": { "method": "WS", "path": path, "token": normalize_token(get_token()) } } authorized = opa_do_auth(opa_input) if not authorized: logger.warn("Unauthorized socket.io access attempt") return False return True except RequestException as e: logger.error(e) return False finally: dbpool.put(g.db) g.db = None logger.info('Starting DB listeners') sio.start_background_task(listeners.job.listen, sio) sio.start_background_task(listeners.console.listen, sio, client_manager) logger.info('Starting repeated push of data to Open Policy Agent') opa_start_push_loop() port = int(os.environ.get('INFRABOX_PORT', 8080)) logger.info('Starting Server on port %s', port) sio.run(app, host='0.0.0.0', port=port)