add SSL and mSSL support

add health endpoint
setup the structure to use ssl
5 changed files with 71 additions and 24 deletions
--- a/.gitignore
+++ b/.gitignore
@ -141,3 +141,5 @@ cython_debug/
 # Project specific:
 .sync_token
 config.yaml
 *.key
 *.crt
--- a/src/kassandra/main.py
+++ b/src/kassandra/main.py
@ -17,10 +17,7 @@ async def __main():
    bot_corout = send_messages(
        message_queue,
-        config.username,
+        config
        config.homeserver,
        config.password,
        config.alert_rooms
    )
    format_corout = format_alerts(
        alert_queue,
@ -28,8 +25,7 @@ async def __main():
    )
    webhook_corout = run_webhook(
        alert_queue,
-        config.host,
+        config
        config.port
    )
--- a/src/kassandra/bot.py
+++ b/src/kassandra/bot.py
@ -9,6 +9,7 @@ from typing import (
 )
 from matrix_bot.client import Client
 from matrix_bot.invite_policy import WhiteList
 from .config import Config
 from .format import Message
 async def __send_messsages(
@ -31,27 +32,24 @@ async def __send_messsages(
 async def send_messages(
    message_queue: asyncio.Queue[dict[str, Any]], # For now, type will change in the futur
-    username: str,
+    config: Config
    homeserver: str,
    password: str,
    alert_rooms: list[str]
 ):
    """
        Initialize the bot and send messages added to the queue to the alert_rooms.
    """
    bot = await Client(
-        username,
+        config.username,
-        homeserver,
+        config.homeserver,
-        password
+        config.password
    )
-    invite_policy = await WhiteList(bot, alert_rooms)
+    invite_policy = await WhiteList(bot, config.alert_rooms)
    bot.set_invite_policy(invite_policy)
    await asyncio.gather(
        bot.run(),
        __send_messsages(
            message_queue,
            bot,
-            alert_rooms
+            config.alert_rooms
        )
    )
--- a/src/kassandra/config.py
+++ b/src/kassandra/config.py
@ -5,14 +5,38 @@ Config related tools.
 import dataclasses
 import yaml
 from typing import Optional
@dataclasses.dataclass
 class Config:
    username: str
    homeserver: str
    password: str
    port: int
    host: str
    alert_rooms: list[str]
    port: int = 8000
    host: str = "127.0.0.1"
    endpoint: str = "/webhook"
    tls: bool = False
    tls_auth: bool = False
    tls_crt: Optional[str] = None
    tls_key: Optional[str] = None
    ca_crt: Optional[str] = None
    def check_integrity(self)->bool:
        """ Check the integrity of the config.
            Raise an error if the config is invalid,
            should always return True (or raise an error).
        """
        if self.tls_auth and not self.tls:
            raise ValueError("tls_auth is enable, but not tls.")
        if self.tls and self.tls_crt is None:
            raise ValueError("tls is enable but tls_crt was not provided")
        if self.tls and self.tls_key is None:
            raise ValueError("tls is enable but tls_key was not provided")
        if self.tls_auth and self.ca_crt is None:
            raise ValueError("tls_auth is enable, but ca_crt was not provided")
        return True
 def load_config(file:str)->Config:
    """
@ -20,5 +44,7 @@ def load_config(file:str)->Config:
    """
    with open(file, 'r') as f:
        data = yaml.load(f, Loader=yaml.loader.SafeLoader)
-    return Config(**data)
+    config = Config(**data)
    config.check_integrity()
    return config
--- a/src/kassandra/webhook.py
+++ b/src/kassandra/webhook.py
@ -5,31 +5,56 @@ The webhook receiving the alerts from alertmanager.
 import asyncio
 import aiohttp.web
 import aiohttp.web_request
 import ssl
 from typing import (
    Any,
    NoReturn
 )
 from .config import Config
 def load_ssl_context(config:Config)->ssl.SSLContext:
    """
        Load the SSL context from the config.
    """
    ca_path = None
    if config.tls_auth:
        ca_path = config.ca_crt
    ssl_context = ssl.create_default_context(
        purpose=ssl.Purpose.CLIENT_AUTH,
        cafile=ca_path
    )
    if config.tls_auth:
        ssl_context.verify_mode = ssl.CERT_REQUIRED
    ssl_context.load_cert_chain(config.tls_crt, config.tls_key)
    return ssl_context
 ENDPOINT = "/webhook"
 async def run_webhook(
    alert_queue: asyncio.Queue[dict[str, Any]],
-    host: str,
+    config: Config
    port: int
 )->NoReturn:
    """
        Run the webhook endpoint and put the alerts in the queue.
    """
-    async def handler(request:aiohttp.web_request.Request):
+    async def handler(request:aiohttp.web_request.Request)->aiohttp.web.Response:
        alert = await request.json()
        await alert_queue.put(alert)
        return aiohttp.web.Response()
    async def health(request:aiohttp.web_request.Request)->aiohttp.web.Response:
        return aiohttp.web.Response(text="OK")
    app = aiohttp.web.Application()
-    app.add_routes([aiohttp.web.post(ENDPOINT, handler)])
+    app.add_routes([
        aiohttp.web.post(config.endpoint, handler),
        aiohttp.web.get("/health", health)
    ])
    runner = aiohttp.web.AppRunner(app)
    await runner.setup()
-    site = aiohttp.web.TCPSite(runner, host, port)
+    ssl_context = None
    if config.tls:
        ssl_context = load_ssl_context(config)
    site = aiohttp.web.TCPSite(runner, config.host, config.port, ssl_context=ssl_context)
    await site.start()
Author	SHA1	Message	Date
histausse	42760490b9	add SSL and mSSL support	3 years ago
histausse	f8258117f4	add health endpoint	3 years ago
histausse	d89c0a2626	setup the structure to use ssl	3 years ago
histausse	cb55318b91	add endpoint to config	3 years ago
histausse	c339c505ad	add ssl entries to Config	3 years ago
histausse	c2e149aa1d	use config as arg for function instead of values	3 years ago