litmuschaos · Saranya-jena · Jul 10, 2024 · Jul 10, 2024 · Jul 10, 2024 · Jul 10, 2024
diff --git a/chaoscenter/authentication/api/main.go b/chaoscenter/authentication/api/main.go
@@ -133,13 +133,14 @@ func main() {
 
 	validatedAdminSetup(applicationService)
 
-	go runGrpcServer(applicationService)
 	if utils.EnableInternalTls {
-		if utils.CustomTlsCertPath != "" && utils.TlSKeyPath != "" {
+		if utils.TlsCertPath != "" && utils.TlSKeyPath != "" {
 			go runGrpcServerWithTLS(applicationService)
 		} else {
 			log.Fatalf("Failure to start chaoscenter authentication GRPC server due to empty TLS cert file path and TLS key path")
 		}
+	} else {
+		go runGrpcServer(applicationService)
 	}
 
 	runRestServer(applicationService)
@@ -199,30 +200,27 @@ func runRestServer(applicationService services.ApplicationService) {
 	log.Infof("Listening and serving HTTP on %s", utils.Port)
 
 	if utils.EnableInternalTls {
-		log.Infof("Listening and serving HTTPS on %s", utils.PortHttps)
-		if utils.CustomTlsCertPath != "" && utils.TlSKeyPath != "" {
+		if utils.TlsCertPath != "" && utils.TlSKeyPath != "" {
 			conf := utils.GetTlsConfig()
-
 			server := http.Server{
 				Addr:      utils.PortHttps,
 				Handler:   app,
 				TLSConfig: conf,
 			}
-			log.Infof("Listening and serving HTTPS on %s", utils.Port)
-			go func() {
-				err := server.ListenAndServeTLS("", "")
-				if err != nil {
-					log.Fatalf("Failure to start litmus-portal authentication REST server due to %v", err)
-				}
-			}()
+			log.Infof("Listening and serving HTTPS on %s", utils.PortHttps)
+			err := server.ListenAndServeTLS("", "")
+			if err != nil {
+				log.Fatalf("Failure to start litmus-portal authentication REST server due to %v", err)
+			}
 		} else {
 			log.Fatalf("Failure to start chaoscenter authentication REST server due to empty TLS cert file path and TLS key path")
 		}
-	}
-
-	err := app.Run(utils.Port)
-	if err != nil {
-		log.Fatalf("Failure to start litmus-portal authentication REST server due to %v", err)
+	} else {
+		log.Infof("Listening and serving HTTP on %s", utils.Port)
+		err := app.Run(utils.Port)
+		if err != nil {
+			log.Fatalf("Failure to start litmus-portal authentication REST server due to %v", err)
+		}
 	}
 }
 

diff --git a/chaoscenter/authentication/pkg/utils/configs.go b/chaoscenter/authentication/pkg/utils/configs.go
@@ -18,16 +18,15 @@ var (
 	JWTExpiryDuration            = getEnvAsInt("JWT_EXPIRY_MINS", 1440)
 	OAuthJWTExpDuration          = getEnvAsInt("OAUTH_JWT_EXP_MINS", 5)
 	OAuthJwtSecret               = os.Getenv("OAUTH_SECRET")
-	StrictPasswordPolicy         = getEnvAsBool("STRICT_PASSWORD_POLICY", false)
 	DexEnabled                   = getEnvAsBool("DEX_ENABLED", false)
 	DexCallBackURL               = os.Getenv("DEX_OAUTH_CALLBACK_URL")
 	DexClientID                  = os.Getenv("DEX_OAUTH_CLIENT_ID")
 	DexClientSecret              = os.Getenv("DEX_OAUTH_CLIENT_SECRET")
 	DexOIDCIssuer                = os.Getenv("OIDC_ISSUER")
 	EnableInternalTls            = getEnvAsBool("ENABLE_INTERNAL_TLS", false)
-	CustomTlsCertPath            = os.Getenv("CUSTOM_TLS_CERT_PATH")
+	TlsCertPath                  = os.Getenv("TLS_CERT_PATH")
 	TlSKeyPath                   = os.Getenv("TLS_KEY_PATH")
-	CaCertPath                   = os.Getenv("CA_CERT_PATH")
+	CaCertPath                   = os.Getenv("CA_CERT_TLS_PATH")
 	DBName                       = "auth"
 	Port                         = ":3000"
 	PortHttps                    = ":3001"
@@ -77,7 +76,7 @@ func GetTlsConfig() *tls.Config {
 	}
 
 	// read server cert & key
-	serverCert, err := tls.LoadX509KeyPair(CustomTlsCertPath, TlSKeyPath)
+	serverCert, err := tls.LoadX509KeyPair(TlsCertPath, TlSKeyPath)
 	if err != nil {
 		log.Fatal(err)
 	}

diff --git a/chaoscenter/graphql/server/pkg/grpc/auth_grpc_client.go b/chaoscenter/graphql/server/pkg/grpc/auth_grpc_client.go
@@ -23,9 +23,9 @@ func GetAuthGRPCSvcClient(conn *grpc.ClientConn) (protos.AuthRpcServiceClient, *
 	}
 
 	if enableHTTPSConnection {
-		if utils.Config.ServerTlsCertPath != "" {
+		if utils.Config.TlsCertPath != "" && utils.Config.TlsKeyPath != "" {
 			// configuring TLS config based on provided certificates & keys
-			conf := utils.GetTlsConfig(utils.Config.ClientTlsCertPath, utils.Config.ClientTlsKeyPath, false)
+			conf := utils.GetTlsConfig(utils.Config.TlsCertPath, utils.Config.TlsKeyPath, false)
 
 			tlsCredential := credentials.NewTLS(conf)
 

diff --git a/chaoscenter/graphql/server/server.go b/chaoscenter/graphql/server/server.go
@@ -109,13 +109,14 @@ func main() {
 		logrus.Errorf("unable to parse boolean value %v", err)
 	}
 
-	go startGRPCServer(utils.Config.RpcPort, mongodbOperator) // start GRPC serve
 	if enableHTTPSConnection {
-		if utils.Config.ServerTlsCertPath != "" && utils.Config.ServerTlsKeyPath != "" {
+		if utils.Config.TlsCertPath != "" && utils.Config.TlsKeyPath != "" {
 			go startGRPCServerWithTLS(mongodbOperator) // start GRPC serve
 		} else {
 			log.Fatalf("Failure to start chaoscenter authentication REST server due to empty TLS cert file path and TLS key path")
 		}
+	} else {
+		go startGRPCServer(utils.Config.RpcPort, mongodbOperator) // start GRPC serve
 	}
 
 	srv := handler.New(generated.NewExecutableSchema(graph.NewConfig(mongodbOperator)))
@@ -169,28 +170,28 @@ func main() {
 	go projects.ProjectEvents(projectEventChannel, mongodb.MgoClient, mongodbOperator)
 
 	if enableHTTPSConnection {
-		log.Infof("graphql server running at https://localhost:%s", utils.Config.HttpsPort)
-		// configuring TLS config based on provided certificates & keys
-		conf := utils.GetTlsConfig(utils.Config.ServerTlsCertPath, utils.Config.ServerTlsKeyPath, true)
-
-		server := http.Server{
-			Addr:      ":" + utils.Config.HttpsPort,
-			Handler:   router,
-			TLSConfig: conf,
-		}
-		if utils.Config.ServerTlsCertPath != "" && utils.Config.ServerTlsKeyPath != "" {
-			go func() {
-				err := server.ListenAndServeTLS("", "")
-				if err != nil {
-					log.Fatalf("Failure to start litmus-portal graphql REST server due to %v", err)
-				}
-			}()
+		if utils.Config.TlsCertPath != "" && utils.Config.TlsKeyPath != "" {
+			log.Infof("graphql server running at https://localhost:%s", utils.Config.HttpsPort)
+			// configuring TLS config based on provided certificates & keys
+			conf := utils.GetTlsConfig(utils.Config.TlsCertPath, utils.Config.TlsKeyPath, true)
+
+			server := http.Server{
+				Addr:      ":" + utils.Config.HttpsPort,
+				Handler:   router,
+				TLSConfig: conf,
+			}
+			err := server.ListenAndServeTLS("", "")
+			if err != nil {
+				log.Fatalf("Failure to start litmus-portal graphql REST server due to %v", err)
+			}
+		} else {
+			log.Fatalf("Failure to start chaoscenter authentication GRPC server due to empty TLS cert file path and TLS key path")
 		}
+	} else {
+		log.Infof("graphql server running at http://localhost:%s", utils.Config.HttpPort)
+		log.Fatal(http.ListenAndServe(":"+utils.Config.HttpPort, router))
 	}
 
-	log.Infof("graphql server running at http://localhost:%s", utils.Config.HttpPort)
-	log.Fatal(http.ListenAndServe(":"+utils.Config.HttpPort, router))
-
 }
 
 // startGRPCServer initializes, registers services to and starts the gRPC server for RPC calls
@@ -219,7 +220,7 @@ func startGRPCServerWithTLS(mongodbOperator mongodb.MongoOperator) {
 	}
 
 	// configuring TLS config based on provided certificates & keys
-	conf := utils.GetTlsConfig(utils.Config.ServerTlsCertPath, utils.Config.ServerTlsKeyPath, true)
+	conf := utils.GetTlsConfig(utils.Config.TlsCertPath, utils.Config.TlsKeyPath, true)
 
 	// create tls credentials
 	tlsCredentials := credentials.NewTLS(conf)

diff --git a/chaoscenter/graphql/server/utils/config.go b/chaoscenter/graphql/server/utils/config.go
@@ -11,7 +11,7 @@ import (
 func GetTlsConfig(certPath string, keyPath string, isServerConfig bool) *tls.Config {
 
 	// read ca's cert, verify to client's certificate
-	caPem, err := os.ReadFile(Config.CaCertPath)
+	caPem, err := os.ReadFile(Config.CaCertTlsPath)
 	if err != nil {
 		log.Fatal(err)
 	}

diff --git a/chaoscenter/graphql/server/utils/variables.go b/chaoscenter/graphql/server/utils/variables.go
@@ -38,11 +38,9 @@ type Configuration struct {
 	DefaultChaosHubPath         string   `split_words:"true" default:"/tmp/default/"`
 	EnableGQLIntrospection      string   `split_words:"true" default:"false"`
 	EnableInternalTls           string   `split_words:"true" default:"false"`
-	ServerTlsCertPath           string   `split_words:"true"`
-	ServerTlsKeyPath            string   `split_words:"true"`
-	ClientTlsCertPath           string   `split_words:"true"`
-	ClientTlsKeyPath            string   `split_words:"true"`
-	CaCertPath                  string   `split_words:"true"`
+	TlsCertPath                 string   `split_words:"true"`
+	TlsKeyPath                  string   `split_words:"true"`
+	CaCertTlsPath               string   `split_words:"true"`
 	AllowedOrigins              []string `split_words:"true" default:"^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)localhost(:[0-9]+|)"`
 }