redfish_authorization/authz_server_main.cc - gbmcweb - Git at Google

 #include <csignal>
 #include <cstdlib>
 #include <fstream>
 #include <string>

 #ifdef IN_GOOGLE3
 #include "base/init_google.h"
 #endif

 #ifndef IN_GOOGLE3
 #include <systemd/sd-daemon.h>
 #endif

 #include "gmi/machine_identity.pb.h"
 #include "absl/flags/flag.h"
 #include "absl/flags/parse.h"
 #ifndef IN_GOOGLE3
 #include "absl/log/globals.h"
 #include "absl/log/initialize.h"
 #endif
 #include "absl/log/log.h"
 #include "authz_server.h"

 #ifndef IN_GOOGLE3
 // See absl/log/globals.h for detailed instructions
 ABSL_FLAG(
     int, stderrthreshold, 0,
     "Messages logged at or above this level are directed to stderr in addition "
     "to other registered log sinks; default to >= absl::LogSeverity::kInfo");
 ABSL_FLAG(
     int, minloglevel, 0,
     "Messages logged at or above this severity are directed to all registered "
     "log sinks or skipped otherwise; default to >= absl::LogSeverity::kInfo");
 #endif

 ABSL_FLAG(std::string, trust_bundle_path,
           "/var/google/trust_bundle/trust_bundle.pem",
           "Path to the trust bundle");
 ABSL_FLAG(std::string, server_certificate_path,
           "/var/volatile/prodid/server.pem",
           "Path to BMC's server certificate");
 ABSL_FLAG(std::string, server_key_path, "/var/volatile/prodid/server.pem",
           "Path to BMC's server key");
 ABSL_FLAG(std::string, authz_configuration_path,
           "/var/google/authz_policies/redfish.json",
           "Path to the authorization server configuration file");
 ABSL_FLAG(std::string, crl_directory, "/var/google/loas3/crl",
           "The directory of CRL files");
 ABSL_FLAG(std::string, rsa_public_key_path,
           "/var/volatile/oauth_public_key.pem",
           "Path to where to store the OAuth RSA key file");
 ABSL_FLAG(std::string, gmi_path,
           "/var/google/googlemachineidentity/live/machine_identity.pb",
           "Path to the Google Machine Identity (GMI) file.");
 ABSL_FLAG(std::string, offline_node_entities_path,
           "/var/google/googlemachineidentity/live/offline_node_entities.pb",
           "Path to the Offline Node Entities (ONE) file.");
 ABSL_FLAG(int, port, 2999, "Port to listen on");

 std::string GetFqdnFromGmi() {
   std::string gmi_path = absl::GetFlag(FLAGS_gmi_path);
   std::ifstream gmi_file(gmi_path);
   if (!gmi_file.is_open()) {
     LOG(WARNING) << "GMI file at '" << gmi_path << "' is missing.";
     return "";
   }

   security_prodid::GoogleMachineIdentityProto gmi;
   if (!gmi.ParseFromIstream(&gmi_file)) {
     LOG(WARNING) << "GMI parsing failed at '" << gmi_path << "'";
     return "";
   }

   return gmi.fqdn();
 }

 int main(int argc, char* argv[]) {
   absl::ParseCommandLine(argc, argv);
 #ifndef IN_GOOGLE3
   absl::SetMinLogLevel(
       static_cast<absl::LogSeverityAtLeast>(absl::GetFlag(FLAGS_minloglevel)));
   absl::SetStderrThreshold(static_cast<absl::LogSeverityAtLeast>(
       absl::GetFlag(FLAGS_stderrthreshold)));
 #else
   InitGoogle(argv[0], &argc, &argv, true);
 #endif

   std::string server_fqdn = GetFqdnFromGmi();

   using ::milotic::authz::AuthorizationServer;
   using ::milotic::authz::ServerConfiguration;

   ServerConfiguration config = {
       .port = absl::GetFlag(FLAGS_port),
       .trust_bundle_path = absl::GetFlag(FLAGS_trust_bundle_path),
       .server_certificate_path = absl::GetFlag(FLAGS_server_certificate_path),
       .server_key_path = absl::GetFlag(FLAGS_server_key_path),
       .server_fqdn = server_fqdn,
       .authz_configuration_path = absl::GetFlag(FLAGS_authz_configuration_path),
       .crl_directory = absl::GetFlag(FLAGS_crl_directory),
       .offline_node_entities_path =
           absl::GetFlag(FLAGS_offline_node_entities_path),
       .google_machine_identity_path =
           absl::GetFlag(FLAGS_gmi_path),
       .rsa_public_key_path = absl::GetFlag(FLAGS_rsa_public_key_path),
   };

   static AuthorizationServer server(config);
   server.StartServer();
   LOG(INFO) << "Server is ready..";

   std::signal(SIGHUP, []([[maybe_unused]] int signal) {
     server.ReloadAuthzConfig(GetFqdnFromGmi());
   });

 #ifndef IN_GOOGLE3
   sd_notify(0, "READY=1");
 #endif

   server.Wait();

   return EXIT_SUCCESS;
 }
	#include <csignal>
	#include <cstdlib>
	#include <fstream>
	#include <string>

	#ifdef IN_GOOGLE3
	#include "base/init_google.h"
	#endif

	#ifndef IN_GOOGLE3
	#include <systemd/sd-daemon.h>
	#endif

	#include "gmi/machine_identity.pb.h"
	#include "absl/flags/flag.h"
	#include "absl/flags/parse.h"
	#ifndef IN_GOOGLE3
	#include "absl/log/globals.h"
	#include "absl/log/initialize.h"
	#endif
	#include "absl/log/log.h"
	#include "authz_server.h"

	#ifndef IN_GOOGLE3
	// See absl/log/globals.h for detailed instructions
	ABSL_FLAG(
	int, stderrthreshold, 0,
	"Messages logged at or above this level are directed to stderr in addition "
	"to other registered log sinks; default to >= absl::LogSeverity::kInfo");
	ABSL_FLAG(
	int, minloglevel, 0,
	"Messages logged at or above this severity are directed to all registered "
	"log sinks or skipped otherwise; default to >= absl::LogSeverity::kInfo");
	#endif

	ABSL_FLAG(std::string, trust_bundle_path,
	"/var/google/trust_bundle/trust_bundle.pem",
	"Path to the trust bundle");
	ABSL_FLAG(std::string, server_certificate_path,
	"/var/volatile/prodid/server.pem",
	"Path to BMC's server certificate");
	ABSL_FLAG(std::string, server_key_path, "/var/volatile/prodid/server.pem",
	"Path to BMC's server key");
	ABSL_FLAG(std::string, authz_configuration_path,
	"/var/google/authz_policies/redfish.json",
	"Path to the authorization server configuration file");
	ABSL_FLAG(std::string, crl_directory, "/var/google/loas3/crl",
	"The directory of CRL files");
	ABSL_FLAG(std::string, rsa_public_key_path,
	"/var/volatile/oauth_public_key.pem",
	"Path to where to store the OAuth RSA key file");
	ABSL_FLAG(std::string, gmi_path,
	"/var/google/googlemachineidentity/live/machine_identity.pb",
	"Path to the Google Machine Identity (GMI) file.");
	ABSL_FLAG(std::string, offline_node_entities_path,
	"/var/google/googlemachineidentity/live/offline_node_entities.pb",
	"Path to the Offline Node Entities (ONE) file.");
	ABSL_FLAG(int, port, 2999, "Port to listen on");

	std::string GetFqdnFromGmi() {
	std::string gmi_path = absl::GetFlag(FLAGS_gmi_path);
	std::ifstream gmi_file(gmi_path);
	if (!gmi_file.is_open()) {
	LOG(WARNING) << "GMI file at '" << gmi_path << "' is missing.";
	return "";
	}

	security_prodid::GoogleMachineIdentityProto gmi;
	if (!gmi.ParseFromIstream(&gmi_file)) {
	LOG(WARNING) << "GMI parsing failed at '" << gmi_path << "'";
	return "";
	}

	return gmi.fqdn();
	}

	int main(int argc, char* argv[]) {
	absl::ParseCommandLine(argc, argv);
	#ifndef IN_GOOGLE3
	absl::SetMinLogLevel(
	static_cast<absl::LogSeverityAtLeast>(absl::GetFlag(FLAGS_minloglevel)));
	absl::SetStderrThreshold(static_cast<absl::LogSeverityAtLeast>(
	absl::GetFlag(FLAGS_stderrthreshold)));
	#else
	InitGoogle(argv[0], &argc, &argv, true);
	#endif

	std::string server_fqdn = GetFqdnFromGmi();

	using ::milotic::authz::AuthorizationServer;
	using ::milotic::authz::ServerConfiguration;

	ServerConfiguration config = {
	.port = absl::GetFlag(FLAGS_port),
	.trust_bundle_path = absl::GetFlag(FLAGS_trust_bundle_path),
	.server_certificate_path = absl::GetFlag(FLAGS_server_certificate_path),
	.server_key_path = absl::GetFlag(FLAGS_server_key_path),
	.server_fqdn = server_fqdn,
	.authz_configuration_path = absl::GetFlag(FLAGS_authz_configuration_path),
	.crl_directory = absl::GetFlag(FLAGS_crl_directory),
	.offline_node_entities_path =
	absl::GetFlag(FLAGS_offline_node_entities_path),
	.google_machine_identity_path =
	absl::GetFlag(FLAGS_gmi_path),
	.rsa_public_key_path = absl::GetFlag(FLAGS_rsa_public_key_path),
	};

	static AuthorizationServer server(config);
	server.StartServer();
	LOG(INFO) << "Server is ready..";

	std::signal(SIGHUP, []([[maybe_unused]] int signal) {
	server.ReloadAuthzConfig(GetFqdnFromGmi());
	});

	#ifndef IN_GOOGLE3
	sd_notify(0, "READY=1");
	#endif

	server.Wait();

	return EXIT_SUCCESS;
	}