Implement endpoint in provisioning service in order to get fog node password, avoid interact with Redis and Vault from fog stream layer

Author: sergio11

Gemfile.lock

@@ -1,17 +1,20 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    connection_pool (2.4.1)
-    redis (5.0.7)
-      redis-client (>= 0.9.0)
-    redis-client (0.15.0)
-      connection_pool
+    aws-eventstream (1.2.0)
+    aws-sigv4 (1.6.0)
+      aws-eventstream (~> 1, >= 1.0.2)
+    json (2.6.3)
+    vault (0.17.0)
+      aws-sigv4
 
 PLATFORMS
+  x64-mingw-ucrt
   x64-mingw32
 
 DEPENDENCIES
-  redis
+  json
+  vault
 
 BUNDLED WITH
-   1.17.2
+   2.4.10

fog-stream-processing-layer/fog/fog_node.py

@@ -9,7 +9,6 @@
 import re
 import requests
 from threading import Thread
-import redis
 
 # Load configuration from environment variables
 PROVISIONING_SERVICE_URL = os.environ.get("PROVISIONING_SERVICE_URL")
@@ -20,13 +19,8 @@
 MQTT_BROKER_PASSWORD = os.environ.get("MQTT_BROKER_PASSWORD")
 MQTT_REAUTH_TOPIC = os.environ.get("MQTT_REAUTH_TOPIC", "request-auth")
 AUTH_SERVICE_URL = os.environ.get("AUTH_SERVICE_URL")
-VAULT_ADDRESS = os.environ.get("VAULT_ADDRESS", "http://vault:8200")
-REDIS_HOST = os.environ.get("REDIS_HOST", "redis")
-REDIS_PORT = int(os.environ.get("REDIS_PORT", 6379))
 FRAMES_OUTPUT_DIRECTORY = "frames_captured"
 
-# Init redis connection
-redis_client = redis.Redis(host=REDIS_HOST, port=REDIS_PORT, db=0)
 mac_address = ""
 
 # Function to calculate the SHA-256 hash of a file
@@ -87,22 +81,6 @@ def get_challenge(mac_address):
         print("Error getting challenge:", e)
         return None
 
-# Function to retrieve the Vault token from Redis
-def get_vault_token():
-    """
-    Retrieve the Vault token from Redis.
-
-    Returns:
-        str: Vault token.
-    """
-    try:
-        token = redis_client.get("vault_root_token")
-        if token:
-            return token.decode("utf-8")
-        else:
-            raise Exception("Vault token not found in Redis")
-    except Exception as e:
-        raise Exception("Error retrieving Vault token from Redis")
 
 # Function to authenticate using CHAP (Challenge-Handshake Authentication Protocol)
 def authenticate_chap(mac_address, client_response):
@@ -125,29 +103,6 @@ def authenticate_chap(mac_address, client_response):
         print("Error during authentication:", e)
         return False
 
-# Function to retrieve the node password from Vault
-def get_node_password(mac_address):
-    """
-    Retrieve the node password from Vault.
-
-    Args:
-        mac_address (str): MAC address of the device.
-
-    Returns:
-        str: Node password.
-    """
-    try:
-        response = requests.get(
-            f"{VAULT_ADDRESS}/v1/secret/data/users/{mac_address}",
-            headers={"X-Vault-Token": get_vault_token()}
-        )
-        response_json = response.json()
-        node_password = response_json["data"]["password"]
-        return node_password
-    except Exception as e:
-        print("Error retrieving node password from Vault:", e)
-        return None
-
 # Callback function when the MQTT client connects to the broker
 def on_connect(client, userdata, flags, rc):
     """
@@ -252,18 +207,23 @@ def authenticate(mac_address):
         print("Hash value of this code:", code_hash)
         challenge = get_challenge(mac_address)
         if challenge:
-            node_password = get_node_password(mac_address)
-            if node_password:
-                client_response = hashlib.sha256((node_password + challenge + code_hash).encode()).hexdigest()
-                return authenticate_chap(mac_address, client_response)
+            password_response = requests.get(f"{PROVISIONING_SERVICE_URL}/get-fog-password?mac_address={mac_address}")
+            if password_response.status_code == 200:
+                password_data = password_response.json()
+                node_password = password_data.get("fog_password")
+                if node_password:
+                    client_response = hashlib.sha256((node_password + challenge + code_hash).encode()).hexdigest()
+                    return authenticate_chap(mac_address, client_response)
+                else:
+                    print("Error retrieving node password from provisioning service")
             else:
-                print("Error retrieving node password from Vault")
+                print("Error getting node password from provisioning service")
         else:
             print("Error getting challenge")
     except Exception as e:
         print("Error during reauthentication:", e)
         return False
-
+    
 # Initialize the MQTT client and set up callbacks
 client = mqtt.Client()
 client.username_pw_set(username=MQTT_BROKER_USERNAME, password=MQTT_BROKER_PASSWORD)

framework-extended-services-layer/.env

@@ -0,0 +1,14 @@
+MQTT_BROKER_USERNAME=mosquitto
+MQTT_BROKER_PASSWORD=mosquitto
+MQTT_BROKER=localhost
+MQTT_PORT=1883
+MQTT_TOPIC=iot-camera-frames
+MQTT_REAUTH_TOPIC=request-auth
+KAFKA_BROKER=localhost:9092
+KAFKA_TOPIC=iot-camera-frames
+REDIS_HOST=localhost
+REDIS_PORT=6379
+REDIS_EXPIRATION_CHANNEL=__keyevent@0__:expired
+VAULT_ADDRESS=http://localhost:8200
+MONGO_HOST=localhost
+MONGO_PORT=27017

framework-extended-services-layer/docker-compose.yml

@@ -1,37 +1,24 @@
 version: "3"
 
-
 services:
 
   # Flask-based authentication service for authorization and authentication
   auth_service:
-    build:
-      context: ./authentication
-      dockerfile: Dockerfile
-    container_name: auth-service-container
+    image: ssanchez11/smart_highway_net_auth_service:0.0.1
+    container_name: auth-service
     env_file:
       - ./.env
     environment:
       - REDIS_HOST=${REDIS_HOST}
       - REDIS_PORT=${REDIS_PORT}
       - VAULT_ADDRESS=${VAULT_ADDRESS}
-      - VAULT_PORT=${VAULT_PORT}
     ports:
       - "5000:5000"
-    links:
-      - vault
-      - redis
-    depends_on:
-      - vault
-      - redis
     networks:
-      - smart-highway-net 
-
+      - smart-highway-net
 
   notifier:
-    build:
-      context: ./notifier
-      dockerfile: Dockerfile
+    image: ssanchez11/smart_highway_net_notifier_service:0.0.1
     container_name: notifier-service
     env_file:
       - ./.env
@@ -42,19 +29,11 @@ services:
       - MQTT_BROKER=${MQTT_BROKER}
       - MQTT_PORT=${MQTT_PORT}
       - MQTT_REAUTH_TOPIC=${MQTT_REAUTH_TOPIC}
-    links:
-      - mosquitto
-      - redis
-    depends_on:
-      - mosquitto
-      - redis
     networks:
-      - smart-highway-net 
+      - smart-highway-net
 
   provision:
-    build:
-      context: ./provision
-      dockerfile: Dockerfile
+    image: ssanchez11/smart_highway_net_provision_service:0.0.1
     container_name: provision-service
     env_file:
       - ./.env
@@ -63,20 +42,12 @@ services:
       - REDIS_PORT=${REDIS_PORT}
       - MONGO_HOST=${MONGO_HOST}
       - MONGO_PORT=${MONGO_PORT}
-    links:
-      - mosquitto
-      - redis
-    depends_on:
-      - mosquitto
-      - redis
     networks:
-      - smart-highway-net 
+      - smart-highway-net
 
   integrator:
-    build:
-      context: ./integrator
-      dockerfile: Dockerfile
-    container_name: integrator
+    image: ssanchez11/smart_highway_net_integrator_service:0.0.1
+    container_name: integrator-service
     env_file:
       - ./.env
     environment:
@@ -86,16 +57,8 @@ services:
       - MQTT_TOPIC=${MQTT_TOPIC}
       - KAFKA_BROKER=${KAFKA_BROKER}
       - KAFKA_TOPIC=${KAFKA_TOPIC}
-    depends_on:
-      - zookeeper
-      - kafka
-      - mosquitto
-    links:
-      - zookeeper
-      - kafka
-      - mosquitto
     networks:
-      - smart-highway-net 
+      - smart-highway-net
 
 networks:
   smart-highway-net: