add TLS to APEL plugin

CHANGELOG.md

@@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Breaking changes
 - AUDITOR: Remove forbidden characters ([@raghuvar-vijay](https://github.com/raghuvar-vijay))
 - pyauditor + Apel plugin + HTCondor collector: drop support for Python 3.8 ([@dirksammel](https://github.com/dirksammel))
+- AUDITOR, plugins and collectors: parameter use_tls has to be added to config files ([@raghuvar-vijay](https://github.com/raghuvar-vijay)), ([@dirksammel](https://github.com/dirksammel))
 
 ### Security
 - [RUSTSEC-2024-0421]: Update idna from 0.5.0 to 1.0.3 ([@raghuvar-vijay](https://github.com/raghuvar-vijay))
@@ -17,7 +18,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - [RUSTSEC-2024-0402]: Update hashbrown from 0.15.0 to 0.15.2 ([@dirksammel](https://github.com/dirksammel))
 
 ### Added
-- AUDITOR: Add tls to AUDITOR, plugins and collectors ([@raghuvar-vijay](https://github.com/raghuvar-vijay))
+- AUDITOR: Add tls to AUDITOR, plugins and collectors ([@raghuvar-vijay](https://github.com/raghuvar-vijay)), ([@dirksammel](https://github.com/dirksammel))
 - Apel plugin: Add function for user->VO mapping to config ([@dirksammel](https://github.com/dirksammel))
 - CI: Add workflow to test publishing to the PyPI test repo ([@dirksammel](https://github.com/dirksammel))
 - Kubernetes collector: Added a Kubernetes collector ([@rkleinem](https://github.com/rkleinem))

plugins/apel/src/auditor_apel_plugin/config.py

@@ -11,7 +11,7 @@
 
 import yaml
 from pyauditor import Record
-from pydantic import BaseModel
+from pydantic import BaseModel, model_validator
 
 from .utility import vo_mapping
 
@@ -55,6 +55,29 @@ class AuditorConfig(Configurable):
     port: int
     timeout: int
     site_meta_field: str
+    use_tls: bool
+    ca_cert_path: Optional[str] = None
+    client_cert_path: Optional[str] = None
+    client_key_path: Optional[str] = None
+
+    @model_validator(mode="after")
+    def check_tls_config(self):
+        if self.use_tls:
+            missing_parameters = [
+                parameter_name
+                for parameter_name, value in {
+                    "ca_cert_path": self.ca_cert_path,
+                    "client_cert_path": self.client_cert_path,
+                    "client_key_path": self.client_key_path,
+                }.items()
+                if value == None
+            ]
+            if missing_parameters:
+                missing_parameters_str = ", ".join(missing_parameters)
+                raise ValueError(
+                    f"Parameters {missing_parameters_str} are required if use_tls: True"
+                )
+        return self
 
 
 class AuthConfig(Configurable):

plugins/apel/src/auditor_apel_plugin/publish.py

@@ -155,8 +155,18 @@ def main():
     auditor_ip = config.auditor.ip
     auditor_port = config.auditor.port
     auditor_timeout = config.auditor.timeout
+    auditor_tls = config.auditor.use_tls
 
     builder = AuditorClientBuilder()
+
+    if auditor_tls:
+        auditor_ca_cert = config.auditor.ca_cert_path
+        auditor_client_cert = config.auditor.client_cert_path
+        auditor_client_key = config.auditor.client_key_path
+        builder = builder.with_tls(
+            auditor_client_cert, auditor_client_key, auditor_ca_cert
+        )
+
     builder = builder.address(auditor_ip, auditor_port).timeout(auditor_timeout)
     client = builder.build_blocking()
 

plugins/apel/tests/test_config.py

@@ -7,6 +7,7 @@
 from pydantic import ValidationError
 
 from auditor_apel_plugin.config import (
+    AuditorConfig,
     ComponentField,
     Config,
     ConstantField,
@@ -83,8 +84,70 @@ def test_plugin_config(self):
                 report_interval=report_interval,
                 message_type=message_type,
             )
+
+        assert pytest_error.type is ValidationError
+
+        ip = "127.0.0.1"
+        port = 8000
+        timeout = 60
+        site_meta_field = "site_id"
+        use_tls = False
+
+        auditorconfig = AuditorConfig(
+            ip=ip,
+            port=port,
+            timeout=timeout,
+            site_meta_field=site_meta_field,
+            use_tls=use_tls,
+        )
+
+        assert auditorconfig.use_tls == use_tls
+
+        use_tls = True
+
+        with pytest.raises(Exception) as pytest_error:
+            auditorconfig = AuditorConfig(
+                ip=ip,
+                port=port,
+                timeout=timeout,
+                site_meta_field=site_meta_field,
+                use_tls=use_tls,
+            )
+
         assert pytest_error.type is ValidationError
 
+        ca_cert_path = "/test/path"
+
+        with pytest.raises(Exception) as pytest_error:
+            auditorconfig = AuditorConfig(
+                ip=ip,
+                port=port,
+                timeout=timeout,
+                site_meta_field=site_meta_field,
+                use_tls=use_tls,
+                ca_cert_path=ca_cert_path,
+            )
+
+        assert pytest_error.type is ValidationError
+
+        client_cert_path = "/test/path"
+        client_key_path = "/test/path"
+
+        auditorconfig = AuditorConfig(
+            ip=ip,
+            port=port,
+            timeout=timeout,
+            site_meta_field=site_meta_field,
+            use_tls=use_tls,
+            ca_cert_path=ca_cert_path,
+            client_cert_path=client_cert_path,
+            client_key_path=client_key_path,
+        )
+
+        assert auditorconfig.ca_cert_path == ca_cert_path
+        assert auditorconfig.client_cert_path == client_cert_path
+        assert auditorconfig.client_key_path == client_key_path
+
     def test_get_value_default(self):
         class TestField(Field):
             attribute: str

plugins/apel/tests/test_config.yml

@@ -23,6 +23,7 @@ auditor:
   port: 3333
   timeout: 5000
   site_meta_field: site_in_meta
+  use_tls: False
 
 summary_fields:
   mandatory: