authn: Override configuration with environment variables for server

Signed-off-by: Abhishek Gaikwad <[email protected]>
NVIDIA · Jul 26, 2024 · bc10234 · bc10234
1 parent 21cce48
commit bc10234
Show file tree

Hide file tree

Showing 4 changed files with 75 additions and 17 deletions.
diff --git a/api/env/authn.go b/api/env/authn.go
@@ -18,6 +18,8 @@ var (
 		Port          string
 		TTL           string
 		UseHTTPS      string
+		ServerCrt     string
+		ServerKey     string
 		AdminPassword string
 		AdminUsername string
 		SecretKey     string
@@ -31,6 +33,8 @@ var (
 		Port:          "AIS_AUTHN_PORT",
 		TTL:           "AIS_AUTHN_TTL",
 		UseHTTPS:      "AIS_AUTHN_USE_HTTPS",
+		ServerCrt:     "AIS_SERVER_CRT",
+		ServerKey:     "AIS_SERVER_KEY",
 		SecretKey:     "AIS_AUTHN_SECRET_KEY",
 		AdminUsername: "AIS_AUTHN_SU_NAME",
 		AdminPassword: "AIS_AUTHN_SU_PASS",

diff --git a/cmd/authn/hserv.go b/cmd/authn/hserv.go
@@ -7,10 +7,12 @@ package main
 import (
 	"fmt"
 	"net/http"
+	"os"
 	"time"
 
 	"github.com/NVIDIA/aistore/api/apc"
 	"github.com/NVIDIA/aistore/api/authn"
+	"github.com/NVIDIA/aistore/api/env"
 	"github.com/NVIDIA/aistore/cmd/authn/tok"
 	"github.com/NVIDIA/aistore/cmn"
 	"github.com/NVIDIA/aistore/cmn/cos"
@@ -43,31 +45,55 @@ func parseURL(w http.ResponseWriter, r *http.Request, itemsAfter int, items []st
 }
 
 // Run public server to manage users and generate tokens
-func (h *hserv) Run() (err error) {
-	portstring := fmt.Sprintf(":%d", Conf.Net.HTTP.Port)
-	nlog.Infof("Listening on *:%s", portstring)
+func (h *hserv) Run() error {
+	var (
+		portStr    string
+		err        error
+		useHTTPS   bool
+		serverCert string
+		serverKey  string
+	)
+
+	// Retrieve and set the port
+	portStr = os.Getenv(env.AuthN.Port)
+	if portStr == "" {
+		portStr = fmt.Sprintf(":%d", Conf.Net.HTTP.Port)
+	} else {
+		portStr = ":" + portStr
+	}
+	nlog.Infof("Listening on %s", portStr)
 
 	h.registerPublicHandlers()
 	h.s = &http.Server{
-		Addr:              portstring,
+		Addr:              portStr,
 		Handler:           h.mux,
 		ReadHeaderTimeout: apc.ReadHeaderTimeout,
 	}
 	if timeout, isSet := cmn.ParseReadHeaderTimeout(); isSet { // optional env var
 		h.s.ReadHeaderTimeout = timeout
 	}
-	if Conf.Net.HTTP.UseHTTPS {
-		if err = h.s.ListenAndServeTLS(Conf.Net.HTTP.Certificate, Conf.Net.HTTP.Key); err == nil {
-			return nil
-		}
-		goto rerr
+
+	// Retrieve and set HTTPS configuration with environment variables taking precedence
+	useHTTPS, err = cos.IsParseEnvBoolOrDefault(env.AuthN.UseHTTPS, Conf.Net.HTTP.UseHTTPS)
+	if err != nil {
+		nlog.Errorf("Failed to parse %s: %v. Defaulting to false", env.AuthN.UseHTTPS, err)
 	}
-	if err = h.s.ListenAndServe(); err == nil {
-		return nil
+	serverCert = cos.GetEnvOrDefault(env.AuthN.ServerCrt, Conf.Net.HTTP.Certificate)
+	serverKey = cos.GetEnvOrDefault(env.AuthN.ServerKey, Conf.Net.HTTP.Key)
+
+	// Start the appropriate server based on the configuration
+	if useHTTPS {
+		nlog.Infof("Starting HTTPS server on port%s", portStr)
+		nlog.Infof("Certificate: %s", serverCert)
+		nlog.Infof("Key: %s", serverKey)
+		err = h.s.ListenAndServeTLS(serverCert, serverKey)
+	} else {
+		nlog.Infof("Starting HTTP server on port%s", portStr)
+		err = h.s.ListenAndServe()
 	}
-rerr:
-	if err != http.ErrServerClosed {
-		nlog.Errorf("Terminated with err: %v", err)
+
+	if err != nil && err != http.ErrServerClosed {
+		nlog.Errorf("Server terminated with error: %v", err)
 		return err
 	}
 	return nil

diff --git a/cmd/authn/main.go b/cmd/authn/main.go
@@ -106,10 +106,11 @@ func main() {
 }
 
 func updateLogOptions() error {
-	if err := cos.CreateDir(Conf.Log.Dir); err != nil {
-		return fmt.Errorf("failed to create log dir %q, err: %v", Conf.Log.Dir, err)
+	logDir := cos.GetEnvOrDefault(env.AuthN.LogDir, Conf.Log.Dir)
+	if err := cos.CreateDir(logDir); err != nil {
+		return fmt.Errorf("failed to create log dir %q, err: %v", logDir, err)
 	}
-	nlog.SetLogDirRole(Conf.Log.Dir, "auth")
+	nlog.SetLogDirRole(logDir, "auth")
 	return nil
 }
 

diff --git a/cmn/cos/env_vars.go b/cmn/cos/env_vars.go
@@ -0,0 +1,27 @@
+// Package cos provides common low-level types and utilities for all aistore projects.
+/*
+ * Copyright (c) 2024, NVIDIA CORPORATION. All rights reserved.
+ */
+package cos
+
+import (
+	"os"
+)
+
+// getEnvOrDefault returns the value of the environment variable if it exists,
+// otherwise it returns the provided default value.
+func GetEnvOrDefault(envVar, defaultValue string) string {
+	if value := os.Getenv(envVar); value != "" {
+		return value
+	}
+	return defaultValue
+}
+
+// IsParseBoolOrDefault parses a boolean from the environment variable string
+// or returns the default value if parsing fails.
+func IsParseEnvBoolOrDefault(envVar string, defaultValue bool) (bool, error) {
+	if value := os.Getenv(envVar); value != "" {
+		return ParseBool(value)
+	}
+	return defaultValue, nil
+}