Closed InRiPa closed 3 years ago
Thanks for putting the library to the test, it helps a lot.
Regarding your points:
provider_app.py
example. The interface description should be HTTP-SECURE-JSON
when the client is given a certfile and keyfile, and HTTP-INSECURE-JSON
when it is not. Though the major fault here is that the user gives the interface description, even though the protocol and security parts can be inferred from the kind of provider and access policy respectively. I think I will change this in future revisions so that only the last part is given when creating the service.If I sound unsure it's because I do not sure answers. Even though I'm writing this library I haven't used it enough myself to know what causes all errors. I'm sorry that it has been a struggle so far, I have some plans to make the minimum working example easier, e.g. provide a pre-configured local cloud, but I'm currently working on getting token security up and running. I will try to have the next update done by the end of the week. This update will not change the API much but there are a lot of changes under the hood, like error handling of various kinds.
Hi,
thanks a lot for your help!
My main point is, that I need a definite verification, if I'm using the library wrong or if it is an error on library side. Could you reproduce my scenario (e.g. getting the demo example working with ssl and using an external AHF IP address)? If it works for you, I know, that I messed something up.
Even though I'm writing this library I haven't used it enough myself to know what causes all errors.
I'm not sure, if I understand this correctly. Is this library actively maintained or on stale? Thing is, I will have students working with Arrowhead and wanted them to use the python library. That's why I'm trying to figure out if it is currently usable/working.
I'm not sure, if I understand this correctly. Is this library actively maintained or on stale? Thing is, I will have students working with Arrowhead and wanted them to use the python library. That's why I'm trying to figure out if it is currently usable/working.
The library is under active development, but the way I am using it and testing it is not enough to find all the bugs and bad design decisions, that's what I meant.
For example, connecting to core systems running on a different IP address is something I haven't tried but I'm working under the assumption that it would work the same. That is what you want me to test right, running the provider and consumer on one system and the core systems on another? If so, I'll try to do that tonight.
Okay, tried to recreate your situation by doing the following:
_default_address
to 192.168.50.195 in arrowhead_client.config
.provider_app.py
example to 192.168.50.7.keyfile
and certfile
lines in provider_app.py
(to make it run in insecure mode).When I ran provider_app.py
given those changes I managed to connect to the core systems, no issues.
I didn't use secure mode because setting up the certificates would be more work than I'm willing to up in tonight. So try running the core systems in insecure mode and see if it works. If it does, double check that the certificates are all in order and if they aren't come back and I will investigate this further. And please tell me if I misunderstood your problem.
Once again, thanks for putting the library to the test!
I just realized my previous reply did not answer any of your questions.
This is most likely a bug with the provider_app.py
, since it registers with the interface HTTP-INSECURE-JSON
despite being run in secure mode with the CERTIFICATE
access policy. So what happens is that the INSECURE
interface is registered in the service registry, and when the consumer asks the orchestrator for an orchestration rule it gives the consumer the wrong interface. And when the consumer tries to consume the hello-arrowhead
service it gets to this line (line 66 in client_core.py
)
if consumed_service.interface.secure == 'SECURE':
# Add certificate files if service is secure
kwargs['cert'] = self.cert
and the certificate files will not be added to the request and the provider will be upset and give an SSL error.
So I think that changing the interface of the provider in provider_app.py
to HTTP-SECURE-JSON
should solve all your issues. Please tell me if it doesn't.
Thanks a lot! I got the provider_app.py
, consumer_app.py
with SSL
connecting against a remote ahf server
running now.
I'm trying to get a working example running using this library. Unfortunately, I'm really struggling with it.
What I'm trying to do:
What I did so far:
Now, I tried to get the consumer running.
core_service_responses.py
since the response doesn't contain the key service_orchestration_response['response'] Maybe something like the following would help (but also needs to be handled by the following logic.):consume_service
inhttpconsumer.py
. For thehello-arrowhead
service, there is no"cert"
key inkwargs
.For handling this, maybe something like
if "cert" in kwargs.keys():
could cover the error.But my main question here is about what went wrong? The current example in the repository uses
HTTP-INSECURE-JSON
, what makes me believe that certificates for the service consumption is ignored. Is this a libray bug or did I messed something up during the configuration?I tried to skip the https setting with the above mentioned statement., which resulted in following error on the
provider side
: