reference latest tags

Fix for Kerberos Vault persistence check
Fix for empty vault settings, throw error
2026-03-03 14:50:18 +00:00 · 2023-06-24 12:58:16 +02:00 · 2023-06-23 21:13:13 +02:00 · 2023-06-23 20:20:38 +02:00 · 2023-06-23 19:01:04 +02:00 · 2023-06-23 17:16:13 +02:00
5 changed files with 97 additions and 135 deletions
--- a/deployments/ansible-openshift/playbook.yml
+++ b/deployments/ansible-openshift/playbook.yml
@@ -82,7 +82,7 @@

                initContainers:
                  - name: download-config
-                    image: kerberos/agent:1b96d01
+                    image: kerberos/agent:latest
                    volumeMounts:
                      - name: kerberos-data
                        mountPath: /home/agent/data/config
@@ -96,7 +96,7 @@

                containers:
                  - name: agent
-                    image: kerberos/agent:1b96d01
+                    image: kerberos/agent:latest
                    volumeMounts:
                      - name: kerberos-data
                        mountPath: /home/agent/data/config
--- a/deployments/kubernetes/deployment-agent-volume.yml
+++ b/deployments/kubernetes/deployment-agent-volume.yml
@@ -21,7 +21,7 @@ spec:

      initContainers:
        - name: download-config
-          image: kerberos/agent:1b96d01
+          image: kerberos/agent:latest
          volumeMounts:
            - name: kerberos-data
              mountPath: /home/agent/data/config
--- a/machinery/data/test-480p.mp4
+++ b/machinery/data/test-480p.mp4
--- a/machinery/src/cloud/Cloud.go
+++ b/machinery/src/cloud/Cloud.go
@@ -2,7 +2,6 @@ package cloud

 import (
 	"bytes"
-	"crypto/tls"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
@@ -15,14 +14,12 @@ import (
 	"github.com/gin-gonic/gin"
 	"github.com/golang-module/carbon/v2"
 	"github.com/kerberos-io/joy4/av/pubsub"
-	"github.com/minio/minio-go/v6"

 	mqtt "github.com/eclipse/paho.mqtt.golang"
 	av "github.com/kerberos-io/joy4/av"
 	"github.com/kerberos-io/joy4/cgo/ffmpeg"

 	"net/http"
-	"net/url"
 	"strconv"
 	"time"

@@ -545,14 +542,14 @@ func VerifyHub(c *gin.Context) {
 	err := c.BindJSON(&config)

 	if err == nil {
-		hubKey := config.HubKey
 		hubURI := config.HubURI
+		publicKey := config.HubKey
+		privateKey := config.HubPrivateKey

-		content := []byte(`{"message": "fake-message"}`)
-		body := bytes.NewReader(content)
-		req, err := http.NewRequest("POST", hubURI+"/queue/test", body)
+		req, err := http.NewRequest("POST", hubURI+"/subscription/verify", nil)
 		if err == nil {
-			req.Header.Set("X-Kerberos-Cloud-Key", hubKey)
+			req.Header.Set("X-Kerberos-Hub-PublicKey", publicKey)
+			req.Header.Set("X-Kerberos-Hub-PrivateKey", privateKey)
 			client := &http.Client{}

 			resp, err := client.Do(req)
@@ -609,88 +606,80 @@ func VerifyPersistence(c *gin.Context) {

 		if config.Cloud == "dropbox" {
 			VerifyDropbox(config, c)
-		} else if config.Cloud == "s3" {
+		} else if config.Cloud == "s3" || config.Cloud == "kerberoshub" {

-			// timestamp_microseconds_instanceName_regionCoordinates_numberOfChanges_token
-			// 1564859471_6-474162_oprit_577-283-727-375_1153_27.mp4
-			// - Timestamp
-			// - Size + - + microseconds
-			// - device
-			// - Region
-			// - Number of changes
-			// - Token
-
-			aws_access_key_id := config.S3.Publickey
-			aws_secret_access_key := config.S3.Secretkey
-			aws_region := config.S3.Region
-
-			// This is the new way ;)
-			if config.HubKey != "" {
-				aws_access_key_id = config.HubKey
-			}
-			if config.HubPrivateKey != "" {
-				aws_secret_access_key = config.HubPrivateKey
-			}
-
-			s3Client, err := minio.NewWithRegion("s3.amazonaws.com", aws_access_key_id, aws_secret_access_key, true, aws_region)
-			if err != nil {
+			if config.HubURI == "" ||
+				config.HubKey == "" ||
+				config.HubPrivateKey == "" ||
+				config.S3.Region == "" {
+				msg := "VerifyPersistence: Kerberos Hub not properly configured."
+				log.Log.Info(msg)
 				c.JSON(400, models.APIResponse{
-					Data: "Creation of Kerberos Hub connection failed: " + err.Error(),
+					Data: msg,
 				})
 			} else {

-				// Check if we need to use the proxy.
-				if config.S3.ProxyURI != "" {
-					var transport http.RoundTripper = &http.Transport{
-						Proxy: func(*http.Request) (*url.URL, error) {
-							return url.Parse(config.S3.ProxyURI)
-						},
-						TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
-					}
-					s3Client.SetCustomTransport(transport)
+				// Open test-480p.mp4
+				file, err := os.Open("./data/test-480p.mp4")
+				if err != nil {
+					msg := "VerifyPersistence: error reading test-480p.mp4: " + err.Error()
+					log.Log.Error(msg)
+					c.JSON(400, models.APIResponse{
+						Data: msg,
+					})
+				}
+				defer file.Close()
+
+				req, err := http.NewRequest("POST", config.HubURI+"/storage/upload", file)
+				if err != nil {
+					msg := "VerifyPersistence: error reading Kerberos Hub HEAD request, " + config.HubURI + "/storage: " + err.Error()
+					log.Log.Error(msg)
+					c.JSON(400, models.APIResponse{
+						Data: msg,
+					})
 				}

-				deviceKey := "fake-key"
-				devicename := "justatest"
-				coordinates := "200-200-400-400"
-				eventToken := "769"
-
 				timestamp := time.Now().Unix()
-				fileName := strconv.FormatInt(timestamp, 10) + "_6-967003_justatest_200-200-400-400_24_769.mp4"
-				content := []byte("test-file")
-				body := bytes.NewReader(content)
+				fileName := strconv.FormatInt(timestamp, 10) +
+					"_6-967003_" + config.Name + "_200-200-400-400_24_769.mp4"
+				req.Header.Set("X-Kerberos-Storage-FileName", fileName)
+				req.Header.Set("X-Kerberos-Storage-Capture", "IPCamera")
+				req.Header.Set("X-Kerberos-Storage-Device", config.Key)
+				req.Header.Set("X-Kerberos-Hub-PublicKey", config.HubKey)
+				req.Header.Set("X-Kerberos-Hub-PrivateKey", config.HubPrivateKey)
+				req.Header.Set("X-Kerberos-Hub-Region", config.S3.Region)

-				n, err := s3Client.PutObject(config.S3.Bucket,
-					config.S3.Username+"/"+fileName,
-					body,
-					body.Size(),
-					minio.PutObjectOptions{
-						ContentType:  "video/mp4",
-						StorageClass: "ONEZONE_IA",
-						UserMetadata: map[string]string{
-							"event-timestamp":         strconv.FormatInt(timestamp, 10),
-							"event-microseconds":      deviceKey,
-							"event-instancename":      devicename,
-							"event-regioncoordinates": coordinates,
-							"event-numberofchanges":   deviceKey,
-							"event-token":             eventToken,
-							"productid":               deviceKey,
-							"publickey":               aws_access_key_id,
-							"uploadtime":              "now",
-						},
-					})
+				client := &http.Client{}

-				if err != nil {
-					c.JSON(400, models.APIResponse{
-						Data: "Upload of fake recording failed: " + err.Error(),
-					})
+				resp, err := client.Do(req)
+				if resp != nil {
+					defer resp.Body.Close()
+				}
+
+				if err == nil && resp != nil {
+					if resp.StatusCode == 200 {
+						msg := "VerifyPersistence: Upload allowed using the credentials provided (" + config.HubKey + ", " + config.HubPrivateKey + ")"
+						log.Log.Info(msg)
+						c.JSON(200, models.APIResponse{
+							Data: msg,
+						})
+					} else {
+						msg := "VerifyPersistence: Upload NOT allowed using the credentials provided (" + config.HubKey + ", " + config.HubPrivateKey + ")"
+						log.Log.Info(msg)
+						c.JSON(400, models.APIResponse{
+							Data: msg,
+						})
+					}
 				} else {
-					c.JSON(200, models.APIResponse{
-						Data: "Upload Finished: file has been uploaded to bucket: " + strconv.FormatInt(n, 10),
+					msg := "VerifyPersistence: Error creating Kerberos Hub request"
+					log.Log.Info(msg)
+					c.JSON(400, models.APIResponse{
+						Data: msg,
 					})
 				}
 			}
-		} else if config.Cloud == "kstorage" {
+
+		} else if config.Cloud == "kstorage" || config.Cloud == "kerberosvault" {

 			uri := config.KStorage.URI
 			accessKey := config.KStorage.AccessKey
@@ -699,10 +688,9 @@ func VerifyPersistence(c *gin.Context) {
 			provider := config.KStorage.Provider

 			if err == nil && uri != "" && accessKey != "" && secretAccessKey != "" {
-				var postData = []byte(`{"title":"Buy cheese and bread for breakfast."}`)
-				client := &http.Client{}
-				req, err := http.NewRequest("POST", uri+"/ping", bytes.NewReader(postData))

+				client := &http.Client{}
+				req, err := http.NewRequest("POST", uri+"/ping", nil)
 				req.Header.Add("X-Kerberos-Storage-AccessKey", accessKey)
 				req.Header.Add("X-Kerberos-Storage-SecretAccessKey", secretAccessKey)
 				resp, err := client.Do(req)
@@ -714,32 +702,35 @@ func VerifyPersistence(c *gin.Context) {

 						if provider != "" || directory != "" {

-							hubKey := config.KStorage.CloudKey
-							// This is the new way ;)
-							if config.HubKey != "" {
-								hubKey = config.HubKey
-							}
-
 							// Generate a random name.
 							timestamp := time.Now().Unix()
 							fileName := strconv.FormatInt(timestamp, 10) +
-								"_6-967003_justatest_200-200-400-400_24_769.mp4"
-							content := []byte("test-file")
-							body := bytes.NewReader(content)
-							//fileSize := int64(len(content))
+								"_6-967003_" + config.Name + "_200-200-400-400_24_769.mp4"

-							req, err := http.NewRequest("POST", uri+"/storage", body)
+							// Open test-480p.mp4
+							file, err := os.Open("./data/test-480p.mp4")
+							if err != nil {
+								msg := "VerifyPersistence: error reading test-480p.mp4: " + err.Error()
+								log.Log.Error(msg)
+								c.JSON(400, models.APIResponse{
+									Data: msg,
+								})
+							}
+							defer file.Close()
+
+							req, err := http.NewRequest("POST", uri+"/storage", file)
 							if err == nil {

 								req.Header.Set("Content-Type", "video/mp4")
-								req.Header.Set("X-Kerberos-Storage-CloudKey", hubKey)
+								req.Header.Set("X-Kerberos-Storage-CloudKey", config.HubKey)
 								req.Header.Set("X-Kerberos-Storage-AccessKey", accessKey)
 								req.Header.Set("X-Kerberos-Storage-SecretAccessKey", secretAccessKey)
 								req.Header.Set("X-Kerberos-Storage-Provider", provider)
 								req.Header.Set("X-Kerberos-Storage-FileName", fileName)
-								req.Header.Set("X-Kerberos-Storage-Device", "test")
+								req.Header.Set("X-Kerberos-Storage-Device", config.Key)
 								req.Header.Set("X-Kerberos-Storage-Capture", "IPCamera")
 								req.Header.Set("X-Kerberos-Storage-Directory", directory)
+
 								client := &http.Client{}

 								resp, err := client.Do(req)
@@ -753,41 +744,45 @@ func VerifyPersistence(c *gin.Context) {
 												c.JSON(200, body)
 											} else {
 												c.JSON(400, models.APIResponse{
-													Data: "Something went wrong while verifying your persistence settings. Make sure your provider is the same as the storage provider in your Kerberos Vault, and the relevant storage provider is configured properly.",
+													Data: "VerifyPersistence: Something went wrong while verifying your persistence settings. Make sure your provider is the same as the storage provider in your Kerberos Vault, and the relevant storage provider is configured properly.",
 												})
 											}
 										}
 									}
 								} else {
 									c.JSON(400, models.APIResponse{
-										Data: "Upload of fake recording failed: " + err.Error(),
+										Data: "VerifyPersistence: Upload of fake recording failed: " + err.Error(),
 									})
 								}
 							} else {
 								c.JSON(400, models.APIResponse{
-									Data: "Something went wrong while creating /storage POST request." + err.Error(),
+									Data: "VerifyPersistence: Something went wrong while creating /storage POST request." + err.Error(),
 								})
 							}
 						} else {
 							c.JSON(400, models.APIResponse{
-								Data: "Provider and/or directory is missing from the request.",
+								Data: "VerifyPersistence: Provider and/or directory is missing from the request.",
 							})
 						}
 					} else {
 						c.JSON(400, models.APIResponse{
-							Data: "Something went wrong while verifying storage credentials: " + string(body),
+							Data: "VerifyPersistence: Something went wrong while verifying storage credentials: " + string(body),
 						})
 					}
 				} else {
 					c.JSON(400, models.APIResponse{
-						Data: "Something went wrong while verifying storage credentials:" + err.Error(),
+						Data: "VerifyPersistence: Something went wrong while verifying storage credentials:" + err.Error(),
 					})
 				}
+			} else {
+				c.JSON(400, models.APIResponse{
+					Data: "VerifyPersistence: please fill-in the required Kerberos Vault credentials.",
+				})
 			}
 		}
 	} else {
 		c.JSON(400, models.APIResponse{
-			Data: "No persistence was specified, so do not know what to verify:" + err.Error(),
+			Data: "VerifyPersistence: No persistence was specified, so do not know what to verify:" + err.Error(),
 		})
 	}
 }
--- a/ui/src/pages/Settings/Settings.jsx
+++ b/ui/src/pages/Settings/Settings.jsx
@@ -2114,17 +2114,6 @@ class Settings extends React.Component {
                  />
                  {config.cloud === this.KERBEROS_HUB && (
                    <>
-                      <Input
-                        noPadding
-                        label={t('settings.persistence.kerberoshub_proxyurl')}
-                        placeholder={t(
-                          'settings.persistence.kerberoshub_description_proxyurl'
-                        )}
-                        value={config.s3 ? config.s3.proxyuri : ''}
-                        onChange={(value) =>
-                          this.onUpdateField('s3', 'proxyuri', value, config.s3)
-                        }
-                      />
                      <Input
                        noPadding
                        label={t('settings.persistence.kerberoshub_region')}
@@ -2136,28 +2125,6 @@ class Settings extends React.Component {
                          this.onUpdateField('s3', 'region', value, config.s3)
                        }
                      />
-                      <Input
-                        noPadding
-                        label={t('settings.persistence.kerberoshub_bucket')}
-                        placeholder={t(
-                          'settings.persistence.kerberoshub_description_bucket'
-                        )}
-                        value={config.s3 ? config.s3.bucket : ''}
-                        onChange={(value) =>
-                          this.onUpdateField('s3', 'bucket', value, config.s3)
-                        }
-                      />
-                      <Input
-                        noPadding
-                        label={t('settings.persistence.kerberoshub_username')}
-                        placeholder={t(
-                          'settings.persistence.kerberoshub_description_username'
-                        )}
-                        value={config.s3 ? config.s3.username : ''}
-                        onChange={(value) =>
-                          this.onUpdateField('s3', 'username', value, config.s3)
-                        }
-                      />
                    </>
                  )}
                  {config.cloud === this.KERBEROS_VAULT && (
Author	SHA1	Message	Date
Cedric Verstraeten	756b893ecd	reference latest tags	2023-06-24 12:58:16 +02:00
Cedric Verstraeten	36323b076f	Fix for Kerberos Vault persistence check	2023-06-23 21:13:13 +02:00
Cedric Verstraeten	95f43b6444	Fix for empty vault settings, throw error	2023-06-23 20:20:38 +02:00
Cedric Verstraeten	5c23a62ac3	New function to validate Kerberos Hub connectivity and subscription	2023-06-23 19:01:04 +02:00
Cedric Verstraeten	2b425a2ddd	add test video for verification	2023-06-23 17:16:13 +02:00