VOL-1121: made all ponsim gRPC connections unencrypted
Change-Id: I1c390d2668224208b843cbbc12181c7ec258714a
diff --git a/ponsim/v2/core/ponsim_olt.go b/ponsim/v2/core/ponsim_olt.go
index 508f455..34ed68a 100644
--- a/ponsim/v2/core/ponsim_olt.go
+++ b/ponsim/v2/core/ponsim_olt.go
@@ -17,7 +17,10 @@
import (
"context"
- "crypto/tls"
+ "strconv"
+ "strings"
+ "time"
+
"github.com/golang/protobuf/ptypes/empty"
"github.com/google/gopacket"
"github.com/opencord/voltha/ponsim/v2/common"
@@ -25,10 +28,6 @@
"github.com/sirupsen/logrus"
"google.golang.org/grpc"
"google.golang.org/grpc/connectivity"
- "google.golang.org/grpc/credentials"
- "strconv"
- "strings"
- "time"
)
// TODO: Pass-in the certificate information as a structure parameter
@@ -191,18 +190,11 @@
"host": host,
}).Debug("Formatting host address")
- // TODO: make it secure
- ta := credentials.NewTLS(&tls.Config{
- //Certificates: []tls.Certificate{peerCert},
- //RootCAs: caCertPool,
- InsecureSkipVerify: true,
- })
-
// GRPC communication needs to be secured
if onu.Conn, err = grpc.DialContext(
context.Background(),
host,
- grpc.WithTransportCredentials(ta),
+ grpc.WithInsecure(),
); err != nil {
common.Logger().WithFields(logrus.Fields{
"device": o,
diff --git a/ponsim/v2/core/ponsim_onu.go b/ponsim/v2/core/ponsim_onu.go
index 1037cb9..ac3a02a 100644
--- a/ponsim/v2/core/ponsim_onu.go
+++ b/ponsim/v2/core/ponsim_onu.go
@@ -17,7 +17,11 @@
import (
"context"
- "crypto/tls"
+ "strconv"
+ "strings"
+ "sync"
+ "time"
+
"github.com/golang/protobuf/ptypes/empty"
"github.com/google/gopacket"
"github.com/google/uuid"
@@ -25,11 +29,6 @@
"github.com/opencord/voltha/protos/go/ponsim"
"github.com/sirupsen/logrus"
"google.golang.org/grpc"
- "google.golang.org/grpc/credentials"
- "strconv"
- "strings"
- "sync"
- "time"
)
// TODO: Cleanup GRPC security config
@@ -376,16 +375,8 @@
strconv.Itoa(int(o.ParentPort)),
}, ":")
- // TODO: make it secure
- // GRPC communication needs to be secured
- ta := credentials.NewTLS(&tls.Config{
- //Certificates: []tls.Certificate{peerCert},
- //RootCAs: caCertPool,
- InsecureSkipVerify: true,
- })
-
if o.Conn, err = grpc.DialContext(
- context.Background(), host, grpc.WithTransportCredentials(ta), grpc.WithBlock(),
+ context.Background(), host, grpc.WithInsecure(), grpc.WithBlock(),
); err != nil {
common.Logger().WithFields(logrus.Fields{
"device": o,
diff --git a/ponsim/v2/grpc/nbi/ponsim_handler.go b/ponsim/v2/grpc/nbi/ponsim_handler.go
index 9e4fb0c..8205386 100644
--- a/ponsim/v2/grpc/nbi/ponsim_handler.go
+++ b/ponsim/v2/grpc/nbi/ponsim_handler.go
@@ -17,8 +17,10 @@
import (
"context"
- "crypto/tls"
"errors"
+ "strconv"
+ "strings"
+
"github.com/golang/protobuf/ptypes/empty"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
@@ -27,14 +29,8 @@
"github.com/opencord/voltha/protos/go/voltha"
"github.com/sirupsen/logrus"
"google.golang.org/grpc"
- "google.golang.org/grpc/credentials"
- "strconv"
- "strings"
)
-// TODO: Cleanup GRPC security config
-// TODO: Pass-in the certificate information as a structure parameter
-
type PonSimHandler struct {
device core.PonSimInterface
}
@@ -199,10 +195,6 @@
}).Debug("Updating ONU flows")
if child, ok := (handler.device).(*core.PonSimOltDevice).GetOnus()[table.Port]; ok {
- // TODO: make it secure
- ta := credentials.NewTLS(&tls.Config{
- InsecureSkipVerify: true,
- })
host := strings.Join([]string{
child.Device.Address,
@@ -211,7 +203,7 @@
conn, err := grpc.Dial(
host,
- grpc.WithTransportCredentials(ta),
+ grpc.WithInsecure(),
)
if err != nil {
common.Logger().WithFields(logrus.Fields{
@@ -289,15 +281,11 @@
// Loop through each onus to get stats from those as well?
// send grpc request to each onu
for _, child := range (handler.device).(*core.PonSimOltDevice).GetOnus() {
- // TODO: make it secure
- ta := credentials.NewTLS(&tls.Config{
- InsecureSkipVerify: true,
- })
host := strings.Join([]string{child.Device.Address, strconv.Itoa(int(child.Device.Port))}, ":")
conn, err := grpc.Dial(
host,
- grpc.WithTransportCredentials(ta),
+ grpc.WithInsecure(),
)
if err != nil {
common.Logger().WithFields(logrus.Fields{
diff --git a/ponsim/v2/ponsim.go b/ponsim/v2/ponsim.go
index 20f8b86..eab6a54 100644
--- a/ponsim/v2/ponsim.go
+++ b/ponsim/v2/ponsim.go
@@ -19,13 +19,14 @@
"context"
"flag"
"fmt"
- "github.com/opencord/voltha/ponsim/v2/common"
- "github.com/opencord/voltha/ponsim/v2/core"
- "github.com/opencord/voltha/ponsim/v2/grpc"
"log"
"os"
"os/signal"
"path"
+
+ "github.com/opencord/voltha/ponsim/v2/common"
+ "github.com/opencord/voltha/ponsim/v2/core"
+ "github.com/opencord/voltha/ponsim/v2/grpc"
)
// TODO: Cleanup logs
@@ -202,7 +203,7 @@
func (s *PonSimService) Start(ctx context.Context) {
// GRPC server needs to be secure.
// Otherwise communication between adapter and simulator does not occur
- s.server = grpc.NewGrpcServer(s.device.GetAddress(), s.device.GetPort(), certs, true)
+ s.server = grpc.NewGrpcServer(s.device.GetAddress(), s.device.GetPort(), certs, false)
// Add GRPC services
s.server.AddCommonService(s.device)
diff --git a/voltha/adapters/ponsim_olt/ponsim_olt.py b/voltha/adapters/ponsim_olt/ponsim_olt.py
index dc6b297..92a5a0a 100644
--- a/voltha/adapters/ponsim_olt/ponsim_olt.py
+++ b/voltha/adapters/ponsim_olt/ponsim_olt.py
@@ -370,30 +370,7 @@
if self.channel is None:
device = self.adapter_agent.get_device(self.device_id)
- # read in certificate
- try:
- with open('/voltha/pki/voltha-CA.pem') as f:
- trusted_certs = f.read()
-
- with open('/voltha/pki/voltha.crt') as f:
- client_cert = f.read()
-
- with open('/voltha/pki/voltha.key') as f:
- client_key = f.read()
- except Exception as e:
- log.error('failed-to-read-cert-keys', reason=e)
-
- # create credentials
- credentials = grpc.ssl_channel_credentials(
- root_certificates=trusted_certs, private_key=client_key,
- certificate_chain=client_cert)
-
- # create channel using ssl credentials
- my_server_host_override_string = "ABCD" # Server's CN Name, Ugly but no other Choice.
- self.channel = grpc.secure_channel(device.host_and_port,
- credentials, options=((
- 'grpc.ssl_target_name_override',
- my_server_host_override_string,),))
+ self.channel = grpc.insecure_channel(device.host_and_port)
return self.channel