Add a seperate AKMS config option

See merge request !211

README.md

@@ -27,8 +27,19 @@ Id: "0ff33c82-7fe1-482b-a0ca-67565806ee4b" # ID of the kms
 Name: kms01 # name of the kms
 InterComAddr: 0.0.0.0:50910 # IP and port to bind the local gRPC server for inter KMS communication to
 QuantumAddr: 0.0.0.0:50911 # IP and port to bind the local gRPC server for QKD modules to reach the KMS to (optional, only used for specific emulated or experimental QKD modules)
-AkmsURL: "http://172.100.20.22:4444/api/v1/keys/push_ksa_key" # address of the rest endpoint of a connected AKMS (used for sending KSA key to the AKMS).
-AkmsCkmsServerPort: "9696" # Port of connected AKMS
+AKMS:
+  RemoteAddress: "http://172.100.20.22:4444/api/v1/keys/push_ksa_key" # address of the rest endpoint of a connected AKMS (used for sending KSA key to the AKMS).
+  ServerPort: "9696" # Port of connected AKMS
+  ClientTLS: # Settings for TLS for akms ckms interface
+    Active: true # Whether TLS is enabled
+    CAFile: "ssl/ca.crt" # Path to ca
+    CertFile: "ssl/kms/kms1-selfsigned.crt" # Path to cert
+    KeyFile: "ssl/kms/kms1-selfsigned.key" # Path to key
+  ServerTLS:
+    Active: true # Whether TLS is enabled
+    CAFile: "ssl/ca.crt" # Path to ca
+    CertFile: "ssl/kms/kms1-selfsigned.crt" # Path to cert
+    KeyFile: "ssl/kms/kms1-selfsigned.key" # Path to key
 GRPCTimeoutInSeconds: 10 # Time in seconds for timeout of gRPC connections as a client. Defaults to 10 seconds. Should not be set to 0 or negative values.
 GnmiTLS: # Settings for TLS for gNMI endpoint. Can be overwritten with cli parameters.
   Active: true # Whether TLS is enabled
@@ -40,11 +51,6 @@ KmsTLS: # Settings for TLS for inter KMS communication
   CAFile: "ssl/ca.crt" # Path to ca
   CertFile: "ssl/kms/kms1-selfsigned.crt" # Path to cert
   KeyFile: "ssl/kms/kms1-selfsigned.key" # Path to key
-AkmsCkmsTLS: # Settings for TLS for akms ckms interface
-  Active: true # Whether TLS is enabled
-  CAFile: "ssl/ca.crt" # Path to ca
-  CertFile: "ssl/kms/kms1-selfsigned.crt" # Path to cert
-  KeyFile: "ssl/kms/kms1-selfsigned.key" # Path to key
 Peers: # Peers to other goKMS
     # peer to goKMS02
     - PeerId: "5e41c291-6121-4335-84f6-41e04b8bdaa2" # id of the peer

config/goKMS/example01.yaml

@@ -3,8 +3,9 @@ Name: kms01
 InterComAddr: 0.0.0.0:50910
 QuantumAddr: 0.0.0.0:50911
 GRPCAddr: 0.0.0.0:50900
-AkmsURL: "http://akms-receiver01:4444/api/v1/keys/push_ksa_key"
-AkmsCkmsServerPort: "9696"
+AKMS:
+  RemoteAddress: "http://akms-receiver01:4444/api/v1/keys/push_ksa_key"
+  ServerPort: "9696"
 GRPCTimeoutInSeconds: 600
 KmsTLS:
   Active: false

config/goKMS/example04.yaml

@@ -3,8 +3,9 @@ Name: kms04
 InterComAddr: 0.0.0.0:50910
 QuantumAddr: 0.0.0.0:50911
 GRPCAddr: 0.0.0.0:50900
-AkmsURL: "http://akms-receiver02:4444/api/v1/keys/push_ksa_key"
-AkmsCkmsServerPort: "9696"
+AKMS:
+  RemoteAddress: "http://akms-receiver02:4444/api/v1/keys/push_ksa_key"
+  ServerPort: "9696"
 GRPCTimeoutInSeconds: 600
 KmsTLS:
   Active: false

config/goKMS/small_kms_1.yaml

-Id: '0ff33c82-7fe1-482b-a0ca-67565806ee4b'
+Id: "0ff33c82-7fe1-482b-a0ca-67565806ee4b"
 Name: kms_1
 InterComAddr: 0.0.0.0:50910
 QuantumAddr: 0.0.0.0:50911
-AkmsURL: "http://akms-simulator_1:4444/api/v1/keys/push_ksa_key"
-AkmsCkmsServerPort: "9696"
+AKMS:
+  RemoteAddress: "http://akms-simulator_1:4444/api/v1/keys/push_ksa_key"
+  ServerPort: "9696"
 Peers:
-    # peer to kms_2
-    - PeerId: '5e41c291-6121-4335-84f6-41e04b8bdaa2'
-      PeerInterComAddr: kms_2:50910
-      Type: danet
-      # quantum module of type emulated at the given address
-      QuantumModule:
-          Type: emulated
-          Hostname: quantumlayer_1
+  # peer to kms_2
+  - PeerId: "5e41c291-6121-4335-84f6-41e04b8bdaa2"
+    PeerInterComAddr: kms_2:50910
+    Type: danet
+    # quantum module of type emulated at the given address
+    QuantumModule:
+      Type: emulated
+      Hostname: quantumlayer_1
 QkdnManagerServer:
   Address: ":8090"

config/goKMS/small_kms_2.yaml

-Id: '5e41c291-6121-4335-84f6-41e04b8bdaa2'
+Id: "5e41c291-6121-4335-84f6-41e04b8bdaa2"
 Name: kms_2
 InterComAddr: 0.0.0.0:50910
 GRPCAddr: 0.0.0.0:50900
-AkmsURL: "http://akms-simulator_2:4444/api/v1/keys/push_ksa_key"
-AkmsCkmsServerPort: "9696"
+AKMS:
+  RemoteAddress: "http://akms-simulator_2:4444/api/v1/keys/push_ksa_key"
+  ServerPort: "9696"
 Peers:
-    # peer to kms_1
-    - PeerId: '0ff33c82-7fe1-482b-a0ca-67565806ee4b'
-      PeerInterComAddr: kms_1:50910
-      Type: danet
-      # quantum module of type emulated at the given address
-      QuantumModule:
-          Type: emulated
-          Hostname: quantumlayer_2
+  # peer to kms_1
+  - PeerId: "0ff33c82-7fe1-482b-a0ca-67565806ee4b"
+    PeerInterComAddr: kms_1:50910
+    Type: danet
+    # quantum module of type emulated at the given address
+    QuantumModule:
+      Type: emulated
+      Hostname: quantumlayer_2
 QkdnManagerServer:
   Address: ":8090"

goKMS/config/config.go

@@ -11,18 +11,23 @@ type Config struct {
 	Name                 string             `yaml:"Name"`
 	InterComAddr         string             `yaml:"InterComAddr"`
 	QuantumAddr          string             `yaml:"QuantumAddr"`
-	AkmsURL              string             `yaml:"AkmsURL"`
-	AkmsCkmsServerPort   string             `yaml:"AkmsCkmsServerPort"`
+	AKMS                 AKMS               `yaml:"AKMS"`
 	GnmiBindAddress      string             `yaml:"GnmiBindAddress"`
 	KmsTLS               TLSConfig          `yaml:"KmsTLS"`
 	Peers                []Peer             `yaml:"Peers"`
 	GnmiTLS              TLSConfig          `yaml:"GnmiTLS"`
-	AkmsCkmsTLS          TLSConfig          `yaml:"AkmsCkmsTLS"`
 	ETSI14Server         *ETSI14Server      `yaml:"ETSI14Server,omitempty"`
 	QkdnManagerServer    *QkdnManagerServer `yaml:"QkdnManagerServer,omitempty"`
 	GRPCTimeoutInSeconds int                `yaml:"GRPCTimeoutInSeconds"`
 }
 
+type AKMS struct {
+	RemoteAddress string    `yaml:"RemoteAddress"`
+	ServerPort    string    `yaml:"ServerPort"`
+	ServerTLS     TLSConfig `yaml:"ServerTLS"`
+	ClientTLS     TLSConfig `yaml:"ClientTLS"`
+}
+
 type Peer struct {
 	PeerId           string        `yaml:"PeerId"`
 	PeerInterComAddr string        `yaml:"PeerInterComAddr"`

goKMS/kms/akmsInterface/client/client.go

@@ -57,7 +57,7 @@ func (c *CkmsAkmsClient) SendKSAKeysToRequestingInstances(requestID string, proc
 		return err
 	}
 
-	// TODO: also log the response body if request failed
+	logrus.Infof("Attempting to send KSA post request to AKMS with URL: %s", c.url)
 	resp, err := c.httpClient.Post(c.url, "application/json", bytes.NewBuffer(jsonData))
 	if err != nil {
 		body, err2 := io.ReadAll(resp.Body)

goKMS/kms/kms.go

@@ -120,8 +120,8 @@ func NewKMS(kmsUUID uuid.UUID, logOutput io.Writer, logLevel log.Level, logInJso
 
 	var ckmsAkmsClient *akmsInterfaceClient.CkmsAkmsClient
 	var err error
-	if config.AkmsURL != "" {
-		ckmsAkmsClient, err = akmsInterfaceClient.NewCkmsAkmsClient(config.AkmsURL, config.AkmsCkmsTLS)
+	if config.AKMS.RemoteAddress != "" {
+		ckmsAkmsClient, err = akmsInterfaceClient.NewCkmsAkmsClient(config.AKMS.RemoteAddress, config.AKMS.ClientTLS)
 		if err != nil {
 			log.Fatalf("Failed to setup CkmsAkmsClient: %s", err)
 		}
@@ -159,12 +159,12 @@ func NewKMS(kmsUUID uuid.UUID, logOutput io.Writer, logLevel log.Level, logInJso
 	}
 
 	// Start the akmsCkmsReceiverServer
-	if config.AkmsCkmsServerPort != "" {
-		createdKMS.ckmsAkmsServer, err = akmsInterfaceServer.NewAKMSReceiver(config.AkmsCkmsServerPort, createdKMS.eventBus, receiver, createdKMS.GenerateAndSendKSAKey, config.AkmsCkmsTLS)
+	if config.AKMS.ServerPort != "" {
+		createdKMS.ckmsAkmsServer, err = akmsInterfaceServer.NewAKMSReceiver(config.AKMS.ServerPort, createdKMS.eventBus, receiver, createdKMS.GenerateAndSendKSAKey, config.AKMS.ServerTLS)
 		if err != nil {
 			log.Fatalf("Failed to initialize CkmsAkmsServer: %s", err)
 		}
-		log.Infof("Starting AKMS receiver server on port: %s", config.AkmsCkmsServerPort)
+		log.Infof("Starting AKMS receiver server on port: %s", config.AKMS.ServerPort)
 		go createdKMS.ckmsAkmsServer.Serve()
 	}
 

goKMS/main.go

@@ -177,9 +177,13 @@ func outputTlsSettings(config *config.Config) {
 		}
 	}
 
-	log.Infof("TLS enabled for AKMS-CKMS interface: %t", config.AkmsCkmsTLS.Active)
-	if config.AkmsCkmsTLS.Active {
-		log.Infof("TLS filepaths for AKMS-CKMS interface: ca: %s, cert: %s, key: %s", config.AkmsCkmsTLS.CAFile, config.AkmsCkmsTLS.CertFile, config.AkmsCkmsTLS.KeyFile)
+	log.Infof("TLS enabled for AKMS-CKMS Client interface: %t", config.AKMS.ClientTLS.Active)
+	if config.AKMS.ClientTLS.Active {
+		log.Infof("TLS filepaths for AKMS-CKMS Client interface: ca: %s, cert: %s, key: %s", config.AKMS.ClientTLS.CAFile, config.AKMS.ClientTLS.CertFile, config.AKMS.ClientTLS.KeyFile)
+	}
+	log.Infof("TLS enabled for AKMS-CKMS Server interface: %t", config.AKMS.ServerTLS.Active)
+	if config.AKMS.ServerTLS.Active {
+		log.Infof("TLS filepaths for AKMS-CKMS Server interface: ca: %s, cert: %s, key: %s", config.AKMS.ServerTLS.CAFile, config.AKMS.ServerTLS.CertFile, config.AKMS.ServerTLS.KeyFile)
 	}
 }
 

integration-tests/config/kms/kms_1.yaml

@@ -2,13 +2,19 @@ Id: "0ff33c82-7fe1-482b-a0ca-67565806ee4b"
 Name: kms01
 InterComAddr: 0.0.0.0:50910
 QuantumAddr: 0.0.0.0:50911
-AkmsURL: "https://akms-simulator_1:4444/api/v1/keys/push_ksa_key"
-AkmsCkmsServerPort: "9696"
-AkmsCkmsTLS:
-  Active: true
-  CAFile: "config/ssl/ca.crt"
-  CertFile: "config/ssl/kms/kms1-selfsigned.crt"
-  KeyFile: "config/ssl/kms/kms1-selfsigned.key"
+AKMS:
+  RemoteAddress: "https://akms-simulator_1:4444/api/v1/keys/push_ksa_key"
+  ServerPort: "9696"
+  ClientTLS:
+    Active: true
+    CAFile: "config/ssl/ca.crt"
+    CertFile: "config/ssl/kms/kms1-selfsigned.crt"
+    KeyFile: "config/ssl/kms/kms1-selfsigned.key"
+  ServerTLS:
+    Active: true
+    CAFile: "config/ssl/ca.crt"
+    CertFile: "config/ssl/kms/kms1-selfsigned.crt"
+    KeyFile: "config/ssl/kms/kms1-selfsigned.key"
 GRPCTimeoutInSeconds: 600
 KmsTLS:
   Active: false

integration-tests/config/kms/kms_2.yaml

@@ -2,13 +2,19 @@ Id: "5e41c291-6121-4335-84f6-41e04b8bdaa2"
 Name: kms02
 InterComAddr: 0.0.0.0:50910
 QuantumAddr: 0.0.0.0:50911
-AkmsURL: "https://akms-simulator_2:4444/api/v1/keys/push_ksa_key"
-AkmsCkmsServerPort: "9696"
-AkmsCkmsTLS:
-  Active: true
-  CAFile: "config/ssl/ca.crt"
-  CertFile: "config/ssl/kms/kms2-selfsigned.crt"
-  KeyFile: "config/ssl/kms/kms2-selfsigned.key"
+AKMS:
+  RemoteAddress: "https://akms-simulator_2:4444/api/v1/keys/push_ksa_key"
+  ServerPort: "9696"
+  ClientTLS:
+    Active: true
+    CAFile: "config/ssl/ca.crt"
+    CertFile: "config/ssl/kms/kms2-selfsigned.crt"
+    KeyFile: "config/ssl/kms/kms2-selfsigned.key"
+  ServerTLS:
+    Active: true
+    CAFile: "config/ssl/ca.crt"
+    CertFile: "config/ssl/kms/kms2-selfsigned.crt"
+    KeyFile: "config/ssl/kms/kms2-selfsigned.key"
 GRPCTimeoutInSeconds: 600
 KmsTLS:
   Active: false