feat: use token for websocket authentication

The cli expects to receive websocket-access-token, websocket-refresh-token,
and websocket-token-address.

It does not send the authentication header if above arguments are not
provided, so it works with the old eda-server that does not authenticate
incomming websocket connecitons.

Linked AAP-17776: ansible-rulebook uses token for authentication

Author: bzwei

CHANGELOG.md

@@ -6,6 +6,7 @@
 ### Added
 - ssl_verify option now also supports "true" or "false" values
 - Support for standalone boolean in conditions
+- Use token for websocket authentication
 
 ### Fixed
 

ansible_rulebook/app.py

@@ -67,9 +67,12 @@ async def run(parsed_args: argparse.Namespace) -> None:
     if parsed_args.worker and parsed_args.websocket_address and parsed_args.id:
         logger.info("Starting worker mode")
         startup_args = await request_workload(
-            parsed_args.id,
-            parsed_args.websocket_address,
-            parsed_args.websocket_ssl_verify,
+            activation_id=parsed_args.id,
+            websocket_address=parsed_args.websocket_address,
+            websocket_ssl_verify=parsed_args.websocket_ssl_verify,
+            websocket_token_address=parsed_args.websocket_token_address,
+            websocket_access_token=parsed_args.websocket_access_token,
+            websocket_refresh_token=parsed_args.websocket_refresh_token,
         )
         if not startup_args:
             logger.error("Error communicating with web socket server")
@@ -121,9 +124,12 @@ async def run(parsed_args: argparse.Namespace) -> None:
     if parsed_args.websocket_address:
         feedback_task = asyncio.create_task(
             send_event_log_to_websocket(
-                event_log,
-                parsed_args.websocket_address,
-                parsed_args.websocket_ssl_verify,
+                event_log=event_log,
+                websocket_address=parsed_args.websocket_address,
+                websocket_ssl_verify=parsed_args.websocket_ssl_verify,
+                websocket_token_address=parsed_args.websocket_token_address,
+                websocket_access_token=parsed_args.websocket_access_token,
+                websocket_refresh_token=parsed_args.websocket_refresh_token,
             )
         )
         tasks.append(feedback_task)

ansible_rulebook/cli.py

@@ -105,6 +105,19 @@ def get_parser() -> argparse.ArgumentParser:
         "default to yes for wss connection.",
         default="yes",
     )
+    parser.add_argument(
+        "--websocket-access-token",
+        help="Token used to autheticate the websocket connection.",
+    )
+    parser.add_argument(
+        "--websocket-refresh-token",
+        help="Token used to renew a websocket access token.",
+    )
+    parser.add_argument(
+        "--websocket-token-address",
+        "--websocket-token-url",
+        help="Url to renew websocket access token.",
+    )
     parser.add_argument("--id", help="Identifier")
     parser.add_argument(
         "-w",