ferrero-opentext

Oliver/ferrero-opentext

Fork 0

Commit graph

Author	SHA1	Message	Date
DJP	8e7ae7e2d2	Add optional mTLS certificate authentication with --auth-pfx flag Implements dual authentication system: OAuth2 (default) + mTLS (opt-in). Zero-risk implementation - existing OAuth2 workflows unchanged. NEW FEATURE: mTLS Certificate Authentication - PFX/P12 certificate support for enhanced security - Activated ONLY with --auth-pfx command-line flag - OAuth2 remains default (no flag = OAuth2 as before) - Perfect for testing new auth without breaking production USAGE: Default (OAuth2): python scripts/a1_to_a2_download.py With mTLS: python scripts/a1_to_a2_download.py --auth-pfx IMPLEMENTATION: 1. Certificate Storage (SECURE): - NEW: config/certificates/ folder (gitignored) - Moved PFX file to secure location - File permissions: 600 (owner read/write only) - Password stored in .env (already gitignored) 2. Configuration: - .env: Added DAM_MTLS_CERT_PATH and DAM_MTLS_CERT_PASSWORD - config.yaml: Added mtls_cert_path and mtls_cert_password - .gitignore: Added config/certificates/, .pfx, .p12 3. DAM Client Dual Auth: - NEW: pfx_to_pem() - Converts PFX to temporary PEM for requests - UPDATED: __init__() - Accepts use_mtls flag - NEW: _make_api_request() - Unified request wrapper - Auto-selects auth method based on flag - Updated ALL 8 API calls to use wrapper 4. Scripts Updated (argparse): - test_connection.py - Added --auth-pfx flag - a1_to_a2_download.py - Added --auth-pfx flag - a5_to_a6_download.py - Added --auth-pfx flag - b1_to_b2_download.py - Added --auth-pfx flag 5. Test Script: - NEW: test_mtls_cert.py - Standalone cert loading test - Tests PFX→PEM conversion without API calls - Verifies certificate format and cleanup TESTING RESULTS: ✓ Certificate loads successfully (10930 bytes) ✓ PFX→PEM conversion works (13520 bytes) ✓ Temp file cleanup working ✓ OAuth2 connection test: PASS ✓ mTLS connection test: PASS ✓ Both auth methods working independently SECURITY: ✓ Certificate file gitignored ✓ Password in .env (gitignored) ✓ File permissions: 600 ✓ Temp PEM files auto-deleted ✓ No secrets in code or config MIGRATION PATH: - Dev: Use dam-mtls-dev.pfx (current) - Prod: Replace cert file, update password, same code BACKWARD COMPATIBILITY: ✓ OAuth2 still default (100% backward compatible) ✓ Existing cron jobs unchanged ✓ No breaking changes ✓ Easy rollback (just don't use --auth-pfx) Changes: - .gitignore (+3 lines) - Python-Version/.env (+3 lines) - Python-Version/config/config.yaml (+3 lines) - Python-Version/scripts/shared/dam_client.py (+100 lines dual auth) - Python-Version/scripts/a1_to_a2_download.py (+14 lines argparse) - Python-Version/scripts/a5_to_a6_download.py (+14 lines argparse) - Python-Version/scripts/b1_to_b2_download.py (+14 lines argparse) - Python-Version/scripts/test_connection.py (+15 lines argparse) - NEW: Python-Version/scripts/test_mtls_cert.py (92 lines) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-04 18:01:23 -05:00
DJP	b4e004c822	Complete Python automation implementation - All components built MAJOR MILESTONE: Complete Python automation system created! Components Implemented: ✅ Box Client (box_client.py) - JWT authentication via boxsdk - Upload with tracking ID suffix - Download files - Campaign folder creation - Connection testing ✅ Database Client (database.py) - PostgreSQL connection pooling - generate_unique_tracking_id() - store_master_asset() with full_metadata JSONB - get_master_asset(tracking_id) - check_campaign_upload_complete() - ALL-DONE CHECK! - store_derivative_asset() - Connection testing ✅ Filename Parser (filename_parser.py) - V2 naming convention parser (ported from PHP) - parse_filename() - 10 components - strip_upload_components() - Remove Job# and Tracking ID - Strict validation with detailed errors ✅ Metadata Extractor MVP (metadata_extractor_mvp.py) - Extract 28 MVP fields from master - Update fields from V2 filename (Description, Language, State) - Add missing fields with defaults - Build asset representation for upload ✅ Notifier (notifier.py) - Mailgun email integration - Outgoing webhook sender - Email templates (success, error, partial, critical) - Configurable recipients Main Scripts: ✅ A1→A2 Download (a1_to_a2_download.py) - Poll DAM every 5 minutes for A1 campaigns - Download all master assets - Upload to Box with tracking IDs - Store in DB with full metadata - ALL-DONE CHECK before status update - Update A1→A2 only if all assets successful - Send webhook with campaign ID/number - Email notifications ✅ A2→A3 Upload (a2_to_a3_upload.py) - Flask webhook receiver for Box uploads - Signature validation - Async task queue processing - Parse V2 filenames - Load master metadata - Extract MVP fields - Upload to DAM - ALL-DONE CHECK for campaign - Update A2→A3 when all assets uploaded - Send webhook notifications ✅ Test Connection Script (test_connection.py) - Verify DAM, Box, Database connectivity - Quick health check ✅ README.md - Complete setup guide - Usage instructions - Configuration examples - Troubleshooting Key Features: - Python 3.6+ compatible (server requirement) - Virtual environment isolated - Configuration-driven (YAML files) - Easy field updates (no code changes) - Environment switching (staging/production) - Comprehensive error handling - Email + webhook notifications - Retry logic - All-done checks before status updates - Campaign webhook notifications Ready for testing locally with Python 3.10! 🤖 Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-30 16:49:14 -04:00

Author

SHA1

Message

Date

DJP

8e7ae7e2d2

Add optional mTLS certificate authentication with --auth-pfx flag

Implements dual authentication system: OAuth2 (default) + mTLS (opt-in).
Zero-risk implementation - existing OAuth2 workflows unchanged.

NEW FEATURE: mTLS Certificate Authentication
- PFX/P12 certificate support for enhanced security
- Activated ONLY with --auth-pfx command-line flag
- OAuth2 remains default (no flag = OAuth2 as before)
- Perfect for testing new auth without breaking production

USAGE:
  Default (OAuth2):
    python scripts/a1_to_a2_download.py

  With mTLS:
    python scripts/a1_to_a2_download.py --auth-pfx

IMPLEMENTATION:

1. Certificate Storage (SECURE):
   - NEW: config/certificates/ folder (gitignored)
   - Moved PFX file to secure location
   - File permissions: 600 (owner read/write only)
   - Password stored in .env (already gitignored)

2. Configuration:
   - .env: Added DAM_MTLS_CERT_PATH and DAM_MTLS_CERT_PASSWORD
   - config.yaml: Added mtls_cert_path and mtls_cert_password
   - .gitignore: Added config/certificates/, *.pfx, *.p12

3. DAM Client Dual Auth:
   - NEW: pfx_to_pem() - Converts PFX to temporary PEM for requests
   - UPDATED: __init__() - Accepts use_mtls flag
   - NEW: _make_api_request() - Unified request wrapper
   - Auto-selects auth method based on flag
   - Updated ALL 8 API calls to use wrapper

4. Scripts Updated (argparse):
   - test_connection.py - Added --auth-pfx flag
   - a1_to_a2_download.py - Added --auth-pfx flag
   - a5_to_a6_download.py - Added --auth-pfx flag
   - b1_to_b2_download.py - Added --auth-pfx flag

5. Test Script:
   - NEW: test_mtls_cert.py - Standalone cert loading test
   - Tests PFX→PEM conversion without API calls
   - Verifies certificate format and cleanup

TESTING RESULTS:
✓ Certificate loads successfully (10930 bytes)
✓ PFX→PEM conversion works (13520 bytes)
✓ Temp file cleanup working
✓ OAuth2 connection test: PASS
✓ mTLS connection test: PASS
✓ Both auth methods working independently

SECURITY:
✓ Certificate file gitignored
✓ Password in .env (gitignored)
✓ File permissions: 600
✓ Temp PEM files auto-deleted
✓ No secrets in code or config

MIGRATION PATH:
- Dev: Use dam-mtls-dev.pfx (current)
- Prod: Replace cert file, update password, same code

BACKWARD COMPATIBILITY:
✓ OAuth2 still default (100% backward compatible)
✓ Existing cron jobs unchanged
✓ No breaking changes
✓ Easy rollback (just don't use --auth-pfx)

Changes:
- .gitignore (+3 lines)
- Python-Version/.env (+3 lines)
- Python-Version/config/config.yaml (+3 lines)
- Python-Version/scripts/shared/dam_client.py (+100 lines dual auth)
- Python-Version/scripts/a1_to_a2_download.py (+14 lines argparse)
- Python-Version/scripts/a5_to_a6_download.py (+14 lines argparse)
- Python-Version/scripts/b1_to_b2_download.py (+14 lines argparse)
- Python-Version/scripts/test_connection.py (+15 lines argparse)
- NEW: Python-Version/scripts/test_mtls_cert.py (92 lines)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-04 18:01:23 -05:00

DJP

b4e004c822

Complete Python automation implementation - All components built

MAJOR MILESTONE: Complete Python automation system created!

Components Implemented:
✅ Box Client (box_client.py)
   - JWT authentication via boxsdk
   - Upload with tracking ID suffix
   - Download files
   - Campaign folder creation
   - Connection testing

✅ Database Client (database.py)
   - PostgreSQL connection pooling
   - generate_unique_tracking_id()
   - store_master_asset() with full_metadata JSONB
   - get_master_asset(tracking_id)
   - check_campaign_upload_complete() - ALL-DONE CHECK!
   - store_derivative_asset()
   - Connection testing

✅ Filename Parser (filename_parser.py)
   - V2 naming convention parser (ported from PHP)
   - parse_filename() - 10 components
   - strip_upload_components() - Remove Job# and Tracking ID
   - Strict validation with detailed errors

✅ Metadata Extractor MVP (metadata_extractor_mvp.py)
   - Extract 28 MVP fields from master
   - Update fields from V2 filename (Description, Language, State)
   - Add missing fields with defaults
   - Build asset representation for upload

✅ Notifier (notifier.py)
   - Mailgun email integration
   - Outgoing webhook sender
   - Email templates (success, error, partial, critical)
   - Configurable recipients

Main Scripts:
✅ A1→A2 Download (a1_to_a2_download.py)
   - Poll DAM every 5 minutes for A1 campaigns
   - Download all master assets
   - Upload to Box with tracking IDs
   - Store in DB with full metadata
   - ALL-DONE CHECK before status update
   - Update A1→A2 only if all assets successful
   - Send webhook with campaign ID/number
   - Email notifications

✅ A2→A3 Upload (a2_to_a3_upload.py)
   - Flask webhook receiver for Box uploads
   - Signature validation
   - Async task queue processing
   - Parse V2 filenames
   - Load master metadata
   - Extract MVP fields
   - Upload to DAM
   - ALL-DONE CHECK for campaign
   - Update A2→A3 when all assets uploaded
   - Send webhook notifications

✅ Test Connection Script (test_connection.py)
   - Verify DAM, Box, Database connectivity
   - Quick health check

✅ README.md
   - Complete setup guide
   - Usage instructions
   - Configuration examples
   - Troubleshooting

Key Features:
- Python 3.6+ compatible (server requirement)
- Virtual environment isolated
- Configuration-driven (YAML files)
- Easy field updates (no code changes)
- Environment switching (staging/production)
- Comprehensive error handling
- Email + webhook notifications
- Retry logic
- All-done checks before status updates
- Campaign webhook notifications

Ready for testing locally with Python 3.10!

🤖 Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-30 16:49:14 -04:00

2 commits