3 # ============LICENSE_START===============================================
4 # Copyright (C) 2021 Nordix Foundation. All rights reserved.
5 # ========================================================================
6 # Licensed under the Apache License, Version 2.0 (the "License");
7 # you may not use this file except in compliance with the License.
8 # You may obtain a copy of the License at
10 # http://www.apache.org/licenses/LICENSE-2.0
12 # Unless required by applicable law or agreed to in writing, software
13 # distributed under the License is distributed on an "AS IS" BASIS,
14 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 # See the License for the specific language governing permissions and
16 # limitations under the License.
17 # ============LICENSE_END=================================================
20 # This is a script that contains function to handle helm on localhost
23 ################ Test engine functions ################
25 # Create the image var used during the test
26 # arg: <image-tag-suffix> (selects staging, snapshot, release etc)
27 # <image-tag-suffix> is present only for images with staging, snapshot,release tags
28 __ISTIO_imagesetup() {
32 # Pull image from remote repo or use locally built image
33 # arg: <pull-policy-override> <pull-policy-original>
34 # <pull-policy-override> Shall be used for images allowing overriding. For example use a local image when test is started to use released images
35 # <pull-policy-original> Shall be used for images that does not allow overriding
36 # Both var may contain: 'remote', 'remote-remove' or 'local'
41 # Build image (only for simulator or interfaces stubs owned by the test environment)
42 # arg: <image-tag-suffix> (selects staging, snapshot, release etc)
43 # <image-tag-suffix> is present only for images with staging, snapshot,release tags
44 __ISTIO_imagebuild() {
48 # Generate a string for each included image using the app display name and a docker images format string
49 # If a custom image repo is used then also the source image from the local repo is listed
50 # arg: <docker-images-format-string> <file-to-append>
51 __ISTIO_image_data() {
55 # Scale kubernetes resources to zero
56 # All resources shall be ordered to be scaled to 0, if relevant. If not relevant to scale, then do no action.
57 # This function is called for apps fully managed by the test script
58 __ISTIO_kube_scale_zero() {
62 # Scale kubernetes resources to zero and wait until this has been accomplished, if relevant. If not relevant to scale, then do no action.
63 # This function is called for prestarted apps not managed by the test script.
64 __ISTIO_kube_scale_zero_and_wait() {
68 # Delete all kube resouces for the app
69 # This function is called for apps managed by the test script.
70 __ISTIO_kube_delete_all() {
71 __kube_delete_all_resources $KUBE_NONRTRIC_NAMESPACE autotest ISTIO
75 # This function is called for apps managed by the test script.
76 # args: <log-dir> <file-prexix>
77 __ISTIO_store_docker_logs() {
81 # Initial setup of protocol, host and ports
82 # This function is called for apps managed by the test script.
84 __ISTIO_initial_setup() {
85 # See jwt-info.txt in simulator-group/kubeproxy for detailed info
86 KUBE_PROXY_CURL_JWT=$ISTIO_GENERIC_JWT
87 KUBE_PROXY_ISTIO_JWKS_KEYS=$ISTIO_GENERIC_JWKS_KEY
90 # Set app short-name, app name and namespace for logging runtime statistics of kubernets pods or docker containers
91 # For docker, the namespace shall be excluded
92 # This function is called for apps managed by the test script as well as for prestarted apps.
94 __ISTIO_statisics_setup() {
98 # Check application requirements, e.g. helm, the the test needs. Exit 1 if req not satisfied
100 __ISTIO_test_requirements() {
102 kubectl $KUBECONF get requestauthentications -A &> /dev/null
103 if [ $? -ne 0 ]; then
104 echo $RED" Istio api: kubectl get requestauthentications is not installed"
107 kubectl $KUBECONF get authorizationpolicies -A &> /dev/null
108 if [ $? -ne 0 ]; then
109 echo $RED" Istio api: kubectl get authorizationpolicies is not installed"
114 #######################################################
117 # Enable istio on namespace
119 istio_enable_istio_namespace() {
121 if [ $# -ne 1 ]; then
122 __print_err "<namespace>" $@
125 __kube_create_namespace $1
126 __kube_label_non_ns_instance ns $1 "istio-injection=enabled"
131 # Request authorization by jwksuri
132 # args: <app> <namespace> <realm>
133 istio_req_auth_by_jwksuri() {
135 if [ $# -ne 3 ]; then
136 __print_err "<app> <namespace> <realm>" $@
139 name="ra-jwksuri-"$3"-"$1"-"$2
140 export ISTIO_TEMPLATE_REPLACE_RA_NAME=$(echo $name | tr '[:upper:]' '[:lower:]')
141 export ISTIO_TEMPLATE_REPLACE_RA_NS=$2
142 export ISTIO_TEMPLATE_REPLACE_RA_APP_NAME=$1
143 export ISTIO_TEMPLATE_REPLACE_RA_ISSUER=$KEYCLOAK_ISSUER_PATH$KEYCLOAK_TOKEN_URL_PREFIX/$3
144 export ISTIO_TEMPLATE_REPLACE_RA_JWKSURI=$KEYCLOAK_SERVICE_PATH$KEYCLOAK_TOKEN_URL_PREFIX/$3/protocol/openid-connect/certs
145 inputfile=$SIM_GROUP/$ISTIO_COMPOSE_DIR/ra-jwksuri-template.yaml
146 outputfile=tmp/$ISTIO_TEMPLATE_REPLACE_RA_NAME".yaml"
147 envsubst < $inputfile > $outputfile
148 if [ $? -ne 0 ]; then
149 __log_conf_fail_general "Cannot substitute yaml: $inputfile"
152 kubectl $KUBECONF apply -f $outputfile &> tmp/kubeerr
153 if [ $? -ne 0 ]; then
154 __log_conf_fail_general "Cannot apply yaml: $outputfile"
161 # Request authorization by jwks (inline keys)
162 # args: <app> <namespace> <issuer> <key>
163 istio_req_auth_by_jwks() {
165 if [ $# -ne 4 ]; then
166 __print_err "<app> <namespace> <issuer> <key>" $@
169 name="ra-jwks-"$3"-"$1"-"$2
170 export ISTIO_TEMPLATE_REPLACE_RA_NAME=$(echo $name | tr '[:upper:]' '[:lower:]')
171 export ISTIO_TEMPLATE_REPLACE_RA_NS=$2
172 export ISTIO_TEMPLATE_REPLACE_RA_APP_NAME=$1
173 export ISTIO_TEMPLATE_REPLACE_RA_ISSUER=$3
174 export ISTIO_TEMPLATE_REPLACE_RA_JWKS=$4
175 inputfile=$SIM_GROUP/$ISTIO_COMPOSE_DIR/ra-jwks-template.yaml
176 outputfile=tmp/$ISTIO_TEMPLATE_REPLACE_RA_NAME".yaml"
177 envsubst < $inputfile > $outputfile
178 if [ $? -ne 0 ]; then
179 __log_conf_fail_general "Cannot substitute yaml: $inputfile"
182 kubectl $KUBECONF apply -f $outputfile &> tmp/kubeerr
183 if [ $? -ne 0 ]; then
184 __log_conf_fail_general "Cannot apply yaml: $outputfile"
191 # Authorization policy - by realm
192 # args: <app> <namespace> <realam>
193 istio_auth_policy_by_realm() {
195 if [ $# -ne 3 ]; then
196 __print_err "<app> <namespace> <realam>" $@
199 name="ap-realm-"$3"-"$1"-"$2
200 export ISTIO_TEMPLATE_REPLACE_AP_NAME=$(echo $name | tr '[:upper:]' '[:lower:]')
201 export ISTIO_TEMPLATE_REPLACE_AP_NS=$2
202 export ISTIO_TEMPLATE_REPLACE_AP_APP_NAME=$1
203 export ISTIO_TEMPLATE_REPLACE_AP_PRINCIPAL="$KEYCLOAK_ISSUER_PATH$KEYCLOAK_TOKEN_URL_PREFIX/$3/*"
204 inputfile=$SIM_GROUP/$ISTIO_COMPOSE_DIR/ap-principal-template.yaml
205 outputfile=tmp/$ISTIO_TEMPLATE_REPLACE_AP_NAME".yaml"
206 envsubst < $inputfile > $outputfile
207 if [ $? -ne 0 ]; then
208 __log_conf_fail_general "Cannot substitute yaml: $inputfile"
211 kubectl $KUBECONF apply -f $outputfile &> tmp/kubeerr
212 if [ $? -ne 0 ]; then
213 __log_conf_fail_general "Cannot apply yaml: $outputfile"
220 # Authorization policy - by issuer
221 # args: <app> <namespace> <issuer>
222 istio_auth_policy_by_issuer() {
224 if [ $# -ne 3 ]; then
225 __print_err "<app> <namespace> <issuer>" $@
228 name="ap-iss-"$3"-"$1"-"$2
229 export ISTIO_TEMPLATE_REPLACE_AP_NAME=$(echo $name | tr '[:upper:]' '[:lower:]')
230 export ISTIO_TEMPLATE_REPLACE_AP_NS=$2
231 export ISTIO_TEMPLATE_REPLACE_AP_APP_NAME=$1
232 export ISTIO_TEMPLATE_REPLACE_AP_PRINCIPAL="$3/*"
233 inputfile=$SIM_GROUP/$ISTIO_COMPOSE_DIR/ap-principal-template.yaml
234 outputfile=tmp/$ISTIO_TEMPLATE_REPLACE_AP_NAME".yaml"
235 envsubst < $inputfile > $outputfile
236 if [ $? -ne 0 ]; then
237 __log_conf_fail_general "Cannot substitute yaml: $inputfile"
240 kubectl $KUBECONF apply -f $outputfile &> tmp/kubeerr
241 if [ $? -ne 0 ]; then
242 __log_conf_fail_general "Cannot apply yaml: $outputfile"