+ if [ $RUNMODE != "KUBE" ]; then
+ USE_ISTIO=0
+ echo "ISTIO not supported by docker - setting USE-ISTIO=0"
+ fi
+
+ if [ $USE_ISTIO -eq 1 ]; then
+ echo -e $RED"#########################################"$ERED
+ echo -e $RED"# Work around istio jwks cache"$ERED
+ echo -e $RED"# Cycle istiod down and up to clear cache"$ERED
+ echo ""
+ __kube_scale deployment istiod istio-system 0
+ __kube_scale deployment istiod istio-system 1
+ echo -e $RED"# Cycle istiod done"
+ echo -e $RED"#########################################"$ERED
+
+ istio_enable_istio_namespace $KUBE_SIM_NAMESPACE
+ istio_enable_istio_namespace $KUBE_NONRTRIC_NAMESPACE
+ istio_enable_istio_namespace $KUBE_A1SIM_NAMESPACE
+ fi
+
+
+ start_kube_proxy
+
+ if [ $USE_ISTIO -eq 1 ]; then
+ start_keycloak
+
+ keycloak_api_obtain_admin_token
+
+ keycloak_api_create_realm nrtrealm true 60
+ keycloak_api_create_confidential_client nrtrealm a1pmsc
+ keycloak_api_generate_client_secret nrtrealm a1pmsc
+ keycloak_api_get_client_secret nrtrealm a1pmsc
+ keycloak_api_create_client_roles nrtrealm a1pmsc nrtrole
+ keycloak_api_map_client_roles nrtrealm a1pmsc nrtrole
+
+ keycloak_api_get_client_token nrtrealm a1pmsc
+
+ CLIENT_TOKEN=$(keycloak_api_read_client_token nrtrealm a1pmsc)
+ echo "CLIENT_TOKEN: "$CLIENT_TOKEN
+
+ A1PMS_SEC=$(keycloak_api_read_client_secret nrtrealm a1pmsc)
+ echo "A1PMS_SEC: "$A1PMS_SEC
+
+ # Protect ricsim-g3
+ istio_req_auth_by_jwks ricsim-g1 $KUBE_A1SIM_NAMESPACE KUBEPROXY "$KUBE_PROXY_ISTIO_JWKS_KEYS"
+ istio_auth_policy_by_issuer ricsim-g1 $KUBE_A1SIM_NAMESPACE KUBEPROXY
+
+ istio_req_auth_by_jwksuri ricsim-g1 $KUBE_A1SIM_NAMESPACE nrtrealm
+ istio_auth_policy_by_realm ricsim-g1 $KUBE_A1SIM_NAMESPACE nrtrealm a1pmsc nrtrole
+
+ # Protect ricsim-g2
+ istio_req_auth_by_jwks ricsim-g2 $KUBE_A1SIM_NAMESPACE KUBEPROXY "$KUBE_PROXY_ISTIO_JWKS_KEYS"
+ istio_auth_policy_by_issuer ricsim-g2 $KUBE_A1SIM_NAMESPACE KUBEPROXY
+
+ istio_req_auth_by_jwksuri ricsim-g2 $KUBE_A1SIM_NAMESPACE nrtrealm
+ istio_auth_policy_by_realm ricsim-g2 $KUBE_A1SIM_NAMESPACE nrtrealm a1pmsc nrtrole
+
+ # Protect ricsim-g3
+ istio_req_auth_by_jwks ricsim-g3 $KUBE_A1SIM_NAMESPACE KUBEPROXY "$KUBE_PROXY_ISTIO_JWKS_KEYS"
+ istio_auth_policy_by_issuer ricsim-g3 $KUBE_A1SIM_NAMESPACE KUBEPROXY
+
+ istio_req_auth_by_jwksuri ricsim-g3 $KUBE_A1SIM_NAMESPACE nrtrealm
+ istio_auth_policy_by_realm ricsim-g3 $KUBE_A1SIM_NAMESPACE nrtrealm a1pmsc nrtrole
+
+ # Protect CR
+ istio_req_auth_by_jwks $CR_APP_NAME $KUBE_SIM_NAMESPACE KUBEPROXY "$KUBE_PROXY_ISTIO_JWKS_KEYS"
+ istio_auth_policy_by_issuer $CR_APP_NAME $KUBE_SIM_NAMESPACE KUBEPROXY
+
+ istio_req_auth_by_jwksuri $CR_APP_NAME $KUBE_SIM_NAMESPACE nrtrealm
+ istio_auth_policy_by_realm $CR_APP_NAME $KUBE_SIM_NAMESPACE nrtrealm a1pmsc nrtrole
+
+ a1pms_configure_sec nrtrealm a1pmsc $A1PMS_SEC
+ fi
+
+ if [ $__httpx == "HTTPS" ]; then
+ use_cr_https
+ use_a1pms_rest_https
+ else
+ use_a1pms_rest_http
+ use_cr_http
+ fi
+
+ start_a1pms NORPOXY $SIM_GROUP/$A1PMS_COMPOSE_DIR/$A1PMS_CONFIG_FILE
+
+ set_a1pms_debug
+
+ # Create service to be able to receive events when rics becomes available
+ # Must use rest towards the a1pms since dmaap is not configured yet
+ a1pms_api_put_service 201 "ric-registration" 0 "$CR_SERVICE_APP_PATH_0/ric-registration"
+
+
+ if [ $__httpx == "HTTPS" ]; then
+ use_simulator_https
+ use_mr_https
+ if [[ $interface = *"SDNC"* ]]; then
+ if [[ "$SDNC_FEATURE_LEVEL" == *"NO_NB_HTTPS"* ]]; then
+ deviation "SDNC does not support NB https"
+ use_sdnc_http
+ else
+ use_sdnc_https
+ fi
+ fi
+ if [[ $interface = *"DMAAP"* ]]; then
+ use_a1pms_dmaap_https
+ else
+ use_a1pms_rest_https
+ fi
+ else
+ use_simulator_http
+ use_mr_http
+ if [[ $interface = *"SDNC"* ]]; then
+ use_sdnc_http
+ fi
+ if [[ $interface = *"DMAAP"* ]]; then
+ use_a1pms_dmaap_http
+ else
+ use_a1pms_rest_http
+ fi
+ fi
+
+ start_ric_simulators ricsim_g1 1 OSC_2.1.0
+ start_ric_simulators ricsim_g2 1 STD_1.1.3
+
+ sim_put_policy_type 201 ricsim_g1_1 1 testdata/OSC/sim_1.json
+ sim_put_policy_type 201 ricsim_g1_1 2 testdata/OSC/sim_2.json
+
+ start_ric_simulators ricsim_g3 1 STD_2.0.0
+ sim_put_policy_type 201 ricsim_g3_1 STD_QOS_0_2_0 testdata/STD2/sim_qos.json
+ sim_put_policy_type 201 ricsim_g3_1 STD_QOS2_0.1.0 testdata/STD2/sim_qos2.json
+
+ if [[ "$A1PMS_FEATURE_LEVEL" == *"NO-DMAAP"* ]]; then
+ :
+ else
+ start_mr
+ fi
+
+ start_cr 1
+
+ start_control_panel $SIM_GROUP/$CONTROL_PANEL_COMPOSE_DIR/$CONTROL_PANEL_CONFIG_FILE
+
+ if [ ! -z "$NRT_GATEWAY_APP_NAME" ]; then
+ start_gateway $SIM_GROUP/$NRT_GATEWAY_COMPOSE_DIR/$NRT_GATEWAY_CONFIG_FILE
+ fi
+
+
+ if [[ $interface = *"SDNC"* ]]; then
+ start_sdnc
+ controller_api_wait_for_status_ok 200 ricsim_g1_1
+ prepare_a1pms_config SDNC ".a1pms_config.json"
+ else
+ prepare_a1pms_config NOSDNC ".a1pms_config.json"
+ fi
+
+ if [ $RUNMODE == "KUBE" ]; then
+ a1pms_load_config ".a1pms_config.json"
+ else
+ #Temporary switch to http/https if dmaap use. Otherwise it is not possible to push config
+ if [ $__httpx == "HTTPS" ]; then
+ use_a1pms_rest_https
+ else
+ use_a1pms_rest_http
+ fi
+
+ if [[ $interface != *"DMAAP"* ]]; then
+ echo "{}" > ".a1pms_config_incorrect.json"
+ a1pms_api_put_configuration 400 ".a1pms_config_incorrect.json"
+ fi
+
+ a1pms_api_put_configuration 200 ".a1pms_config.json"
+ a1pms_api_get_configuration 200 ".a1pms_config.json"
+ if [ $__httpx == "HTTPS" ]; then
+ if [[ $interface = *"DMAAP"* ]]; then
+ use_a1pms_dmaap_https
+ else
+ use_a1pms_rest_https
+ fi
+ else
+ if [[ $interface = *"DMAAP"* ]]; then
+ use_a1pms_dmaap_http
+ else
+ use_a1pms_rest_http
+ fi
+ fi
+ fi
+
+ a1pms_equal json:rics 3 300
+
+ if [ "$A1PMS_VERSION" == "V2" ]; then
+ a1pms_equal json:policy-types 5 120 #Wait for the a1pms to refresh types from the simulator
+ elif [ "$A1PMS_VERSION" == "V3" ]; then
+ a1pms_equal json:policytypes 5 120 #Wait for the a1pms to refresh types from the simulator
+ fi
+
+ a1pms_equal json:policies 0
+
+ if [ "$A1PMS_VERSION" == "V2" ]; then