// -
-// ========================LICENSE_START=================================
-// O-RAN-SC
-// %%
-// Copyright (C) 2022: Nordix Foundation
-// %%
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
//
-// http://www.apache.org/licenses/LICENSE-2.0
+// ========================LICENSE_START=================================
+// O-RAN-SC
+// %%
+// Copyright (C) 2022-2023: Nordix Foundation
+// %%
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-// ========================LICENSE_END===================================
+// http://www.apache.org/licenses/LICENSE-2.0
//
-
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ========================LICENSE_END===================================
package main
import (
+ "bytes"
"context"
"database/sql"
"encoding/json"
"net/http"
"os"
"path/filepath"
+ "time"
)
var settings *cli.EnvSettings
var chartRequested *chart.Chart
-
-//var url string
var repoName string
var chartName string
var releaseName string
SecurityEnabled bool
Realm string
Client string
+ Authenticator string
+ CaCrt string
+ TlsCrt string
+ TlsKey string
+ Email string
+ SubjectDN string
+ MappingSource string
Roles []struct {
Role string
Grants []string
if err != nil {
msg = err.Error()
} else {
- if rapp.SecurityEnabled && rapp.Type == "provider" {
- // keycloak client setup
- fmt.Println("Setting up keycloak")
- _, err = http.Get("http://rapps-keycloak-mgr.default/create?realm=" + rapp.Realm + "&name=" + rapp.Client + "&role=" + rapp.Roles[0].Role)
- if err != nil {
- msg = err.Error()
- } else {
- fmt.Println("Setting up istio")
- _, err := http.Get("http://rapps-istio-mgr.default/create?name=" + chartName + "&realm=" + rapp.Realm + "&role=" + rapp.Roles[0].Role + "&method=" + rapp.Roles[0].Grants[0])
- if err != nil {
- msg = err.Error()
- } else {
- // Install chart
- fmt.Printf("Installing chart %s to %s namespace\n", chartName, namespace)
- chart, err = installHelmChart(install)
- if err != nil {
- msg = "Error occurred during installation " + err.Error()
- } else {
- msg = "Successfully installed release: " + chart
- }
- }
- }
+ err := installSecurity(rapp)
+ if err != nil {
+ msg = err.Error()
} else {
- // Install chart
fmt.Printf("Installing chart %s to %s namespace\n", chartName, namespace)
chart, err = installHelmChart(install)
if err != nil {
} else {
msg = "Successfully installed release: " + chart
}
- }
+ }
}
}
registrerRapp(chartName, rapp.Type)
res.Write(data)
}
+func installSecurity(rapp Rapp) error {
+ var url string
+ var params string
+ role := rapp.Roles[0].Role
+ grants := rapp.Roles[0].Grants[0]
+ realm := rapp.Realm
+ client := rapp.Client
+ authenticator := rapp.Authenticator
+ caCrt := rapp.CaCrt
+ tlsCrt := rapp.TlsCrt
+ tlsKey := rapp.TlsKey
+ email := rapp.Email
+ subjectDN := rapp.SubjectDN
+ mappingSource := rapp.MappingSource
+
+ httpClient := &http.Client{
+ Timeout: time.Second * 10,
+ }
+
+ if !rapp.SecurityEnabled {
+ return nil
+ }
+ // Different security requirements depending on the rapp type
+ if rapp.Type == "provider" {
+ // keycloak client setup
+ fmt.Println("Setting up keycloak")
+ url = "http://rapps-keycloak-mgr.default/create"
+ values := map[string]string{"realm": realm, "name": client, "role": role, "authType": authenticator,
+ "tlsCrt": tlsCrt, "email": email, "subjectDN": subjectDN, "mappingSource": mappingSource}
+ jsonValue, _ := json.Marshal(values)
+ req, err := http.NewRequest("POST", url, bytes.NewBuffer(jsonValue))
+ if err != nil {
+ fmt.Printf("Got error %s", err.Error())
+ }
+ req.Header.Set("Content-type", "application/json")
+ resp, err := httpClient.Do(req)
+ fmt.Println("Keycloak response status:", resp.Status)
+ if err != nil {
+ fmt.Printf("Got error %s", err.Error())
+ return err
+ } else {
+ fmt.Println("Setting up istio")
+ url = "http://rapps-istio-mgr.default/create-policy?"
+ params = "name=" + chartName + "&realm=" + realm + "&role=" + role + "&method=" + grants
+ url += params
+
+ _, err := http.Get(url)
+ if err != nil {
+ return err
+ }
+ }
+ } else {
+ fmt.Println("Setting up istio")
+ url = "http://rapps-istio-mgr.default/create-filter?"
+ params = "name=" + chartName + "&realm=" + realm + "&client=" + client + "&authType=" + authenticator +
+ "&tlsCrt=" + tlsCrt + "&tlsKey=" + tlsKey + "&caCrt=" + caCrt
+ url += params
+ _, err := http.Get(url)
+ if err != nil {
+ return err
+ }
+ }
+
+ return nil
+
+}
+
func runUninstall(res http.ResponseWriter, req *http.Request) {
query := req.URL.Query()
chartName = query.Get("chart")
} else {
msg = "Successfully uninstalled release: " + chart
}
- if rapp.SecurityEnabled && rapp.Type == "provider" {
- // Remove istio objects for rapp
- fmt.Println("Removing istio services")
- _, err := http.Get("http://rapps-istio-mgr.default/remove?name=" + chartName)
- if err != nil {
- msg = err.Error()
- }
- // remove keycloak client
- fmt.Println("Removing keycloak client")
- _, err = http.Get("http://rapps-keycloak-mgr.default/remove?realm=" + rapp.Realm + "&name=" + rapp.Client + "&role=" + rapp.Roles[0].Role)
- if err != nil {
- msg = err.Error()
- }
+ err := uninstallSecurity(rapp, chartName)
+ if err != nil {
+ msg = err.Error()
}
}
unregistrerRapp(chartName, rapp.Type)
res.Write(data)
}
+func uninstallSecurity(rapp Rapp, chartName string) error {
+ var url string
+ var params string
+ realm := rapp.Realm
+ client := rapp.Client
+ authenticator := rapp.Authenticator
+
+ if !rapp.SecurityEnabled {
+ return nil
+ }
+ if rapp.Type == "provider" {
+ // Remove istio objects for rapp
+ fmt.Println("Removing istio services")
+ _, err := http.Get("http://rapps-istio-mgr.default/remove-policy?name=" + chartName)
+ if err != nil {
+ return err
+ }
+ // remove keycloak client
+ fmt.Println("Removing keycloak client")
+ url = "http://rapps-keycloak-mgr.default/remove?"
+ params = "name=" + client + "&realm=" + realm + "&authType=" + authenticator
+ url += params
+ _, err = http.Get(url)
+ if err != nil {
+ return err
+ }
+ }
+ if rapp.Type == "invoker" {
+ // Remove istio objects for rapp
+ fmt.Println("Removing istio services")
+ _, err := http.Get("http://rapps-istio-mgr.default/remove-filter?name=" + chartName)
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
func runList(res http.ResponseWriter, req *http.Request) {
chartInfo := list()
// create response binary data
}
func main() {
- //flag.StringVar(&url, "url", "http://chartmuseum:8080", "ChartMuseum url")
flag.StringVar(&repoName, "repoName", "local-dev", "Repository name")
flag.StringVar(&namespace, "namespace", "istio-nonrtric", "namespace for install")
flag.Parse()
func addToRepo(url string) (string, error) {
repoFile := settings.RepositoryConfig
+ fmt.Printf("Repo File %s\n", repoFile)
//Ensure the file directory exists as it is required for file locking
err := os.MkdirAll(filepath.Dir(repoFile), os.ModePerm)
install := action.NewInstall(actionConfig)
+ fmt.Printf("Repo Name: %s\n", repoName)
+ fmt.Printf("Chart Name: %s\n", chartName)
cp, err := install.ChartPathOptions.LocateChart(fmt.Sprintf("%s/%s", repoName, chartName), settings)
+ fmt.Printf("Chart location: %s\n", cp)
chartRequested, err = loader.Load(cp)
id serial PRIMARY KEY,
name VARCHAR ( 50 ) UNIQUE NOT NULL,
type VARCHAR ( 50 ) NOT NULL,
- created_on TIMESTAMP DEFAULT NOW()
+ created_on TIMESTAMP DEFAULT NOW()
);`
_, err = db.Exec(createStmt)
if err != nil {
Code Review / nonrtric.git / blobdiff