// -
-// ========================LICENSE_START=================================
-// O-RAN-SC
-// %%
-// Copyright (C) 2022: Nordix Foundation
-// %%
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
//
-// http://www.apache.org/licenses/LICENSE-2.0
+// ========================LICENSE_START=================================
+// O-RAN-SC
+// %%
+// Copyright (C) 2022-2023: Nordix Foundation
+// %%
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-// ========================LICENSE_END===================================
+// http://www.apache.org/licenses/LICENSE-2.0
//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ========================LICENSE_END===================================
package main
import (
"bytes"
"context"
"fmt"
- netv1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1"
netv1alpha3 "istio.io/client-go/pkg/apis/networking/v1alpha3"
+ netv1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1"
secv1beta1 "istio.io/client-go/pkg/apis/security/v1beta1"
versioned "istio.io/client-go/pkg/clientset/versioned"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
type TemplateConfig struct {
- Name string
- Namespace string
- Realm string
- Client string
- Authenticator string
- Role string
- Method string
+ Name string
+ Namespace string
+ Realm string
+ Client string
+ Authenticator string
+ Role string
+ Method string
+ TlsCrt string
+ TlsKey string
+ CaCrt string
}
var inputs TemplateConfig
func createGateway(clientset *versioned.Clientset) (string, error) {
gtClient := clientset.NetworkingV1beta1().Gateways(NAMESPACE)
- config = template.Must(template.ParseFiles("./templates/Gateway-template.txt"))
- var manifest bytes.Buffer
- err := config.Execute(&manifest, inputs)
- if err != nil {
- return "", err
- }
+ config = template.Must(template.ParseFiles("./templates/Gateway-template.txt"))
+ var manifest bytes.Buffer
+ err := config.Execute(&manifest, inputs)
+ if err != nil {
+ return "", err
+ }
gt := &netv1beta1.Gateway{}
dec := k8Yaml.NewYAMLOrJSONDecoder(bytes.NewReader([]byte(manifest.String())), 1000)
func createVirtualService(clientset *versioned.Clientset) (string, error) {
vsClient := clientset.NetworkingV1beta1().VirtualServices(NAMESPACE)
- config = template.Must(template.ParseFiles("./templates/VirtualService-template.txt"))
- var manifest bytes.Buffer
- err := config.Execute(&manifest, inputs)
- if err != nil {
- return "", err
- }
+ config = template.Must(template.ParseFiles("./templates/VirtualService-template.txt"))
+ var manifest bytes.Buffer
+ err := config.Execute(&manifest, inputs)
+ if err != nil {
+ return "", err
+ }
vs := &netv1beta1.VirtualService{}
dec := k8Yaml.NewYAMLOrJSONDecoder(bytes.NewReader([]byte(manifest.String())), 1000)
func createRequestAuthentication(clientset *versioned.Clientset) (string, error) {
raClient := clientset.SecurityV1beta1().RequestAuthentications(NAMESPACE)
- config = template.Must(template.ParseFiles("./templates/RequestAuthentication-template.txt"))
- var manifest bytes.Buffer
- err := config.Execute(&manifest, inputs)
- if err != nil {
- return "", err
- }
+ config = template.Must(template.ParseFiles("./templates/RequestAuthentication-template.txt"))
+ var manifest bytes.Buffer
+ err := config.Execute(&manifest, inputs)
+ if err != nil {
+ return "", err
+ }
ra := &secv1beta1.RequestAuthentication{}
dec := k8Yaml.NewYAMLOrJSONDecoder(bytes.NewReader([]byte(manifest.String())), 1000)
func createAuthorizationPolicy(clientset *versioned.Clientset) (string, error) {
apClient := clientset.SecurityV1beta1().AuthorizationPolicies(NAMESPACE)
- config = template.Must(template.ParseFiles("./templates/AuthorizationPolicy-template.txt"))
- var manifest bytes.Buffer
- err := config.Execute(&manifest, inputs)
- if err != nil {
- return "", err
- }
+ config = template.Must(template.ParseFiles("./templates/AuthorizationPolicy-template.txt"))
+ var manifest bytes.Buffer
+ err := config.Execute(&manifest, inputs)
+ if err != nil {
+ return "", err
+ }
ap := &secv1beta1.AuthorizationPolicy{}
dec := k8Yaml.NewYAMLOrJSONDecoder(bytes.NewReader([]byte(manifest.String())), 1000)
}
func createEnvoyFilter(clientset *versioned.Clientset) (string, error) {
- efClient := clientset.NetworkingV1alpha3().EnvoyFilters(NAMESPACE)
+ efClient := clientset.NetworkingV1alpha3().EnvoyFilters(NAMESPACE)
config = template.Must(template.ParseFiles("./templates/EnvoyFilter-template.txt"))
var manifest bytes.Buffer
- err := config.Execute(&manifest, inputs)
- if err != nil {
- return "", err
- }
+ err := config.Execute(&manifest, inputs)
+ if err != nil {
+ return "", err
+ }
- ef := &netv1alpha3.EnvoyFilter{}
- dec := k8Yaml.NewYAMLOrJSONDecoder(bytes.NewReader([]byte(manifest.String())), 1000)
+ ef := &netv1alpha3.EnvoyFilter{}
+ dec := k8Yaml.NewYAMLOrJSONDecoder(bytes.NewReader([]byte(manifest.String())), 1000)
- if err = dec.Decode(&ef); err != nil {
- return "", err
- }
+ if err = dec.Decode(&ef); err != nil {
+ return "", err
+ }
- result, err := efClient.Create(context.TODO(), ef, metav1.CreateOptions{})
+ result, err := efClient.Create(context.TODO(), ef, metav1.CreateOptions{})
- if err != nil {
- return "", err
- }
+ if err != nil {
+ return "", err
+ }
- fmt.Printf("Create Envoy Filter %s \n", result.GetName())
- return result.GetName(), nil
+ fmt.Printf("Create Envoy Filter %s \n", result.GetName())
+ return result.GetName(), nil
}
func removeGateway(clientset *versioned.Clientset) {
func removeEnvoyFilter(clientset *versioned.Clientset) {
efClient := clientset.NetworkingV1alpha3().EnvoyFilters(NAMESPACE)
- err := efClient.Delete(context.TODO(), appName+"-outbound-filter", metav1.DeleteOptions{})
- if err != nil {
- fmt.Println(err)
- } else {
- fmt.Println("Deleted EnvoyFilter " + appName + "-outbound-filter")
- }
+ err := efClient.Delete(context.TODO(), appName+"-outbound-filter", metav1.DeleteOptions{})
+ if err != nil {
+ fmt.Println(err)
+ } else {
+ fmt.Println("Deleted EnvoyFilter " + appName + "-outbound-filter")
+ }
}
func createIstioPolicy(res http.ResponseWriter, req *http.Request) {
appName := query.Get("name")
roleName := query.Get("role")
methodName := query.Get("method")
- inputs = TemplateConfig{Name: appName, Namespace: NAMESPACE, Realm: realmName, Role: roleName, Method: methodName }
+ inputs = TemplateConfig{Name: appName, Namespace: NAMESPACE, Realm: realmName, Role: roleName, Method: methodName}
var msg string
clientset := connectToK8s()
_, err := createGateway(clientset)
}
func createIstioFilter(res http.ResponseWriter, req *http.Request) {
- query := req.URL.Query()
- realmName := query.Get("realm")
- clientId := query.Get("client")
- appName := query.Get("name")
- authType := query.Get("authType")
- inputs = TemplateConfig{Name: appName, Namespace: NAMESPACE, Realm: realmName, Client: clientId, Authenticator: authType}
- var msg string
- clientset := connectToK8s()
- _, err := createEnvoyFilter(clientset)
- if err != nil {
- msg = err.Error()
- fmt.Println(err.Error())
- }
- // create response binary data
- data := []byte(msg) // slice of bytes
- // write `data` to response
- res.Write(data)
+ query := req.URL.Query()
+ realmName := query.Get("realm")
+ clientId := query.Get("client")
+ appName := query.Get("name")
+ authType := query.Get("authType")
+ tlsCrt := query.Get("tlsCrt")
+ tlsKey := query.Get("tlsKey")
+ caCrt := query.Get("caCrt")
+ inputs = TemplateConfig{Name: appName, Namespace: NAMESPACE, Realm: realmName, Client: clientId,
+ Authenticator: authType, TlsCrt: tlsCrt, TlsKey: tlsKey, CaCrt: caCrt}
+ var msg string
+ clientset := connectToK8s()
+ _, err := createEnvoyFilter(clientset)
+ if err != nil {
+ msg = err.Error()
+ fmt.Println(err.Error())
+ }
+ // create response binary data
+ data := []byte(msg) // slice of bytes
+ // write `data` to response
+ res.Write(data)
}
func removeIstioPolicy(res http.ResponseWriter, req *http.Request) {
}
func removeIstioFilter(res http.ResponseWriter, req *http.Request) {
- query := req.URL.Query()
- appName = query.Get("name")
- clientset := connectToK8s()
- removeEnvoyFilter(clientset)
+ query := req.URL.Query()
+ appName = query.Get("name")
+ clientset := connectToK8s()
+ removeEnvoyFilter(clientset)
}
func main() {