--- /dev/null
+#!/bin/bash
+
+# ============LICENSE_START===============================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+# This is a script that contains function to handle helm on localhost
+
+
+################ Test engine functions ################
+
+# Create the image var used during the test
+# arg: <image-tag-suffix> (selects staging, snapshot, release etc)
+# <image-tag-suffix> is present only for images with staging, snapshot,release tags
+__ISTIO_imagesetup() {
+ :
+}
+
+# Pull image from remote repo or use locally built image
+# arg: <pull-policy-override> <pull-policy-original>
+# <pull-policy-override> Shall be used for images allowing overriding. For example use a local image when test is started to use released images
+# <pull-policy-original> Shall be used for images that does not allow overriding
+# Both var may contain: 'remote', 'remote-remove' or 'local'
+__ISTIO_imagepull() {
+ :
+}
+
+# Build image (only for simulator or interfaces stubs owned by the test environment)
+# arg: <image-tag-suffix> (selects staging, snapshot, release etc)
+# <image-tag-suffix> is present only for images with staging, snapshot,release tags
+__ISTIO_imagebuild() {
+ :
+}
+
+# Generate a string for each included image using the app display name and a docker images format string
+# If a custom image repo is used then also the source image from the local repo is listed
+# arg: <docker-images-format-string> <file-to-append>
+__ISTIO_image_data() {
+ :
+}
+
+# Scale kubernetes resources to zero
+# All resources shall be ordered to be scaled to 0, if relevant. If not relevant to scale, then do no action.
+# This function is called for apps fully managed by the test script
+__ISTIO_kube_scale_zero() {
+ :
+}
+
+# Scale kubernetes resources to zero and wait until this has been accomplished, if relevant. If not relevant to scale, then do no action.
+# This function is called for prestarted apps not managed by the test script.
+__ISTIO_kube_scale_zero_and_wait() {
+ :
+}
+
+# Delete all kube resouces for the app
+# This function is called for apps managed by the test script.
+__ISTIO_kube_delete_all() {
+ __kube_delete_all_resources $KUBE_NONRTRIC_NAMESPACE autotest ISTIO
+}
+
+# Store docker logs
+# This function is called for apps managed by the test script.
+# args: <log-dir> <file-prexix>
+__ISTIO_store_docker_logs() {
+ :
+}
+
+# Initial setup of protocol, host and ports
+# This function is called for apps managed by the test script.
+# args: -
+__ISTIO_initial_setup() {
+ # See jwt-info.txt in simulator-group/kubeproxy for detailed info
+ KUBE_PROXY_CURL_JWT=$ISTIO_GENERIC_JWT
+ KUBE_PROXY_ISTIO_JWKS_KEYS=$ISTIO_GENERIC_JWKS_KEY
+}
+
+# Set app short-name, app name and namespace for logging runtime statistics of kubernets pods or docker containers
+# For docker, the namespace shall be excluded
+# This function is called for apps managed by the test script as well as for prestarted apps.
+# args: -
+__ISTIO_statisics_setup() {
+ :
+}
+
+# Check application requirements, e.g. helm, the the test needs. Exit 1 if req not satisfied
+# args: -
+__ISTIO_test_requirements() {
+
+ kubectl $KUBECONF get requestauthentications -A &> /dev/null
+ if [ $? -ne 0 ]; then
+ echo $RED" Istio api: kubectl get requestauthentications is not installed"
+ exit 1
+ fi
+ kubectl $KUBECONF get authorizationpolicies -A &> /dev/null
+ if [ $? -ne 0 ]; then
+ echo $RED" Istio api: kubectl get authorizationpolicies is not installed"
+ exit 1
+ fi
+}
+
+#######################################################
+
+
+# Enable istio on namespace
+# arg: <namespace>
+istio_enable_istio_namespace() {
+ __log_conf_start $@
+ if [ $# -ne 1 ]; then
+ __print_err "<namespace>" $@
+ return 1
+ fi
+ __kube_create_namespace $1
+ __kube_label_non_ns_instance ns $1 "istio-injection=enabled"
+ __log_conf_ok
+ return 0
+}
+
+# Request authorization by jwksuri
+# args: <app> <namespace> <realm>
+istio_req_auth_by_jwksuri() {
+ __log_conf_start $@
+ if [ $# -ne 3 ]; then
+ __print_err "<app> <namespace> <realm>" $@
+ return 1
+ fi
+ name="ra-jwksuri-"$3"-"$1"-"$2
+ export ISTIO_TEMPLATE_REPLACE_RA_NAME=$(echo $name | tr '[:upper:]' '[:lower:]')
+ export ISTIO_TEMPLATE_REPLACE_RA_NS=$2
+ export ISTIO_TEMPLATE_REPLACE_RA_APP_NAME=$1
+ export ISTIO_TEMPLATE_REPLACE_RA_ISSUER=$KEYCLOAK_ISSUER_PATH$KEYCLOAK_TOKEN_URL_PREFIX/$3
+ export ISTIO_TEMPLATE_REPLACE_RA_JWKSURI=$KEYCLOAK_SERVICE_PATH$KEYCLOAK_TOKEN_URL_PREFIX/$3/protocol/openid-connect/certs
+ inputfile=$SIM_GROUP/$ISTIO_COMPOSE_DIR/ra-jwksuri-template.yaml
+ outputfile=tmp/$ISTIO_TEMPLATE_REPLACE_RA_NAME".yaml"
+ envsubst < $inputfile > $outputfile
+ if [ $? -ne 0 ]; then
+ __log_conf_fail_general "Cannot substitute yaml: $inputfile"
+ return 1
+ fi
+ kubectl $KUBECONF apply -f $outputfile &> tmp/kubeerr
+ if [ $? -ne 0 ]; then
+ __log_conf_fail_general "Cannot apply yaml: $outputfile"
+ return 1
+ fi
+ __log_conf_ok
+ return 0
+}
+
+# Request authorization by jwks (inline keys)
+# args: <app> <namespace> <issuer> <key>
+istio_req_auth_by_jwks() {
+ __log_conf_start $@
+ if [ $# -ne 4 ]; then
+ __print_err "<app> <namespace> <issuer> <key>" $@
+ return 1
+ fi
+ name="ra-jwks-"$3"-"$1"-"$2
+ export ISTIO_TEMPLATE_REPLACE_RA_NAME=$(echo $name | tr '[:upper:]' '[:lower:]')
+ export ISTIO_TEMPLATE_REPLACE_RA_NS=$2
+ export ISTIO_TEMPLATE_REPLACE_RA_APP_NAME=$1
+ export ISTIO_TEMPLATE_REPLACE_RA_ISSUER=$3
+ export ISTIO_TEMPLATE_REPLACE_RA_JWKS=$4
+ inputfile=$SIM_GROUP/$ISTIO_COMPOSE_DIR/ra-jwks-template.yaml
+ outputfile=tmp/$ISTIO_TEMPLATE_REPLACE_RA_NAME".yaml"
+ envsubst < $inputfile > $outputfile
+ if [ $? -ne 0 ]; then
+ __log_conf_fail_general "Cannot substitute yaml: $inputfile"
+ return 1
+ fi
+ kubectl $KUBECONF apply -f $outputfile &> tmp/kubeerr
+ if [ $? -ne 0 ]; then
+ __log_conf_fail_general "Cannot apply yaml: $outputfile"
+ return 1
+ fi
+ __log_conf_ok
+ return 0
+}
+
+# Authorization policy - by realm
+# args: <app> <namespace> <realam>
+istio_auth_policy_by_realm() {
+ __log_conf_start $@
+ if [ $# -ne 3 ]; then
+ __print_err "<app> <namespace> <realam>" $@
+ return 1
+ fi
+ name="ap-realm-"$3"-"$1"-"$2
+ export ISTIO_TEMPLATE_REPLACE_AP_NAME=$(echo $name | tr '[:upper:]' '[:lower:]')
+ export ISTIO_TEMPLATE_REPLACE_AP_NS=$2
+ export ISTIO_TEMPLATE_REPLACE_AP_APP_NAME=$1
+ export ISTIO_TEMPLATE_REPLACE_AP_PRINCIPAL="$KEYCLOAK_ISSUER_PATH$KEYCLOAK_TOKEN_URL_PREFIX/$3/*"
+ inputfile=$SIM_GROUP/$ISTIO_COMPOSE_DIR/ap-principal-template.yaml
+ outputfile=tmp/$ISTIO_TEMPLATE_REPLACE_AP_NAME".yaml"
+ envsubst < $inputfile > $outputfile
+ if [ $? -ne 0 ]; then
+ __log_conf_fail_general "Cannot substitute yaml: $inputfile"
+ return 1
+ fi
+ kubectl $KUBECONF apply -f $outputfile &> tmp/kubeerr
+ if [ $? -ne 0 ]; then
+ __log_conf_fail_general "Cannot apply yaml: $outputfile"
+ return 1
+ fi
+ __log_conf_ok
+ return 0
+}
+
+# Authorization policy - by issuer
+# args: <app> <namespace> <issuer>
+istio_auth_policy_by_issuer() {
+ __log_conf_start $@
+ if [ $# -ne 3 ]; then
+ __print_err "<app> <namespace> <issuer>" $@
+ return 1
+ fi
+ name="ap-iss-"$3"-"$1"-"$2
+ export ISTIO_TEMPLATE_REPLACE_AP_NAME=$(echo $name | tr '[:upper:]' '[:lower:]')
+ export ISTIO_TEMPLATE_REPLACE_AP_NS=$2
+ export ISTIO_TEMPLATE_REPLACE_AP_APP_NAME=$1
+ export ISTIO_TEMPLATE_REPLACE_AP_PRINCIPAL="$3/*"
+ inputfile=$SIM_GROUP/$ISTIO_COMPOSE_DIR/ap-principal-template.yaml
+ outputfile=tmp/$ISTIO_TEMPLATE_REPLACE_AP_NAME".yaml"
+ envsubst < $inputfile > $outputfile
+ if [ $? -ne 0 ]; then
+ __log_conf_fail_general "Cannot substitute yaml: $inputfile"
+ return 1
+ fi
+ kubectl $KUBECONF apply -f $outputfile &> tmp/kubeerr
+ if [ $? -ne 0 ]; then
+ __log_conf_fail_general "Cannot apply yaml: $outputfile"
+ return 1
+ fi
+ __log_conf_ok
+ return 0
+}
+
+
Code Review / nonrtric.git / blobdiff