X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=service-exposure%2Frapps-helm-installer.go;h=857be9be7d5bf9a970cdf8b2e779ccbdb5dc0236;hb=3c504be356d2ac9fc5195eb45692e1b756caa9f3;hp=dc92fc79af7577a8edd6db6ab1df3f39a4d61307;hpb=073269a87bdbe3ef450d933d0e7e6a5f730c8b67;p=nonrtric.git diff --git a/service-exposure/rapps-helm-installer.go b/service-exposure/rapps-helm-installer.go index dc92fc79..857be9be 100644 --- a/service-exposure/rapps-helm-installer.go +++ b/service-exposure/rapps-helm-installer.go @@ -1,26 +1,26 @@ // - -// ========================LICENSE_START================================= -// O-RAN-SC -// %% -// Copyright (C) 2022: Nordix Foundation -// %% -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at // -// http://www.apache.org/licenses/LICENSE-2.0 +// ========================LICENSE_START================================= +// O-RAN-SC +// %% +// Copyright (C) 2022-2023: Nordix Foundation +// %% +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at // -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// ========================LICENSE_END=================================== +// http://www.apache.org/licenses/LICENSE-2.0 // - +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ========================LICENSE_END=================================== package main import ( + "bytes" "context" "database/sql" "encoding/json" @@ -43,12 +43,11 @@ import ( "net/http" "os" "path/filepath" + "time" ) var settings *cli.EnvSettings var chartRequested *chart.Chart - -//var url string var repoName string var chartName string var releaseName string @@ -70,6 +69,13 @@ type Rapp struct { SecurityEnabled bool Realm string Client string + Authenticator string + CaCrt string + TlsCrt string + TlsKey string + Email string + SubjectDN string + MappingSource string Roles []struct { Role string Grants []string @@ -113,30 +119,10 @@ func runInstall(res http.ResponseWriter, req *http.Request) { if err != nil { msg = err.Error() } else { - if rapp.SecurityEnabled && rapp.Type == "provider" { - // keycloak client setup - fmt.Println("Setting up keycloak") - _, err = http.Get("http://rapps-keycloak-mgr.default/create?realm=" + rapp.Realm + "&name=" + rapp.Client + "&role=" + rapp.Roles[0].Role) - if err != nil { - msg = err.Error() - } else { - fmt.Println("Setting up istio") - _, err := http.Get("http://rapps-istio-mgr.default/create?name=" + chartName + "&realm=" + rapp.Realm + "&role=" + rapp.Roles[0].Role + "&method=" + rapp.Roles[0].Grants[0]) - if err != nil { - msg = err.Error() - } else { - // Install chart - fmt.Printf("Installing chart %s to %s namespace\n", chartName, namespace) - chart, err = installHelmChart(install) - if err != nil { - msg = "Error occurred during installation " + err.Error() - } else { - msg = "Successfully installed release: " + chart - } - } - } + err := installSecurity(rapp) + if err != nil { + msg = err.Error() } else { - // Install chart fmt.Printf("Installing chart %s to %s namespace\n", chartName, namespace) chart, err = installHelmChart(install) if err != nil { @@ -144,8 +130,8 @@ func runInstall(res http.ResponseWriter, req *http.Request) { } else { msg = "Successfully installed release: " + chart } - } + } } } registrerRapp(chartName, rapp.Type) @@ -159,6 +145,73 @@ func runInstall(res http.ResponseWriter, req *http.Request) { res.Write(data) } +func installSecurity(rapp Rapp) error { + var url string + var params string + role := rapp.Roles[0].Role + grants := rapp.Roles[0].Grants[0] + realm := rapp.Realm + client := rapp.Client + authenticator := rapp.Authenticator + caCrt := rapp.CaCrt + tlsCrt := rapp.TlsCrt + tlsKey := rapp.TlsKey + email := rapp.Email + subjectDN := rapp.SubjectDN + mappingSource := rapp.MappingSource + + httpClient := &http.Client{ + Timeout: time.Second * 10, + } + + if !rapp.SecurityEnabled { + return nil + } + // Different security requirements depending on the rapp type + if rapp.Type == "provider" { + // keycloak client setup + fmt.Println("Setting up keycloak") + url = "http://rapps-keycloak-mgr.default/create" + values := map[string]string{"realm": realm, "name": client, "role": role, "authType": authenticator, + "tlsCrt": tlsCrt, "email": email, "subjectDN": subjectDN, "mappingSource": mappingSource} + jsonValue, _ := json.Marshal(values) + req, err := http.NewRequest("POST", url, bytes.NewBuffer(jsonValue)) + if err != nil { + fmt.Printf("Got error %s", err.Error()) + } + req.Header.Set("Content-type", "application/json") + resp, err := httpClient.Do(req) + fmt.Println("Keycloak response status:", resp.Status) + if err != nil { + fmt.Printf("Got error %s", err.Error()) + return err + } else { + fmt.Println("Setting up istio") + url = "http://rapps-istio-mgr.default/create-policy?" + params = "name=" + chartName + "&realm=" + realm + "&role=" + role + "&method=" + grants + url += params + + _, err := http.Get(url) + if err != nil { + return err + } + } + } else { + fmt.Println("Setting up istio") + url = "http://rapps-istio-mgr.default/create-filter?" + params = "name=" + chartName + "&realm=" + realm + "&client=" + client + "&authType=" + authenticator + + "&tlsCrt=" + tlsCrt + "&tlsKey=" + tlsKey + "&caCrt=" + caCrt + url += params + _, err := http.Get(url) + if err != nil { + return err + } + } + + return nil + +} + func runUninstall(res http.ResponseWriter, req *http.Request) { query := req.URL.Query() chartName = query.Get("chart") @@ -178,19 +231,9 @@ func runUninstall(res http.ResponseWriter, req *http.Request) { } else { msg = "Successfully uninstalled release: " + chart } - if rapp.SecurityEnabled && rapp.Type == "provider" { - // Remove istio objects for rapp - fmt.Println("Removing istio services") - _, err := http.Get("http://rapps-istio-mgr.default/remove?name=" + chartName) - if err != nil { - msg = err.Error() - } - // remove keycloak client - fmt.Println("Removing keycloak client") - _, err = http.Get("http://rapps-keycloak-mgr.default/remove?realm=" + rapp.Realm + "&name=" + rapp.Client + "&role=" + rapp.Roles[0].Role) - if err != nil { - msg = err.Error() - } + err := uninstallSecurity(rapp, chartName) + if err != nil { + msg = err.Error() } } unregistrerRapp(chartName, rapp.Type) @@ -204,6 +247,44 @@ func runUninstall(res http.ResponseWriter, req *http.Request) { res.Write(data) } +func uninstallSecurity(rapp Rapp, chartName string) error { + var url string + var params string + realm := rapp.Realm + client := rapp.Client + authenticator := rapp.Authenticator + + if !rapp.SecurityEnabled { + return nil + } + if rapp.Type == "provider" { + // Remove istio objects for rapp + fmt.Println("Removing istio services") + _, err := http.Get("http://rapps-istio-mgr.default/remove-policy?name=" + chartName) + if err != nil { + return err + } + // remove keycloak client + fmt.Println("Removing keycloak client") + url = "http://rapps-keycloak-mgr.default/remove?" + params = "name=" + client + "&realm=" + realm + "&authType=" + authenticator + url += params + _, err = http.Get(url) + if err != nil { + return err + } + } + if rapp.Type == "invoker" { + // Remove istio objects for rapp + fmt.Println("Removing istio services") + _, err := http.Get("http://rapps-istio-mgr.default/remove-filter?name=" + chartName) + if err != nil { + return err + } + } + return nil +} + func runList(res http.ResponseWriter, req *http.Request) { chartInfo := list() // create response binary data @@ -216,7 +297,6 @@ func runList(res http.ResponseWriter, req *http.Request) { } func main() { - //flag.StringVar(&url, "url", "http://chartmuseum:8080", "ChartMuseum url") flag.StringVar(&repoName, "repoName", "local-dev", "Repository name") flag.StringVar(&namespace, "namespace", "istio-nonrtric", "namespace for install") flag.Parse() @@ -233,6 +313,7 @@ func main() { func addToRepo(url string) (string, error) { repoFile := settings.RepositoryConfig + fmt.Printf("Repo File %s\n", repoFile) //Ensure the file directory exists as it is required for file locking err := os.MkdirAll(filepath.Dir(repoFile), os.ModePerm) @@ -284,7 +365,10 @@ func dryRun() (*action.Install, error) { install := action.NewInstall(actionConfig) + fmt.Printf("Repo Name: %s\n", repoName) + fmt.Printf("Chart Name: %s\n", chartName) cp, err := install.ChartPathOptions.LocateChart(fmt.Sprintf("%s/%s", repoName, chartName), settings) + fmt.Printf("Chart location: %s\n", cp) chartRequested, err = loader.Load(cp) @@ -480,7 +564,7 @@ func registrerRapp(chartName, chartType string) { id serial PRIMARY KEY, name VARCHAR ( 50 ) UNIQUE NOT NULL, type VARCHAR ( 50 ) NOT NULL, - created_on TIMESTAMP DEFAULT NOW() + created_on TIMESTAMP DEFAULT NOW() );` _, err = db.Exec(createStmt) if err != nil {